Gen.Variant.Barys.55463_18c5d5c04a

by malwarelabrobot on February 6th, 2017 in Malware Descriptions.

Susp_Dropper (Kaspersky), Gen:Variant.Barys.55463 (AdAware), Backdoor.Win32.Xtrat.FD, GenericAutorunWorm.YR, GenericInjector.YR (Lavasoft MAS)
Behaviour: Backdoor, Worm, WormAutorun


The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Requires JavaScript enabled!

Summary
Dynamic Analysis
Static Analysis
Network Activity
Map
Strings from Dumps
Removals

MD5: 18c5d5c04a1d72b461c2daf29061dfc8
SHA1: a1a58edf18e46000cebc90500d8f1b642a79b6fa
SHA256: 09b83b2fe19aa26f421d99769dd94c3896cecae2981933fd801d63bb7c954685
SSDeep: 12288:sAZfW2QvFlt2NvhrPtyjbqzu91H2SdwA2qiUlZ0ObaXuTWdLQRAQPJln:sAZu5vEr6bB9MSdwAHl9aXEWdkRDPJln
Size: 690860 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: IC
Created at: 2015-12-27 07:38:55
Analyzed on: Windows7 SP1 32-bit


Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

Behaviour Description
WormAutorun A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer.


Process activity

The Backdoor creates the following process(es):

%original file name%.exe:3308
123213123.exe:2856
123213123.exe:2012

The Backdoor injects its code into the following process(es):

jingling.exe:2472
jingling.exe:1532
svchost.exe:1256
iexplore.exe:1452

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process jingling.exe:2472 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)

The process jingling.exe:1532 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)

The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (0 bytes)

The process %original file name%.exe:3308 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)

The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\nssF4AA.tmp (0 bytes)

The process 123213123.exe:2856 makes changes in the file system.
The Backdoor deletes the following file(s):

C:\Users\"%CurrentUserName%"\AppData\Local\Temp\x.html (0 bytes)

The process 123213123.exe:2012 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes)

Registry activity

The process jingling.exe:2472 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFormatTags" = "2"
"aFormatTagCache" = "01 00 00 00 10 00 00 00 55 00 00 00 1E 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"ConsoleTracingMask" = "4294901760"
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"

[HKLM\SOFTWARE\Microsoft\AudioCompressionManager\DriverCache\msacm.l3acm]
"cFilterTags" = "0"
"fdwSupport" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"ConsoleTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3E 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASMANCS]
"FileTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\jingling_RASAPI32]
"EnableFileTracing" = "0"
"MaxFileSize" = "1048576"
"EnableConsoleTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process jingling.exe:1532 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\youtube.com]
"(Default)" = "6"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1412928878"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\taobao.com]
"(Default)" = "14"

[HKCU\Software\Classes\Local Settings\MuiCache\2D\52C64B7E]
"LanguageList" = "en-US, en"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 42 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\sdcysoft.com]
"(Default)" = "53"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\AD7E1C28B064EF8F6003402014C3D0E3370EB58A]
"Blob" = "04 00 00 00 01 00 00 00 10 00 00 00 32 4A 4B BB"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "jingling.exe"

[HKCU\Software\Microsoft\Internet Explorer\DOMStorage\Total]
"(Default)" = "91287"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"AD7E1C28B064EF8F6003402014C3D0E3370EB58A"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"

The process %original file name%.exe:3308 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Backdoor deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

The process 123213123.exe:2856 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\XtremeRAT]
"Mutex" = "X1F606HDS"

The process 123213123.exe:2012 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

Dropped PE files

MD5 File path
c22ebecd43f958eaeda8aed159c91dfc c:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe
1f519484a9ad5a51d42e0f57f4e314e0 c:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
c22ebecd43f958eaeda8aed159c91dfc c:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe
c22ebecd43f958eaeda8aed159c91dfc c:\Windows\System32\Microsoft\Microsoft.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

A worm can spread via removable drives. It writes its executable and creates "autorun.inf" scripts on all removable drives. The autorun script will execute the Backdoor's file once a user opens a drive's folder in Windows Explorer.

VersionInfo

No information is available.

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Section MD5
.text 4096 24124 24576 4.45853 1a13b408c917b27c9106545148d3b8d3
.rdata 28672 4714 5120 3.46982 921acf8cb0aea87c0603fa899765fcc2
.data 36864 154936 1536 2.97482 797517c6ef57aa95d53df2cf07568953
.ndata 192512 32768 0 0 d41d8cd98f00b204e9800998ecf8427e
.rsrc 225280 11432 11776 2.84277 3eaf22e3ce0d14e92e4e1c1b3619fab2

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL IP
hxxp://us0.spiritsoft.cn/urlcore/olcfgs.dat?q=41 114.55.90.68
hxxp://us0.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110 114.55.90.68
hxxp://us0.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js 114.55.90.68
hxxp://us0.spiritsoft.cn/v4/js/main.js 114.55.90.68
hxxp://us0.spiritsoft.cn/v4/images/sound_high.gif 114.55.90.68
hxxp://all.cnzz.com.danuoyi.tbcache.com/stat.php?id=1189654&web_id=1189654
hxxp://us0.spiritsoft.cn/v4/images/splogo.png 114.55.90.68
hxxp://us0.spiritsoft.cn/v4/images/alexa.png 114.55.90.68
hxxp://us0.spiritsoft.cn/urlcore/svcreq14032b.html 114.55.90.68
hxxp://us0.spiritsoft.cn/urlcore/svcreq1413fd.css 114.55.90.68
hxxp://www.google.com/ 173.194.113.209
hxxp://www.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ 173.194.113.223
hxxp://sewasolo.com/ 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12 103.28.22.213
hxxp://googleadapis.l.google.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12
hxxp://sewasolo.com/wp-content/themes/dream/js/html5shiv.min.js 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/style.css?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-includes/js/jquery/jquery.js?ver=1.11.2 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/base.js?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-includes/js/wp-emoji-release.min.js?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/navigation.js?ver=20120206 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/js/slider-setting.js?ver=4.2.12 103.28.22.213
hxxp://sewasolo.com/wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0 103.28.22.213
hxxp://us0.spiritsoft.cn/v4/css/style.css 114.55.90.68
hxxp://e6845.dscb1.akamaiedge.net/crls/secureca.crl
hxxp://z.gds.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=258009459
hxxp://all.cnzz.com.danuoyi.tbcache.com/core.php?web_id=1189654&t=z
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0=
hxxp://e8218.dscb1.akamaiedge.net/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg==
hxxp://cdn.globalsigncdn.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH
hxxp://cs9.wac.phicdn.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw=
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8=
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw
hxxp://mrx9.ddns.net/1234567890.functions
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w==
hxxp://world.taobao.com.danuoyi.tbcache.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c 195.27.31.252
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w=
hxxp://clients.l.google.com/GIAG2.crl
hxxp://clients.l.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+
hxxp://sewasolo.com/harga-sewa-mobil-solo.html 103.28.22.213
hxxp://sewasolo.com/harga-sewa-mobil-solo.html/ 103.28.22.213
hxxp://e6845.dscb1.akamaiedge.net/ss.crl
hxxp://sewasolo.com/wp-content/plugins/akismet/_inc/form.js?ver=3.1.5 103.28.22.213
hxxp://sewasolo.com/wp-includes/js/comment-reply.min.js?ver=4.2.12 103.28.22.213
hxxp://2.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g 192.0.73.2
hxxp://2.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g 192.0.73.2
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw==
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU=
hxxp://cdn.globalsigncdn.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w==
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
hxxp://e6220.g.akamaiedge.net/ga/mlb-ml-analytics.min.gz.js
hxxp://e6220.g.akamaiedge.net/melidata/js/3/0.0.38/melidata.min.js
hxxp://sewasolo.com/tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/ 103.28.22.213
hxxp://hkvhost688.800cdn.com/
hxxp://hkvhost688.800cdn.com/templets/default/style/common.css
hxxp://hkvhost688.800cdn.com/js/jquery.tipsy.js
hxxp://hkvhost688.800cdn.com/js/start_v5.js
hxxp://hkvhost688.800cdn.com/css/lrtk.css
hxxp://hkvhost688.800cdn.com/js/jquery-1.7.2.min.js
hxxp://hkvhost688.800cdn.com/templets/default/style/home.css
hxxp://wpa.qq.com/pa?p=2:2923673182:51 58.251.100.24
hxxp://wpa.qq.com/pa?p=2:2409084321:51 58.251.100.24
hxxp://wpa.qq.com/pa?p=2:3264541975:51 58.251.100.24
hxxp://wpa.qq.com/pa?p=2:3313361925:51 58.251.100.24
hxxp://wpa.qq.com/pa?p=2:2051282539:51 58.251.100.24
hxxp://hkvhost688.800cdn.com/templets/default/js/jquery.js
hxxp://hkvhost688.800cdn.com/templets/default/js/common.js
hxxp://hkvhost688.800cdn.com/templets/default/js/tabicon.js
hxxp://hkvhost688.800cdn.com/templets/default/js/backgroundPosition.js
hxxp://hkvhost688.800cdn.com/templets/default/js/ie8.js
hxxp://www.public-trust.com/cgi-bin/CRL/2018/cdp.crl 64.18.20.10
hxxp://hkvhost688.800cdn.com/templets/default/js/slide_switch.js
hxxp://hkvhost688.800cdn.com/templets/default/js/navigator.js
hxxp://hkvhost688.800cdn.com/templets/default/js/oninput.js
hxxp://p21.tcdn.qq.com/qconn/wpa/button/button_111.gif
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/meiqia.js 218.60.33.166
hxxp://eco-api.meiqia.com.safe.dayugslb.com/dist/doorbell.html?1m47r5d7qtt65hfr 218.60.33.166
hxxp://434353.p23.tc.cdntip.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js
hxxp://eco-api.meiqia.com.safe.dayugslb.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 218.60.33.166
hxxp://gpla1.wac.v2cdn.net/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs=
hxxp://blogspot.l.googleusercontent.com/
hxxp://googleadapis.l.google.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2
hxxp://googleadapis.l.google.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2
hxxp://googleadapis.l.google.com/css?family=Tangerine:400,700&ver=3.9.2
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.11.0/jquery.min.js
hxxp://bootstrapcdn.jdorfman.netdna-cdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2
hxxp://code.jquery.netdna-cdn.com/jquery-migrate-1.2.1.js
hxxp://s7.addthis.com.cdn.cloudflare.net/js/300/addthis_widget.js 104.16.17.35
hxxp://adonweb.10574004.pix-cdn.org/js/adv_out.js
hxxp://widgets.amung.us/classic.js 173.192.200.70
hxxp://whos.amung.us/pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=6060 67.202.94.94
hxxp://t.dtscout.com/i/?l=http://songhaiyouhong.blogspot.com/&j= 107.182.233.217
hxxp://cdn.tynt.com/tc.js 104.16.88.26
hxxp://ps.eyeota.net/pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E 52.29.219.40
hxxp://ps.eyeota.net/pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E 52.29.219.40
hxxp://tags.wdc.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
hxxp://tags.wdc.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
hxxp://tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?party=1009
hxxp://ib.anycast.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1 52.29.219.40
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?CC=1&party=1009
hxxp://ib.anycast.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1
hxxp://userdblb.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1 52.29.219.40
hxxp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1 52.29.219.40
hxxp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou 52.29.219.40
hxxp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu 52.29.219.40
hxxp://tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r=
hxxp://domssl.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/
hxxp://domssl.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212
hxxp://gpla1.wac.v2cdn.net/baltimoreroot
hxxp://gpla1.wac.v2cdn.net/CRL/Omniroot2025.crl
hxxp://info.spiritsoft.cn/v4/js/main.js 114.55.90.68
hxxp://crl.geotrust.com/crls/secureca.crl 23.46.117.163
hxxp://ocsp.globalsign.com/rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH 104.16.28.216
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq1413fd.css
hxxp://www.sdcysoft.com/templets/default/js/backgroundPosition.js 219.234.8.109
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.11.0/jquery.min.js 216.58.209.202
hxxp://g.symcd.com/MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== 23.55.155.27
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ 173.194.113.199
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 173.194.113.218
hxxp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110 114.55.90.68
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= 173.194.113.218
hxxp://netdna.bootstrapcdn.com/font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 94.31.29.55
hxxp://ocsp.omniroot.com/baltimoreroot 93.184.220.20
hxxp://s11.cnzz.com/stat.php?id=1189654&web_id=1189654 1.99.192.16
hxxp://info.spiritsoft.cn/v4/images/splogo.png 114.55.90.68
hxxp://www.sdcysoft.com/templets/default/js/slide_switch.js 219.234.8.109
hxxp://s7.addthis.com/js/300/addthis_widget.js 104.16.17.35
hxxp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= 169.47.30.64
hxxp://ocsp.omniroot.com/baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= 93.184.220.20
hxxp://fonts.googleapis.com/css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 216.58.209.170
hxxp://tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 169.47.30.64
hxxp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 54.247.84.9
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= 93.184.220.29
hxxp://info.spiritsoft.cn/v4/images/sound_high.gif 114.55.90.68
hxxp://pub.idqqimg.com/qconn/wpa/button/button_111.gif 203.205.158.59
hxxp://ib.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 185.33.220.38
hxxp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009 37.157.4.14
hxxp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat?q=41
hxxp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 185.33.220.38
hxxp://ss.symcb.com/ss.crl 23.46.117.163
hxxp://songhaiyouhong.blogspot.com/ 216.58.214.225
hxxp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E 52.17.249.178
hxxp://fonts.googleapis.com/css?family=Tangerine:400,700&ver=3.9.2 216.58.209.170
hxxp://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 54.247.84.9
hxxp://hzs11.cnzz.com/stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=258009459 1.122.192.18
hxxp://produto.mercadolivre.com.br/noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ 216.33.197.79
hxxp://dmp.adform.net/serving/cookie/match/?party=1009 37.157.4.14
hxxp://www.sdcysoft.com/templets/default/js/navigator.js 219.234.8.109
hxxp://static.meiqia.com/dist/scripts/doorbell-i8wozeiuwodmquxr.js 42.236.125.24
hxxp://www.sdcysoft.com/templets/default/style/home.css 219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/tabicon.js 219.234.8.109
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= 23.55.155.27
hxxp://cdp1.public-trust.com/CRL/Omniroot2025.crl 93.184.220.20
hxxp://ss.symcd.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= 23.55.155.27
hxxp://info.spiritsoft.cn/v4/css/style.css 114.55.90.68
hxxp://0.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g 192.0.73.2
hxxp://ic.tynt.com/b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ 208.100.17.181
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 216.33.197.79
hxxp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr 218.60.33.166
hxxp://code.jquery.com/jquery-migrate-1.2.1.js 94.31.29.54
hxxp://info.spiritsoft.cn/v4/lib/jquery/jquery-1.11.1.min.js 114.55.90.68
hxxp://analytics.mlstatic.com/ga/mlb-ml-analytics.min.gz.js 23.59.85.40
hxxp://www.sdcysoft.com/templets/default/js/oninput.js 219.234.8.109
hxxp://st-n.ads1-adnow.com/js/adv_out.js 88.208.10.37
hxxp://www.sdcysoft.com/js/start_v5.js 219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/jquery.js 219.234.8.109
hxxp://clients1.google.com/ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw 173.194.113.199
hxxp://www.sdcysoft.com/js/jquery-1.7.2.min.js 219.234.8.109
hxxp://eco-api.meiqia.com/visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://www.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 218.60.33.166
hxxp://de.tynt.com/deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= 208.100.17.189
hxxp://rtd.tubemogul.com/upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu 107.21.249.217
hxxp://c.cnzz.com/core.php?web_id=1189654&t=z 123.129.244.226
hxxp://info.spiritsoft.cn/v4/images/alexa.png 114.55.90.68
hxxp://www.sdcysoft.com/ 219.234.8.109
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== 104.16.28.216
hxxp://eco-api.meiqia.com/dist/meiqia.js 218.60.33.166
hxxp://s2.symcb.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= 23.46.123.27
hxxp://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= 93.184.220.29
hxxp://www.sdcysoft.com/templets/default/style/common.css 219.234.8.109
hxxp://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c 195.27.31.252
hxxp://ocsp.verisign.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= 23.46.123.27
hxxp://www.sdcysoft.com/js/jquery.tipsy.js 219.234.8.109
hxxp://www.sdcysoft.com/css/lrtk.css 219.234.8.109
hxxp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 216.33.197.79
hxxp://fonts.googleapis.com/css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 216.58.209.170
hxxp://urlspirit.spiritsoft.cn/urlcore/svcreq14032b.html
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== 104.16.28.216
hxxp://pki.google.com/GIAG2.crl 173.194.113.197
hxxp://ocsp2.globalsign.com/gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== 104.16.28.216
hxxp://analytics.mlstatic.com/melidata/js/3/0.0.38/melidata.min.js 23.59.85.40
hxxp://www.sdcysoft.com/templets/default/js/ie8.js 219.234.8.109
hxxp://www.sdcysoft.com/templets/default/js/common.js 219.234.8.109
hxxp://bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E 52.17.249.178
hxxp://fonts.googleapis.com/css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 216.58.209.170
item.taobao.com 121.42.17.239
at.alicdn.com 195.59.70.250
www.blogger.com 216.58.214.233
http2.mlstatic.com 23.59.85.40
g.alicdn.com 80.231.126.250
stats.g.doubleclick.net 173.194.222.157
a248.e.akamai.net 212.30.134.197
scontent-waw1-1.xx.fbcdn.net 31.13.81.13
analytics.mercadolivre.com 216.33.197.113
static.xx.fbcdn.net 31.13.92.14
tbip.alicdn.com 188.254.86.241
www.youtube.com 173.194.113.194
static.doubleclick.net 173.194.113.219
clients1.google.com.ua 173.194.113.207
ssl.gstatic.com 173.194.113.207
apis.google.com 173.194.113.195
n-cdn.areyouahuman.com 52.222.157.27
analytics.mercadolivre.com.br 216.33.197.79
gskip.taobao.com 140.205.134.25
www.facebook.com 31.13.92.36
gm.mmstat.com 205.204.101.182
www.google-analytics.com 173.194.113.196
log.mmstat.com 106.11.92.1


IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY HTTP Request on Unusual Port Possibly Hostile
ET TROJAN Win32/Xtrat.A Checkin

Traffic

GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Tue, 23 Jul 2013 07:28:26 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 3068
Content-Type: application/javascript
X-Varnish: 1072179 8192581
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1135
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........Yms.6..~3..h6g.....{.He4n.4..iS......LB.m.P.P.k....@R.....L
D..b........Qp....!8.3...6....4......h.O...~.,{.J.r. ..w2....@...A....
ui.6...7..)...<.........r..?...".....`t|L..=.Q.(e.g..,.......h.u.c.
..F.b........n&.q?q-s..h].%ld..XGw0{||$...&.....p......_..p.{.u..'....
...n[.8....)../...7".Q*...?h...>P..........N.#\n.g.......d...(.v...
6.4Q..[f.o..v...n)....dI.}......_iu $....<..h.<~.N..5.....[.t..B
e{....SY.........p....p...D..S?..r.1..|.....]..-..... .Zs....J......s.
..IXG.('.....|...v.|(s}k.\....J..._.r]....=..w1>...[..p...c..o$3..d
e..V.[.mxQ.fYg*..W.S...(.,.s2.GdlY...!..S....J.g...0?{....gC..k8....f*
|Z.....A&U....H ..Ta*@..U...nZ-.4..*.ZW........OVZ.T....~...Z......D.H
....~sL...C...eC...0P{..7:2.k- .D.../v...[....<..;u'. n .Y.[...._&g
t;...6]......^..D..=..!.......>Q..........A......XD.y.F2.....3..Rx$
9....*.b~|...`).,..{....^s....`...'..%... ..'(.$P.H...A.t.q...{..k....
..Q.V.d~|..'&.Ej.]..KV.io]..)B.....9\.hTU...t.ex..Z.T..9.}.wf}..x..)..
.].......Nu.wc.......4...m... ..x.Sn..{]...3..F3.!p.q......jU#...@..m.
l.3.S....d...`....j..N.p...!.=..!.4Q...UJ0).#.$..\.K..e..j .&.i_..,...
BLN.......en...K..a...z..j.G....tz.5........h....`T...x.-.c...........
..._....?q...o.>..}...Hi.[W/2.d...;.en..a....^|..=`......9%_....~..
^R.y.3...v_.C5.&..T.HC.......&.(Pn~(x.=....h...H.....[V.g0......J.....
..3KF........o/....A&X....k.k...'.k.v[.........V.../`IPp.`.c.y&.v.2..}
..t.  .sz.p...s<.N>.  "...=2.N..........G~....l.f.T...ce..P....A
.....Z..@R_..E...Q..a.b.....c.....u...H.w6.....$....|..VVPW].a.7..
<<< skipped >>>

GET /wp-content/themes/dream/js/skip-link-focus-fix.js?ver=20130115 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:23 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 379
Content-Type: application/javascript
X-Varnish: 1072182 7832086
Age: 131607
X-Cache: HIT
X-Cache-Hits: 1056
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.......aZ...
.\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V....).N`
.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S.3Y.g&.
,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....N5.Y...
~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2.......^..
b.U;....._V......W...........HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 1
4:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:23 GMT..Cache-Contr
ol: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..V
ary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 379..Con
tent-Type: application/javascript..X-Varnish: 1072182 7832086..Age: 13
1607..X-Cache: HIT..X-Cache-Hits: 1056..Server: Rocket Booster..X-Powe
red-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-
alive..............oO.0.._w..L.....T.../H.~.......-io.:....?Ix..%.....
..aZ....\.O.V..r.5&.....\.\..q...r.....5.g...X..7.S.........kG...af.V.
...).N`.Cp!l..V...."....9X-...:...4....X.z.4.c...FYH.....e..W.z...F..S
.3Y.g&.,.I.c.}..V. ...&.!......#.t.....*..r.!V[.....m.....N:...nL.....
N5.Y...~....-..=c.F...u..G....,./H.TzYP..DF......ht.V....._....d.d2...
....^..b.U;....._V......W...............
<<< skipped >>>

GET /wp-includes/js/comment-reply.min.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:25:00 GMT
Last-Modified: Thu, 14 Nov 2013 20:42:10 GMT
Content-Length: 757
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:25:00 GMT
Content-Type: application/javascript
X-Varnish: 8378246 3848684
Age: 7597
X-Cache: HIT
X-Cache-Hits: 77
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
var addComment={moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I
(c),i=f.I("cancel-comment-reply-link"),j=f.I("comment_parent"),k=f.I("
comment_post_ID");if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-fo
rm-div")||(e=document.createElement("div"),e.id="wp-temp-form-div",e.s
tyle.display="none",h.parentNode.insertBefore(e,h)),g.parentNode.inser
tBefore(h,g.nextSibling),k&&d&&(k.value=d),j.value=b,i.style.display="
",i.onclick=function(){var a=addComment,b=a.I("wp-temp-form-div"),c=a.
I(a.respondId);if(b&&c)return a.I("comment_parent").value="0",b.parent
Node.insertBefore(c,b),b.parentNode.removeChild(b),this.style.display=
"none",this.onclick=null,!1};try{f.I("comment").focus()}catch(l){}retu
rn!1}},I:function(a){return document.getElementById(a)}};HTTP/1.1 200 
OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified: Thu, 14 Nov 20
13 20:42:10 GMT..Content-Length: 757..Cache-Control: max-age=2592000, 
public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Content-Type: applicat
ion/javascript..X-Varnish: 8378246 3848684..Age: 7597..X-Cache: HIT..X
-Cache-Hits: 77..Server: Rocket Booster..X-Powered-By: Warna Web Accel
erator..Accept-Ranges: bytes..Connection: keep-alive..var addComment={
moveForm:function(a,b,c,d){var e,f=this,g=f.I(a),h=f.I(c),i=f.I("cance
l-comment-reply-link"),j=f.I("comment_parent"),k=f.I("comment_post_ID"
);if(g&&h&&i&&j){f.respondId=c,d=d||!1,f.I("wp-temp-form-div")||(e=doc
ument.createElement("div"),e.id="wp-temp-form-div",e.style.display="no
ne",h.parentNode.insertBefore(e,h)),g.parentNode.insertBefore(h,g.
<<< skipped >>>


GET /pa?p=2:2923673182:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..



GET /baltimoreroot/MEUwQzBBMD8wPTAJBgUrDgMCGgUABBTBL0V27RVZ7LBduom/nYB45SPUEwQU5Z1ZMIJHWMys+ghUNoZ7OrUETfACBAcnpGs= HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Mon, 10 Oct 2016 18:18:58 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.omniroot.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:55 GMT
Last-Modified: Mon, 30 Jan 2017 18:27:11 GMT
Server: ECS (arn/46B6)
X-Cache: HIT
Content-Length: 5
0....HTTP/1.1 200 OK..Accept-Ranges: bytes..Content-Type: application/
ocsp-response..Date: Sun, 05 Feb 2017 03:31:55 GMT..Last-Modified: Mon
, 30 Jan 2017 18:27:11 GMT..Server: ECS (arn/46B6)..X-Cache: HIT..Cont
ent-Length: 5..0........


POST /baltimoreroot HTTP/1.1


Cache-Control: no-cache
Connection: Keep-Alive
Pragma: no-cache
Content-Type: application/ocsp-request
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Content-Length: 71
Host: ocsp.omniroot.com

0E0C0A0?0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..M....'.k
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:32:01 GMT
Last-Modified: Sat, 04 Feb 2017 11:11:30 GMT
Server: ECS (arn/45C1)
X-Cache: HIT
Content-Length: 1372
0..X......Q0..M.. .....0.....>0..:0......`;.l.uZ..k.F..^|A.Tb..2017
0204022145Z0g0e0=0... ........./Ev..Y..].....x.#......Y0.GX....T6.{:..
M....'.k....20170124185021Z....20170421185021Z0...*.H.................
..j....G%...."B.....J..@Y.....G.4.t,......5H..r.$......#x}.q...l. 3..w
.......[S.0..Ps0.~,.....zq.TJo.a;."..'..~b.....Pg?>@...l.......R!..
z..2..Z..I...#t..h_.2...>..#....P[..Z..%.#...w............"..S.n...
.o5"i;9.....ok.N.S..~h.S.v.Q.....E...A....J....q....0...0...0..m......
..'.L0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U....Cybe
rTrust1"0 ..U....Baltimore CyberTrust Root0...150909174603Z..170909174
536Z0%1#0!..U....Cybertrust Validation 20150.."0...*.H.............0..
.......?....(Fb....G... ..=..(L..wK...04..I......C...1.Z......U.$b.f..
Pa.....S...#..B.........^T..IP8..........h8GM..*.4.MP..../D4n.=ZTeH.B=
kOT.v..2@F.2L..A...yn.4......fP...L...2.x....$..@@....q2...Uby.e......
D....lf...C....ZP}O......7...mM..c.g..j.\.>.O....G.A........0..0...
 .....0......0...U.......0.0...U...........0...U.%..0... .......0...U.
#..0.....Y0.GX....T6.{:..M.0...U......`;.l.uZ..k.F..^|A.Tb0...*.H.....
........|]...`k.n........0.A.P..N< ._>)..yS..RV?...U.....4BQ....
L.BAD.`.WId....*...;Z.M...K..S.l.f.q....>.b..dl./....H<.F9.....V
.4....O..5.....-...W....4.,.k...Y.R..........Z..)j.r.....V.s.EQl.<n
HO.........CI/M{.r....3...}.n.*.<........g^.B...P.X......dE....... 
}...
<<< skipped >>>


GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com


HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60 
Vary: Origin 
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>


GET /avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: 2.gravatar.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: image/jpeg
Content-Length: 911
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <hXXps://VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=g>; rel="canonical"
Access-Control-Allow-Origin: *
Content-Disposition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"
X-nc: MISS arn 2
Accept-Ranges: bytes
Expires: Sun, 05 Feb 2017 03:36:38 GMT
Cache-Control: max-age=300
Source-Age: 0
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), qu
ality = 90....C.......................................................
.............C........................................................
............... . ..".................................................
...........}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
......................................................................
.................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*
56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz................................
....................................................?........Z...Z=...
..G......<.i...........wf.c.....c...../....u..O......|ei....4......
{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1...
...A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....
O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38
 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-
alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https:/
/VVV.gravatar.com/avatar/52612bfba40c463ad5878c3862379d1c?s=32&d=mm&r=
g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Dispos
ition: inline; filename="52612bfba40c463ad5878c3862379d1c.png"..X-nc: 
MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 G
MT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............
;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....
<<< skipped >>>


GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Server: Mini web server 1.0 ZTE corp 2005.
Content-Type: text/html; charset=iso-8859-1
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
                                              <HTML>.           
                                   <HEAD><TITLE>404 Not Fo
und</TITLE></HEAD>.                                       
       <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK=
"#4040cc">.                                              <H2>
404 Not Found</H2>.The requested URL was not found on this serve
r..<!--.Padding so that MSIE deigns to show this error instead of i
ts own canned one..Padding so that MSIE deigns to show this error inst
ead of its own canned one..Padding so that MSIE deigns to show this er
ror instead of its own canned one..Padding so that MSIE deigns to show
 this error instead of its own canned one..Padding so that MSIE deigns
 to show this error instead of its own canned one..Padding so that MSI
E deigns to show this error instead of its own canned one..-->.<
/body>.</html>...



GET /pingjs/?k=aacxow2ith0d&t=SPECIAL MOVIE&c=c&y=&a=0&d=0&v=22&r=6060 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: whos.amung.us
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: close
Set-Cookie: uid=CgH9HliWnK6gBxs7NcgwAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/
Content-Encoding: gzip
34.............w../.O.P740P.QOLL../7.,.0HQ.1....JMup .....0..



GET /tc.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cdn.tynt.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Set-Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519; expires=Mon, 05-Feb-18 03:31:59 GMT; path=/; domain=.tynt.com; HttpOnly
Last-Modified: Tue, 17 Jan 2017 20:22:08 GMT
ETag: W/"587e7cf0-386b"
Content-Encoding: gzip
CF-Cache-Status: HIT
Expires: Wed, 08 Feb 2017 03:31:59 GMT
Cache-Control: public, max-age=259200
Server: cloudflare-nginx
CF-RAY: 32c34ae607795948-VIE
1622.............;.z......4..D.Q...-iXu.'u.....Y......"....X:.~g.n....
.K.e0...f..n.v...y<[$.h.i.G..N...a...vtt.%q.j..giga..C.T{'R......^D
..."?....\..NC.G.....u...L.C.g........s...#/... ..<.D.....{...2:e.~
.fIl...:.|.m....;.....F"....  .@.j...vip.....x.c...k.x.<.].....U...
.....q..}`.{...g.'.b......{....C<X?...?.0........G .S1.h......V"f!.
.....ZR..O...o6......dE.Dd.$..U04.IYn./.........(.ua..;.G..j...O..;1..
t:.}....J...............z.x.%!kL.Y.g....!.M.......a.........5{...\....
.a.2U..]..Q.`..#.._...?.[.zI0..6N.H..|....l.]...........];q.z..3g.r...
(.o...%.N..a...m6%I.>......m..J/BA.Rg..N.... I.....enm{.K.j....>
.t.y....S......5Fu.&...E.0D.$. .-.....o.t .@.s....k>z.._nI...)...-.
s..sf.......X.fq........^..r...[..;.......6......u:.hPaL5...'.Hl..Eq$t
:..(....6...S...$.D....u....vC.Mt*g.......{A4.. [...E1h..uH.....&...Z.
..... .?.\..z.......l....48.^....wI......go...z{...ixz..)..z".WC.cJ..4
.O.=...83...D.Y..%..I[.E....1.Q......4..=0...8....ym....48...k....V?].
.VD.%........!U ...R..............e|'.s..{nN.k.]..>....Da.......q..
U .....\Qy.k.K.M.....`.L.?:........$sKC..w.mp/.:K...8Y...7.0nz0..d....
.B...V0.D?.....8.c.dP/..$.....[x>.. ...7.....!z.D.C.8\.......<W.
.D.............y.B#..Q.!.."...x.xB'..O.b.?;.(F......}.e3...[.*..c.....
q...3..q#...v.M..BZM4"......2.i.9.8}..!l.b..8z.T.4q.......,q ".:...V..
.. N...\:p....6.ivY.....N.^..ltA.M.......#...6(....(.C:a....O...) .U.&
X..'...h.....d.\F}1X..'.p.z.........c...6...sc..@...{..P.U.z..wT.../#M
...^^..Or^=..;..........IJ"@.......&.z...s.AH...(.1.....z..W.. k`C
<<< skipped >>>


GET /avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: 0.gravatar.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: image/jpeg
Content-Length: 911
Connection: keep-alive
Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT
Link: <hXXps://VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=g>; rel="canonical"
Access-Control-Allow-Origin: *
Content-Disposition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"
X-nc: MISS arn 2
Accept-Ranges: bytes
Expires: Sun, 05 Feb 2017 03:36:38 GMT
Cache-Control: max-age=300
Source-Age: 0
......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), qu
ality = 90....C.......................................................
.............C........................................................
............... . ..".................................................
...........}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:C
DEFGHIJSTUVWXYZcdefghijstuvwxyz.......................................
......................................................................
.................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*
56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz................................
....................................................?........Z...Z=...
..G......<.i...........wf.c.....c...../....u..O......|ei....4......
{2.........O<..h^G!UTd.z.^..=.Q.te...Y....3.......\'.=%/u..$P..1...
...A..(........3[.\,......9.wo..^.,O....RD%YX`.:._LW..\.R.\..5...;....
O.V.?..HTTP/1.1 200 OK..Server: nginx..Date: Sun, 05 Feb 2017 03:31:38
 GMT..Content-Type: image/jpeg..Content-Length: 911..Connection: keep-
alive..Last-Modified: Wed, 11 Jan 1984 08:00:00 GMT..Link: <https:/
/VVV.gravatar.com/avatar/cfb9b68598748471e884ae8e1367a070?s=32&d=mm&r=
g>; rel="canonical"..Access-Control-Allow-Origin: *..Content-Dispos
ition: inline; filename="cfb9b68598748471e884ae8e1367a070.png"..X-nc: 
MISS arn 2..Accept-Ranges: bytes..Expires: Sun, 05 Feb 2017 03:36:38 G
MT..Cache-Control: max-age=300..Source-Age: 0........JFIF.............
;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 90....C....
<<< skipped >>>


GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com


HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60 
Vary: Origin 
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>


GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDGdVziPu5Jt2IgvM6w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:29 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d177c2e50aa525e8da57f1c655c3f18d61486265489; expires=Mon, 05-Feb-18 03:31:29 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sat, 04 Feb 2017 23:47:07 GMT
Expires: Wed, 08 Feb 2017 23:47:07 GMT
ETag: "04520f3b7d52160ed2926b230316ce4b325fe5ae"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a30223d5954-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
4234707Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.gU.#...v".......20170204234707Z....20170208234707Z0...*.H............
.,....U....)}woI.(.........Xxb,.k>e.H...].@.H`..).....g.v.D..D.#...
./..:.?1...Pg@Q...!....q,-&..B@...0.\>X.&..n.}.%:>{.[../G{f0...y
f..^..2F..k.Sjs..gr...... Mm/.(.2d....$.2<....}.....ya.,....R....ux
z.).Py..4Cj....0OZs...73i.,_.L5..F.d..bI..M...qD.......0qkU...K0..G0..
C0.. .......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....Globa
lSign nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA25
6 - G20...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....Globa
lSign nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization V
alidation CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0..
.......C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k......
.D.........u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...
l...P.6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e
;.....n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0
..0...U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0...
 .....0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globa
lsign.com/repository/0...U...........0...U.%..0... .......0...*.H.....
.........H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../
.'..1."......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,.
..||.V....K..L...dX...a....6'..U..G....A;..........4K...........k.
<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDEVLD4SzDqtMG/eBnw== HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:38 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d485dd5c146495f3bf64f50d08c764eab1486265498; expires=Mon, 05-Feb-18 03:31:38 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:04:24 GMT
Expires: Thu, 09 Feb 2017 03:04:24 GMT
ETag: "77fdbcd515e40e764a1a170d858cc02ce4ffebe9"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a6847b95954-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5030424Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.EK.....L........20170205030424Z....20170209030424Z0...*.H............
.....z.SPl..b..#].GR..).v.&.4..*;.....<..=....<......nJ......;..
j...T..1....}.-.'..*.!../F.....R.jE ....qC.....*].......)R...G{e..O.F.
[..=wX..=.."..z.;..,l.4.*.k...].......Bx.x..6.d.F..z...QA$A.~Y..l-..{.
....?...O..'P.w.*IU....i*..v.p....YM....S....g..X-..\...K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a8fd3655954-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>

GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9063745954-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>


GET /wp-content/themes/dream/js/html5shiv.min.js HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:24:31 GMT
Last-Modified: Wed, 13 May 2015 16:18:29 GMT
Content-Length: 2636
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:24:31 GMT
Content-Type: application/javascript
X-Varnish: 6666052 6349869
Age: 7603
X-Cache: HIT
X-Cache-Hits: 339
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
/**.* @preserve HTML5 Shiv 3.7.2 | @afarkas @jdalton @jon_neal @rem | 
MIT/GPL2 Licensed.*/.!function(a,b){function c(a,b){var c=a.createElem
ent("p"),d=a.getElementsByTagName("head")[0]||a.documentElement;return
 c.innerHTML="x<style>" b "</style>",d.insertBefore(c.last
Child,d.firstChild)}function d(){var a=t.elements;return"string"==type
of a?a.split(" "):a}function e(a,b){var c=t.elements;"string"!=typeof 
c&&(c=c.join(" ")),"string"!=typeof a&&(a=a.join(" ")),t.elements=c " 
" a,j(b)}function f(a){var b=s[a[q]];return b||(b={},r  ,a[q]=r,s[r]=b
),b}function g(a,c,d){if(c||(c=b),l)return c.createElement(a);d||(d=f(
c));var e;return e=d.cache[a]?d.cache[a].cloneNode():p.test(a)?(d.cach
e[a]=d.createElem(a)).cloneNode():d.createElem(a),!e.canHaveChildren||
o.test(a)||e.tagUrn?e:d.frag.appendChild(e)}function h(a,c){if(a||(a=b
),l)return a.createDocumentFragment();c=c||f(a);for(var e=c.frag.clone
Node(),g=0,h=d(),i=h.length;i>g;g  )e.createElement(h[g]);return e}
function i(a,b){b.cache||(b.cache={},b.createElem=a.createElement,b.cr
eateFrag=a.createDocumentFragment,b.frag=b.createFrag()),a.createEleme
nt=function(c){return t.shivMethods?g(c,a,b):b.createElem(c)},a.create
DocumentFragment=Function("h,f","return function(){var n=f.cloneNode()
,c=n.createElement;h.shivMethods&&(" d().join().replace(/[\w\-:] /g,fu
nction(a){return b.createElem(a),b.frag.createElement(a),'c("' a '")'}
) ");return n}")(t,b.frag)}function j(a){a||(a=b);var d=f(a);return!t.
shivCSS||k||d.hasCSS||(d.hasCSS=!!c(a,"article,aside,dialog,figcap
<<< skipped >>>

GET /wp-includes/js/wp-emoji-release.min.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sat, 04 Feb 2017 18:57:13 GMT
Last-Modified: Thu, 23 Jul 2015 11:33:34 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 04 Feb 2018 18:57:13 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 4314
Content-Type: application/javascript
X-Varnish: 1072180 627494
Age: 30841
X-Cache: HIT
X-Cache-Hits: 172
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........u..r.:....U8.-.,.2)~..a\.L.TjN..:.....w.....Y.HT.3.oa.v.....
...0q~.`. ...h.....N./6 -......\.6F.......<,..........'.:..*..\7..&
lt;...6k9Y7..nz...'*P...4....,..A.M_.D5.A.4.,......U..j.F.....VMP. ...
......w..l..m..j.j.X.-D.IT.....3.~g...u.&........24e}}{.Ii.s[...K...,.
../7..........E..u........[.............,.....O..[]..z6....y.N.o.....}
...Z.j.$.:\....z.N.2..H....6....}.1.E.h..#ZE...6..U.o..S.. .S...r]>
K......w.O u..A.....O7...s....m$.X......Dt0.m..:........hf........K...
.Q..Lw..P.0....u|.....M......<;[..FVI...m.NO.u)}.f.J....,...|e.j..(
........H....WM..[....j.pk._K.^M.M#As.}......b...bU>...E_..z......:
.....J.U.LzQ.V...B[G..r..].rm...8..e.>...ou.....6..cm..|1=t....U.].
.V.r...W..)-...(a..}..;...J.?W.n;.......U..,b..eE......z.T.S...8..8(l.
.....Z5]L...Z.......ad.................*{/..c...M_.h................lm
......u..u....Ay...y{..z..C% ....\....Rg./.35Q.....Z.Ve..A..|.Zo-o...(
)....."...eu...p.T....-.<.....z.2..(/.A|.$. =........<.Y..h...r.
ym....{{N.c..O..'...P.....*jG..w.i7._.b...x;........-.v..w......E..,.&
gt;n.0:......}|4..s... ......;.."{_........X..m.y..mv.....>..3B.R..
.ug*]^.D.V..W.....Y.......z.....3;.]Y...*p6?.......k....;..a.Y........
...tuOOm.d..4Wv....4.W.Tt.~1...v.;...E.P~uf.zwM.\O..k..~f....E........
]Lz.Y...P./...{>....{.....[..._......[..b.IV..k.Z<.z....L..fq.f.
.n.. Hi..k.........*p..0.F.U..9g.L.]..}..}..1...Ap5.}cF.......u...p=..
! .A.Jx 5..| x0....NS....#.2f%. .S{.....}3.%..FO..>q.x.^.....{....O
.K.....o.]{............)....[SlM..1[......)T.F..`.Q.GG............
<<< skipped >>>

GET /wp-content/themes/dream/font-awesome/fonts/fontawesome-webfont.eot?v=4.2.0 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:05:56 GMT
Last-Modified: Wed, 13 May 2015 16:19:42 GMT
Content-Length: 56006
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:05:56 GMT
Content-Type: application/vnd.ms-fontobject
X-Varnish: 8474627 5811078
Age: 1519
X-Cache: HIT
X-Cache-Hits: 130
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..................................LP..........................$.......
..............F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.
n. .4...2...0. .2.0.1.3...&.F.o.n.t.A.w.e.s.o.m.e. .R.e.g.u.l.a.r.....
BSGP..................~.........`.......Y.D.M.F..x...>..........)[.
.1..H....-A)F....1..../.S7.U.'.&a..;a.#71.^...wR.. .P...r...o....b..R.
.6....l..n._Up.!........b......h.,7z..U..........].)..WF..(...VH..# ..
..j.2..l.Q....T&*...j..9.._..[."L......... aA.ynF........e.....Ga.1E. 
a.b..0....8zSA..-........=7..Ex..Cr......06.,..R~>..cI:.S*..`5..n.(
TefX`...@...A...L...=.C.=..e.<.'f...sH.'.e.i/"x.. ...X@l.W.!b..8R.8
.*j.a.eFUkL.....I....'.Z........@..I.3H....p.GH.......@Yi@..i..S.w.0..
..b..@Xoy..{..f....h..U...h..L...*.l....... N.1{....)e.T....0R..n.....
/S.c.PV..z6%f}.4.C...&....W..'.,.A........@Q%....F.`.Th.]...3......X)@
.VZ=F.Y.\'S.Ngx...,...'.........b.R..m.....j...[.b..0A....NM.$...X.m..
..YQ....v..a..iT3...CT....#...8EFM2*..... $.I..)>.7....=... ...b..t
_.:..>RfH.U.6b.....[..~Y%,.3j....|..^e..C.vZ.`^ HT..L...~.[..\rs!..
J.9H.:....M........6@......W.`.&....y.{.......9..........KAQ3.......T.
.q..".B.<......,K"..{.C....K......l7e.hA..z...z..9%).`...,.(.V.....
...ksX......&`.J..D..<4...3&.CE..Q...@..N10..5!X..EE....'..f.mp.!=.
.K....Uy.P.H.Z.....A ....r...@.......n....d..w.7..-........."......$.*
nq."d.Q.....'._.....8.......[.....Y B.....@... E...........2.F..Qd..Ip
`......21..y.2...5..)..L*N.....owq..v....F...B5_`..[1....g.........]..
.....C.....q..ZbO.gb8o../z...N)s.@%......V..p.X%-....`t}.G..65.h.~
<<< skipped >>>


GET /ss.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcb.com


HTTP/1.1 200 OK
Server: Apache
ETag: "56cb56c1648f51e7e216cb070afae6b2:1486242682"
Last-Modified: Sat, 04 Feb 2017 21:11:22 GMT
Date: Sun, 05 Feb 2017 03:31:37 GMT
Transfer-Encoding:  chunked
Connection: keep-alive
Connection: Transfer-Encoding
Content-Type: application/pkix-crl
00006000..0....0.......0...*.H........0~1.0...U....US1.0...U....Symant
ec Corporation1.0...U....Symantec Trust Network1/0-..U...&Symantec Cla
ss 3 Secure Server CA - G4..170204210122Z..170211210122Z0....0!....K..
Kx.:.....37..160628125652Z0!....Rk.......(!u....160331033634Z0!....lv.
..>.?O...^...160622011159Z0!.....6w...iP...s.M..160608011251Z0!....
...1^...B.Ph.H..161208073412Z0!....r-...0u..B\.`...160602011343Z0!....
E.u2..1....L....160315011119Z0!.....Q..-(....}._h..170130053955Z0!....
.....J.N.h......150217135549Z0!....N.....e....F?B..160401232208Z0!....
........XW.M....150816010821Z0!......x....Xvheqrv..170102113703Z0!....
..y.....a..C....160621011139Z0!....Q8*.|..]6.".4...150330080110Z0!....
.!!..O..........151124201031Z0!....2.....E..yYT.E..161207145003Z0!....
eL.Y icf}.:..N..140508200907Z0!.......>..z(L..0i...150517010832Z0!.
.....Q.0...j.D.....160601160659Z0!.............j f....160613011111Z0!.
....v.;..u7.3......160916195205Z0!.......`...5w.......161011093118Z0!.
....8.@.N..w.n.aw..160122052207Z0!.......n....[...6a..140729211122Z0!.
....Z...k1S.<.. I..150727184447Z0!...";.M....Gp.f.....160621163727Z
0!...#D..!jhMz........160906045841Z0!...#]........x.zW-..160329114327Z
0!...$.K/."T....w`K...160215003231Z0!...%.vu..;..r*y..E..150802010744Z
0!...&...$...tX...5...160810011135Z0!...&....5./C...c....150310141723Z
0!...(SD.....h.4vtr...160727164314Z0!...).....9:..2......160523133724Z
0!...).......0^.B.....151102010800Z0!...)....BF...o.T....160111184646Z
0!...*..`.y...T\a.<i..160321112541Z0!... ...kM..jZY...$..160118
<<< skipped >>>


GET /pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc=
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 320
X-XSS-Protection: 1; mode=block
Set-Cookie: test_cookie=CheckForPermission; expires=Sun, 05-Feb-2017 03:46:59 GMT; path=/; domain=.doubleclick.net
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://cm.g.doubleclick.net/pixel?google_nid=eye&go
ogle_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc="&
gt;here</A>...</BODY></HTML>......


GET /pixel?google_nid=eye&google_cm=&google_sc=&bid=gdo9o51&newuser=1&google_tc= HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: cm.g.doubleclick.net
Connection: Keep-Alive
Cookie: test_cookie=CheckForPermission


HTTP/1.1 302 Found
P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"
Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, must-revalidate
Content-Type: text/html; charset=UTF-8
Server: HTTP server (unknown)
Content-Length: 310
X-XSS-Protection: 1; mode=block
Set-Cookie: id=22befda9811100d9||t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net
Set-Cookie: test_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23:59:00 GMT
Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LAWnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domain=.doubleclick.net; HttpOnly
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&am
p;google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1">here<
;/A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policyr
ef="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa 
ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC N
OI DSP COR"..Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=
1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1..Date: Sun, 05 
Feb 2017 03:31:59 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:
00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: tex
t/html; charset=UTF-8..Server: HTTP server (unknown)..Content-Length: 
310..X-XSS-Protection: 1; mode=block..Set-Cookie: id=22befda9811100d9|
|t=1486265519|et=730|cs=002213fd483636e64dd1040bbc; expires=Tue, 05-Fe
b-2019 03:31:59 GMT; path=/; domain=.doubleclick.net..Set-Cookie: test
_cookie=; domain=.doubleclick.net; path=/; expires=Mon, 21 Jul 2008 23
:59:00 GMT..Set-Cookie: IDE=AHWqTUlqszoYQayW8TZl0vAcLdLlZmtS-lGLPEL0LA
Wnmt4cuy4c6U1R0A; expires=Tue, 05-Feb-2019 03:31:59 GMT; path=/; domai
n=.doubleclick.net; HttpOnly..<HTML><HEAD><meta http-eq
uiv="content-type" content="text/html;charset=utf-8">.<TITLE>
302 Moved</TITLE></HEAD><BODY>.<H1>302 Mov
<<< skipped >>>


GET /pa?p=2:2051282539:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..



GET /templets/default/style/home.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:34 GMT
ETag: W/"0c1d3963869d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
2ee.............V.n.0.}....5Z.]..!i.|Ld..o....M....7.$...U.......3...\
..N u..%..<..GB...p.D~.mCy..].O.....8e(......xo....nc.B.3.........C
E;..G....[^3.U...j....<.N..F.!...X...3..$P....h..K..ior...R.('.....
.. .c..a..m.D..^....[...W...UT.,@q.a..>65....nH....!....{......%o..
..-.D...?.c.R.<..>......q.=.%.....=.m..m....:.......|...k..fV}B.
e.xg.8.}.....Y...x.1m.Qo..,....{....?5..........v.`.#\.L[B._...$Yla...
6...}...m...r..0..&PB....^.:.@...1JM.KV....i. .9.a..ja....-&A}(.y08...
/.........m.^.}.=.n=...._m.=5 ...?f.......8.c..B..i..i.t.........:. ..
#>.M<L..\.`."..9D.......V^$v-..9.../.....8...C..F.V5e......?..K.
>.t..........(.....}.b.r.........Qg..Q........G........H\U.7.......
.....v..i..%..{a.t...l.h.lO.KaO~ym...dYd...Xe\._.3.|...o...T{..n.[,...
...!.......0......


GET /templets/default/js/tabicon.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 715
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT
Accept-Ranges: bytes
ETag: "094a2953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
...var colors = {....0:"#ef6523",....1:"#fc3159",....2:"#000000",....3
:"#c4161c"...};...$('#cont .ul1 li').hover(function(e){....var index =
 $('#cont .ul1 li').index(this);....$(this).find('a').css('opacity',0.
3);....var x = $(this).find('a').eq(0).css('backgroundPosition');....x
 = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition =
 x ' -476px';....$(this).find('a').eq(1).children().css('color',colors
[index]);....$(this).find('a').animate({opacity:'1'},300);...},functio
n(e){....var x = $(this).find('a').eq(0).css('backgroundPosition');...
.x = x.split(' ')[0];....$(this).find('a')[0].style.backgroundPosition
 = x ' -382px';....$(this).find('a').eq(1).children().css('color','#80
8c9a');...});....


GET /templets/default/js/oninput.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 653
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT
Accept-Ranges: bytes
ETag: "80fd9953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
function inputFocus(id) {...  var $input = document.getElementById(id)
;...  if (!$input) return;......  var next = $input.nextElementSibling
 || $input.nextSibling;......  if (next.tagName.toLowerCase() == 'span
') {....  $input.onfocus = function () {.....  next.style.display = 'n
one';....  }.......  $input.onblur = function () {.....  if (this.valu
e == '') {......  next.style.display = 'block';.....  }....  }....... 
 next.onclick = function () {.....  $input.focus();.....  next.style.d
isplay = 'none';....  };..              next.style.display = $input.va
lue == '' ? 'block' : 'none';...  }...}..ready(function () {......inpu
tFocus('search')..});HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 05 F
eb 2017 03:31:50 GMT..Content-Type: application/javascript..Content-Le
ngth: 653..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016 04:
06:31 GMT..Accept-Ranges: bytes..ETag: "80fd9953869d11:0"..X-Powered-B
y: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control: max
-age=86400..X-Cache:  from WT263CDN..function inputFocus(id) {...  var
 $input = document.getElementById(id);...  if (!$input) return;...... 
 var next = $input.nextElementSibling || $input.nextSibling;......  if
 (next.tagName.toLowerCase() == 'span') {....  $input.onfocus = functi
on () {.....  next.style.display = 'none';....  }.......  $input.onblu
r = function () {.....  if (this.value == '') {......  next.style.disp
lay = 'block';.....  }....  }.......  next.onclick = function () {....
.  $input.focus();.....  next.style.display = 'none';....  };..   
<<< skipped >>>


GET /getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: nginx/1.11.5
Date: Sun, 05 Feb 2017 03:32:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Location: hXXp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.141:80
....


GET /bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ib.adnxs.com
Connection: Keep-Alive
Cookie: sess=1; uuid2=3648886337069900944


HTTP/1.1 302 Found
Server: nginx/1.11.5
Date: Sun, 05 Feb 2017 03:32:01 GMT
Content-Type: text/html; charset=utf-8
Content-Length: 0
Connection: keep-alive
Cache-Control: no-store, no-cache, private
Pragma: no-cache
Expires: Sat, 15 Nov 2008 16:00:00 GMT
P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"
X-XSS-Protection: 0
Access-Control-Allow-Credentials: true
Access-Control-Allow-Origin: *
Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr76e1
Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
Set-Cookie: uuid2=3648886337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32:01 GMT; Domain=.adnxs.com; HttpOnly
X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.149:80
HTTP/1.1 302 Found..Server: nginx/1.11.5..Date: Sun, 05 Feb 2017 03:32
:01 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Co
nnection: keep-alive..Cache-Control: no-store, no-cache, private..Prag
ma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="
hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSD
o OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..A
ccess-Control-Allow-Credentials: true..Access-Control-Allow-Origin: *.
.Location: hXXp://ps.eyeota.net/match?uid=3648886337069900944&bid=2cr7
6e1..Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Mon, 06-Feb-20
17 03:32:01 GMT; Domain=.adnxs.com; HttpOnly..Set-Cookie: uuid2=364888
6337069900944; Path=/; Max-Age=7776000; Expires=Sat, 06-May-2017 03:32
:01 GMT; Domain=.adnxs.com; HttpOnly..X-Proxy-Origin: 194.242.96.218; 
194.242.96.218; 203.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.
33.222.149:80..
<<< skipped >>>


GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d330913c78f57201f33f64dc5ccd2de251486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9092c15a1a-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>


GET /wp-content/themes/dream/style.css?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:17:46 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 05 Mar 2017 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 6537
Content-Type: text/css
X-Varnish: 7089079 4424375
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1038
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........=ks....._..O.......y..i.tz&M;Mz.!..@"$..H..l..........V>
'i..X...b.dO_.>.....t.f.M..F.....3.n.rvzzS/.z./..i...i......f]T3rS.
......{..E..MZ.r-..d.....X].y..0.[Q%?.sM.bq......a<..g.....5...._..
,g.....y....#7#..d.a..7.....W.6...i&...U.E#Xc.l..'v..7....r"(CW.......
... .on.hQd.M^..=D........M..6,...&]\.....>.XTpR......Ux.`.d..3H...
$K.5...f...l..U.H...}...v.6.).......f.. .(..O......}B...kZ1..m. ....1Z
.0.m..I..Vu..%.....,r. .Z/..G.s.5..v.'/.;!..p.._S....l..}.C..Y?...f._.
]..2....3..5.JX.f..6k._..)..2.....&...!....|O...._....9.A.......... ..
v..2.(.xQ..........._.W.^.O..}.....|...Oo?|.8..6 ...O..X...|......z...
....%o......d....z..8k.............. .....^,...y....w.-Y...|....r..T..
....d..g8.."o..w.OC.3pw.... V...y]..|.....x.{.!....D@4.Y....~dIJ.|.3~G
.-..#~..Ja.!..;~.....$~..7..`.P......H.-.&.v3R...j ...w....u.D.....E#.
..$.Q9.<G.M..._..k.7/.......E......j..=.g..%..iV.{.t..G...V..,.....
.....2..F....M.W...Qo7.._/I.......bq-..&i..-h~Ca....G......cP.g ."9...
!.4.(2...*.....E....H.|V.91f...=Z.t.n..>..$a..~.a..U.g.N..s..^U..AT
....T/A.....Q ...t...a..J..l.>.W......>).}VE...&.3-.H.?.D....6..
R.....^d.$Y.m'..@..H...p..&.3r.\.*Gr....@....x..iF.$..[.d[Z..Sd@~J.].@
..................h.O.F- h$..=#..nV...m.....Y......a...`....`....q...@
.4/0;.]Wb.;.2...Y.i.Gv..S)..V...y... v=O.....nJ..o...~Z.E..xeP|(.?..I.
..y.6H...<...a.......... O:.A{...P.6......M..#c..b)~nH:~.. ..{.@...
.~nv%....x.E.@..$`...L.I...R...%h ./.$b*d.mU.>."m.Ot~..M.....J...$G
'lI.Y.....M.W.,....<G..'p;,.<*i.p........2.F.....k...&s.DA.=
<<< skipped >>>

GET /wp-content/themes/dream/js/navigation.js?ver=20120206 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:31 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 438
Content-Type: application/javascript
X-Varnish: 5324557 5374644
Age: 131607
X-Cache: HIT
X-Cache-Hits: 1273
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,....`....
ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<........."g
gQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.gU?...E.d
....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\..........V..4
...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z....T../p.
]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&..........c
{C.sb.o.Ku@......&.....~.tS...HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 
14:57:48 GMT..Last-Modified: Wed, 13 May 2015 16:18:31 GMT..Cache-Cont
rol: max-age=2592000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..
Vary: Accept-Encoding..Content-Encoding: gzip..Content-Length: 438..Co
ntent-Type: application/javascript..X-Varnish: 5324557 5374644..Age: 1
31607..X-Cache: HIT..X-Cache-Hits: 1273..Server: Rocket Booster..X-Pow
ered-By: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep
-alive.............R;O.0..._qLIK..\e....X...I.....}AD......!..n..{..,.
...`....ig.G.A7.W.4..\].mk.w<...m....V....G.A2u.dP5..`..~...<...
......"ggQb.$bw.9..hxN.F.3.}...e.i...}..&.D..2...C.......7,.....u .n.g
U?...E.d....A<ml......<.j.......b1'.5f0J.b.......8..."Nu.\......
....V..4...........k.ZN.Zg1]..C..."...eV^.9~.9... ....W.M1....\..B.Z..
..T../p.]2g.......v...Jg...O.|..../......r........Gn..z.A. ...}.'7&...
.......c{C.sb.o.Ku@......&.....~.tS.......
<<< skipped >>>

GET /wp-content/plugins/akismet/_inc/form.js?ver=3.1.5 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 01:25:00 GMT
Last-Modified: Tue, 13 Oct 2015 19:52:11 GMT
Content-Length: 700
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 01:25:00 GMT
Content-Type: application/javascript
X-Varnish: 11344493 6664469
Age: 7597
X-Cache: HIT
X-Cache-Hits: 92
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak_
js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'ak
_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( '
type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}.
.ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var comment
Form = document.getElementById( 'commentform' );..if ( commentForm ) {
..commentForm.appendChild( ak_js );.}.else {..var replyRowContainer = 
document.getElementById( 'replyrow' );...if ( replyRowContainer ) {...
var children = replyRowContainer.getElementsByTagName( 'td' );....if (
 children.length > 0 ) {....children[0].appendChild( ak_js );...}..
}.}HTTP/1.1 200 OK..Date: Sun, 05 Feb 2017 01:25:00 GMT..Last-Modified
: Tue, 13 Oct 2015 19:52:11 GMT..Content-Length: 700..Cache-Control: m
ax-age=2592000, public..Expires: Mon, 05 Feb 2018 01:25:00 GMT..Conten
t-Type: application/javascript..X-Varnish: 11344493 6664469..Age: 7597
..X-Cache: HIT..X-Cache-Hits: 92..Server: Rocket Booster..X-Powered-By
: Warna Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.
.var ak_js = document.getElementById( "ak_js" );..if ( ! ak_js ) {..ak
_js = document.createElement( 'input' );..ak_js.setAttribute( 'id', 'a
k_js' );..ak_js.setAttribute( 'name', 'ak_js' );..ak_js.setAttribute( 
'type', 'hidden' );.}.else {..ak_js.parentNode.removeChild( ak_js );.}
..ak_js.setAttribute( 'value', ( new Date() ).getTime() );..var commen
tForm = document.getElementById( 'commentform' );..if ( commentFor
<<< skipped >>>


GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"cf3d398b27d21:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
X-Cache:  from WT263CDN
4d3.............[yS.I...............Kl..../vv.ko.11A4R#.-u....="..N...
.{.,...3.9v|...]vU...../...j.$.yvD.jugeef.2.* ..g.......|.....~....t&.
t.|.|......bI^Q.-..j...>.~R.2.B_V.........?...^.{R.....&H......xB .
4QK.]h|...?|.f|....Q.....'V..........1.....c.5..[t.F _..}.../..R..y...
..Ctg.....2...w..q....l..p....Y..?..R.t.S.T..j.)AM........Q.nh....&...
.NgR....B/.Mi..$...iY..B.n..&..@Y..2.......'.R*J&.....RrB.........H...
.*....~...q.......k}YA.l../....(.......%.#|.6~M....d.j..u.7{.3&bF....M
 .h......U...~....G....u.?kl...c}a.....<...!.z.kl.Z..~N.G}.Y..59.m.
.HK..,.$Bw__w.....aR...Bp.....1....Pk.F..L.[..*...h....A..n_........=.
c.$..U5.3...[,0..t....Q_qx......U.....zS2.]...Xdj5...........:.<...
.t`..#..A..c$..:l .......TN....`.0........z6.a.L..0.'Hq2f..2=v.J{ ._..
@PN.......>....a...H..wa {..vC.k...>9./l.....alI...X...^I.).....
*.).W6.zRr.:A.U.4A6e..22A.I....0Bx%....../]......@` ........i5......|.
..h.)..lm..C...&D..>L.R6:(.8!..\..}A...fP.r....D.....fP.O.0.......G
..]...8(.\.~o.B.......l;....V5Q.-.i............t$..DZBm..3 .... ..6...
..H...vX.'.Y.....7f_.7...{.l.D.#....p.t...3...X..;...x~4.......H.I.2b.
.P.!...j.7|..[|........7..&...9....1 1.Y.m$.....j.P...Y1p|..x0.A.x.%..
(l.r.Y.S...,r..4.z....jm.D6....i..~..9>...w.wk..z.`.6H.TF.G.S.07W.}
J..5af..L...k.D.Vi..E...r|V..fXo..q-........!....{~;~.ub71.....r.;Y...
.zdM...)\.(....-Kk.$..-B.....#.<g.{..B}oV..-t}..........|.w..S.s.u.
......r..o....."........p....q.....z..,..4........5h&..."..p1%`.......
.B.T..3I......_Cb..?.~.r..........\..^p[d.....@...P.%UP...^Y...=..
<<< skipped >>>


GET /dist/meiqia.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:53 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:53 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:39 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"5879cdff-262c9"
X-LogId: 0c5f58969ca9490c7fa9
X-Cost: 0.000
X-NWS-LOG-UUID: 4d9430b8-54df-4fe9-9621-5998b99ed625
2167...............v...(.|N....Y@1I..L....R.dW...\......I...........}o
.k.k../}.......\..z.gtD.@..5..=...L$2#####2#"...........|.P=0......GFH
.I.W..A/.A.G.3;...fYW".}5%.......u...iG|...}..tW.@\.=S...3k..^L....J .
......[>..[.F.n.S. ....7..ID Q...X........j5n....U.L<...W.C.....
v<...j.[....1.....Q/..U-b....7....aWE.l.......P....F?..G.>.mYV..
 ...0.... ak..v|.i._o..%..j.a.-__3.m.zh..R..q ..d....D...d.RM. .H....I
.s...A.1...!.m..LB;=H........A.. [..V_Ar. ..\Z1.>$/.r..U.<...A..
d..z....r.o..]H......./!yj......!.. o0.].....|..BUo!..A.a...........v.
A..A......H~k..0.5?........... ..A..$t..H~m..1.....?..o.......3..1.*.1
..F......q.j{.....o^.>.f...$YH)...S.&.....?Hi.H7:.%..~..X1.%.W#....
....>K.....I0...>....B...=...E.c..d.Ql.?._F...O......}.r3y.. ..A
!'_|H.....]..E..L.om.zo......_........Cj;."Qy.,....c.6"[<...E......
/.. .R>..8nd.<.$.}....X....x.?..C...c7{lk.N.....4F .p*c..3....i.
.....m..i._rn......@..M.j...@i..V.z.YQD.!.>E. ...6.C.F#.......Ovw..
5....0...z.p..Z....gZ.x.......\?.c....W25..Z..O.sFD..O*HP...r.....pKCd
..:@P.../4.[Z.......J.FWI.KH...z.........'.a0....O<...f}.......?t..
.o.q(..... ... .G...l..v:.....?|..z....~.T".c.....(...I.....i@X...m...
G..0.'.Co?./s..o......A...g....`....Vo...O..[uO.-..]..P.....:.......2.
0.d....H..K..hp...W..[....rd.......3..EPc..9...QL}]..W.h.k..!.s.....y.
.`Q....]...j. 8ui........fD...yT`.q. 5.).|J.aam...=..q...1......g.t..#
.(..........._.!)@.u...... ...v...kd.y.?O.2`v.F.U^j....v8.O........'#.
.?..(>>..q$V..vw.<.~...b....7..|.'...l.t....'...w...t`...
<<< skipped >>>

GET /dist/doorbell.html?1m47r5d7qtt65hfr HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:53 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:53 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:37 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
ETag: W/"5879cdfd-f1"
X-LogId: 0c2658969ca9673f1ea7
X-Cost: 0.000
X-NWS-LOG-UUID: 0ef88269-1a3d-48ed-87b0-4503151f48ce
d7............-O.N.0.........T.A..C*.....Ev..7..........5Q..,.....<
t...iS....%gK. (SJ..2..........-jK.s.F|/.......^.6.X.}G....*..B....r..
........S.Y.b.k.9.2..=e1....)U.....r..0.I..(....k9....8..q.x..[L../..[
..... . ......0..HTTP/1.1 200 OK..Server: openresty..Connection: keep-
alive..Date: Sun, 05 Feb 2017 03:31:53 GMT..Cache-Control: max-age=315
360000..Expires: Wed, 03 Feb 2027 03:31:53 GMT..Last-Modified: Sat, 14
 Jan 2017 07:06:37 GMT..Content-Type: text/html..Transfer-Encoding: ch
unked..Content-Encoding: gzip..Vary: Accept-Encoding..ETag: W/"5879cdf
d-f1"..X-LogId: 0c2658969ca9673f1ea7..X-Cost: 0.000..X-NWS-LOG-UUID: 0
ef88269-1a3d-48ed-87b0-4503151f48ce..d7............-O.N.0.........T.A.
.C*.....Ev..7..........5Q..,.....<t...iS....%gK. (SJ..2..........-j
K.s.F|/.......^.6.X.}G....*..B....r..........S.Y.b.k.9.2..=e1....)U...
..r..0.I..(....k9....8..q.x..[L../..[..... . ......0......


GET /visit/init?ent_id=463&track_id=&title=创盈门窗软件&url=http://VVV.sdcysoft.com/&referrer_url=&jsonp_cb=jsonp1486265515688&v=1486265515688 HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: eco-api.meiqia.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: openresty
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Content-Encoding: gzip
Vary: Accept-Encoding
Set-Cookie: session=eyJfaWQiOnsiIGIiOiJNVGszTkRJellUSTNOVGM0TnpNNE5tWXpaR00yTVdGbE9ETTNNbUUxWVRjPSJ9fQ.C3guLQ.mh0DgIZF-7RO72-7SaIQKh9ZzcU; HttpOnly; Path=/
X-LogId: 0ba258969cad48863274
X-Cost: 0.095
X-NWS-LOG-UUID: 23ef525f-e88f-4ffc-b9df-78f0e125ae74
542.............V...6.....Q"..`..>&..).....S...m3`.w2..O....gv'.)/t
.V.S..K.l..E.dB." .....l]j.@...........b.............]...u.r~{.?.K._.W
G\k..@7..]z.JS..,....s..x..X'Jd..d.d.D.....j.....h$=.\.......i.Z...4..
.'...A......mP...z....r...fx...C..Ox..}...r..X.9..."M.~(*...Y...!.P...
b?.Y...]....4..Z3E.....wr....k:.e\....1.I..P.....4.6O.....8....U&..Y..
..._.h.h.....aZp.&).d9..;1._tST2..5.T.....'.,Tz.ST.6 y.n.H....Q{....36
b..%{S...@w.s.>........'.&......H..).RL.... 7X_........s..R..Q.M..h
,.c......w.c.....46.....ds#....1..h......? ....b.W..^a..2....*.i.I{...
>...t$....1.t6....(............iB.....0......QP.Y6.]u.RHt.lI..W.%.=
...8l;wj....T..%O...$...A.......d.y.......(Y..O....!..2U.q..].........
.....n...-..w....a./E.s.....c.$O1. .Z...|......Q..c..C..U..`1e!.S.....
...m[l*SS....A.. .dE..3M..Y.<......{m..M[....Y.R...o)..........e.v.
....be...[..4..i.,....5d.;..[,v.}....x.8....n..u.....u.xik....b,r.....
!..S.5.8.ez4.a?.x.4....c8O.Y...;./...X]!...2]=q^..e...x.B#.n..}.......
..#....Rj.c..C..F.S.X.%......V3A.T..*....I.f...T....P..S...l[.)09.gn..
..`1.I ....../..mX...E..U(...9.R.S..:[..$.....wt.N........8..f..H.BN..
X.FMe..9..........u.].k!2Tz.B_*...... ...;..%...V.M........./|..`.....
\..l..j$....:.'M.......h....wT.a.h;8..l....X....${.E.v'..n..q.x.=..,..
..J9.@D....U.qR./..jA;Iq..e..a]`..-..vH.uL.0e.....E.I..M.o$.....N..*.Z
....M>v..7...}..K.E...O...n.Bi.....0..
<<< skipped >>>


GET /match?uid=5648657701418802231&bid=9gdtmu1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778


HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;
....


GET /match?uid=-7296199909654580839&bid=0rijhbu HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Cookie: mako_uid=15a0c542197-5fdd0000010f7778
Connection: Keep-Alive
Host: ps.eyeota.net


HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Su
n, 05 Feb 2017 03:31:59 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;..



GET /upi/pid/lons7jax?puid=15a0c542197-5fdd0000010f7778&redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: rtd.tubemogul.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Date: Sun, 05 Feb 2017 03:31:59 GMT
Pragma: no-cache
Cache-Control: no-cache
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"
Access-Control-Allow-Origin: *
Set-Cookie: _tmid=-7296199909654580839;Path=/;Domain=.tubemogul.com;Expires=Mon, 05-Feb-2018 03:31:59 GMT
Location: hXXp://ps.eyeota.net/match?uid=-7296199909654580839&bid=0rijhbu
Connection: close
Server: Jetty(9.3.8.v20160314)



GET /js/jquery-1.7.2.min.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 94844
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT
Accept-Ranges: bytes
ETag: "0ffe78a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
/*! jQuery v1.7.2 jquery.com | jquery.org/license */..(function(a,b){f
unction cy(a){return f.isWindow(a)?a:a.nodeType===9?a.defaultView||a.p
arentWindow:!1}function cu(a){if(!cj[a]){var b=c.body,d=f("<" a "&g
t;").appendTo(b),e=d.css("display");d.remove();if(e==="none"||e===""){
ck||(ck=c.createElement("iframe"),ck.frameBorder=ck.width=ck.height=0)
,b.appendChild(ck);if(!cl||!ck.createElement)cl=(ck.contentWindow||ck.
contentDocument).document,cl.write((f.support.boxModel?"<!doctype h
tml>":"") "<html><body>"),cl.close();d=cl.createElement
(a),cl.body.appendChild(d),e=f.css(d,"display"),b.removeChild(ck)}cj[a
]=e}return cj[a]}function ct(a,b){var c={};f.each(cp.concat.apply([],c
p.slice(0,b)),function(){c[this]=a});return c}function cs(){cq=b}funct
ion cr(){setTimeout(cs,0);return cq=f.now()}function ci(){try{return n
ew a.ActiveXObject("Microsoft.XMLHTTP")}catch(b){}}function ch(){try{r
eturn new a.XMLHttpRequest}catch(b){}}function cb(a,c){a.dataFilter&&(
c=a.dataFilter(c,a.dataType));var d=a.dataTypes,e={},g,h,i=d.length,j,
k=d[0],l,m,n,o,p;for(g=1;g<i;g  ){if(g===1)for(h in a.converters)ty
peof h=="string"&&(e[h.toLowerCase()]=a.converters[h]);l=k,k=d[g];if(k
==="*")k=l;else if(l!=="*"&&l!==k){m=l " " k,n=e[m]||e["* " k];if(!n){
p=b;for(o in e){j=o.split(" ");if(j[0]===l||j[0]==="*"){p=e[j[1] " " k
];if(p){o=e[o],o===!0?n=p:p===!0&&(n=o);break}}}}!n&&!p&&f.error("No c
onversion from " m.replace(" "," to ")),n!==!0&&(c=n?n(c):p(o(c)))}}re
turn c}function ca(a,c,d){var e=a.contents,f=a.dataTypes,g=a.respo
<<< skipped >>>


GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=db466e84e5679c03c93f489c07b0311b71486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9093795954-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>


GET /v4/url.html?v=4.0.4.1-1110 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: text/html
Last-Modified: Fri, 17 Jun 2016 07:53:07 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
7d9.............Y]S.V......P.....%.h&.L...i:i.....W...mQYr.c>r..4@.
8......&,.i....0..e..H.._........l..4.0........}.....?]..[.g..._^....|
......._...bgw'.h..\.)...TC.5Q.. ......(.q..M..|..d.(....}..a..@kk..O.
....."Gh...P....>.FJ...W..):.u.$..... ..~$....p\6-..S(....wAB*....|
.46e?;...K".s.5U....J4..-K.......9S....l.......z.....V.T...d=..c0... .
...Z...l... .\8e..1\..[...$..vId3..3g.. ..!..FJ1.......?!..B......c...
.-%.|.R...p.n)..F..M..M..L.........p...fD1.,CS#\ ...:|aC3........h..zD
.-..S#(....?l. j,.X...y?..W#A.S...%........:...U,M.@U.4y.2..(aD......:
......./!9.)..>.....%.HD.c........=HE...n....K$d..e3"..4..J........
(j..:@..D.zUS..Un.@...&@....)=r=.h.15J...;{...G.....X....Ro*m....v...a
.}.<C....r:..b..N..{....{y........Z.5.h.F...~t#_ZuD........p......I
.G.0F.._.O.w..{.....9T9......s{N6K..L..O...'...B.@e...-........J$..(..
W<X$..x..?Z......m.....G....*....5.2..7..._..Q}.{.....G..J...,#....
.6.@....(.~r#.3z.CK..iHK).7...W....J..<.jN.........F...%...2.......
.._.......29L2{$3Nfo..u..............H....w...:K...#=>8...'..s....s
dv.......5...-*.;.0.k..H.j.]..e......._...lI|'L{=n....'5#f.I=V..qB.v..
.3..^.d...jq.).|..........bn...e.xz.....AG.R9..ky.G"%..55..wH...e.. ..
.......;..^.,...4E.."n........'-..[[.~...cs..J.<Y...4...Z....{.P..,
.jl....xj....V..\..].o...j..Xg1.#..J..d.....".g. Qem..0.{....*.......p
q.4[.C.{..@V...x.j...C.s;.......h.=...rds.x0q8.^...1.%Kkd..;...x.b...:
..7...C..j\?_.....'C...O..V.....o...:..;.=.^2..~..>].g(..kvf....S.&
lt;=.L .<...7...=......lm.p.N7....A9.GF.....k'G....Y...... .H8F
<<< skipped >>>


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCGn0AHsoGslw HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 15:06:56 GMT
Expires: Wed, 08 Feb 2017 15:06:56 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 44672
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2017020
4071735Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.i..{(..p....20170204071735Z....20170211071735Z0...*.H.............Ie.
.t.......9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G..
..Ze.n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:
G...0..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-
_.W..>i....O......"...|......e..Q(^.$..U.G.qL....HTTP/1.1 200 OK..C
ontent-Type: application/ocsp-response..Date: Sat, 04 Feb 2017 15:06:5
6 GMT..Expires: Wed, 08 Feb 2017 15:06:56 GMT..Server: ocsp_responder.
.Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Frame-Options
: SAMEORIGIN..Age: 44672..Cache-Control: public, max-age=345600..0....
......0..... .....0......0...0......J......h.v....b..Z./..201702040717
35Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./..i..{
(..p....20170204071735Z....20170211071735Z0...*.H.............Ie..t...
....9.3...H.r.AT.(......`..(n.....q..-8~....>R.'c.X1}<w.G....Ze.
n...t"...Q./.yM......9...h........l{....a.[.....2.5...&.&....'..:G...0
..O.....Y..8...Xd.C.@...d..m.U.:\[...u...y;.6..2Vr..,R...[..H..9-_.W..
>i....O......"...|......e..Q(^.$..U.G.qL........
<<< skipped >>>

GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 14:50:57 GMT
Expires: Wed, 08 Feb 2017 14:50:57 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 45638
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2017020
4070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.....V.y>....20170204070511Z....20170211070511Z0...*.H.............
/...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y.........
.G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.
*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..
(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q...
..


GET /ocsp/MEkwRzBFMEMwQTAJBgUrDgMCGgUABBTy4Gr5hYodjXCbSRkjeqm1Gih+ZAQUSt0GFhu89mi1dvWBtrtiGrpagS8CCAa1FcpWF3k+ HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: clients1.google.com


HTTP/1.1 200 OK
Content-Type: application/ocsp-response
Date: Sat, 04 Feb 2017 14:50:57 GMT
Expires: Wed, 08 Feb 2017 14:50:57 GMT
Server: ocsp_responder
Content-Length: 463
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Age: 45638
Cache-Control: public, max-age=345600
0..........0..... .....0......0...0......J......h.v....b..Z./..2017020
4070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..Z./.
.....V.y>....20170204070511Z....20170211070511Z0...*.H.............
/...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y.........
.G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x..'~.
*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.$Y..
(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q.HTTP/1.1 
200 OK..Content-Type: application/ocsp-response..Date: Sat, 04 Feb 201
7 14:50:57 GMT..Expires: Wed, 08 Feb 2017 14:50:57 GMT..Server: ocsp_r
esponder..Content-Length: 463..X-XSS-Protection: 1; mode=block..X-Fram
e-Options: SAMEORIGIN..Age: 45638..Cache-Control: public, max-age=3456
00..0..........0..... .....0......0...0......J......h.v....b..Z./..201
70204070511Z0k0i0A0... ..........j.....p.I.#z...(~d..J......h.v....b..
Z./......V.y>....20170204070511Z....20170211070511Z0...*.H.........
..../...J.*....`..H....Uf.......r.J....Q8@3......tG.a....RNB.~S.y.....
.....G...........F.."x?......l._<z....W..p<...}L.m.o.}mC{>$x.
.'~.*....7.M.U...a.z<Jg'.......1.#....:[....{c8.i.......P.a2/....!.
$Y..(...._.r.>I....({|......Ak0.lp...g.QdI..Y.7.Wh.T_]..0...Q...
<<< skipped >>>


GET /ajax/libs/jquery/1.11.0/jquery.min.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ajax.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Fri, 03 Feb 2017 17:28:30 GMT
Expires: Sat, 03 Feb 2018 17:28:30 GMT
Last-Modified: Tue, 20 Dec 2016 18:17:03 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 33576
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 122607
......n.....{....8...S4./.X.Z....C....g.I<..N&Y......n.TK.v.E.....@
..e.n..{..[$.....B=..9..........l.../........W...|..I... .VeeA../..E}q
} Sf.~}.g.(......q.."...#...._..r)..w.L/.er...;.0...r_... e..........q
......,EN..W.}..........=r.(............I...CVm...)...^Tw...#...."..HD
.."q..]U>P?~....?.{...i.......!"h<.."f.Ii<...6dM.YV$....l..!.
....m...5......~.P../wb_=.....j.mI..o....%...@.DNC1K.YVd..4......au...
.}.zx9.&............0.$..r..U...#|...~.1>....vb......R.L..n_V..:zTp
.oI\..j..W../.A...]...XW..N...~....n.Jf1.s$'.7d-..<.....CY0.b......
...#_}..~er].V,..U)...b......3k......l...?..S....V.A....."X....m&..%.V
m.vc..*.N.b.e;..HN.6;S..$..b.....9.T...n.?.....c...4...s..[4....'.L..!
.vd...#1.......y;..~.Wt.y.*.BX.8..0.....Q..V.'k .H....C...x&..a.S...CC
..x.D.P.q..jS...9...$%k.Nd8......]...l.~M..2....e.X......k..U...M&....
u].........5Z.c...R.y.Z ..L.x.]m...,EjG!.k.c..." ..ft.&....?k..Xv....l
...e..k.........Q.1.........y^..p..J..w..H=6D6O...k...c........d.q.@.n
..Q<.X...>4...N~`.f.......^.r..t.z}.&..Iv..`......GN.......).rg.
cC........RJ..\G.FO....D..H.L....E._.q..1J.L.s...w[...."l.c..../.\. :.
.....G.F... .K.aX..,..8P.Z...p....p..]].YQ&...N(pWcE.w-U.GI;0{.{.s.P$#
....V.].;....~6/?.n.R..*....;.&KQ> ?.o...'.p...c{...*x......6D6}n=)
e........$Z f...0.....g..7d........k..#..SR).c.Cl&.D.6.g...N..l&.Yn..#
9..mE.i.Q8k7.......v.-...J..l ..V..2....YU.)?..ENl...Q-.U....t.....kz@
.K...6]..\.ez%.B!..r}..PD$.$..:.....4"?..YF.e..%...&X..D....>].."k.
\j.....U.].."MW.l.............tF$a.[.Rb^I.....h.....h9.i...S......
<<< skipped >>>


GET /dist/scripts/doorbell-i8wozeiuwodmquxr.js HTTP/1.1
Accept: */*
Referer: hXXp://eco-api.meiqia.com/dist/doorbell.html?1m47r5d7qtt65hfr
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: static.meiqia.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: NWS_TCloud_S1
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:55 GMT
Cache-Control: max-age=315360000
Expires: Wed, 03 Feb 2027 03:31:55 GMT
Last-Modified: Sat, 14 Jan 2017 07:06:36 GMT
Content-Type: application/javascript
Content-Length: 14184
Content-Encoding: gzip
X-Cache-Lookup: Hit From MemCache Gz
Accept-Ranges: bytes
X-Daa-Tunnel: hop_count=1
X-Cache-Lookup: Hit From Inner Cluster 
...........}ic.6.....B.K.".dR.....IS...,.8....R.d3.I../..~.;...J..N;..
.,.p.....8...<.fa.........r...h..I..<......e.di.2H.1C..U0.vM....
E....oz..*.a.i.X.......s..Y.5.2a..D....w.XFyg.".\2...v...u.r ....f....
..G..q%.....7.,..../...e....4..Y~..,.,xt..?..!).0..<I...n.h...Qp..A
...8;o$._y....[..#......h..a.`...%...lh@..f...N..|1o\.i....U.....j..pX
........}g]...&Y...,......8.W.#,eG....iG....1...u..Db....<.yU.E.f&l
t;z...hLC.W..n.>...,.d.;.b."..Q.}'......|Gb.M./y....Z.>..e<..
..0....MwM..[...L......V.JE`3..f<..8...G....._..u..\.....=.B.......
.2.....u...A@.5z...........<.[4`.2N..<M.3n....~TV.Iy4cAe0..u....
...."..!"9.5..^.g...d..=.uT....-..4..b.L?5....F.g..BH_vG6..;1...f'.@.k
.{.0lM.LZNG|..j=%....Z...(.%.Y.Z..~......i.xg.d.P8, ..N%7..K..........
?.1...If.....9.1..h....A6=G...y.X...`h.......A..Id.O.......c[.....6=.[
A...s......5....Geq..K5.R*.....M..".yz..j.....9....Z@,.-...3.E..o..#..
..R.m>.`..|.Y...... D......E.!.6. .vZ.'..B.2.v.M4d.%<..O!O;.S-M.
F..E../..@.B\........KT.zZ.....)..Q.&...G0..*a. .t;..4.#..@..[~.&..~..
)...t,L................z.....5....!.itw..C..x..../.(:.....s...h..y.Q..
.*.#..#..T.$...F.;S.D..!.%}....._..u..F.dc...q7.....3....g..2.p.G...y&
....'....... .}...)......D.E.....M.=.......,..".r.Jk.}..;'.W.W...y...H
MO.......B..jU....Y|....!..<.D..d6...S0M."..7.;:..E$d-......p&.p{..
H..A.c`.LiU%k.J...3.`.0}...%.x:./........k4/.`@..jE...........x;.ps...
...V...>.u....&..Y..2T...Ul.u....._.. .....4.......a^...g.,..t.U.&@
&.Y.MA... ..m.d....K.................j.sFy...`(f.S.rY_t.[....<D
<<< skipped >>>


GET /ga/mlb-ml-analytics.min.gz.js HTTP/1.1
Accept: */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: analytics.mlstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 16473
Accept-Ranges: bytes
Last-Modified: Sun, 05 Feb 2017 03:20:11 GMT
ETag: 12e3832f180d7e7f20245cde45cf3511
X-Timestamp: 1486264811.84748
X-Trans-Id: tx3626ee0db108430d9db4c-0058969b02
X-Nginx-Host: e-0000e6f9
X-Nginx-Pool: files.melicloud.com:8080
X-Nginx-UpstreamHost: 172.16.1.84:8080
X-Request-Id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61
X-D2id: e3010f4c-67e0-4ea3-bad3-4ce9526b3a61
Content-Encoding: gzip
Access-Control-Allow-Origin: *
Cache-Control: max-age=784
Date: Sun, 05 Feb 2017 03:31:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........}iw...... .:.#.Y.'.t..,.I.'...3.:.T*@6 "..c.....J*.I..w.w..
.T.....p{...%...I.qz......x...$..[|......A.^%j.\N...........m....-Wz[.
.....\.....1....5..&...... ...4.gR.i...&...t...b......t.ww-..YX..c?..2
5.g..F..".....P...A{.....6g....b..._.:B.....N.b.fa...X..|8..w.1.4...{.
.C{r.\.9P.S.!oM%....I..*.ej.n......"L'...1...0u?........m....O'X:u....
..$..4.B_O.L..l.jo7.y%..>1n8V.4.....d.......q7......=......[.M3..q.
:.0.X.{O...#.....Ku8....j..TO..S%...z...&.....s...d.N...........F.J...
......w0..Y:...`....R....Z.$..q.*...d..am[~.%....!,.`.FjM.=.......LG..
r..Q.2..BS.......z...ZQ..U.ZLij...[&=...R^=......f.Y............L..Le[
R...l R[2._.l...Y.%.....a .Ogb,..-5.)..uX.wa...B5.i...9:HG.t...Sk.BwVs
./..d(.rw:.U~.W..}..n.m..|.n.Ow.....Z..w...^sB.6....m... ...0DK.B..P..
..A.q.....cP. .4......q..1..M...%'.(7s.X]'....u..}..(.W...[...d2...? g
NoG..........>.3X..y...]...>......!..D....X.1...?....o...x..o...
.....'...p..:.?>.{r.}x.8?;:x.8.s?.s......../Jc5....g.-..t.0.....tD.
.................:.z-n.9l...W..q. .?......b..h).W.S..l..G.C.G..-.8....
.p...|{k.....G..p..m..7.r...zy..~b.....g...*.-...0@../......;......-?#
...4.K`...6/C.,...`D..2.s.rI.Ro50.b......<......>...........I...
...=^!.".#) ...eP..4...y5.w..T....?.^1k......o..)1........>....j.sf
...._..D....v>...tNR..`/_...#........;#9% .e1.....@hBd.....a.I....#
..1..\J..)..p....#...C..{..s...@...o..K..e....<.......t%.H2...q.oQ.
.O.k...........d4.M..Z.h".........L r....&f......X..|..@goh..7i...0...
..>..Zkb.749Z...l...F.G...0..,.fH/...._L...4.h. b[C. ...bCp.FN.
<<< skipped >>>

GET /melidata/js/3/0.0.38/melidata.min.js HTTP/1.1


Accept: */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: analytics.mlstatic.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 6959
Content-Encoding: gzip
Accept-Ranges: bytes
Last-Modified: Fri, 16 Dec 2016 15:41:38 GMT
ETag: 0e51f8bcd5979a0b4acba30e22686825
X-Timestamp: 1481902898.55073
X-Trans-Id: tx43ded69416d44bb2b8d32-0058969a21
X-Nginx-Host: e-0000e6f9
X-Nginx-Pool: files.melicloud.com:8080
X-Nginx-UpstreamHost: 172.16.1.84:8080
X-Request-Id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09
X-D2id: 7bbf6f78-0f46-49ed-a793-652a3cd73e09
Access-Control-Allow-Origin: *
Cache-Control: max-age=559
Date: Sun, 05 Feb 2017 03:31:46 GMT
Connection: keep-alive
Vary: Accept-Encoding
...........[.W.H.. Fg.H.....`..&.L..$.df....=.....I.1.......l....9I...
......m.fIX.ib...........T..lq._oq...D1......~..........Y..[...Zq..G.s
....[[..e../..hP..<Mt.P9.?.<Y...)..Y.,Gv..|....s....X.......%...
YWW.6.\].WW.....*..*....I&.Z......<t.....q...$.OS.....vAc.9s;...v..
!..q.../...Q........<..X.I'..1D..e..:......A.o..V.t...@..t.]#......
..u.7YB...%.&.A..,.e.'..~.2b[m...V....,.$.A...kJh....J......D.........
/.V..{..Z.n....n.._.......v..~Wx..........[......>..-..6........x./
...:bO....c.Nk.........{xx.J..8../....;..-...[.Yn)A-%j...ER...`[.8....
.nc..6......[.g..d...5.{.G...E2,F....#O...'....pt}aa.^..$.&r...pxi....
.<w..rY-..xX.d.......,...............(..%r1C....&.....N....H.A.*.b.
...P..-.....".....SR...Y..AkY6F.W........>...../KP@......R..j...m..
k..'5....er....l......4K.....<....,8)..~.1<x......v(BG.....P...=
y......l....>..u..ItL..iR.l....)$&.2.4e..Y.S..AU.!Nf....U....I$K../
....x........-..-.1......'.......}UJ4...*Q.....L..eOU..,..P.gU.&M....b
.9..l..:8[.C....w0N.....6....!;l3...{..^B.y.........mw..n....L......\.
......l........[&...v........uZ...5.g.k.M.UI.%K..N!0#?...|.....'.. ...
X.....}u8!.77R.nn............/.q.......(...0....{.T.Be........{.B.B.r.
.......r5t..b.8..2...r..N[fBXiP.p.c...,...i........T>......"d..l..}
._.!A......L|..6l}y..R&.i...4......=)....6.....1.....w8....IyR.D.P.. .
}....<..}G. .t@SA..."..b.eG..5.(. ....v.,{.g...[.....m.(.f........v
d..I....f..,#.2y.b....(...a8.O..Dd~0.(..OF.~. .zrPP'..;2@.Pg:.....6...
.v.....vtY..N|.....b....4..fn......D........Vkp...T.t.$.@...dF ...
<<< skipped >>>


GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:01 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:01 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 7602
Content-Type: text/html; charset=UTF-8
X-Varnish: 5324551 8629268
Age: 12
X-Cache: HIT
X-Cache-Hits: 2
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........].r.8...T.; J./gEJ.n.by.q23...T........!..o../..].Y..N7...H
........$"..?4...F.<|........&..u..{z....z.a.y.....B6.o.5.:.Rq0h4.i
....E.k.......\.S2..0b.....G.....=..a..f7...52...yP......b...i..Nl..m.
h..:lh.V.....9.Z....a52.p...5u........k..:.7...|.R.nh.;.>.......X.f
AMt(.c.........{y....{..h.y`.t....~.8l.rO..i....qbr.....w.qh.1...6...m
....T..%Q8..V!..4..F<c...V......8D.hf_....W...aC.....<...C...r8.
bfG$.cF._?.m..'......4M...(&.....I..G.[....I....;,!P.....E.Q6..~. 1u.-
&.....3.....v.v..eQLC.x..iM.....A..C..g.....hD..7..E..s.yS.m..5.....qJ
EYhuJ...0..{Rk.Q....#....V.K.R4.... ....F..AR...w\....Y...KT...(2.....
...(.J..dvY;.K.n..$t..........^.".Wq.v....BQ.$p|jE..it..vc..s0U..j6o.?
}...."u.8=....7{f..y`...ahp}...W....u....lL....s;..(w....9.uX.Y...thk.
e........ev..............w;.d}.2..=.`d6Y.m4....o...m.K.....-.Y8.^Z..&.
K......iz....^..o..........r..X...|o..s......6.t?5>.d.3>EO.V...O
....lt...^C...Vp~j.sn.....z-..?.d.....>g.....3y.^....x9......W.....
Q..G.B.....i..$X=d.%.....r..... ..K....D.6..L.h..85rV.TV.Q.'......}&..
.....A~d.Z5.O...J.-...ua..{..eA...'...-x.5,....,.F....._..,.a$"2$.k#..
......`~jp..>...}j....=..gr!."....p.'.......?x.....f{c'.......U4`3.
L....,.....a.....<...A~....>...^.k.....!..G..|...v..l..:`Jm.n..:
H.......j.fZ...!.......tX.8....=K."/.......ju(..A.6..e...8.m.~L.:...C.
..F.......wO.......tZ.n.......n....zs.>.c......o..u.Li<;j...`.v{
.V.#.j>..-..).,..gt......[p...?.......O...J...1.q.C.l...GHU..^.]../
`..j.....U...V5'3....._...>......h~l7p.......&r.opn.......}.F..
<<< skipped >>>

GET /wp-content/themes/dream/js/jquery.fitvids.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:28 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 1104
Content-Type: application/javascript
X-Varnish: 7089075 7799692
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1039
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........V.o.6.....b...Z?<`.f'.............h.l1.E....n...).R.8.&.
pD=.=.;>2..s9.9..Y.Z. .E.[........F.....J.46/.v...;a>.T.(.{.z?..
Z.yf..x4..Y.....@..d...(J.......&r..../.....iQ).*7fQ6..T.0..3.Gt......
...Z.B..m^.zbD.".QG.BnD1.huJ.Z$......T.R.(#Js.9r.)TEJ.M.....?. .....d.
/..r.J5.VfV..........>bi ....q...S.......z=6..........z...2h...O..a
8 .Y....3di.5..!... .h..-...H*m..#-*1R.....}.s..y.X..T&.....R.6G..<
....&...Y.<G. ...5._..2oJ.z.M...}{...%J...'..&9...(.G....@.u..d..E.
......u.....AN.l...x8. .. ....v.R.....C,=.7.Q....cO.[J-l1..MN-...~,OS*
.......w.......'t.3Ez._...[...aq1.......j.W....,.......<...5.......
^...nU..z.X!....K.".6..y..N......o.b..;.5...`.....[T.i...L..r7.C.I.Z..
.V.J...Qnvb..F..*..xe.....X....}...@.=.ee.)...............;.....o...j.
Fx..[..]iXV:.;c..r...!..O...L.....gS....R...z..c.N.W.&...F..>......
JC#/...../....<.....Q..i0...y~H'..d........$..i.....\.....9...K....
1.yu...........i|O....ik..O...x...f..(..o.q.&.O%v.m.}I..]N7.0%.%.peo$.
..0..tK....EJ.......j.?o.Nz.......j*.b._..T..?..=...x.a......n.D...c{.
p'.I.o..O.#..R............, >............W.R..K..^...6..m..K._."..l
{9....d...0.......
<<< skipped >>>

GET /wp-content/themes/dream/js/fitvids-doc-ready.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:24 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 142
Content-Type: application/javascript
X-Varnish: 5403640 5374642
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1060
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........-.A.. .....K..B........&lIVYWB(.{C...0L.@LJq..P...7..w......
....|..sR*lo...\B.G......|*...e..K..g.4..5y.'..p..tp~&}Rn.M..../C.....
......


GET /wp-content/themes/dream/js/base.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:25 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 225
Content-Type: application/javascript
X-Varnish: 8832772 2328552
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1116
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...............0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@....
.}.5.X..Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....
w...A.j...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4..
.i.....O'......HTTP/1.1 200 OK..Date: Fri, 03 Feb 2017 14:57:48 GMT..L
ast-Modified: Wed, 13 May 2015 16:18:25 GMT..Cache-Control: max-age=25
92000, public..Expires: Sat, 03 Feb 2018 14:57:48 GMT..Vary: Accept-En
coding..Content-Encoding: gzip..Content-Length: 225..Content-Type: app
lication/javascript..X-Varnish: 8832772 2328552..Age: 131606..X-Cache:
 HIT..X-Cache-Hits: 1116..Server: Rocket Booster..X-Powered-By: Warna 
Web Accelerator..Accept-Ranges: bytes..Connection: keep-alive.........
........0....)"#4...6...d`...[.Ms%M(...'.....]..w.wx......@.....}.5.X.
.Px.....|.....".....C..Q.gdL.`.j.e..]".3....Fy.......e.#_K.....w...A.j
...kk....1.n4%..P.f....[..l..O.K...:..I. r........u......O[e4...i.....
O'..........


GET /wp-content/themes/dream/js/slider-setting.js?ver=4.2.12 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:07:19 GMT
Last-Modified: Wed, 13 May 2015 16:18:27 GMT
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 03:07:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 333
Content-Type: application/javascript
X-Varnish: 3488261 7088266
Age: 1436
X-Cache: HIT
X-Cache-Hits: 169
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
..........U.MN.0....)FE(NU.".2;.a._O`%.....=i)U.......D.....[/..,agt..
vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. .YZG.u...........P......6.....fAY.
.....,.z..S<.@}..W..J.X.R/.."..o.x.w.....d....$.....Vf......$.....&
.0 .......9...3|...g.O.L..[.E> ....M........X.U.....q.h..5...b.....
..:T. =Z.1....G...X..&S^U.....a.Zz:.........Eq.....d.l.*...HTTP/1.1 20
0 OK..Date: Sun, 05 Feb 2017 03:07:19 GMT..Last-Modified: Wed, 13 May 
2015 16:18:27 GMT..Cache-Control: max-age=2592000, public..Expires: Mo
n, 05 Feb 2018 03:07:19 GMT..Vary: Accept-Encoding..Content-Encoding: 
gzip..Content-Length: 333..Content-Type: application/javascript..X-Var
nish: 3488261 7088266..Age: 1436..X-Cache: HIT..X-Cache-Hits: 169..Ser
ver: Rocket Booster..X-Powered-By: Warna Web Accelerator..Accept-Range
s: bytes..Connection: keep-alive............U.MN.0....)FE(NU.".2;.a._O
`%.....=i)U.......D.....[/..,agt..vH.m.Hz....6.4..G.Y..,.r~..%..[.\.. 
.YZG.u...........P......6.....fAY......,.z..S<.@}..W..J.X.R/.."..o.
x.w.....d....$.....Vf......$.....&.0 .......9...3|...g.O.L..[.E> ..
..M........X.U.....q.h..5...b.......:T. =Z.1....G...X..&S^U.....a.Zz:.
........Eq.....d.l.*.......
<<< skipped >>>

GET /harga-sewa-mobil-solo.html/ HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:36 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:36 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 11121
Content-Type: text/html; charset=UTF-8
X-Varnish: 9167950
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........}.r.7..o.*..0..tW..!)Q.$.c;...I.Rn.............0...9...,...
.n.C..)..vm....H...F.....=._............w.....d..g.-.[.\.X...{w..f....
..N0..K...oZTGp.>..R$.M.<.Er....;kD....Kq....U.DI.M.?.>..\'._
:..;...8f..&...x.=q.#,../X$..V..S..-6...[...2...h.....^.....|.(T......
.'..s...p...aKv(q.O\}..._^..7..d.....;v.....U..;..6.;;;.]td..._[._.)..
...;..<.'..&,....A"...-......G...*.V....I.b)...........a<w?.....
....:....W.;..o.u...a7s7f.....A..K...a 7.3@..#.q.....^:s}.....m."...a.
.!.."..$.;.6........w....|c._.i.#.23..;........y".B...O......i....'.6s
x.....v......4.s...XD..{n..v..',..A..4.A...........i.&?....YD.E„...Z
...E...Ny.J....?..UC....<J.......g.7..M..u.s..i....i.Pg>......O.
.y.g.xz|..v.=cc.P....*.!.....i.s..w.[....$.r0.....`.`<.?..<fK.,.
.t.Bx.$.~]d!..nT....iT-..1%"2.l.&.(]5.8..V.nSd(.0........xl..."...8..=
...).;..uz.....9............X..G....._..'.......:.-...z}..\.F..$.....3
........Vi.Y..l...9.1.4.X=....4..Y....B.\.>.&....x.....(#.....8b. .
T..BH]]i#...Zc.H.f..t'5PH.....noX.....x...4t..N.4.{..A....JT......F$.8
.....E..3.V.B_`7.5Y..........$..K.i..cr\.n......`.........hV\....}.h&.
.QN.<..K.H.I..Y.>.]v...4......>.8\..\.,.../wB...v.*9<.R..*
/.I....b.4.y..%....]0z...".. ..t.c.9.).............T.=...cN.~......`..
.v.....Z#Nv..6.\....~.I...n..4l.............L......U..c...*.......Y...
..m.(..=..Y.,..(aZ..Xx."i...z...O..5..X./.V....im...d......3...u.6_fzn
......g...}/X....f.....K.M.J....6....".Q..4./c7.`.V.(M..&6.._j...b.%C.
. b?.C]...,afY.Q..JV.o,.Ff!...`.qm........v*C...(...X,q~..}kT%?u.,
<<< skipped >>>


GET /stat.php?id=1189654&web_id=1189654 HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: s11.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 9938
Connection: keep-alive
Date: Sun, 05 Feb 2017 02:50:24 GMT
Last-Modified: Sun, 05 Feb 2017 02:50:24 GMT
Cache-Control: max-age=5400,s-maxage=5400
Via: cache12.l2nu16-1[37,200-0,M], cache62.l2nu16-1[38,0], kunlun7.cn9[0,200-0,H], kunlun4.cn9[0,0]
Age: 2444
X-Cache: HIT TCP_MEM_HIT dirn:9:571311288
X-Swift-SaveTime: Sun, 05 Feb 2017 02:50:24 GMT
X-Swift-CacheTime: 5400
Timing-Allow-Origin: *
EagleId: 77bc604414862654681645744e
(function(){function k(){this.c="1189654";this.R="z";this.N="";this.K=
"";this.M="";this.r="1486263024";this.P="hzs11.cnzz.com";this.L="";thi
s.u="CNZZDATA" this.c;this.t="_CNZZDbridge_" this.c;this.F="_cnzz_CV" 
this.c;this.G="CZ_UUID" this.c;this.v="0";this.A={};this.a={};this.la(
)}function g(a,b){try{var c=.[];c.push("siteid=1189654");c.push("name=
" f(a.name));c.push("msg=" f(a.message));c.push("r=" f(h.referrer));c.
push("page=" f(e.location.href));c.push("agent=" f(e.navigator.userAge
nt));c.push("ex=" f(b));c.push("rnd=" Math.floor(2147483648*Math.rando
m()));(new Image).src="hXXp://jserr.cnzz.com/log.php?" c.join("&")}cat
ch(d){}}var h=document,e=window,f=encodeURIComponent,l=decodeURICompon
ent,n=unescape;k.prototype={la:function(){try{this.U(),this.J(),this.i
a(),this.H(),this.o(),this.ga(),.this.fa(),this.ja(),this.j(),this.ea(
),this.ha(),this.ka(),this.ca(),this.aa(),this.da(),this.pa(),e[this.t
]=e[this.t]||{},this.ba("_cnzz_CV")}catch(a){g(a,"i failed")}},na:func
tion(){try{var a=this;e._czc={push:function(){return a.B.apply(a,argum
ents)}}}catch(b){g(b,"oP failed")}},aa:function(){try{var a=e._czc;if(
"[object Array]"==={}.toString.call(a))for(var b=0;b<a.length;b  ){
var c=a[b];switch(c[0]){case "_setAccount":e._cz_account="[object Stri
ng]"==={}.toString.call(c[1])?c[1]:String(c[1]);.break;case "_setAutoP
ageview":"boolean"===typeof c[1]&&(e._cz_autoPageview=c[1])}}}catch(d)
{g(d,"cS failed")}},pa:function(){try{if("undefined"===typeof e._cz_ac
count||e._cz_account===this.c){e._cz_account=this.c;if("[object Ar
<<< skipped >>>


GET /js/start_v5.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: application/javascript
Content-Length: 6527
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:14 GMT
Accept-Ranges: bytes
ETag: "0ffe78a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
var Page={init:function(){var a=this;a.adjustSize();a.bindEvent();a.bi
ndNav();a.bindQQOnline();a.bindScroll();a.scrollPage();a.bindItem1();a
.bindFeatureList();a.bindAgencyList();$(".nav.nav_1").click()},bindQQO
nline:function(){$("#floatTrigger").bind("click",function(){if($("#onl
ine_qq_layer").attr("show")){$("#online_qq_layer").animate({right:"-14
0px"});$("#online_qq_layer").removeAttr("show")}else{$("#online_qq_lay
er").animate({right:"0px"});$("#online_qq_layer").attr("show","1")}ret
urn false});$("#online_qq_layer").animate({right:"-140px"});$("#online
_qq_layer").removeAttr("show");$(document).bind("click",function(a){if
($(a.target).isChildOf("#online_qq_layer")==false){$("#online_qq_layer
").animate({right:"-140px"});$("#online_qq_layer").removeAttr("show")}
});jQuery.fn.isChildAndSelfOf=function(a){return(this.closest(a).lengt
h>0)};jQuery.fn.isChildOf=function(a){return(this.parents(a).length
>0)}},bindEvent:function(){var a=this;$(window).resize(function(){v
ar b=$(window);setTimeout(function(){a.adjustSize()},300)}).resize()},
bindItem1:function(){var e=this;var c=Math.ceil(Math.random()*11);var 
b=$("<img id='bg' src='/tpl/Home/138wo/common/new/images/bg" c ".jp
g' />");var d=$(".w-user input[name='username']");var a=$(".w-user 
input[name='password']");b.on("load",function(){$(".item_1 .bgwrap").a
ppend(b);var f=(e.getClientHeight()-b.height())/2;if(f>0){b.css({he
ight:"100%"})}else{b.css({"margin-top":f "px"})}b.fadeIn("200",functio
n(){$(".item_1 .content").fadeIn(300)});$(".loading").hide()});$("
<<< skipped >>>

GET /templets/default/js/common.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 5457
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT
Accept-Ranges: bytes
ETag: "80a3a7923869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
//reday ........function ready(fn) {...if (document.addEventListener) 
{....document.addEventListener('DOMContentLoaded', function () { fn &&
 fn(); });...} else {....function loading() {.....try {......document.
documentElement.doScroll('left');......fn && fn();.....} catch (e) {..
....setTimeout(loading, 1);.....}....}....setTimeout(loading, 1);...}.
.}...//...............function addEvent(obj, sEv, fn) {...if (obj.addE
ventListener) {....obj.addEventListener(sEv, fn, false);...} else {...
.obj.attachEvent('on'   sEv, fn);...}..}...//......className;..functio
n getByClass(oParent, sClass)..{...if(!!document.getElementsByClassNam
e)...{....//..........return oParent.getElementsByClassName(sClass);..
.}... ...var aEle=oParent.getElementsByTagName('*');...var result=[];.
.....var re=new RegExp('([^\\w\\-]|^)' sClass '([^\\w\\-]|$)');......f
or(var i=0;i<aEle.length;i  )...{....if(re.test(aEle[i].className))
....{.....result.push(aEle[i]);....}...}......return result;..}..//...
...className;..function addClass(obj, className) {...var reg = new Reg
Exp('\\b'   className   '\\b');...if (!reg.test(obj.className)) {....i
f (obj.className == '') {.....obj.className = className;....} else {..
...obj.className  = ' '   className;....}...}..}..//......ClassName;..
function removeClass(obj, className) {...var reg = new RegExp('\\b'   
className   '\\b');...obj.className = obj.className.replace(reg, '').r
eplace(/\s /g, ' ').replace(/^\s |\s $/g, '');..}..//..............fun
ction getStyle(obj, name) {...return obj.currentStyle ? obj.curren
<<< skipped >>>

GET /templets/default/js/slide_switch.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 3205
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:31 GMT
Accept-Ranges: bytes
ETag: "80fd9953869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
function slider(id, event, speed, time) {...time = time || 3000;...spe
ed = speed || 3;...event = event || 'click';...var o = document.getEle
mentById(id);...if (!slider) return;...var $fbox = o.children[3], $foc
us = $fbox.children[0], $focusUl = $focus.children[0], $word = $focus.
children[1], $focusLis = $focusUl.children, index = 0, interval, oli =
 null, $menu = o.children[2], $bleft = o.children[0], $bright = o.chil
dren[1], date = null, b = false;;...$menu.innerHTML = '';...for (var i
 = 0; i < $focusLis.length; i  ) {....var $menuLi = document.create
Element('li');....if (i == 0) $menuLi.className = 'btn_active'....else
 $menuLi.className = '';....var $menuA = document.createElement('a');.
...$menuA.setAttribute('index', i);....addEvent($menuA, event, functio
n () {.....var idx = parseInt(this.getAttribute('index'));.....if (ind
ex != idx) {......clearInterval(interval);......setIndex(idx);.....}..
..})....$menuLi.appendChild($menuA);....$menu.appendChild($menuLi);...
}...addEvent($bleft, 'click', function () {....date = new Date();....c
learInterval(interval);....setIndex(index - 1);...});...addEvent($brig
ht, 'click', function () {....date = new Date();....clearInterval(inte
rval);....setIndex(index   1);...});...$fbox.onmouseover = function ()
 {....clearInterval(interval);...}...$fbox.onmouseout = function () {.
...setIndex(index   1);...}...var $menuLis = $menu.children;...functio
n setIndex(idx) {....b = false;....$word.style.display = 'none';....if
 (idx < 0) idx = $focusLis.length - 1;....if (idx > $focusLi
<<< skipped >>>


GET /MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSxtDkXkBa3l3lQEfFgudSiPNvt7gQUAPkqw0GRtsnCuD5V8sCXEROgByACAwI6kg== HTTP/1.1
Cache-Control: max-age = 564348
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Wed, 12 Oct 2016 22:33:53 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: g.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1377
content-transfer-encoding: binary
Cache-Control: max-age=492941, public, no-transform, must-revalidate
Last-Modified: Fri, 3 Feb 2017 20:22:59 GMT
Expires: Fri, 10 Feb 2017 20:22:59 GMT
Date: Sun, 05 Feb 2017 03:31:23 GMT
Connection: keep-alive
0..]......V0..R.. .....0.....C0..?0......V.T'S...q..."...zr.*..2017020
3202259Z0f0d0<0... ..........9.....yP..`...<.......*.A.....>U
....... ...:.....20170203202259Z....20170210202259Z0...*.H............
..|....).`..g.....r..cX...).r..K.. [..n.........a.:..5Vl^..Cx..X......
(.I. C.n.......YR..a. 1.*E ......s.6Q..!]...|f...|O2......"#.5.4;..]..
6.4".....`0....As....5N..Ie..-...W..4.....Z.,...K..PO.u..........'....
b.hX.at..8..k6z..$..q'...UJKS...9./o...j..E..W.....0...0...0..s.......
..... ...y..^..g0...*.H........0B1.0...U....US1.0...U....GeoTrust Inc.
1.0...U....GeoTrust Global CA0...161208112535Z..171214112535Z02100...U
...'GeoTrust Global CA TGV OCSP Responder 50.."0...*.H.............0..
.............S....!....,.t.?....d...M@.._.=.S..,."......Gdv._c..D1..N'
E.:.....a2.......{/rD. .c.2..P...!.....Xn..}....{{.zI9.Y....../.....;.
......fu..,...B._o..B..g....o........?Y\.?...y.H*..]yi.....3.......F.6
.....Q.........{B..19..Kz...\z...P..._...-!.....'.Ym........0..0...U.#
..0....z.h.....d..}.}e...N0... .....0......0...U.%..0... .......0...U.
..........0...U.......0.0"..U....0...0.1.0...U....TGV-OFF-570...*.H...
...........md.....yV{......y:5..@l#..5.......o..X....,r}......i..3..o.
e...e5..@..H/Q..;.vd..?.j.m....../hv..A.......g.......a.....G..\.'*.b.
.>.....L.Y.To<.@>...&1..9.w.....N*Au.e.....b..K...PO47.J.....
{.C\....G..0/.a.Eo.`z.<;IA...  #.''.CG..K@7z..7.\_..'.]q.f._.WN....
<<< skipped >>>


GET /classic.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: widgets.amung.us
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.9.6
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 30 Jan 2017 17:59:34 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"588f7f06-2496"
Expires: Tue, 07 Mar 2017 03:31:58 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
1513.............Zy..H..*...4O......l....B\^.C....$.....R4..=......F" 
.*oU.O....R'...R.._...1....;v...dd.VH..9..v...O.?...;.....O.c..V......
&....L..C.....s..wn....L...pb'{h.S.Jb.Q.0..}..c......[......*...y.[...
........?.`.?.."/p......y..U........).Y..[m?c.h........c'.......Di...^
.zez..f^d...a...NC.r.....s...._x.w...f...5.....L.....ja..#r.....i.h~j}
...b..g'..V-c..vR>.N.K...-...?...?.'?.I..sW.B$dE..;....~......'.5..
x..o.Z.....k...9Y.d...7.W Y...s3..y>:OF^...q.4.w.[.F...|o...!a ....
K/.....69.x.....?.q.3......\........CP`6\m..p=.;....P..{..?|..e.8$zh..
.>...Sj@.....'?... .p...<Z.x.n/.}../....8..U./.^.|..w....~.C.j..
(.....(@....~d........;}.q...).z...h..!f.....L-.......e..(....YR_...KL
.@!.U..S_....0W-.Rc.p...?..V....X.....Qj0..=l...N..Hw#G..N".K.FTdF.,-&
gt;.;.t.`q.7..,.. ;...;......g..?..{...<..(..YW...P...0...x..9..X..
HW..JY. ..T..........\Y.P....o.v..-.v....s_..b.h.=4......[.'...x..;Y.q
h.%...a......m.....1.t...^...be.e..z.E...ge1..-C..$.MX0..9 ._....`..h.
.!.2 ..I$.a.....2.nF.::.jG.7>...Em.. s.#...i....)3.-@.5..W.....,..I
O....p.0G.........h.\.W.4.ejx..#4..YO....eV.r..R@..*.T..f&.j.Q...yq.*%
*..O.R../u...D....6.x......U... ...N.....7_....E.(.|...^...0......=BC.
.....YMp..v...(.P R...e .!..:8....zGs...<Z......b..K.3g.M$u.P..Db{.
:...j,...#.......OR........iOtyS.ap..H..Z..>k....7O.h.x.....T\..p."
O.ej.bX......U.,/..GF(..V$.-....y.v.YVK`.E9.ID,3).j...Z..<l.K..L{.Z
..:.....A.I.a.....h-H.............gkM.....B.I3..S...P|.D.B...W.RCt....
L...&=a..H..V.2..<CM.....D...,.w(......$...T...;=.....E..'..s.E
<<< skipped >>>


GET /i/?l=http://songhaiyouhong.blogspot.com/&j= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: t.dtscout.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.10.0 (Ubuntu)
Date: Sun, 05 Feb 2017 03:31:58 GMT
Content-Type: application/javascript
Transfer-Encoding: chunked
Connection: close
X-S: 1-0
Set-Cookie: m=1; expires=Sun, 05-Feb-2017 11:31:58 GMT; Max-Age=28800; path=/; domain=dtscout.com
Set-Cookie: b=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com
Set-Cookie: ey=1; expires=Wed, 08-Feb-2017 03:31:58 GMT; Max-Age=259200; path=/; domain=dtscout.com
Set-Cookie: ah=1; expires=Mon, 06-Feb-2017 03:31:58 GMT; Max-Age=86400; path=/; domain=dtscout.com
Set-Cookie: df=1486265518; expires=Tue, 05-Feb-2019 03:31:58 GMT; Max-Age=63072000; path=/; domain=dtscout.com
Set-Cookie: d=[]; expires=Fri, 04-Feb-2022 03:31:58 GMT; Max-Age=157680000; path=/; domain=dtscout.com
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: no-cache
Content-Type: application/x-javascript
Set-Cookie: l=a7bp2ViWnK4WLBeNHiLHAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/
79c..function _dts_gp(t){var d={},e=t.split("?",2);if(2==e.length){e=e
[1].split("&");for(var s=0;s<e.length;s  ){var _=e[s].split("=",2);
2==_.length&&(d[_[0]]=unescape(_[1]))}}return d}function _dtsi(){a=doc
ument.createElement("a"),a.href=window.location.href,_dts.host=a.hostn
ame,"undefined"!=typeof document.referrer&&document.referrer.length>
;0?(_dts.r=document.referrer,_dts.p=_dts_gp(_dts.r),"q"in _dts.p?_dts.
q=_dts.p.q:"query"in _dts.p?_dts.q=_dts.p.query:"p"in _dts.p?_dts.q=_d
ts.p.p:"text"in _dts.p?_dts.q=_dts.p.text:"wd"in _dts.p?_dts.q=_dts.p.
wd:_dts.q=0):(_dts.r=0,_dts.q=0)}var _dts={};_dtsi();var j=document.cr
eateElement("img"); j.src="//bcp.crwdcntrl.net/map/c=3825/tp=DTSC/tpid
=D9E9B66BAE9C96588D172C1602C7221E";j.width=1;j.height=1;j.border=0;doc
ument.getElementsByTagName("body")[0].appendChild(j);var t,n=[];docume
nt.title&&document.title.length>0&&n.push("phint=__bk_t=" encodeU
RIComponent(document.title));var o=document.getElementsByTagName("meta
");if(o)for(t=0;t<o.length;t  )if("keywords"==o[t].name.toLowerCase
()){n.push("phint=__bk_k=" encodeURIComponent(o[t].content));break}w
indow.location.href&&n.push("phint=__bk_l=" encodeURIComponent(windo
w.location.href)),n.push("r=" Math.floor(99999999*Math.random())),t=do
cument.createElement("img"),t.width=0,t.height=0,t.style.visibility="h
idden",t.src="//tags.bluekai.com/site/27675?id=D9E9B66BAE9C96588D172C1
602C7221E&ret=html&" n.join("&"),document.getElementsByTagName("body")
[0].appendChild(t);(function(){var s=document.createElement("scrip
<<< skipped >>>


GET /deb/v2?id=w!aacxow2ith0d&dn=TC&cc=1&r= HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: de.tynt.com
Connection: Keep-Alive
Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519


HTTP/1.1 200 
Cache-Control: max-age=86400
Expires: Mon, 06 Feb 2017 03:31:59 GMT
Content-Type: application/javascript
Content-Length: 4
Date: Sun, 05 Feb 2017 03:31:59 GMT
Connection: close
P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
/**/..



GET /pa?p=2:3264541975:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..



GET /jquery-migrate-1.2.1.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: code.jquery.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/javascript; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Fri, 24 Oct 2014 00:16:08 GMT
Vary: Accept-Encoding
ETag: W/"54499a48-40ed"
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Cache-Control: public
Access-Control-Allow-Origin: *
Server: NetDNA-cache/2.2
X-Cache: HIT
Content-Encoding: gzip
1993.............[ks.F..,..1...m....& Yq)..8.W".f.d%..C...p.P.b...s.g.
.E...p.*.(`......3....m...?-mqm^.."..y`......><..{.`....o8nZU.r.
....t9......?..~=. ..}./..t2.@c.qO(..^..l.Ti....l..$.........*........
J.6 ...~y....h.....9Z=s.f...g@........v.oN.....`9)ceU.......{..=z...ei
M...U.`{{.2).UR... _V..|.....*- ...m.MJ.......$....Y,..th.....z[e.;...
.2.... ..[.*7U....(,.U.D......eu`...U:..y.f...#2.^....<4.dVZ..4.2..
..L& ...<.T.fd/Ks.a...).I .K...Md.l....8.C....'.,..F.TQ~$.G...z....
.N....|2.hL........g......2..e2.l."....H*.,..Z.i..(.m.O9.........a....
...@YIv.V...!.MF....m.....`...M [c.[L<...{;4.....t....y9...`...5%.l
o.F...q.9WM5../..(.n.o.,......t.....}.......I8..j..L.F:...) .....XNL..
..,O#.........M2}W......=.f....d..=..*.Y..|..*V...[T.n]x.....<6.".*
mQ.(....l......H@E.qD.Ni....qQ..T......B.....K[\.iUY...0!..s..@]..p ..
U.I ....`{kk#....0.c.N..}n_....[6[.....y...9.._. ...VK._..}B.J... d2{.
OJ>(.v.B....8.$.Y.....gH...rmQx.....o.....6.D....a~.S..)qK...m....L
.GyA._......|X"....y..m.`....;..]1R.sX..L...z.aU1.Q>.n...n.T.sX.1..
]2.x&.:.[...d.I....L.\,..B(...-...eZ\...........,g...).Y..1.K..J|M..x.
.u..G..f.u.o;=.....0.=..tc..:|...;.. ......C.-...b.|.. oc..y~Q.j'm..71
.o..>=.D@(.v1.l9....jX.q..Gxh.[...&....LHkt.".O.a....k.t_$.B.T.Y.n?
.7..-.........9....A.."...@.Lk.c)W...%........."G....U....... .zG.i:..
l5...j..U.bfW..l.....>..F..../.....v..E.....L...E.#5ui..E....bm..v.
&`A..rE..3.FE)0:...".....X.....n...x..L.....h...,.y.e...x....aq....g..
...oeN.$E3..8s...4..T..'i.4E..YHj.p.l.!.\#d0{.i.b..R@.s.,..p..iri.
<<< skipped >>>


GET /font-awesome/4.0.1/css/font-awesome.css?ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: netdna.bootstrapcdn.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Sun, 27 Oct 2013 21:34:15 GMT
ETag: W/"350e379de80f210090217bbc6c3add46"
Server: NetDNA-cache/2.2
Expires: Wed, 31 Jan 2018 03:31:57 GMT
Cache-Control: max-age=31104000
Vary: Accept-Encoding
Access-Control-Allow-Origin: *
X-Hello-Human: Say hello back! @getBootstrapCDN on Twitter
X-Cache: HIT
Content-Encoding: gzip
13db.............\k..Fv.>.......jD....&.....7k`.H...E..rS$..~x.....
(. ..e.q......>u.>N..W..*.*.....z.`.jo...|.....D6.J.E.'...nK..W.
}SU].5i.E.?..W...o.....v&.6Qm......z.:....c.....J.<......K;[.Q.....
.6U..i.....}...'....j.E...).....<u......u.A)_.P..OgY.?..2^.G.......
...*...-._..FEh9.0Tt...?F....(.%Q(;....[w.....j.. 6T~T...>..~....M.
...>D.......6...>..~.\U._U.d..6..}..]<....}.\..W.d..~.}.?.r6?
m1k. po.H{......;.y7.......=`0.e..U...5.So.L.-.....F(...l..u....3..0..
....)...7..a...~."...|..... fe.....}j.[...|}.....@.}.......K.W...F?.4.
~j.......*....?...oi.w...?(................wW..g...h.I3..........O..k7
...{.'.m..6........................W{.....>.fc..y,.T.>...6...s..
...Sm^....}y.6...X.{.......]...w......9.Fc.}.6......0c~......[l!LA1>
;n......^.6._...u.b.lY........b.Ue.*U)......J\q..wP;....g....[.....M.&
gt;....5...39.>Om...O.~s...wP....Zx.."....Qx..N..A....Rt.qX.<...
p.._1O.ly.g..KGc...V...i:.........d.....|.xZ..../.g/........\...}..n.|
..6.vn0...Ur1.{.z.....c.ZP3..}...i.ca..l... ....rx...J...........;.;..
~.\.P..@"._.....q..Rg......C5..w'.Z..-....#9.7&fjF...2t ..O..[.u......
m4.{....Y2...n#......k.}n...kx.7in..U$.".....m....J1'...C.....v...>
.....G .. G...?....'...as........-Z...-....Q...{...U.2..H...k.^....I.P
...._.q.}.q]..<..V0i..yn.^....'.)......f....<......g.W....w....Y
..vb....$j;..i....|x..8..P....N..7..........a.n....f..YS....}..6.o..*.
S..x\..r....=.^]..yb.<.t.Z.:..a....1......a...>.xn.\......C._..}
q.G.}91v.21.#.......;{.>...`Y......_...........m.T..~o.......AN
<<< skipped >>>


POST /urlcore/svcreq14032b.html HTTP/1.1
Content-Length: 41
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

f=7&v=101&c=1195&i=MBhRWwUlJnAdUXEKXyU=
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:09 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
31a3.................8....l..-....;Y...6.}....(...}.....%......U.8$...
........e.....9...tMX../..p......?Q...?.s......w:..<.....cY.9].f...
G...........G...C]{.i.......[......,...!.~..~7/. i3~.s...w/.(w?.zYf...
......3.h...o.....`?j....b.|....;...r.......@,.tL.Y...z.."h.\.cj.bk.`x
..h...DX..p...5...p.c...k..<....B2$c..E......P..%)....~.. *.i...:&g
t;.Mg..\.,/....v.L.....0.]...R...P.:..mz*<&....F..s.$...t.P.&j..hM^
PMX.$|.I....k~.FM..EVn........l^...Zv...?...q..m....Q..."m.b.[ .i.wi.?
.d.......i..t.....o.........O..wt..o.........2.........S....(..#._....
=...C......#...qn7..l..2ym.,..k....4...... ;.N..v)y.m..di./S;O........
.2.ey.[p..I.......~'....J..*yU........Y..|..~..".'.c....y..{UM.49 Mb*.
i?h| ...v.d...p@b.v....y.\W.Em:._y.Q:.....d9.....*..a.....Q....y.r.b..
...r....w........#.$Eo.. "..........Y.N..tA^6.AN...sAr....^.. 2.......
..$.h.u....b...=.........23ws.;....m>._u6...C...!;..HN........<.
.<......pt.....<tb....n%/..A5.d.....U...W.>........ ....h....
v.....d.<.].`4>,sX.O.?O...sw_.......k.....*..E..D.x....Y.>.y.
.G.........q.j.  .;Q.4u.....1y..<~..X..{.....N...,wUV....a.A. .t?.d
.......8.p..a......./...... ..!.*.%.8Ws.b.r...!m|6....zY~.n.C.gTO..p..
|"......M......).....#|V.0.6{.s/ "t@O2.w....<..>.]...:.]..4.....
.z.E".D-?..._.9c]..@.r..)@...Cb..\..S.."..3;.X... ..?&.....Lm..O..a(.&
lt;O.^...='.......3z6QH.<.E..>.{..0.=1B.{.o8.k...EVJ....."uM....
......w].....rR...yij...p..f..d.qw..fC2.bl.....N5.....1...........Y ..
.C...1RQ"...]~.....i. R..X8.Y...2.D..m^.Y.m$...4$]......},.t?..s..
<<< skipped >>>


GET /pixel?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Set-Cookie: mako_uid=15a0c542197-5fdd0000010f7778; Domain=eyeota.net; Path=/; Expires=Mon, 05 Feb 2018 03:32:04 GMT;
P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="hXXp://ps.eyeota.net/w3c/p3p.xml"
Location: /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E
Content-Length: 0
Date: Sun, 05 Feb 2017 03:32:04 UTC
....


GET /pixel/bounce/?pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778


HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 1025
Date: Sun, 05 Feb 2017 03:31:59 GMT
(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=e
ye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "htt
p:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=
$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org
\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "h
ttp:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?puid=15a0c542197-5fdd000
0010f7778&redir=http://ps.eyeota.net/match?uid=${TM_US
ER_ID}&bid=0rijhbu";(new Image()).src = "http:\/\/dmp.adform.net
\/serving\/cookie\/match\/?party=1009";function eyeota_callback(){var 
script=document.createElement("script");script.setAttribute("type","te
xt\/javascript");script.setAttribute("async","");script.setAttribute("
defer","");script.setAttribute("src","http:\/\/ps.eyeota.net\/pixel?e_
rc=1&pid=ml62m40&t=ajs&uid=D9E9B66BAE9C96588D172C1602C7221E");var s = 
document.getElementsByTagName('script')[0];s.parentNode.insertBefore(s
cript, s);};setTimeout(eyeota_callback,5000);HTTP/1.1 200 OK..Content-
Type: application/javascript..Content-Length: 1025..Date: Sun, 05 Feb 
2017 03:31:59 GMT..(new Image()).src = "http:\/\/cm.g.doubleclick.net\
/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new 
Image()).src = "http:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.n
et/match?uid=$UID&bid=2cr76e1";(new Image()).src = "http:\
/\/match.adsrvr.org\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(ne
w Image()).src = "http:\/\/rtd.tubemogul.com\/upi\/pid\/lons7jax?p
<<< skipped >>>

GET /match?bid=gdo9o51&newuser=1&google_gid=CAESEClfffzrXX6Z94anls0j2YU&google_cver=1 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778


HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 UTC
GIF89a...................!..NETSCAPE2.0.....!.......,................;
....


GET /match?uid=3648886337069900944&bid=2cr76e1 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778


HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:31:59 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;
....


GET /match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ps.eyeota.net
Connection: Keep-Alive
Cookie: mako_uid=15a0c542197-5fdd0000010f7778


HTTP/1.1 200 OK
Content-Type: image/gif
Content-Length: 70
Date: Sun, 05 Feb 2017 03:32:02 GMT
GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Su
n, 05 Feb 2017 03:32:02 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;..



GET /track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: match.adsrvr.org
Connection: Keep-Alive


HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html
Date: Sun, 05 Feb 2017 03:31:58 GMT
Location: hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/
Set-Cookie: TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:31:59 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 163
Connection: keep-alive
Redirecting to: <a href="hXXp://match.adsrvr.org/track/cmb/generic?
ttd_pid=eyeota&ttd_tpi=1">hXXp://match.adsrvr.org/track/cmb/generic
?ttd_pid=eyeota&ttd_tpi=1</a>....


GET /track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: match.adsrvr.org
Connection: Keep-Alive
Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; TDCPM=CAEYBSgCMgsI7vSQ4cjg5jQQBTgB


HTTP/1.1 302 Found
Cache-Control: private,no-cache, must-revalidate
Content-Type: text/html
Date: Sun, 05 Feb 2017 03:32:00 GMT
Location: hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
Pragma: no-cache
Server: Microsoft-IIS/8.5
Set-Cookie: TDID=e0f49507-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/
Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6LutvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires=Mon, 05-Feb-2018 03:32:00 GMT; path=/
X-AspNet-Version: 4.0.30319
Content-Length: 189
Connection: keep-alive
Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=e0f49507-0c
ee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou">hXXp://ps.eyeota.net/match?u
id=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4ou</a>HTTP/1.1 
302 Found..Cache-Control: private,no-cache, must-revalidate..Content-T
ype: text/html..Date: Sun, 05 Feb 2017 03:32:00 GMT..Location: hXXp://
ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&bid=1e2n4
ou..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
..Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: TDID=e0f495
07-0cee-4e22-a6a6-4a2045abb59a; domain=.adsrvr.org; expires=Mon, 05-Fe
b-2018 03:32:00 GMT; path=/..Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsI6Lu
tvrLg5jQQBRgFIAEoAjILCO70kOHI4OY0EAU4AQ==; domain=.adsrvr.org; expires
=Mon, 05-Feb-2018 03:32:00 GMT; path=/..X-AspNet-Version: 4.0.30319..C
ontent-Length: 189..Connection: keep-alive..Redirecting to: <a href
="hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6-4a2045abb59a&
bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=e0f49507-0cee-4e22-a6a6
-4a2045abb59a&bid=1e2n4ou</a>..
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=383792, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT
Expires: Thu, 9 Feb 2017 14:03:50 GMT
Date: Sun, 05 Feb 2017 03:31:44 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....2017
0202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C
....L;........b.........20170202140350Z....20170209140350Z0...*.H.....
........X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<.
..g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z.
.aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.
\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....
~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U..
..US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/
0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..1702
11235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCS
P Responder0.."0...*.H.............0..........0........g........T.$h..
=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. 
R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B.
.4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..
U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0.
..0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o
..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. ....
.....hXXp://VVV.symauth.com/cps0*.. .......0...  hXXp://VVV.symauth.co
m/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.
(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..
."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...
<<< skipped >>>


GET /rootr1/MEwwSjBIMEYwRDAJBgUrDgMCGgUABBS3V7W2nAf4FiMTjpDJKg6+MgGqMQQUYHtmGkUNl8qJUC99BM00qP/8/UsCCwQAAAAAAURO8EJH HTTP/1.1
Cache-Control: max-age = 10800
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 07:50:34 GMT
If-None-Match: "6b9ba9eca642c891cc02365fc6161341647bd9fc"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:24 GMT
Content-Type: application/ocsp-response
Content-Length: 1518
Connection: keep-alive
Set-Cookie: __cfduid=d08017094d03ae3be0f852f439ba31eb21486265484; expires=Mon, 05-Feb-18 03:31:24 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 01:07:56 GMT
Expires: Thu, 09 Feb 2017 01:07:56 GMT
ETag: "6cc438305d4cb855f5ef18f975ca7b060ecb85bc"
Cache-Control: max-age=10800,public,no-transform,must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a0e546e5984-VIE
0..........0..... .....0......0...0...........%r2.]&.iO.).*V...2017020
5010756Z0n0l0D0... .........W......#....*..2..1..`{f.E....P/}..4....K.
.......DN.BG....20170205010756Z....20170209010756Z0...*.H.............
.'n@w....g5..\....OLE'...w..m.".0...R.....-.*}hsC...PS.".g=<.3N...K
...bLV.wH.gbq\...[Q............8.=...2.'SUs.n.o..L..g.K...>.^......
.t......).~4G;..&.F..e....U........%..'iC.0[...N......9.K,r;. ..9.....
0y..R?..uc....K=..[.NE....@.>.M<.H.Y.o..*...zY.^.:......0...0...
0..........H....9...S....0...*.H........0W1.0...U....BE1.0...U....Glob
alSign nv-sa1.0...U....Root CA1.0...U....GlobalSign Root CA0...1612080
00000Z..170415000000Z0[1.0...U....BE1.0...U....GlobalSign nv-sa110/..U
...(GlobalSign OCSP for Root R1 - Signer 1.10.."0...*.H.............0.
.........b.Q........@....2Y_y%..0..I.S.....-.$=DZ.xx>..4...d.i&....
:eh.....,.M.......R..... .P..L.].J.....\oe.G...=....>.e.>.....!.
......;.J....,..............U.S..2.r..G.w..0~...F....P.n..#...i...?J.B
d(6.&3.C..%.]... ...f...q..0.f.........S....2H`.b..T`.O.....l.........
0..0...U...........0...U.%..0... .......0...U.......0.0...U...........
%r2.]&.iO.).*V.0...U.#..0...`{f.E....P/}..4....K0... .....0......0L..U
. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.com/reposito
ry/0...*.H..............~.s..uk..\....)K.8p\..,.......d..V\..n.. ....u
...m..:.cb-.'....."......K2.Z.....7./y.[_.........x.(_Zf<.....9.@..
.s..KjP...U0.S..8eU.K..N.M......;...P..u...m.f..~.U.....5.? ...!z...\.
.B..y-t...%...{C.5.".zO.......C...S.d...g....N..I..i[.y..PfAr.t..W
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBS56bKHAoUD+Oyl+0LhPg9JxyQm4gQUf9Nlp8Ld7LvwMAnzQzn6Aq8zMTMCEFE/uXQ4cLc0QEGNMJMGmf8= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: s2.symcb.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1763
content-transfer-encoding: binary
Cache-Control: max-age=371973, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 10:48:48 GMT
Expires: Thu, 9 Feb 2017 10:48:48 GMT
Date: Sun, 05 Feb 2017 03:31:27 GMT
Connection: keep-alive
0..........0..... .....0......0...0.......WI.....L.c=...r..7Z..2017020
2104848Z0s0q0I0... ...................B.>.I.$&.....e......0..C9...3
13..Q?.t8p.4@A.0........20170202104848Z....20170209104848Z0...*.H.....
........:..4A.E6....a3.!.4..}.P&...9..8.m....!.k...V@V....9j.....`8...
.....2..)aE.Xb.R.`.......bV......yz.......|QN..1.......jc..GH(..O..@..
.r(..2h2t..3.....aZ|f:6.2\r.#B.............9@KJ.....LI..6nk..8...Me...
..-.,....-qj.....t...5.f...O.^...8:*...@.{.{......X.:6....0...0...0...
.......^..)......<...T.0...*.H........0..1.0...U....US1.0...U....Ve
riSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2006 VeriS
ign, Inc. - For authorized use only1E0C..U...<VeriSign Class 3 Publ
ic Primary Certification Authority - G50...161122000000Z..171214235959
Z0..1.0...U....US1.0...U....Symantec Corporation1.0...U....Symantec Tr
ust Network1?0=..U...6Symantec Class 3 PCA - G5 OCSP Responder Certifi
cate 50.."0...*.H.............0.............................m..|......
..1rUZN.b.......t. d......O...NY.lR..k .Q.z.g.4(,...Rp.7...0C.j.)Z....
.... ~..3...x.b.-..... S^0<6...!.(..2}...T.fX}...6...(...1...#..H..
|`.yy.<B.z.q$......u.-..K.!......y..8..--....?.,.[.[...5.e.4.....D.
.t.;....).J....\fV..G.........0...0...U.......0.0l..U. .e0c0a..`.H...E
....0R0&.. .........hXXp://VVV.symauth.com/cps0(.. .......0...hXXp://w
ww.symauth.com/rpa0...U.%..0... .......0...U...........0... .....0....
..0"..U....0...0.1.0...U....TGV-OFF-500...U.......WI.....L.c=...r..7Z0
...U.#..0.....e......0..C9...3130...*.H.............<wN..g...S.
<<< skipped >>>


GET /templets/default/style/common.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:32 GMT
ETag: W/"094a2953869d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
9d2.............[[....~.....!..Q........<.!8yZh...i....477.!......8
.6.B.YB..8v......._..9U...4....0....S........<..;.>....K/...r..&
.,..I...}...oW...o_....p.-.|-..<..^..2.'\....x}....L..t".a..n...m.:
.O.....,..(....y.G<.....1v.nJ....S....Czc....r..>...r.p|<<
~8..6x89z=.....:~.a.x..O?.y.nB$K{.........{.e&.o...!.O.....^..3..."L.0
.O...8..1>=-.xcN...._.^..i..q.q>.'.._d9/....r...ts..N...a.......
.E9....\.M...e..{.....o..G.E..|..K....!/.)....C.."KB!.y...<d4TH.\!Y
..eo..Z...[...2. ..e).....<>Y...rkj.....U...rx.r.5i.F.<@...%K
N.@....w......~....<V......'yz...{.....b>.O..(....X.d[........&l
t;....Q..{.....A......0...X.&q...]...xe.I..7..K.....EL..y".r.....M./..
.5..l.&in.Q.2....&.*..O...\8........&....j{...ss.yr.N.s....^..OfH.....
.}.Y_0......W..=eC0G.[.B> /.....R|".p..Y.../..zc.7...gR..|O....k...
(R).DA.u..$.2"..c.....%....*:.F...z$.Ci....p...V{a..ez..l..].x%..~K...
.E6...... j_.@2v.H..D..4LVYx/..E\^......G.S..;..as!.ga.....1M.XM..W..)
..&.0.}.W...,/T...~K...B.L.{!."..l<.8e#..4....".....q..Q.2.....@{.F
:\.F..a...am.N....[.?..e......U..^.IW...Fq...8.."...T.M....d..y-.(...U
..........Q.q.2.c.G..........z..`......:...$.......?>..]V.p..(XQ.B.
T.z[.C0........a>..L..l:...".7....g(.....VJ..=yV..6.....L.B..o9?=..
/.1...sp....%."....F.K.&.....p4?.....".7S&..9..L.W>.C..:s....*.xr..
......Y'.............E.&.... .6c....pm.r.*QP.J...`~'.... .G...........
.....x.7^0 #.)..w.....F..G{....3.-3...6e.2.........&mSF-SzA.6e.6e...I.
.>.O...o.CZ.b.W.4.E...v.....F......q..6@....k&.....u.[.._'.6t.X
<<< skipped >>>

GET /templets/default/js/backgroundPosition.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 2329
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:27 GMT
Accept-Ranges: bytes
ETag: "80a3a7923869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
(function($) {..    if(!document.defaultView || !document.defaultView.
getComputedStyle){..        var oldcss = jQuery.css;..        jQuery.c
ss = function(elem, name, force){..            if(name === 'background
-position'){..                name = 'backgroundPosition';..          
  }..            if(name !== 'backgroundPosition' || !elem.currentStyl
e || elem.currentStyle[ name ]){..                return oldcss.apply(
this, arguments);..            }..            var style = elem.style;.
.            if ( !force && style && style[ name ] ){..               
 return style[ name ];..            }..            return oldcss(elem,
 'backgroundPositionX', force)  ' '  oldcss(elem, 'backgroundPositionY
', force);..        };..    }..    var oldAnim = $.fn.animate;..    $.
fn.animate = function(prop){..        if('background-position' in prop
){..            prop.backgroundPosition = prop['background-position'];
..            delete prop['background-position'];..        }..        
if('backgroundPosition' in prop){..            prop.backgroundPosition
 = '('  prop.backgroundPosition   ')';..        }..        return oldA
nim.apply(this, arguments);..    };..    function toArray(strg){..    
    strg = strg.replace(/left|top/g,'0px');..        strg = strg.repla
ce(/right|bottom/g,'100%');..        strg = strg.replace(/([0-9\.] )(\
s|\)|$)/g,"$1px$2");..        var res = strg.match(/(-?[0-9\.] )(px|\%
|em|pt)\s(-?[0-9\.] )(px|\%|em|pt)/);..        return [parseFloat(res[
1],10),res[2],parseFloat(res[3],10),res[4]];..    }..    $.fx.step
<<< skipped >>>

GET /templets/default/js/navigator.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 4276
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:30 GMT
Accept-Ranges: bytes
ETag: "06771943869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
ready(function () {..    var oBox = document.getElementById('top_box')
;..    var oNav = getByClass(oBox, 'nav')[0];..    var oUl = oNav.getE
lementsByTagName('ul')[0];..    var aLi = oUl.children;..    var aUl2 
= getByClass(oUl, 'ul2');..    var timer = null;..    var temp = null;
..    var oWrap = document.getElementById('wrap');..    var oAlpha = g
etByClass(oWrap, 'alpha_bg')[0];..    function getBackgroundPositionXY
(elem) {..        var backgroundPosition = '';..        if (elem.curre
ntStyle) {..            if (elem.currentStyle.backgroundPositionX && e
lem.currentStyle.backgroundPositionY) {..                backgroundPos
ition = elem.currentStyle.backgroundPositionX   " "   elem.currentStyl
e.backgroundPositionY;..            } else {..                backgrou
ndPosition = document.defaultView.getComputedStyle(elem, null).backgro
undPosition..            }..        } else if (document.defaultView) {
..            backgroundPosition = document.defaultView.getComputedSty
le(elem, null).backgroundPosition;..        }..        return backgrou
ndPosition;..    }..    for (var i = 0; i < aUl2.length; i  ) {..  
      var aA = aUl2[i].getElementsByTagName('a');..        for (var j 
= 0; j < aA.length; j  ) {..            (function (index) {..      
          aA[index].onmouseover = function () {..                    v
ar oPosX = getBackgroundPositionXY(this.children[0]);..               
     var arr = oPosX.split('px').join('').split(' ');..               
     var x = arr[0];..                    var y = arr[1] - 52;..  
<<< skipped >>>


GET /site/27675?id=D9E9B66BAE9C96588D172C1602C7221E&ret=html&phint=__bk_t=SPECIAL MOVIE&phint=__bk_l=http://songhaiyouhong.blogspot.com/&r=33111038 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: tags.bluekai.com
Connection: Keep-Alive


HTTP/1.1 302 Found
Date: Sun, 05 Feb 2017 03:31:59 GMT
Server: Apache/2.2.24 (Unix)
X-XSS-Protection: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"
Set-Cookie: bkdc=wdc; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
Location: hXXp://tags.bluekai.com/site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6=
Content-Length: 0
BK-Server: ce09
Content-Type: text/html
....


GET /site/27675?dt=0&r=404133796&sig=2164635023&bkca=KJhB0D6nyi9zQwawGX4CYpA2KcO31YQvQ3fuSL0HZfn2mdE XhQXCy5IX6Lf8PD7HsKXLAGzocu6jjRvyZpnswPTs6acVO/rzP8OCpYX90erqk5FKlBYMJyF22fdzbGz9xgiOgaMqzdgaOdpBl2iFVj/K5onCrSjkboT68hEuQZUw04zne6= HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: tags.bluekai.com
Connection: Keep-Alive
Cookie: bkdc=wdc; bku=sty99vIzkkQxF2Rs


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:59 GMT
X-XSS-Protection: 0
P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"
Pragma: no-cache
Expires: Thu, 01 Dec 1994 16:00:00 GMT
Cache-Control: max-age=0, no-cache, no-store
Content-Length: 62
Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com
BK-Server: 748b
Content-Type: image/gif
nnCoection: close
GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;HTTP/1.1
 200 OK..Date: Sun, 05 Feb 2017 03:31:59 GMT..X-XSS-Protection: 0..P3P
: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", polic
yref="hXXp://tags.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires:
 Thu, 01 Dec 1994 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no
-store..Content-Length: 62..Set-Cookie: bku=sty99vIzkkQxF2Rs; expires=
Fri, 04-Aug-2017 03:31:59 GMT; path=/; domain=.bluekai.com..BK-Server:
 748b..Content-Type: image/gif..nnCoection: close..GIF89a.............
!..NETSCAPE2.0.....!.......,...........L..;..



GET /pa?p=2:2409084321:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..



GET /v4/images/alexa.png HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:08 GMT
Content-Type: image/png
Content-Length: 2012
Last-Modified: Fri, 08 Jul 2011 09:36:17 GMT
Connection: close
ETag: "4e16cf91-7dc"
Expires: Tue, 07 Feb 2017 03:31:08 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.
... cHRM..z%..............u0...`..:....o._.F...RIDATx.b...'.#3.......4
..20...y..7...~....7.'......l?......e.X.........7.#..............Y....
.....h.../.....3..<....."..<#. ..{_._.z...'o.z.s..H...0.........
?@..I......................<3.!!...................................
c.>.............I.............t.....22.............................
 ..(".........sS.T@.........I.................$...........$.""........
............../>6..........e.7 ......I..........x..... $..../5.bN..
.............................IG3.!%.......v......I....................
&.pU................!..1........71..HP....................I...........
.....B...d*.....................J:..s2e;....#... E......% .........I..
...............>@..............................DA..................
.........I...............$.........>*..............................
......&..............I...............F.........v.................7....
...............$..............I.................................. ..:.
.0<.<4.................................I........................
....fM#9,.............<...............................E...../.._._.
..........S[..%D ..u..........$W4 .0_...0...f.?......r.o6.?...I.......
.................N....................................................
....g./.ef......O...~..K........ ...._...b..Tg...._..>.`.....g.....
p....LW. .....~....-......w....p.!P...@s....?o;..\..{.......g$....a*..
...0...L.<,.f....I.............."...........&...."8.FK"........
<<< skipped >>>


GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136|**; navigation_items=MLB812506136|05022017033130; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:46 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Content-Language: pt-BR
Set-Cookie: pmsctx=******IMLB812506136||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:31:38 GMT; Path=/
Set-Cookie: navigation_items=MLB812506136|05022017033138; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:31:38 GMT; Path=/
Vary: Accept-Encoding
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.163:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: 013a123d-be38-4bd8-a2dd-8106bcb2aae2
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
3441...............r.I.(......).%L...H....LU..J....R...p.!.".1p.p..~..
}e.(.6 .g..mj...w.....@R...DeJ."|8~...~|...[.....h.n,....\......oC....
..iT... 6.h=t"60v.<0.....Z~.E....r.s..:...Y.......t..M...9.......h.
o6...1aM/.....O.......N}...m.....};...R.....;....lc..?='$O.w..<....
N..9~@.d..d.g.3v<....lS.....?.O.~..>.K.......Z[m.6!.,....'.a....
....u.w$`..3`..y...r.x...&..N"....7.(|kX..hn.Y3`.....xMY.b...!.....1..
...)...........?...0=.w...V......C.Y.c.kx,...v.j)3..X\....1.dK.hf....Y
..Qq.....ET.^XGfe.up.r=....=..,.=.......K..|0."...z.......}&...[J-..{6
....Y..!).R.(,8s......F..F........2.....t....]....K-VY..w.F...k.M...-.
....Qb.. d....Q}E.O..g.....0...~.....#.>.1.t.....Z{...@.x..5...Gl(4
z.j......`.?t.~h?...~................R=..[.@..CP...1j.z.>A.[....{`]
...i..k.....v..<.|.......Q....K.4p`.|....n.tr.4.....X.1..L1........
...;..A.a.......}.....s".@.-....h....;.x.?.C.........$.'.r...$.:.=I...
.....o..).....<..0{.j......J.'...Ad..q....8..S..... ..`2......S..0j
:.:...~.{.T....3....}.../..a.,....N.~.$..t:.A...uP..8.Z.K.:..P"dvcyuee
.ZK..7>..$t.3........q,.\.@x......Vg.|.....1....H......k..E..k.....
.. ;..v..b.......,.*...%......R..sX.......a..........>..N..(v.....Y
.M.PR...K...u.....vp6....,`u.x~.." .5O.NDIt..6.R..:ku.(`.#...o..6...mC
.../O.....|9....~X#/.x...y..!...)..].Z1...q........i..C.n&@....i....!.
..y..cVo.,..v.W..v.cv.:.r......{42.).X.[..vF.......&.._...i.{....Ym..]
Z.z.U..4..h.l.9..I...F...z..V.(M ..p`D.8j...T<...2.=.I.Bk........[.
T~6|...`.F_/.2.I^<..]|....E..B...p.................*....@||...M
<<< skipped >>>

GET /noindex/variation/choose?noIndex=true&itemId=MLB812506136&attribute=23000|22047,33000_43000|52055_52113&attributeId=33000_43000&ref=http://tenis.mercadolivre.com.br/masculino/nike/nike-shox/ HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=CB6934BF0615753B5CD40EF0F9AF9E52; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268


HTTP/1.1 302 Found
Server: Tengine
Date: Sun, 05 Feb 2017 03:32:00 GMT
Content-Length: 0
Connection: keep-alive
Location: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212
Set-Cookie: JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; Path=/; HttpOnly
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.54:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: ab1fb97c-4686-4ca7-be18-0d24c3825b91
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
....


GET /MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593212 HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://produto.mercadolivre.com.br/MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM?noindex=true&variation=13451593114
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: produto.mercadolivre.com.br
Connection: Keep-Alive
Cookie: _d2id=04f7a71f-0c21-4fd5-b3fc-264919120db4-n; pmsctx=******IMLB812506136||**; navigation_items=MLB812506136|05022017033138; _ml_ga=GA1.3.217386349.1486265505; _ml_ci=217386349.1486265505; _ml_dc=1; JSESSIONID=064D2C24F45E44FDFE96B0D03BD65DCF; _vt=db89bf5e-9856-4142-8cb7-3ad8dc8af268


HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:32:00 GMT
Content-Type: text/html;charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
Content-Language: pt-BR
Set-Cookie: JSESSIONID=57CD1DDE1B406055A1718540162E95E8; Path=/; HttpOnly
Set-Cookie: pmsctx=******IMLB812506136|||**; Domain=.mercadolivre.com.br; Expires=Tue, 07-Mar-2017 03:32:00 GMT; Path=/
Set-Cookie: navigation_items=MLB812506136|05022017033200; Domain=.mercadolivre.com.br; Expires=Mon, 20-Feb-2017 03:32:00 GMT; Path=/
Vary: Accept-Encoding
X-Nginx-Host: e-0000a8ef
X-Nginx-Pool: mlbdesktop.web-vip.melifrontends.com
X-Nginx-UpstreamHost: , 10.63.1.196:80
X-Upstream-Server: nginx/1.8.0
X-Request-Id: 720f4897-5060-45e3-8097-1f76676c5f91
X-D2id: 04f7a71f-0c21-4fd5-b3fc-264919120db4
32f4...............r.H.(.l}E.}..v.$.p..#..j..-...>.VW(.@....,..<
|.~>..........q#.9/...cw.....HQ.%...,.@. s. 3Wn<.} :.2r.M.....C,
...f...wa....o.....u..4.Z.Dl........?....^..l.....f....m....imk..a.&..
.....?^....Z......kz...hX~....@&.u.aP..)_.......*J.7..@.lDN..........t
.3...?&.>.....i..>L......Q...d.:.............C......;... lB^....
O.;...h.>..7......0...|.cVT#.0...f.B.'.c....F.>5,.Rkn.Y3`....;.M
Y.|.pJC...........2./..................5.....a...e..X....8....Z..Z....
..4..li.f&.P.umZ...j.U5.Sa{....".`!r=....=..,.=..Bt{v..D......\s=.\.n.
1n.I s.VR.bu...9u/.....<....3......i..j4.0/j$.v]..s]..N..$g.j.l.R..
,s..\'.....M...-.....Qb.. d.f-.FZ_.O..`.....0.Hc....f.F.|.c.........O.
.o.......C....FoB..3~<.7..........._#..>...A..F.........<P.Z.
jW{..........K..y`]...4...|M.......=..lv...4.b...=.....=x.....d...G.4l
b9...f63.t.).....C..M. Rf.....M1z.....s".@.-..M.....=v&.D}..,..)0....H
*#.r...$S:.=I....S.i[..'S.54..y....1.[.0g..Wr.....DV.....p....Lp7G....
:.L|...A.h..FMgB.P..O}.....=t..A....#...7.~.3l...|.."{....u....v3pv[..
...(.............7^.b.:..X...q......Z.....Do.Z..w...F.....P$....Y..l..
......&.# ...gt...I...Cp.....%.....N\...-`..k.V.6..g.l...V.....t..G..6
.....A.PR...K...T.....v....Bq.0.'..w...c....(...n.).q.......12.N.#r...
..m(8...I...../..........O.2#O|7..@8.u...V......X...F..h.D.\.&@.j.....
...|..y..c..:.e...`h.......k..3...G#=C.......3"nD..........j.=....!...
kw.V.3.;.Q.CM.5. .&}..4..~.4.8.@iZ.......G.w........b.B.Y....G........
.7|....p......N..)....`.}\.. ........?C............ ........./..6.
<<< skipped >>>


GET /urlcore/olcfgs.dat?q=41 HTTP/1.1
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:05 GMT
Content-Type: application/octet-stream
Content-Length: 439
Connection: close
Last-Modified: Wed, 02 Apr 2014 08:26:13 GMT
ETag: "533bc9a5-1b7"
Accept-Ranges: bytes
.3..}...)u..r..DvS.-..%....(yX.[.....|........;....w.[.......m.9......
[h.t.,.......F..d........*.^gg.......n6..g.....\..%a.V.X.J.*.i....;.Gk
 .X.;.up.... !../b....dCY.8.....#.<ZV.......a.R..W..QX..!5..;.P.l..
?...8.=0{./f.......g...h|.....T..N(>...l........1..Vs..5P!.T...v...
`..[#.....J.{#..I..Rc........s^._..B1v@.?.N.v^!..%.%)........~.. eBd..
0..3`.@..\.@....;ti4>......U..om.t..p.L..n.{.\..1V....E.}..G,d..>
;Ys.XQ.1iX..Xw...{e.:......A.M...



GET /cgi-bin/CRL/2018/cdp.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Tue, 11 Oct 2016 17:15:01 GMT
If-None-Match: "20084-4aa-53e9a04525e5e"
User-Agent: Microsoft-CryptoAPI/6.1
Host: VVV.public-trust.com


HTTP/1.1 200 OK
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 24 Jan 2017 23:30:01 GMT
ETag: "20084-579-546df7ec18007"
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Connection: Keep-Alive
Date: Sun, 05 Feb 2017 03:33:14 GMT
Content-Length: 1401
0..u0......0...*.H........0u1.0...U....US1.0...U....GTE Corporation1'0
%..U....GTE CyberTrust Solutions, Inc.1#0!..U....GTE CyberTrust Global
 Root..170124184934Z..170421184934Z0.."0....'....141119195306Z0....'B.
..141119195752Z0....'....141119200006Z0....'1-..150204203232Z0....'...
.150429193635Z0....'....150513182515Z0.........150603195456Z0....'.:..
071121154528Z0....'....080514142515Z0....'....080924143337Z0....'#...0
81203144336Z0....''j..090209174351Z0....'b...100414181148Z0....'....08
0917150432Z0....'#...081203144209Z0....'#...081203144241Z0....'#...081
203144304Z0....'%u..081203144409Z0....'/9..090318130930Z0....'8...0907
15181853Z0....'TU..100113191852Z0....'k...101130163724Z0....'.B..11110
7193907Z0....'@...141119200409Z0....'....080917150312Z0....'....140709
175318Z0....'....141210173900Z0....'....150429193611Z0....'....1505131
82422Z0.........150603194732Z0....'i...150603194856Z0....'-E..14111919
5854Z0....'....141119200037Z0....'F...141217193909Z0....'F...141217193
956Z0....'>...150603195600Z0....'.D..150701191141Z0....'.'..1612141
71840Z0....'.2..161214171840Z0....'.3..161214171840Z0....'.4..16121417
1840Z0....'.5..161214171840Z0....'....161214171840Z0....'....161214171
840Z0....'....161214171840Z0....'....161214171840Z..0.0...U.......70..
.*.H.................[O..=.K.f..g.6.%(.t.A...............B.<....n7.
.....`{..:as..;...:..%...L....I.t...l.....L3`.&..k.lD..Pi.P(......n..P
../...s..
<<< skipped >>>


GET /v4/images/splogo.png HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:08 GMT
Content-Type: image/png
Content-Length: 1339
Last-Modified: Fri, 08 Jul 2011 09:36:19 GMT
Connection: close
ETag: "4e16cf93-53b"
Expires: Tue, 07 Feb 2017 03:31:08 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
.PNG........IHDR.............o.......pHYs.......... ......gAMA....|.Q.
... cHRM..z%..............u0...`..:....o._.F....IDATx.b...?.*...a....M
.w.2h.3HK2.....%....jl..~......h.........?...0|.`.qdpWb.dc`f`....._...
.v.cXy.A....|.N......../?...3h.3................c...........?......dX.
.......B....C.:.W#.D..._.~.5.....?.Q ...#.. '..K...1,.g......@L.p.....
...!R...;..?...f....... ..._.w>0.i0<..0m..E.....!(,..a...!....G.
./...~..?`.6..~..!..., ...!......!Z.A....<.........x./........`)..l
L.'.3T/c.).....@.1V....%.....v.@...........j......._..~.,....|..1...p.
 C...@.1~..?j....C.:..O........@'...._..?.......7.].. .|..._2H32..f.. 
P.}......R..D.d'P)0.....D38..5......H.-.z..{......3p.2....P....T...2.{
0|...2`..5C..33p...=...#(.Ai....m... S.. ..........."...",G..........8
.........P)..b. .y..... ..7 .'..!..ds.....g..V...........v.....dG.....
............."\.g.~.d..).......NH..... )q.... ......s13..3.......g.~..
......U..ar.....J... .. p.b.<..!..K ..d.t....O.}.x....7w...? .....O
.2L@A......l..&....[.A...f.......u..?~....j.$. .....W..L.>&(...@(.b
be..ah>.`k.p.......x ~.....v...?->.?.l....2..20.... .........08.
2<....._)...~...L..L t.../.C..z... .4>..C..C.%.V.~`....TB..5? (5
.]q.).2.,I. ..0........\b.f......Z..a.y..N.i~,............s..O.dy.Y..A
..a......*...`.. ....]{.s..o;.....7...;._....w..... F......f....&.....
._.E.....P... .....`.I.Q....IEND.B`...
<<< skipped >>>


POST /urlcore/svcreq1413fd.css HTTP/1.1
Content-Length: 230
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip
Host: urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)

f=3&v=101&c=10494&i=MBhBRgB1aDtPQX5ZFRxUZGV8HER/C0QaBmNiKEAWcgsQHFxjN3hOS2kWAEwII3AjSV9pU0ZXRm1i
NVscOFMAFUZhLigFQjcNFB9VK2NlSA8hU0xICD48flcWM19eHxhkYStAQ3kNER5cK2JlSVFnGFZM
DTNwI0lfaU9LS0ZtYjVbBj9KABVUe3BvHAFpABMfXWIvEw==
HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:12 GMT
Content-Type: text/plain
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Content-Encoding: gzip
6e5..............m..6.........P.......nS....j..L'.N..`....^....!!....J
.q..?~.L>.*./..'...1q...iL.1..._..qY.V.B..4..<...r.[.;.C.J..vU.B
.}.;6EK.'..n..^..`...=..R.S.H5.H.aK....;qi........L.J,v&.(.{4.......&l
t;.~[.o6.YiY....e..D....a....,.B,..yf..0..fG.....H-..5..2....&V"[.....
}.....KE.i0.<.yWD...K.-...<..<..v...7..|0..X.z.`...xys...K!ZW
...(.$=pQG....-......'.;.C..H=...........#.!...zT..2...w.'*....p......
.p.=Q.K:$...W...l.<s<......C..`.5.....BQ...N.........%..<.kQp
...).T..,.......s....Mg..xH......3.e..aVX?.4.=w.6..m.O..SdA.?AdJ..=..$
...W..m3Z.&.0...<(O...Ul<J*}.% ....SC7.T.Q.kBiy...{|...}.N!.t.;.
(...Y..c......,. ..9.)..3........u.9...dP.BZ...p....#.z...1.x1<=.C.
.kv...;'f@..  ..NP...c.f.ch...U.L..z8<-....J..u.B....!..9.._..D..J.
.........../.Z..e.T..OFY]3.B....!N..........J..L../...o.....vK.r9.zB^.
.T.*eEDc....k.$.....7.M.a.".&...43~.L..w....(L.LEB.....#M.....w..I...i
^.~k......{..St..-U.L...b.*.'{(pQ`7?P.x...U.Wi[wH...........].6....G4.
....)......Tb.G....X....m#\.xd...kbX...v.E.....g.6l.G[)..Q..vt.ha.....
.....r...mdV.%..........p...l._...)T....9...1B..>....&.........[}..
...j......D..6..<....X...-.....4.*..e....._...1.3Dt*..W....y....<
;...(.S..|...T.'.8......*.o.......x.._....AW..._...Myp.g9^.5.....{x.{O
0.>Y...._$..._.l....v0..s.... .,....'.&.?.........{..]....._\.. |..
.{..,....C...c9.q.>...[.[.R..n@..~...d.B....:Q..[......O.G....Q.d..
.D]>.lS.....<l.......U.?.ee2........9...;@....X.....vy\..B$lj.x.
~..i~.F.........P.....DLB...P..l>....4$..E...@vN..~L.^..[U..Wd.
<<< skipped >>>


GET /serving/cookie/match/?party=1009 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: dmp.adform.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=15
Location: hXXp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009
Set-Cookie: uid=5648657701418802231; Expires=Thu, 06 Apr 2017 03:31:59 GMT; Domain=adform.net; Path=/
....


GET /serving/cookie/match/?CC=1&party=1009 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: dmp.adform.net
Connection: Keep-Alive
Cookie: uid=5648657701418802231


HTTP/1.1 302 Found
Server: nginx
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Length: 0
Connection: keep-alive
Keep-Alive: timeout=15
Location: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu1
HTTP/1.1 302 Found..Server: nginx..Date: Sun, 05 Feb 2017 03:31:59 GMT
..Content-Length: 0..Connection: keep-alive..Keep-Alive: timeout=15..L
ocation: hXXp://ps.eyeota.net/match?uid=5648657701418802231&bid=9gdtmu
1..



GET /map/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: bcp.crwdcntrl.net
Connection: Keep-Alive


HTTP/1.1 302 Found
Cache-Control: no-cache
Date: Sun, 05 Feb 2017 03:31:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
Location: hXXp://bcp.crwdcntrl.net/map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Pragma: no-cache
Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net
X-Server: 172.25.10.205
Content-Length: 0
Connection: keep-alive
....


GET /map/ct=y/c=3825/tp=DTSC/tpid=D9E9B66BAE9C96588D172C1602C7221E HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: bcp.crwdcntrl.net
Connection: Keep-Alive
Cookie: _cc_cc=ctst


HTTP/1.1 200 OK
Cache-Control: no-cache
Content-Type: image/gif
Date: Sun, 05 Feb 2017 03:31:59 GMT
Expires: Thu, 01 Jan 1970 00:00:00 GMT
P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV
Pragma: no-cache
Set-Cookie: _cc_aud=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNEg0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23328000
Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT
X-Server: 172.25.10.151
Content-Length: 49
Connection: keep-alive
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Cach
e-Control: no-cache..Content-Type: image/gif..Date: Sun, 05 Feb 2017 0
3:31:59 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP=NOI DSP C
OR NID PSAa PSDa OUR UNI COM NAV..Pragma: no-cache..Set-Cookie: _cc_au
d=ABR4nGNgYGCImDZnPQMcAAAbVQI6;Path=/;Domain=crwdcntrl.net;Expires=Thu
, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _cc_cc="ACZ4nGNQME8yMbc0MzQxNE
g0NTZNtjAzTbMwMLA0SLW0TDVJM7dkAIKIaXPWMyAAADmrCkQ=";Version=1;Path=/
;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT;Max-Age=23
328000..Set-Cookie: _cc_id=7b47961410a535c865f80090e99e4f79;Path=/;Dom
ain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 GMT..Set-Cookie: _
cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Thu, 02-Nov-2017 03:31:59 
GMT..X-Server: 172.25.10.151..Content-Length: 49..Connection: keep-ali
ve..GIF89a...................!.......,...........T..;..
<<< skipped >>>


GET /item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: world.taobao.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:30 GMT
Content-Type: text/html
Content-Length: 278
Connection: keep-alive
Location: hXXps://world.taobao.com/item/533000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abbucket=2&qq-pf-to=pcqq.temporaryc2c
Set-Cookie: thw=ua; Path=/; Domain=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>
..<head><title>301 Moved Permanently</title></hea
d>..<body bgcolor="white">..<h1>301 Moved Permanently&l
t;/h1>..<p>The requested resource has been assigned a new per
manent URI.</p>..<hr/>Powered by Tengine</body>..<
;/html>..HTTP/1.1 301 Moved Permanently..Server: Tengine..Date: Sun
, 05 Feb 2017 03:31:30 GMT..Content-Type: text/html..Content-Length: 2
78..Connection: keep-alive..Location: hXXps://world.taobao.com/item/53
3000070202.htm?fromSite=main&spm=a230r.7195193.1997079397.8.iAWmGk&abb
ucket=2&qq-pf-to=pcqq.temporaryc2c..Set-Cookie: thw=ua; Path=/; Domain
=.taobao.com; Expires=Mon, 05-Feb-18 03:31:30 GMT;..<!DOCTYPE HTML 
PUBLIC "-//IETF//DTD HTML 2.0//EN">..<html>..<head><
title>301 Moved Permanently</title></head>..<body bg
color="white">..<h1>301 Moved Permanently</h1>..<p&g
t;The requested resource has been assigned a new permanent URI.</p&
gt;..<hr/>Powered by Tengine</body>..</html>....



GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com


HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60 
Vary: Origin 
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>


GET /crls/secureca.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 09:30:22 GMT
If-None-Match: "b6a46da3cf1aa70c10b101b12c9733f4:1476351022"
User-Agent: Microsoft-CryptoAPI/6.1
Host: crl.geotrust.com


HTTP/1.1 200 OK
Server: Apache
ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"
Last-Modified: Sun, 05 Feb 2017 03:15:33 GMT
Date: Sun, 05 Feb 2017 03:31:17 GMT
Content-Length: 325
Connection: keep-alive
Content-Type: application/pkix-crl
0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax1-0 ..U...$Equi
fax Secure Certificate Authority..170205030300Z..170215030300Z0,0....%
...020514181157Z0.....3..020515130611Z0...*.H..............^.bm}&?....
.m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5..k...a.{.2..*M
7...5....s.f..t...........fe{O..HZ....~...~.{HTTP/1.1 200 OK..Server: 
Apache..ETag: "cd1ddd31776c69c9c6e1b249f22bc66b:1486264533"..Last-Modi
fied: Sun, 05 Feb 2017 03:15:33 GMT..Date: Sun, 05 Feb 2017 03:31:17 G
MT..Content-Length: 325..Connection: keep-alive..Content-Type: applica
tion/pkix-crl..0..A0..0...*.H........0N1.0...U....US1.0...U....Equifax
1-0 ..U...$Equifax Secure Certificate Authority..170205030300Z..170215
030300Z0,0....%...020514181157Z0.....3..020515130611Z0...*.H..........
....^.bm}&?.....m;u.DK..^..1.....n9.N.U...C......^..N?........&]..K~.5
..k...a.{.2..*M7...5....s.f..t...........fe{O..HZ....~...~.{..



GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTfqhLjKLEJQZPin0KCzkdAQpVYowQUsT7DaQP4v0cB1JgmGggC72NkK8MCEATh56TcXPLzbcArQrhdFZ8= HTTP/1.1
Cache-Control: max-age = 511667
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Thu, 13 Oct 2016 04:57:34 GMT
If-None-Match: "57ff143e-1d7"
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:21 GMT
Etag: "5896643a-1d7"
Expires: Sat, 11 Feb 2017 15:31:21 GMT
Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT
Server: ECS (vie/F2D5)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0.......>.i...G...&....cd ...2017
0204220000Z0s0q0I0... ............(..A...B..G@B.X....>.i...G...&...
.cd ........\..m. B.]......20170204220000Z....20170211220000Z0...*.H..
.............:.U...H.#o.....rC%.O[q......C#....k.D.G.O. ......u..J9.2.
'h.70O>=n{d.*..@.. ...*...|.5......Pd%{..j~.x.4.zag.....0..M..baj.{
AF3o.]...X.@..l.Y?_y......C."/..cT...{......v..i....:...Q.:<.....v.
.c.R.<.`.~JR._..B%#.3bH:.........m.}......:.v....!).[.h.mr./. .HTTP
/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=1728
00..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03
:31:21 GMT..Etag: "5896643a-1d7"..Expires: Sat, 11 Feb 2017 15:31:21 G
MT..Last-Modified: Sat, 04 Feb 2017 23:31:06 GMT..Server: ECS (vie/F2D
5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0
...0.......>.i...G...&....cd ...20170204220000Z0s0q0I0... .........
...(..A...B..G@B.X....>.i...G...&....cd ........\..m. B.]......2017
0204220000Z....20170211220000Z0...*.H...............:.U...H.#o.....rC%
.O[q......C#....k.D.G.O. ......u..J9.2.'h.70O>=n{d.*..@.. ...*...|.
5......Pd%{..j~.x.4.zag.....0..M..baj.{AF3o.]...X.@..l.Y?_y......C."/.
.cT...{......v..i....:...Q.:<.....v..c.R.<.`.~JR._..B%#.3bH:....
.....m.}......:.v....!).[.h.mr./. .....
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTPJvUY+sl+j4yzQuAcL2oQno5fCgQUUWj/kK8CB3U8zNllZGKiErhZcjsCEAwAmbfXicn2ZiYxfrzqfBw= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.digicert.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: public, max-age=172800
Content-Type: application/ocsp-response
Date: Sun, 05 Feb 2017 03:31:26 GMT
Etag: "589676f7-1d7"
Expires: Sat, 11 Feb 2017 15:31:26 GMT
Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT
Server: ECS (vie/F385)
X-Cache: HIT
Content-Length: 471
0..........0..... .....0......0...0......Qh.....u<..edb...Yr;..2017
0205002900Z0s0q0I0... .........&....~...B../j..._...Qh.....u<..edb.
..Yr;..........f&1~..|.....20170205002900Z....20170211234400Z0...*.H..
...........1....vDO.<L..{../...1.~.m......M[A..S .*=j....D..D-.L..H
T..d.y....N...@..6jR...T.`.O.)|.h..4......W..H.W2.zD. .....X.....:.a._
V...c..M.9.`q..>7..@._T&g...=sS....O..^d.... ].?..dwT#d.e......P...
<......n.j(u...n..l....F.."?g.9..F .....\....h9].'3n...`q..V...HTTP
/1.1 200 OK..Accept-Ranges: bytes..Cache-Control: public, max-age=1728
00..Content-Type: application/ocsp-response..Date: Sun, 05 Feb 2017 03
:31:26 GMT..Etag: "589676f7-1d7"..Expires: Sat, 11 Feb 2017 15:31:26 G
MT..Last-Modified: Sun, 05 Feb 2017 00:51:03 GMT..Server: ECS (vie/F38
5)..X-Cache: HIT..Content-Length: 471..0..........0..... .....0......0
...0......Qh.....u<..edb...Yr;..20170205002900Z0s0q0I0... .........
&....~...B../j..._...Qh.....u<..edb...Yr;..........f&1~..|.....2017
0205002900Z....20170211234400Z0...*.H.............1....vDO.<L..{../
...1.~.m......M[A..S .*=j....D..D-.L..HT..d.y....N...@..6jR...T.`.O.)|
.h..4......W..H.W2.zD. .....X.....:.a._V...c..M.9.`q..>7..@._T&g...
=sS....O..^d.... ].?..dwT#d.e......P...<......n.j(u...n..l....F.."?
g.9..F .....\....h9].'3n...`q..V.....
<<< skipped >>>


GET /v4/js/main.js HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: application/x-javascript
Last-Modified: Mon, 18 Apr 2016 17:54:30 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Sun, 05 Feb 2017 05:31:07 GMT
Cache-Control: max-age=7200
Content-Encoding: gzip
503.............WMo.D.>.).a..d.M..B(....B.....K.Vc{.5qlw.N[......8!
....k.......E...}g..q.@P.a.;....._.k4i......'. ..tQ....<s.F...d...,
 <.......=..X.~...T1.9mO...9.K...r^..R.R..h....`O.7]....Dg~ ..c /K.
.2.....5....l.....7...g...W.~.SaN....C.............3.l=...e.}...:;.B..
..E..;..n..x...o_.}....o....Z..Q......x'..b..L.......?......~.........
........Z......$..5./.....}.....&I.N.k...g...b..........u..7I@..d.NDC.
<.X.s....=.L...c.'...T/.y...C.Q.H^.sA..._.lj.k.1X.g.!`...P.......EL
..-.r...`....I&d...<?...'^...T.M.o..x7....&..R.\8;:0*....ns"y._.\..
..";...D.q..`.........A.....>......o....)-[r[d.......z2/....[..;nr.
...u|.$M..E).;....I ..(.LX.....08..0\k.^f..v..l.......t$r..\..).......
j..j..sb>,......4..?W.gS..|VIkf.*..}56....w.....^._.z,......1.#kq..
v..y.q........z..4L....;...Z..`..&..|....>1.`:.^7..8.5......@3.p...
Fy....5..*....=[......0.[...-..8;.....m4.g....d}..m....y66B.$.p.q.r...
.....QM{..f.>...k.....KH..O.P`.8.h.....13.]..g.&.#0s.|qHG..Q...\]k.
..s....B.........P'm ...f...*..$.F....dB6:4].....V.T...o......v.....M.
..9LOU.3.....P6!..omBO....."..9...~..%Cr.q....&6.G^F.9...'........|tbk
.<{F.1(....|.@GZ....v.G].....5E.a..*.p.9]...S..$A.#.m....X.r...>
.C..S....kX......[.TP....Y2.!..USC8.;hTQY.Y..&N.i....x..O.t..!..?.B..Z
.3...xBcU....zr...2b..n.uA..r.q:.l2M."H<.5......-...oj8F.......0..
<<< skipped >>>


GET /v4/images/sound_high.gif HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: image/gif
Content-Length: 356
Last-Modified: Tue, 20 Dec 2011 07:08:05 GMT
Connection: close
ETag: "4ef03455-164"
Expires: Tue, 07 Feb 2017 03:31:07 GMT
Cache-Control: max-age=172800
Accept-Ranges: bytes
GIF89a...............K.....$..............v..\..9............!..NETSCA
PE2.0.....!...2...,..........[..I..8....Y......)1.1.dA.C.%...C.v....{.
......%}.M..dJ.B.......a7..).B... ..*.c....v.(...'..!...2...,.........
. ...*.&..Fc.0dU.-.C.@...Q.mE.%....h....K.(...!...2...,..........N.. .
...Q....=.. c...A.@..F0. ..ZsY..l.4.~....<.....GI..6..*.$....z.L...
..1S....;..



GET /?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: VVV.google.com.ua


HTTP/1.1 302 Found
Location: hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl
Cache-Control: private
Content-Type: text/html; charset=UTF-8
P3P: CP="This is not a P3P policy! See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for more info."
Date: Sun, 05 Feb 2017 03:31:12 GMT
Server: gws
Content-Length: 278
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowVRIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.google.com.ua; HttpOnly
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXps://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7
AsAHGi5-AAQ&gws_rd=ssl">here</A>...</BODY></HTML
>..HTTP/1.1 302 Found..Location: hXXps://VVV.google.com.ua/?gfe_rd=
cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl..Cache-Control: private..Conte
nt-Type: text/html; charset=UTF-8..P3P: CP="This is not a P3P policy! 
See hXXps://VVV.google.com/support/accounts/answer/151657?hl=en for mo
re info."..Date: Sun, 05 Feb 2017 03:31:12 GMT..Server: gws..Content-L
ength: 278..X-XSS-Protection: 1; mode=block..X-Frame-Options: SAMEORIG
IN..Set-Cookie: NID=96=NtkQbqImM7_dkkk-pZguAwVxZghdo7G92OC77-9aO5hCowV
RIN4e4cnMROIenFvajQOZeKJi_UURAxJiT66cE8xmEMl0h0sffG-gzKT03iES27_4bvpHQ
ghYp2ZreKQD; expires=Mon, 07-Aug-2017 03:31:12 GMT; path=/; domain=.go
ogle.com.ua; HttpOnly..<HTML><HEAD><meta http-equiv="co
ntent-type" content="text/html;charset=utf-8">.<TITLE>302 Mov
ed</TITLE></HEAD><BODY>.<H1>302 Moved</H1&g
t;.The document has moved.<A HREF="hXXps://VVV.google.com.ua/?gfe_r
d=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ&gws_rd=ssl">here</A>..
.</BODY></HTML>....
<<< skipped >>>


GET /v4/lib/jquery/jquery-1.11.1.min.js HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:07 GMT
Content-Type: application/x-javascript
Last-Modified: Sat, 16 Apr 2016 16:24:38 GMT
Transfer-Encoding: chunked
Connection: close
Vary: Accept-Encoding
Expires: Sun, 05 Feb 2017 05:31:07 GMT
Cache-Control: max-age=7200
Content-Encoding: gzip
920a..............gw#....~>..k(.YL-.g...%.$K...-K...B(......A......
.P..`K>s..w]..Y..........\...X..yurx....w........2.=.0<.b~7.tW..
,..j.?......p...M'.b.,v......n..{.n.k.7.....j....m1.....w.bo........b.
......{8...n........V...u?.6w.WZ..b.zgV...|../..?.E..n.(.;......w^OVc~
.....E..[.v.........^.'.b....p.w...j<Yf.....v...e6...K.PVp.....U6..
.n9.F\0...w.l..?d.||..?_-&.Qv..qw.......m.X.....4o..kd7y._?~M..p8.....
.!..G.._,/...../..|r|....~.h..y..fyp...G....A......h....Y...x...u.E..p
.......|5.....Z....X..w..|.............l......................N.Zn.3*V
.(.S..Nw.n........}.9t._.f.w/......W..u.I.b.....Qa.j......[B..-^}g...@
....x.~..Y.! ..q..N......YO.......Y.X.....{.>........[9n..Z.....5.5
<8...N...-Fv..j`8Y,...]Y....1.L..|...w..[.<.....w....^.8.wm....x
o.w.....y...}~..g.Gg.7l.......F|.%n..%X..A.O......]<dl.....(.8....u
/(b3Y.AVdC.}7,....z....'..x.. .`..t(.....EwVb...^.*.U......[......7...
..A.Z.us.:i.{.Oho..w|p.:...O.4.n.R..."........;..N......%;U..h7.......
.........(...TM.v...ju.=......{{..n...N....-{...{Ztk..b.i..j>......
 ..(~Tn\.....".=.h.7...tW...n.4[..Eq;......g`.F..M.?......qV..T..N..$.
l>O.sK.>...C..0..39aR.$>r......^.....FWol|....-....f..94.Q7..
-.~1.o.d7.).;.......y....P...onWo..o.u......r.....}..............R.u.p
6../X8..n....i.x ...Y".... .0.Y#..h%O..JR.5.p.{...eO..~P{...'..{}8.=..
4i....;q..V.H...t....:y.!..l.*.]....o4...A....g.......E...>k.......
.~..;-;...t..cn.=...........v..*/..o.z.<..C....Sq......q.5`V.....^.
Q....B.qBf.\.9 k0.k............B.Eb..A...PW...|...........6.txV...
<<< skipped >>>


GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d4afa0b190486942f6c8f8a68c37c38ea1486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9082bc5984-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>


GET /stat.htm?id=1189654&r=&lg=en-us&ntime=none&cnzz_eid=1549093891-1486263024-&showp=1276x846&t=流量精灵&h=1&rnd=258009459 HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: hzs11.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Date: Sun, 05 Feb 2017 03:31:18 GMT
Content-Type: image/gif
Content-Length: 43
Last-Modified: Thu, 16 Apr 2015 02:22:34 GMT
Connection: close
Accept-Ranges: bytes
GIF89a.............!.......,...........D..;..



GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 Not Found
Server: Mini web server 1.0 ZTE corp 2005.
Content-Type: text/html; charset=iso-8859-1
Accept-Ranges: bytes
Connection: close
Cache-Control: no-cache,no-store
                                              <HTML>.           
                                   <HEAD><TITLE>404 Not Fo
und</TITLE></HEAD>.                                       
       <BODY BGCOLOR="#FFFFFF" TEXT="#000000" LINK="#2020ff" VLINK=
"#4040cc">.                                              <H2>
404 Not Found</H2>.The requested URL was not found on this serve
r..<!--.Padding so that MSIE deigns to show this error instead of i
ts own canned one..Padding so that MSIE deigns to show this error inst
ead of its own canned one..Padding so that MSIE deigns to show this er
ror instead of its own canned one..Padding so that MSIE deigns to show
 this error instead of its own canned one..Padding so that MSIE deigns
 to show this error instead of its own canned one..Padding so that MSI
E deigns to show this error instead of its own canned one..-->.<
/body>.</html>...



GET /wp-includes/js/jquery/jquery.js?ver=1.11.2 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Fri, 27 Feb 2015 02:41:28 GMT
Cache-Control: max-age=2592000, public
Expires: Sat, 03 Feb 2018 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 33287
Content-Type: application/javascript
X-Varnish: 5324554 4751826
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1477
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
............yw.../....".G..%Jl..'.!<....x.....h/L.$N"..d...o...*...
.s.[....E.P..k...y....w....m....^..O.,8yqq.........Vw.<..VKu..2.Q..
[|..6..., .......t.w....D....J..l.E..q]..'.U~7/NO.|.....f....Q..W...X.
..j.\.a.P.4...2K..nV.'.....f..........m..Irr?[...~....)...M...,O....._
...............'.Mg[U...ds.E.............2KvjL....TM...(....i.tP.h...^
.6..D]..4.~{..n.Z.....A.y...yj.U.........*....A-.._.W....^}...........
.|.V..l.=;W.....^...o..|2S.................-G..z...0a....p.h....].[m..
.....=O...d7./.n..f.<. l..{Y2...n....Uv....|.....2..s.t....G....jeX
...$..T.ULi$.b3)8k.......14......#..)....y5/*=."..a.T.z..-)Y.E.n.%Wi;.
S..._....l.D.KI.4.zyO..q.......G.........g...X....Ay..;...)Oq.2....,.&
].....v.k........2.....h..G.~....]......Fz_.c.%0..A...]....?.....Q;..8
....!.b....Pc:.v".....N.4.....f..Q.?.......H.%........R.TW.....a'...7.
~f.5..{.B.$...hF.Md.N.....r:@E.[.D.E.. @........h2.G.R.~&.(....S......
l)sM7.5.S5..A.. ....O.%....... N...Mw...4d4..u..i.....j..\..p.J5.hR...
D.MB.<.W..........A......X......>%(.y..m./..1.\...Me../...x.Z...
..]..C..$ZD......S.._3Q.}K...4J.(..q.yz.Dt........ofYK...RT.l.l..g.U..
...X..W...Q..y.y...II.k..U.pig.[J.......qF..'..*/...l..;}*[.m..A$..?=.
\..L...{...-P^v.....o.^....~...*S..{.[./."@.4....!..I2[X.7-o..;Y..M.[_
Z.8.z^....Dg...x:....Q9...N.o.J......l......0.....L.....l3[...J....u..
..E.,.9p...$.@..G..W.........P......|.Mk....juo..Ll5....%.}H.=...2.{..
.cwf..N.',.`|Y....9./.k2,.|..-F...tS$7.bNH5.........d.Q.P..c..........
..u..|..r.....qn.... .....A.B.....AlP.Ly[.....l/..DF...........]M.
<<< skipped >>>

GET /harga-sewa-mobil-solo.html HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:36 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Location: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:36 GMT
Content-Length: 0
Content-Type: text/html; charset=UTF-8
X-Varnish: 6606142
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Connection: keep-alive
HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:36 GMT..X
-Pingback: hXXp://sewasolo.com/xmlrpc.php..Location: hXXp://sewasolo.c
om/harga-sewa-mobil-solo.html/..Cache-Control: max-age=2592000..Expire
s: Tue, 07 Mar 2017 03:31:36 GMT..Content-Length: 0..Content-Type: tex
t/html; charset=UTF-8..X-Varnish: 6606142..Age: 0..X-Cache: MISS..Serv
er: Rocket Booster..X-Powered-By: Warna Web Accelerator..Connection: k
eep-alive..



GET /GIAG2.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: pki.google.com


HTTP/1.1 200 OK
Content-Type: application/pkix-crl
Date: Sun, 05 Feb 2017 02:35:27 GMT
Expires: Sun, 05 Feb 2017 03:35:27 GMT
Last-Modified: Sat, 04 Feb 2017 02:15:00 GMT
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 541
X-XSS-Protection: 1; mode=block
Age: 3366
Cache-Control: public, max-age=3600
0...0......0...*.H........0I1.0...U....US1.0...U....Google Inc1%0#..U.
...Google Internet Authority G2..170204010002Z..170214010002Z0R0'..vK.
...Q...170113141858Z0.0...U.......0'..1.3..*....160915202213Z0.0...U..
......00.0...U.#..0...J......h.v....b..Z./0...U........0...*.H........
.......2;..{......h........u<...uyR .Ixm.O.........M..l..c.I..R.QQ.
..5......xF|.9.....]..j.._..^.-...c.. :..F......Z.t`.%z."..=.[~.....R.
*.&...b7..9....XQbr..B.....0...&{.g.p....%.^X... ..$9...d.@.......x..l
...*.....v.$..up@..=.jT..^..;^..@.........gG..I.....V9HTTP/1.1 200 OK.
.Content-Type: application/pkix-crl..Date: Sun, 05 Feb 2017 02:35:27 G
MT..Expires: Sun, 05 Feb 2017 03:35:27 GMT..Last-Modified: Sat, 04 Feb
 2017 02:15:00 GMT..X-Content-Type-Options: nosniff..Server: sffe..Con
tent-Length: 541..X-XSS-Protection: 1; mode=block..Age: 3366..Cache-Co
ntrol: public, max-age=3600..0...0......0...*.H........0I1.0...U....US
1.0...U....Google Inc1%0#..U....Google Internet Authority G2..17020401
0002Z..170214010002Z0R0'..vK....Q...170113141858Z0.0...U.......0'..1.3
..*....160915202213Z0.0...U........00.0...U.#..0...J......h.v....b..Z.
/0...U........0...*.H...............2;..{......h........u<...uyR .I
xm.O.........M..l..c.I..R.QQ...5......xF|.9.....]..j.._..^.-...c.. :..
F......Z.t`.%z."..=.[~.....R.*.&...b7..9....XQbr..B.....0...&{.g.p....
%.^X... ..$9...d.@.......x..l...*.....v.$..up@..=.jT..^..;^..@........
.gG..I.....V9..
<<< skipped >>>


GET /css/lrtk.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: text/css
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 03:50:47 GMT
ETag: W/"8055f623669d11:0"
X-Powered-By: ASP.NET
Content-Encoding: gzip
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
438.............VAS.6.>.....c:.T.v...92ez....SF..[.l.Y&....je9.Mh.7
9.Z....~.Rn.IV..../..hI.$...H#..D..G$..|F...s./H.9I..d.tA..KVsC$.x..(.
..Uc.*..[C5.." ....F.NLN..[`.~.KAu&...{kT.1Qf.Z)....Z.&X.B.].....V.Z..
.......Z....i..OR.<...rc?N..M5.?{.TI....lf....0%{...Z.M.Mr../...H.I
.KQ[7f'yR...%...x..S....F..G.p....._G........@.Di.n.L...r...-K....?..-
.J.......#(.k....2..6...I...'a.[>....Qd...u%.-..2Bl.39...E....*J..9
?..b..s...*.........{./?...........O.VM..h...LnDA3^.<?/...E.q=....V
$.........-. 1."..M./...a........M...h......4..C.......F. .YBV..CvE...
.-._...l[...J.H..c........B."W .z;.g~.............3G..rz.uv}..C.ac..q.
..D1v.(...M.E.&...[.@'.G\{~.....9]z.O..............@....u.m!K'i..]7..3
..ge7*...M$I....OP.Z.a.D...e. <>>.s........u.u......l..v..g..
.:.......>... .....QJ;...;...w...8.r..|k...C~4..H...o...H..B...?K..
..s...(O....g'....].]u......&...........tt..Y...0.H ..A{N....u..GW....
.0......?a...._*.&. K.16r...!.....m{.....f.6....!..k......^1.j.M..g.Zl
9;........y..qb..y][.....K....&.?.K....?...*...yxu..z..]...j......N`..
......H....M._.........Ak:.f. .X....}70.$G>...8....P%..8.....0..ont>....


GET /templets/default/js/ie8.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 789
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:28 GMT
Accept-Ranges: bytes
ETag: "03a40933869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
...ready(function () {..    function createHtml() {..        var oBox 
= document.getElementById('top_box');..        var oNav = getByClass(o
Box, 'nav')[0];..        var rootUl = oNav.getElementsByTagName('ul')[
0];..        var oUl = rootUl.getElementsByTagName('ul');..        for
 (var n = 0; n < oUl.length; n  ) {..            for (var i = 0; i 
< oUl[n].children.length; i  ) {..                var oli = oUl[n].
children[0];..                var oi = document.createElement('i');.. 
               oi.className = 'ibk';..                oUl[n].children[
i].appendChild(oi);..            }..        }..    }..    if (window.n
avigator.userAgent.toLowerCase().indexOf('msie 8.0') != -1 || window.n
avigator.userAgent.toLowerCase().indexOf('msie 7.0') != -1) {..       
 createHtml();..    }..})HTTP/1.1 200 OK..Server: wts/1.1..Date: Sun, 
05 Feb 2017 03:31:50 GMT..Content-Type: application/javascript..Conten
t-Length: 789..Connection: keep-alive..Last-Modified: Wed, 17 Feb 2016
 04:06:28 GMT..Accept-Ranges: bytes..ETag: "03a40933869d11:0"..X-Power
ed-By: ASP.NET..Expires: Mon, 06 Feb 2017 03:31:50 GMT..Cache-Control:
 max-age=86400..X-Cache:  from WT263CDN.....ready(function () {..    f
unction createHtml() {..        var oBox = document.getElementById('to
p_box');..        var oNav = getByClass(oBox, 'nav')[0];..        var 
rootUl = oNav.getElementsByTagName('ul')[0];..        var oUl = rootUl
.getElementsByTagName('ul');..        for (var n = 0; n < oUl.lengt
h; n  ) {..            for (var i = 0; i < oUl[n].children.leng
<<< skipped >>>


GET / HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: songhaiyouhong.blogspot.com
Connection: Keep-Alive


HTTP/1.1 200 OK
X-Robots-Tag: all,noodp
Content-Type: text/html; charset=UTF-8
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=0
Last-Modified: Fri, 27 Jan 2017 04:54:12 GMT
ETag: W/"50401b8047fb190437946c475bae5313f38b1f2f5ddb23c28b8b5b2024efbf02"
Content-Encoding: gzip
X-Content-Type-Options: nosniff
X-XSS-Protection: 1; mode=block
Content-Length: 27378
Server: GSE
.............s.9.(...W..n........L{eYnk..<...n...H...I...(Y.....^\.
.......fv6f/.?...2.@.P.$e...y.....$..D"3....zx......6..#....'...(W*.6.
 ..'....O.>a5...C......3...0..*...s.|...A..E.=B.a1.X.....{....TI...
.Q.....h...iP.....Adju.l........ .j.Y..G.....C{an.$.8........Mp....;..
..$t&a..:.......C.......Qy...j..e.....<{..b..*) ..7.8@..=v...3q|;.|
.:r'...w....7..m..............}..\.~......|-..j...=p*...v}..b..x..k.b.
.n....'v...:..NG./t.I..3^...77........{O......X..A...b,.P.......A.....
(4.5...`.:/..?...P}.jIb.8>t.ca..!T xWp..Oc.Q.ol4.[..v....5.`cg.....
..S.U....N............NB.....Y.^._..g.... .V..9....{.C.....C...]..".3.
.RC.H2u...]....?....`..urV.n"c..[..k......cw..{...M...Xb....I.7Y......
M.....1.....Y..L..gv`.`..Ah...w...[gF...|..{..&.e ....lj.m..9v&3.._'..
....,.e.......8....c.<..=.d...a.`.J.........ju.~...[#g2......M.y...
....`....oE...}...X._.9..Nw....I.Xx`w.!...!..}.;t.&....1...!.0.....5^.
.R...V$...z.Lzn.M...@.wO......<...s.M.J7..........',(r:k..!..n..V9w
{..Fy.Q.om.0..y.).=.@.q..*n.......*.,.z...$.Vq?.}....=|.N..5{<.....
t.U.i..7;.~.....;;.F..Q....5...qt.)....)._9x.N..B...px.V.....Qv...#...
f...3.........bu..g<U.....cQ:...>..>.D.G.....?.F...@......G@F
P..Oz`.N......(.w.;a..a?.C...^..d../~..:....m..%..9g..e.u.....3.k.c..1
Y..]..j...x....g..<{...B...........M..i...1.Cq........3...&....M...
.}.......!...h.Q0p'-..S..s'.V.]..v.:..p.Al...hdO.l.aW~..vW.R.......@.&
lt;..I...\D...0c.>$8.<.. .9v(T..Q.}...&.>{.....w0.E.T........
......Q....#..Ad.&.....{6a....N.V.~.S./............PP..V.p........
<<< skipped >>>


GET /css?family=Open Sans:400italic,700italic,400,700&ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:14 GMT
Date: Sun, 05 Feb 2017 03:31:14 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
16e..............Ao.@.......I..../.5 V1X*.bV...,..`..^hj..........|o..
...@...%.>...2.PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R..
.KH(2L.*..c..gU-.fb...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u.
..L..Ui..J....g......j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5
......v..OW..t.f.v..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M
..F.s~z7wUs.........sx.......a.....YJ.......0..HTTP/1.1 200 OK..Conten
t-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Timin
g-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:14 GMT..Date: Sun, 
05 Feb 2017 03:31:14 GMT..Cache-Control: private, max-age=86400..Conte
nt-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-Prot
ection: 1; mode=block..X-Frame-Options: SAMEORIGIN..16e..............A
o.@.......I..../.5 V1X*.bV...,..`..^hj..........|o.....@...%.>...2.
PZh.`...j...d..A..5D_......A.e.-.,. lAT>.Q.9..R...KH(2L.*..c..gU-.f
b...q..lk.c....%R.4...n.4....c=a0...8.0.....Uw.q*.u...L..Ui..J....g...
...j.._..s...g..{P-n..JB.W....{a.,.|.E.K'..........5......v..OW..t.f.v
..B.L.y(...7.3e*!..B..;.......?.Aa.-....L;$:.......M..F.s~z7wUs.......
..sx.......a.....YJ.......0......


GET /css?family=Playfair Display:400,700,900,400italic,700italic,900italic&ver=3.9.2 HTTP/1.1


Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
1c0..............]s.@...{....3E...r. .W......, ...."b....j;.N.c..v..g.
..s....<.\....a..Z(.jRXx.$@#i._Wo.....U@.&>..Ns..%S.(..Y. ...AZ.
....?K..7uqFaR&.....E.......2..j...S>:t.~v....o.U.....*...Dv.....O.
.m#....Gb/..N..C...?}...V-w..m.[..=P:...5...2...,V.e. ......96.....Vp6
.k.H.&..[.j..e..a...O...o.s....d..v...Z...)....0H..d...G......h..5Y%3n
....e.e.............K..o....ui....}.......h...a6G.C........}*r...4.7..
.....5:{..@*co.d>l......x.....3...S.;.......a......,.......0..



GET /gsorganizationvalsha2g2/ME0wSzBJMEcwRTAJBgUrDgMCGgUABBQMnk2cPe3vhNiR6XLHz4QGvBl7BwQUlt5h8b0cFilTHMDMfTuDAEDmGnwCDAqEDhBT4Lgi0Ijg9w== HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp2.globalsign.com


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:45 GMT
Content-Type: application/ocsp-response
Content-Length: 1570
Connection: keep-alive
Set-Cookie: __cfduid=d11022d4d0b1d2b32de0b161cc05690c31486265505; expires=Mon, 05-Feb-18 03:31:45 GMT; path=/; domain=.globalsign.com; HttpOnly
Last-Modified: Sun, 05 Feb 2017 03:14:08 GMT
Expires: Thu, 09 Feb 2017 03:14:08 GMT
ETag: "42347f38c3fb76f9e0e968abad041628b4c149a3"
Cache-Control: public, no-transform, must-revalidate
CF-Cache-Status: HIT
Server: cloudflare-nginx
CF-RAY: 32c34a9092af5996-VIE
0..........0..... .....0......0...0.......M........u....%...G..2017020
5031408Z0o0m0E0... ..........M.=......r......{.....a....)S...};..@..|.
.....S.."........20170205031408Z....20170209031408Z0...*.H............
.i.".j.)..ci......g...E.D...>o.)'.@.h7.._..Z..."...}JAyv2.[....?...
{.DoSt..BR}|..[..L9#Su.......l... ..-0..*..X{O.=...'..........a...N..B
....A.;]..i.T.z..2.Qs.......W.8..C.%2.......?..9...b....o.......?.]WN$
......t..g...j.-..>?1|.\.d..)@.. ....C.v.V...tM......K0..G0..C0.. .
......q..}.dc.j..(0...*.H........0f1.0...U....BE1.0...U....GlobalSign 
nv-sa1<0:..U...3GlobalSign Organization Validation CA - SHA256 - G2
0...161124031843Z..170224031843Z0..1.0...U....BE1.0...U....GlobalSign 
nv-sa1.0...U....2016112411281M0K..U...DGlobalSign Organization Validat
ion CA - SHA256 - G2 - OCSP Responder0.."0...*.H.............0........
.C..0j..R........0.".e.&.6'.d..._.....8...Y..../..z..-hi.k.......D....
.....u..>h....T2..~..*;...v.^.!d.......8.p.e..me...>..V...l...P.
6.V..G..;X.......12U.)D.E(ldQ...67..@......l...A.>l......m..e;.....
n.~..Wb.?..gE.......a.KM.F...}.qo;S...`/..s....6....G.a........0..0...
U.......M........u....%...G0...U.#..0.....a....)S...};..@..|0... .....
0......0L..U. .E0C0A.. .....2._0402.. ........&hXXps://VVV.globalsign.
com/repository/0...U...........0...U.%..0... .......0...*.H...........
...H.....C.Ie....;.yN.'..../?.T..-T.a..4...n..OW/l....[|..-.i../.'..1.
"......3[...J.....\@.S.=-p..p......d...>~J.|E0y......!.;.c.,...||.V
....K..L...dX...a....6'..U..G....A;..........4K...........k.B].s.3
<<< skipped >>>


GET /CRL/Omniroot2025.crl HTTP/1.1
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sat, 16 Nov 2013 06:15:02 GMT
If-None-Match: "200da-5b6-4eb453c33260e"
User-Agent: Microsoft-CryptoAPI/6.1
Host: cdp1.public-trust.com


HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/x-pkcs7-crl
Date: Sun, 05 Feb 2017 03:32:02 GMT
Etag: "200c0-cba-546dfb468d5d3"
Last-Modified: Tue, 24 Jan 2017 23:45:01 GMT
Server: ECS (arn/45A4)
X-Cache: HIT
Content-Length: 3258
0...0......0...*.H........0Z1.0...U....IE1.0...U....Baltimore1.0...U..
..CyberTrust1"0 ..U....Baltimore CyberTrust Root..170124185021Z..17042
1185021Z0...0....'k...120111220757Z0....'k...120111220847Z0....'.C..13
0130174530Z0....'....130807173059Z0....'....140122185220Z0....'....140
212185542Z0....'yr..150701184507Z0....'#...100303201301Z0....''q..1004
14175202Z0....'L...110224181251Z0....'Pn..110309142119Z0....'....10021
6203312Z0....'#...100303201213Z0....'3#..100908172555Z0....''n..101208
175627Z0....''m..101208175749Z0....''p..101208175916Z0....'H...1101141
62156Z0#...'X>..110815145134Z0.0...U.......0#...'Z2..110818184101Z0
.0...U.......0....'g...120111164333Z0....'g...120111164409Z0....'g...1
20111164519Z0....'....100216213519Z0....''s..100414175225Z0....''k..10
0414181839Z0....'3"..100908172705Z0....'3$..100908172728Z0....''o..101
208175645Z0....''l..101208175727Z0....'H...110119195142Z0....'Nz..1103
02154045Z0....'c...111207220933Z0....'g...120111164445Z0....''r..10041
4175143Z0....'8...101012182723Z0....'e...120111163041Z0....'VJ..110714
160903Z0....'s...130123162633Z0....'....130904190524Z0....'....1310242
14319Z0....'....140129172435Z0....'....140129172453Z0....'....13102421
4310Z0....'....131101204601Z0....'....140219171632Z0....'.^..140409155
638Z0....'i...140709171930Z0....'/:..141119193302Z0....'J...1506031846
05Z0....'k...150603185020Z0....'k...150603185058Z0....'k...15060318513
1Z0....'k...120111220827Z0....'8...140716191203Z0....'....131219195909
Z0....'....140219171545Z0....'k...151105070000Z0....'q...160126173
<<< skipped >>>


GET /js/adv_out.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: st-n.ads1-adnow.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx/1.8.1
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: application/x-javascript
Last-Modified: Tue, 31 Jan 2017 15:33:47 GMT
Transfer-Encoding: chunked
Connection: keep-alive
ETag: W/"5890ae5b-3136"
Expires: Sun, 05 Feb 2017 03:36:57 GMT
Cache-Control: max-age=300
Content-Encoding: gzip
1431.............Z{w.....O.u.r. d......M.'.L..&...0....l..$...~..Uw..8
...91..~Tu...X\.u..f..u..>.O.4.....~..#....:..W.....}w....?\|...._.
....?../.z>.....M8.F..8I.w.........gG...ys.....q.o....q...Y..Q.0.V0
.....j.?2..WuMf,.....k.|:J.'''m.s.....:3V .l.x/>.tly<.u....a.E1.
.!..........w..^.i.C....:..h..=o.8.k.<....g.......T.J.'...@)ZX_N.N.
i..)..B>..t..2d4..[`.LW.y..jx..ysZe..3w<k.S....s_w....a.J... ...
...Z.4y.p.F.l.u-.&...w.6?..im.H...:.e...;O...Y.E.....Wa..h..........r.
...Fc.[p. L5#.7v\....L?........[e.suf..9n.h.....o^....T..F:..E.,..(.ET
.....wu0N...6..H.....a.o.....u......is..J.ZG3...ay,.u.....st......].9.
j....(5.9.y...~.W..E7....M..L...4..]....b!.iu.eyVM.9N;{'..a....y .u.yN
io.%...............}>?.&3P~........7....1.94....UHa.F.B3...k....*..
&.H..:..FW.F..N.}.@.......).....$... ..mH. .....Y=;F...J.........-.k.F
.6..`.WR...[xBl..#.z.....5..8).... ..fp..).....^.#..|.}zx.n..K.).{Fj9~
X.X~...#p...!.o......G -.%..p<kg...um......O.$...E...c...$...1....-
1.....=<p.S.._.......awl...=l.....`.=...[.p.P.M..Z1..=..$..[..T....
.M.P..g..(.jN0.|.....>HR...*N^h..ZWci......)..|....j.........R.E...
UA..)-d_...$Y...F.x,.x...Z..j\!....X...jx...7"*j.?~ .D..........k...Z-
.E....hTa*......wG.i.4.Bn..l.6/.hc).|......P8X^.....~:^...../....n.?..
...6}...8......V.......X..6-.a...Z.|...a.:....>a>.p.]hXfE.!dL...
...yl&o.U..hf.....".W.Y.0...Z..~....."*.;'*..x.7;..#...,z...a..>.Y.
 @....zR\Yn$l.7......k...Cg(..3....Z K.....37.^..^....:...b.......,.m$
 .p4......P..g`...g-.|.3.|r-.....{..9.-.ca....:j...p.q.....[-(N..m
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBRIt2RJ89X++hEzqoBeQg8PymQ2UQQUANhaTCXBIuWLMe9tuvPMXynxDWECECUM6OAwYS6fK4n3BU18+P0= HTTP/1.1
Cache-Control: max-age = 363986
Connection: Keep-Alive
Accept: */*
If-Modified-Since: Sun, 17 Nov 2013 16:06:48 GMT
User-Agent: Microsoft-CryptoAPI/6.1
Host: ocsp.verisign.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1454
content-transfer-encoding: binary
Cache-Control: max-age=446216, public, no-transform, must-revalidate
Last-Modified: Fri, 3 Feb 2017 07:24:47 GMT
Expires: Fri, 10 Feb 2017 07:24:47 GMT
Date: Sun, 05 Feb 2017 03:31:21 GMT
Connection: keep-alive
0..........0..... .....0......0...0........FC..&..<.0...Y......2017
0203072447Z0s0q0I0... ........H.dI.....3..^B...d6Q....ZL%."..1.m..._).
.a..%...0a.. ...M|......20170203072447Z....20170210072447Z0...*.H.....
..........gV.v.k.W.m..$[.o.n{h...uW`..<.Q...s...7..;a..Mn`.2....h,e
;.........<6....>..cF....y.N.......L-b[.'`.z.78y..H..!^.s.v...l.
.a....Te...........VdQW..?.XO..Tg....T.....Z..u.{..j.....!..MPS......a
......5c.[..#.....,.9......^\0.J|.... ....[.;1z....0.c.`..>........
0...0...0..4.......My_e.\....'....j0...*.H........0_1.0...U....US1.0..
.U....VeriSign, Inc.1705..U....Class 3 Public Primary Certification Au
thority0...161122000000Z..171214235959Z0..1.0...U....US1.0...U....Syma
ntec Corporation1.0...U....Symantec Trust Network1?0=..U...6Symantec C
lass 3 PCA - G1 OCSP Responder Certificate 50.."0...*.H.............0.
............4..IP.....B..h.....]..).]w.!"..a..{...="....._...~.s1.E...
....;...6&/...\2..A....\..T aH:.8lH^.....l.v.$...K=sZf.*.|.%.Pb.......
B..*f.T\w.:.s.... ....9..4..cV...3.qc.c..j<.f.....>1X.I...P%?...
......5R-....Ca14..X.U....u.....:.z.\.k..b.E.v..,.J................0..
0...U....0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://VVV.symaut
h.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0... .....
..0...U........0... .....0......0"..U....0...0.1.0...U....TGV-OFF-470.
..*.H.............G..\..R.P..e]...N.....m.....4f......b4"8v..b.R....`.
Auz..........2=...@..........5..cWh....J......r...g.h......Kw'...j.@..
.x.....
<<< skipped >>>


GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com


HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60 
Vary: Origin 
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G.....!...o.x_...|C..m..Z.R....G.&...{e2\9.l1.
<<< skipped >>>


GET /css?family=Tangerine:400,700&ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
101..............[K.0.... r..LS......-..d:....%mY..&]...w. "(.^....}..
h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U. snK.j.l.
Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(.............B
.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a....J.Y.....
..0..HTTP/1.1 200 OK..Content-Type: text/css; charset=utf-8..Access-Co
ntrol-Allow-Origin: *..Timing-Allow-Origin: *..Expires: Sun, 05 Feb 20
17 03:31:57 GMT..Date: Sun, 05 Feb 2017 03:31:57 GMT..Cache-Control: p
rivate, max-age=86400..Content-Encoding: gzip..Transfer-Encoding: chun
ked..Server: ESF..X-XSS-Protection: 1; mode=block..X-Frame-Options: SA
MEORIGIN..101..............[K.0.... r..LS......-..d:....%mY..&]...w. "
(.^....}..h.%...z.|."W...=..(s-.A.Y.(A.6e...[.<...Gq.z...(.......@U
. snK.j.l.Z.\.#n.d...h.QB.m......m2.jSQ8?.O.._.4......U.7uT.)....(....
.........B.FF.[......./6S[.y}9zZ..Sy...=...3..w.4;...f.z...........a..
..J.Y.......0..



GET /core.php?web_id=1189654&t=z HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: c.cnzz.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: Tengine
Content-Type: application/javascript
Content-Length: 763
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:18:38 GMT
Last-Modified: Sun, 05 Feb 2017 03:18:38 GMT
Expires: Sun, 05 Feb 2017 03:33:38 GMT
Via: cache1.l2nu16-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlun8.cn9[1,0]
Age: 760
X-Cache: HIT TCP_MEM_HIT dirn:-2:-2
X-Swift-SaveTime: Sun, 05 Feb 2017 03:18:38 GMT
X-Swift-CacheTime: 900
Timing-Allow-Origin: *
EagleId: 77bc604814862654783473720e
!function(){var p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="on
line_v3.php",f="hzs11.cnzz.com",g="1",h="text",i="z",j="站໳
1;统计",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m
="1",n=l "//online.cnzz.com/online/" e,o=[];o.push("id=" b),o.push("h=
" f),o.push("on=" a(d)),o.push("s=" a(c)),n ="?" o.join("&"),"0"===m&&
k["callRequest"]([l "//cnzz.mmstat.com/9.gif?abc=1"]),g&&(""!==d?k["cr
eateScriptIcon"](n,"utf-8"):(q="z"==i?"hXXp://VVV.cnzz.com/stat/websit
e.php?web_id=" b:"hXXp://quanjing.cnzz.com","pic"===h?(r=l "//icon.cnz
z.com/img/" c ".gif",p="<a href='" q "' target=_blank title='" j "'
><img border=0 hspace=0 vspace=0 src='" r "'></a>"):p="
<a href='" q "' target=_blank title='" j "'>" j "</a>",k["
createIcon"]([p])))}();HTTP/1.1 200 OK..Server: Tengine..Content-Type:
 application/javascript..Content-Length: 763..Connection: keep-alive..
Date: Sun, 05 Feb 2017 03:18:38 GMT..Last-Modified: Sun, 05 Feb 2017 0
3:18:38 GMT..Expires: Sun, 05 Feb 2017 03:33:38 GMT..Via: cache1.l2nu1
6-1[41,200-0,M], cache16.l2nu16-1[42,0], kunlun7.cn9[0,200-0,H], kunlu
n8.cn9[1,0]..Age: 760..X-Cache: HIT TCP_MEM_HIT dirn:-2:-2..X-Swift-Sa
veTime: Sun, 05 Feb 2017 03:18:38 GMT..X-Swift-CacheTime: 900..Timing-
Allow-Origin: *..EagleId: 77bc604814862654783473720e..!function(){var 
p,q,r,a=encodeURIComponent,b="1189654",c="",d="",e="online_v3.php",f="
hzs11.cnzz.com",g="1",h="text",i="z",j="站长统෶
5;",k=window["_CNZZDbridge_" b]["bobject"],l="http:",m="1",n=l "//
<<< skipped >>>


GET /wp-content/themes/dream/font-awesome/css/font-awesome.min.css?ver=4.2.12 HTTP/1.1
Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Fri, 03 Feb 2017 14:57:48 GMT
Last-Modified: Wed, 13 May 2015 16:18:58 GMT
Cache-Control: max-age=2592000, public
Expires: Sun, 05 Mar 2017 14:57:48 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 5042
Content-Type: text/css
X-Varnish: 8474625 7832084
Age: 131606
X-Cache: HIT
X-Cache-Hits: 1043
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........\M...q..W.wC..EWO..]..V.C.....V..|.I...$........n.D....z.{.
..i......D..>.._.e......6....VUb..O....e.S......e.\..i..?......T...
..........&.K_..=....._..../.v..........~..u..........x...dy9~p...?<
;.:;v.......`.>v."R...P....._....C...(....M....7.?.*.y...jDm.......
..E....w...S{cPs.;....>.....z-N].u......'.E....kWS.E.....|./.[.....
..KY.eZ....z.b..l..~f.`)}....}......W....._...;....<IK..])e.}]m$/%o
E......j_o1'./m.K...,Oo.'.........8..|....g...-......d.?.}$.A.....UX..
...p..7a..../o/27g;.d...ur.#..bx.. F....o..s.r.R....Xq}...Wro..]./..U[
:..U.....K...V.....%7...QP..V....}..I...'EF5.....J..b....o....H...O/y.
.s..O6...-.P..#....ao ~.B......Z;..]...R.U} J...../w.......A..U=P..i.a
8.T.l.Y.._y-..r..k.I..u!ki..Q........u.$....h....?..3.....G..7..C.N..q
.w.0.t.9...........M.P.<<....d;6Z.d~....\....5.....jUa....2.k?..
.*..}z...0...j.u..p.l.;.....v..#U.*.Q&..9...(m..QRe.b0..l.g..7....7...
E%.V..~.@>.m..n.<......K....[.k.....W...v..YL....2K...vu........
..5..gO.].#.5...N......'..y%.....d.w.?.w.x...4g."...{.......g.. dm....
L.J..,../>..m........lt.......?.......6.Z.?.3D$.B.G.6.]*.Z.....@...
z9..7...#...k..a7.[.T.~?......'.1...Z~...M.....,.'......z.1...J.N...^.
.....l.....V....'I.^lddO..DD.l.%Dx......{...{.X.....3...=.......Z2....
....F ..zO.\..e..i...}YfRgn@}.....5...%.T.B.g.3|cg......x.Y........."m
.E..F....&x..I<C.b.zO....2.z42ys....9..x.f..o#|N..Tl......(....3.C.
&. ).C..D.=...[{..J......L.1~..{...X..d.y..b.mI..G...Q......6...kEv.9W
.=.l.....P. ....i...Q. ..].....C...5..@....`..L.rQO...LP4m4..(.S.Y
<<< skipped >>>

GET /wp-content/themes/dream/js/jquery.cycle.all.min.js?ver=2.9999.5 HTTP/1.1


Accept: */*
Referer: hXXp://sewasolo.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:07:19 GMT
Last-Modified: Wed, 13 May 2015 16:18:32 GMT
Cache-Control: max-age=2592000, public
Expires: Mon, 05 Feb 2018 03:07:19 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 8430
Content-Type: application/javascript
X-Varnish: 8474626 2547585
Age: 1436
X-Cache: HIT
X-Cache-Hits: 173
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
...........=ks.F...  .J.. ....[R..y...$.%...zuU ...A..@S2..~.=o.|.V...
D.fzzfzz.9.]~y.r.t...*...o.&I..IVwq...q9w~.....8K.o.Y..c...w..b.D...Sg
.MV.(-C....3/......o.....b..M....{.D..d..<...N{......;....C.y.....(
/........z_9...}..'...@.].....(-...J.Q......./4..|....z.`...To^....).m
..Q1.....=...,w...r..l.g.t..n.{.9P)....0w>Dy.....x.>.A_.,/. ...t
.-.I\>...{.<[.Q.[.q...^.i4^....!t..G..Q1K2..)`|'.u.N.5.2-.$....=
.`.s.}K.n..."....2...|XF.wY...I...;Z..s....y/._.o..{.[. X.@.%J.&..U.:Q
....Av#=x..-..<.a.i...bX...WDI4)....w.v...;. .$QzW......@t..E.-]...
4.~........4.o_...Y..X.9...8.s.$.F.<[.lt...m....ke.......c#1].....V
Y.)...n.|...H....Y.l....9;..V..v..N..!..[=...(.......e..a#$...nD/..7R.
@.`.;"b....z..........w......`..vkpf#.Z4..%^D..d......zT .t.qU..0?..C.
....%8'...............v.G-...7...4........".xzwQ.&"B.....`1k..,sf.Z0..
6.n!Wv'.n..W..k.Rm..'.....!.P.7..."*.0/.`4..m.8]e.....a.......Y.......
.S.m....3^>.'..a>-h..7.Q....4J........>.C..#...Y...S..!.4..F(
.4..p..%.....l.w.i...3.l...X...MT.?..@...O....uN...|..]..X.rV."...3.bV
...#yU....g.5-.._v?..E..5... ....x9.E.....m.y...)..2.X...<..M..V...
$a.u.3Z..*.... ...#......$..a.I.$pa/.y.... ...)....G.Y..9#{.....v...W.
Z.2E...B....{...F....G.X.o.........^o.*...@evw.D@.....{....a.4.G...`9.
...8.].%..h....i...l}....s......K.?a.y.A...>wx2?...B,..n...GzI.....
.h......N.....m.a-a;......3...;i..w)*.7....X..t....H">>a..I.5.y.
...N?..$....g..L........r.jcH..;...! ....l.{.....U.Q..$..y?o.m.....F.8
.9.]...(.\).zYJ.7....@.Ug..D...gM].............X|j.>.......;.^.
<<< skipped >>>

GET /tag/sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah/ HTTP/1.1


Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml xml, image/pjpeg, application/x-ms-xbap, */*
Referer: hXXp://sewasolo.com/harga-sewa-mobil-solo.html/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: sewasolo.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:46 GMT
X-Pingback: hXXp://sewasolo.com/xmlrpc.php
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:46 GMT
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Length: 46612
Content-Type: text/html; charset=UTF-8
X-Varnish: 11095906
Age: 0
X-Cache: MISS
Server: Rocket Booster
X-Powered-By: Warna Web Accelerator
Accept-Ranges: bytes
Connection: keep-alive
....................4.wH5mH.NWo@.$.`.Ii$..D#..;v..-. .*..,..FS3..g...p
.X.#<.. ..M.P._d......._..O_......Z.....z.9.]m....I.....I........n.
.......n.?.6.....,...........fU.C3.8....6....|Wo..'...~...Iu...fgp..b\
.X4...f.?N.v..m...7..yq.o...u.7..'...m7.I.2.{qb.....g].<.s.;.L.....
.YG......Mwv.m..l7...l...P..v.4/_.L.m7o7. ...i..........c..^M..4....P.
...nY.....U....Y........O_|.M..O...<..........>.|~N.z...f....V..
....g..<.n.v?V...y.........5=.......iM...l....f........w.9...`jv.mw
gw.G/.........-...3..|..S..j.jh..2.w....?5....W.yu..]=.......i........
.L..^.... .V].0.j...;.Jw..|...M..v....X......003x>.....n`f.........
.s~R.....L.}...8.7.L765.....t4...v...f..a....}N.*2..V..[=...G......?q.
...........e.........:.V.y.6.*ZWa...S.]=.*..?......c....a.......q.....
..S.....fQZ:..nG..."_v.....`.n,..^..u..P/....,.....'x.I..O...}.[t.g?..
.mw..j...sC........?....*....q>.........^6.......8...q.......8?9=1.
2......1tS...<...YD...-.....................`6.Nv....M.............
.5...v70.......G.s.................dc..M.s.c..L..<:]..9[6.......~..
}|r.8y...........gF...`H..... _...I.]..ON.......E..j..p.#........./^.P
....Wcoz....._.a..[4.__?......O/.N../.>:.8.xtzs6v.1S...........q..q
....c..........W/^,.._...[?.....wz..la~........_].......v.=......5TV..
.s..-7|.`...........G..gf.....U.Y||.......Kx...Qpx.....7....0...&.2<
;..~._.........>.......?..7...^....o.x...g...0/.#x.....K........g.b
........Y.M.....>>1_..6.o.za.....W..Nk..1.K7#n..X.....I...G.mI..
.n26F..-..SVy.F...W..:....,4;n.#..f.............5.......g.g..|....
<<< skipped >>>


GET /js/jquery.tipsy.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:49 GMT
Content-Type: application/javascript
Content-Length: 7388
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:13 GMT
Accept-Ranges: bytes
ETag: "80684f8a3869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:49 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
// tipsy, facebook style tooltips for jquery.// version 1.0.0a.// (c) 
2008-2010 jason frame [jason@onehackoranother.com].// releated under t
he MIT license..(function($) {.    .    function fixTitle($ele) {.    
    if ($ele.attr('title') || typeof($ele.attr('original-title')) != '
string') {.            $ele.attr('original-title', $ele.attr('title') 
|| '').removeAttr('title');.        }.    }.    .    function Tipsy(el
ement, options) {.        this.$element = $(element);.        this.opt
ions = options;.        this.enabled = true;.        fixTitle(this.$el
ement);.    }.    .    Tipsy.prototype = {.        show: function() {.
            var title = this.getTitle();.            if (title && this
.enabled) {.                var $tip = this.tip();.                .  
              $tip.find('.tipsy-inner')[this.options.html ? 'html' : '
text'](title);.                $tip[0].className = 'tipsy'; // reset c
lassname in case of dynamic gravity.                $tip.remove().css(
{top: 0, left: 0, visibility: 'hidden', display: 'block'}).appendTo(do
cument.body);.                .                var pos = $.extend({}, 
this.$element.offset(), {.                    width: this.$element[0].
offsetWidth,.                    height: this.$element[0].offsetHeight
.                });.                .                var actualWidth 
= $tip[0].offsetWidth, actualHeight = $tip[0].offsetHeight;.          
      var gravity = (typeof this.options.gravity == 'function').      
                          ? this.options.gravity.call(this.$elemen
<<< skipped >>>

GET /templets/default/js/jquery.js HTTP/1.1


Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: VVV.sdcysoft.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: wts/1.1
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: application/javascript
Content-Length: 277976
Connection: keep-alive
Last-Modified: Wed, 17 Feb 2016 04:06:29 GMT
Accept-Ranges: bytes
ETag: "80d0d8933869d11:0"
X-Powered-By: ASP.NET
Expires: Mon, 06 Feb 2017 03:31:50 GMT
Cache-Control: max-age=86400
X-Cache:  from WT263CDN
/*!.. * jQuery JavaScript Library v1.9.1.. * hXXp://jquery.com/.. *.. 
* Includes Sizzle.js.. * hXXp://sizzlejs.com/.. *.. * Copyright 2005, 
2012 jQuery Foundation, Inc. and other contributors.. * Released under
 the MIT license.. * hXXp://jquery.org/license.. *.. * Date: 2013-2-4.
. */..(function( window, undefined ) {..// Can't do this because sever
al apps including ASP.NET trace..// the stack via arguments.caller.cal
lee and Firefox dies if..// you try to trace through "use strict" call
 chains. (#13335)..// Support: Firefox 18 ..//"use strict";..var...// 
The deferred used on DOM ready...readyList,...// A central reference t
o the root jQuery(document)...rootjQuery,...// Support: IE<9...// F
or `typeof node.method` instead of `node.method !== undefined`...core_
strundefined = typeof undefined,...// Use the correct document accordi
ngly with window argument (sandbox)...document = window.document,...lo
cation = window.location,...// Map over jQuery in case of overwrite...
_jQuery = window.jQuery,...// Map over the $ in case of overwrite..._$
 = window.$,...// [[Class]] -> type pairs...class2type = {},...// L
ist of deleted data cache ids, so we can reuse them...core_deletedIds 
= [],...core_version = "1.9.1",...// Save a reference to some core met
hods...core_concat = core_deletedIds.concat,...core_push = core_delete
dIds.push,...core_slice = core_deletedIds.slice,...core_indexOf = core
_deletedIds.indexOf,...core_toString = class2type.toString,...core_has
Own = class2type.hasOwnProperty,...core_trim = core_version.trim,.
<<< skipped >>>


GET /b/p?id=w!aacxow2ith0d&lm=0&ts=1486265519182&t=SPECIAL MOVIE&cu=http://songhaiyouhong.blogspot.com/ HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: ic.tynt.com
Connection: Keep-Alive
Cookie: __cfduid=d7b596a12691c3453aa3b96476a8ad2581486265519


HTTP/1.1 200 OK
Server: nginx/1.10.1
Date: Sun, 05 Feb 2017 03:31:59 GMT
Content-Type: image/gif
Content-Length: 35
Last-Modified: Fri, 16 Apr 2010 15:38:20 GMT
Connection: close
ETag: "4bc8846c-23"
Cache-Control: "no-store, no-cache, must-revalidate, post-check=0, pre-check=0, false"
Expires: "Sat, 26 Jul 1997 05:00:00 GMT"
Set-Cookie: uid=CmUMK1iWnK9eI1ja1raBAg==; expires=Mon, 05-Feb-18 03:31:59 GMT; domain=tynt.com; path=/
P3P: policyref="/w3c/p3p.xml", CP="CUR ADM OUR NOR STA NID"
Accept-Ranges: bytes
P3P: CP=NOI DSP COR NID PSA PSD OUR IND UNI COM NAV INT DEM STA
GIF89a.............,...........D..;..



GET /css?family=Droid Serif:400,700,400italic,700italic&ver=3.9.2 HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: fonts.googleapis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Content-Type: text/css; charset=utf-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Expires: Sun, 05 Feb 2017 03:31:57 GMT
Date: Sun, 05 Feb 2017 03:31:57 GMT
Cache-Control: private, max-age=86400
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: ESF
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
171..............Oo.@...~...I.DJ./J...............H.~.JSmL....q.......
.8".kB......B.."(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..
E...............].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR
).U..*...7..p17.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>.
..@.|u..w.*.p.z.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4
...z.N....us....o.n...#.........a.....O/.......0..HTTP/1.1 200 OK..Con
tent-Type: text/css; charset=utf-8..Access-Control-Allow-Origin: *..Ti
ming-Allow-Origin: *..Expires: Sun, 05 Feb 2017 03:31:57 GMT..Date: Su
n, 05 Feb 2017 03:31:57 GMT..Cache-Control: private, max-age=86400..Co
ntent-Encoding: gzip..Transfer-Encoding: chunked..Server: ESF..X-XSS-P
rotection: 1; mode=block..X-Frame-Options: SAMEORIGIN..171............
..Oo.@...~...I.DJ./J...............H.~.JSmL....q........8".kB......B..
"(.I..@s..-..]Lr.. ...DG5s..GD.1L.......D..)....(...x..E..............
.].qa..<.t.......S...L....5..r..J.g..RT7..Z..nu..~YR).U..*...7..p17
.bd..O.:W...H.s....R.1.y.^g.F]4.....3...M.W......D>...@.|u..w.*.p.z
.HS%/..a"..}S...l.a.r.*.(]X.f..o.~....(...!....1..3FZ.4...z.N....us...
.o.n...#.........a.....O/.......0..



GET /pa?p=2:3313361925:51 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: wpa.qq.com
Connection: Keep-Alive


HTTP/1.1 301 Moved Permanently
Date: Sun, 05 Feb 2017 03:31:50 GMT
Content-Type: text/html; charset=UTF-8
Transfer-Encoding: chunked
Connection: keep-alive
Server: tws
Location: hXXp://pub.idqqimg.com/qconn/wpa/button/button_111.gif
Pragma: no-cache
Cache-Control: no-cache; must-revalidate
0..HTTP/1.1 301 Moved Permanently..Date: Sun, 05 Feb 2017 03:31:50 GMT
..Content-Type: text/html; charset=UTF-8..Transfer-Encoding: chunked..
Connection: keep-alive..Server: tws..Location: hXXp://pub.idqqimg.com/
qconn/wpa/button/button_111.gif..Pragma: no-cache..Cache-Control: no-c
ache; must-revalidate..0..



GET /1234567890.functions HTTP/1.1
Accept: */*
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Host: mrx9.ddns.net
Connection: Keep-Alive
Cache-Control: no-cache


HTTP/1.1 404 No



GET /qconn/wpa/button/button_111.gif HTTP/1.1
Accept: */*
Referer: hXXp://VVV.sdcysoft.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: pub.idqqimg.com


HTTP/1.1 200 OK
Server: X2S_Platform
Connection: keep-alive
Date: Sun, 05 Feb 2017 03:31:51 GMT
Cache-Control: max-age=2592000
Expires: Tue, 07 Mar 2017 03:31:51 GMT
Last-Modified: Wed, 05 Jun 2013 07:25:36 GMT
Content-Type: image/gif
Content-Length: 3534
Keep-Alive: timeout=60 
Vary: Origin 
X-Cache-Lookup: Hit From Disktank
......JFIF.....`.`.....C..............................................
......................C...............................................
..........................O.."........................................
....................}........!1A..Qa."q.2....#B...R..$3br........%&'()
*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................
......................................................................
..........................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.
....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz.......................
.............................................................?...u...k
...<Msu._........E.x..........w..].....n...#.4.EwX|...<.I4......
..[..|J....f....?...|Y...?...<}.......7.>,x..C........;.|..).V..
^..m5).../.K.C.>.....x...N......G...*~......x|9w..S..*.....'d/...~2
...m_.^...i...V...$.b.*.m..0~a.s.......n...Z..O.......;....>;}.....
}{..Z.....rhz...(.y.jp......|m....g._...!.4/./.{.............(p......;
.:T..iS.(B.>ow..d..e.EIEQ.ZN..a..g....x.....:.x.*....!..ZY.>X(..
..F.\J.'N....p.j{LL*......F..7K...Y....._.......~6..u._.Gq..}........o
]..E.xs].....m.[J..P.|W...,. .~ |h.....M.....'.q.;y....G.>8x.......
.m....C..{x..G&.i....A...?..Z........?.......=;O....?ho.|L.t..?..eq.O.
. o.....|7...tz<.0.M...."..d{..&...y~....C.....G..........~...?....
...P"?.>.~..!.?.{...........B.......;G...Kk9Z..d...e..n.....s).1.z.
b....Q.....T...p..WO.QwK...l.........?...2.MXa..IT...B:....Zt.N.H.rr..
$............x....B.G....(......=;S../gJ<.N...JR..?.?e..|..u.K.
<<< skipped >>>


GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEDYh2Ip18ZHp4LIxhrWFb0w= HTTP/1.1
Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=353267, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 05:39:19 GMT
Expires: Thu, 9 Feb 2017 05:39:19 GMT
Date: Sun, 05 Feb 2017 03:31:32 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....2017
0202053919Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C
....6!..u.....1...oL....20170202053919Z....20170209053919Z0...*.H.....
........A.w.4[.....FWS..G,.>A_`.Mp...g........_._.".%g...~.M.<..
.....I....3}.6P..).. ....$......M.....EW.-.........`.v...o.E.....7....
...).F_.....j..k?(\..g......U.].=]5j......>b'...4?...sW.C..H.O...N.
....n.".#..g..=7.....^...'U..b.BM.....m.!4./:.\..s.9..............n0..
j0..f0..N.......Z........g......0...*.H........0~1.0...U....US1.0...U.
...Symantec Corporation1.0...U....Symantec Trust Network1/0-..U...&Sym
antec Class 3 Secure Server CA - G40...161113000000Z..170211235959Z0@1
>0<..U...5Symantec Class 3 Secure Server CA - G4 OCSP Responder0
.."0...*.H.............0..........0........g........T.$h..=../I..^#.w.
. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. R:(<1...f
...8....[...h ......[>.O....=>....vd.........#.,.[B..4...n.....w
....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..U!W....Z...)
G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0...0.1.0...U.
...TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o..&y......{.
s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. .........hXXp://
VVV.symauth.com/cps0*.. .......0...  hXXp://VVV.symauth.com/rpa0...U.%
..0... .......0...U...........0...*.H.................)fN.(j..S'...X..
..I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..."U...T..:..
....(s...(.-.K....s........{..{..P...Ebp..U2|rF>.....r.....j...
<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBTRsWSLjJ8N0Wujis0rUBfV+c/AZAQUX2DPYZBV34RDFIpgKrL1evRDGO8CEEw7wJkU/qAD9hdilImrrOU= HTTP/1.1


Connection: Keep-Alive
Accept: */*
User-Agent: Microsoft-CryptoAPI/6.1
Host: ss.symcd.com


HTTP/1.1 200 OK
Server: nginx/1.10.2
Content-Type: application/ocsp-response
Content-Length: 1609
content-transfer-encoding: binary
Cache-Control: max-age=383774, public, no-transform, must-revalidate
Last-Modified: Thu, 2 Feb 2017 14:03:50 GMT
Expires: Thu, 9 Feb 2017 14:03:50 GMT
Date: Sun, 05 Feb 2017 03:31:43 GMT
Connection: keep-alive
0..E......>0..:.. .....0..... 0..'0......o..&y......{.s.6~"....2017
0202140350Z0s0q0I0... ..........d.....k... P.....d.._`.a.U..C..`*..z.C
....L;........b.........20170202140350Z....20170209140350Z0...*.H.....
........X..AT.v.....yE..=y..........g..Y..0....Ev".^.=2>0..f..<.
..g.......3.........f$%..*}.wr.>.]..ERT...,..{.7.....9J..F`...NY.Z.
.aF>...xI#.Y['.....ne....>..D..=.xz>u.F....w/.......g..v<.
\HzV.....f(....)..U..^...1.....Gf..;..C.8?.k.(......}=.0........t.....
~...j...n0..j0..f0..N.......Z........g......0...*.H........0~1.0...U..
..US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network1/
0-..U...&Symantec Class 3 Secure Server CA - G40...161113000000Z..1702
11235959Z0@1>0<..U...5Symantec Class 3 Secure Server CA - G4 OCS
P Responder0.."0...*.H.............0..........0........g........T.$h..
=../I..^#.w.. x..v.'...&..n..u.;.....S mw.D...W...... 1....s....`.o.. 
R:(<1...f...8....[...h ......[>.O....=>....vd.........#.,.[B.
.4...n.....w....4c....C..........I....|lR.q-.....$^...M...K....F.6.v..
U!W....Z...)G.g..i$.e6..x.kS..........0...0... .....0......0"..U....0.
..0.1.0...U....TGV-D-27750...U.#..0..._`.a.U..C..`*..z.C..0...U......o
..&y......{.s.6~"..0...U.......0.0n..U. .g0e0c..`.H...E....0T0&.. ....
.....hXXp://VVV.symauth.com/cps0*.. .......0...  hXXp://VVV.symauth.co
m/rpa0...U.%..0... .......0...U...........0...*.H.................)fN.
(j..S'...X....I..%..HI b6.K......50...9.. p.L..^...vv..6.;...1G.nTHu..
."U...T..:......(s...(.-.K....s........{..{..P...Ebp..U2|rF>...
<<< skipped >>>


GET /v4/css/style.css HTTP/1.1
Accept: */*
Referer: hXXp://info.spiritsoft.cn/v4/url.html?v=4.0.4.1-1110
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.1; Trident/5.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C)
Host: info.spiritsoft.cn
Connection: Keep-Alive


HTTP/1.1 200 OK
Server: nginx
Date: Sun, 05 Feb 2017 03:31:16 GMT
Content-Type: text/css
Content-Length: 806
Last-Modified: Fri, 17 Jun 2016 08:02:04 GMT
Connection: close
ETag: "5763ae7c-326"
Expires: Sun, 05 Feb 2017 05:31:16 GMT
Cache-Control: max-age=7200
Accept-Ranges: bytes
*{.    margin:0px;.    padding:0px;.    font-size:12px;.}.body.{..back
ground-color:#ffffff;.    overflow:hidden;.    line-height:18px;.}.tab
le.{.    table-layout:fixed;.}.#Div_Main.{.    width:100%;.    height:
100%;.    text-align:center;.    vertical-align:middle;.}.#Div_Play.{.
    position:absolute;.    z-index:101;.    width:150px;.    height:20
px;.    text-align:right;.}.#Div_Play span.{.    width:16px;.    heigh
t:16px;.    margin-right:3px;.    text-align:center;.    color:#ffffff
;.    font-family:"Microsoft Sans Serif";.    font-weight:bolder;.    
font-size:9px;.    background-color:#d3d3cd;.    cursor:pointer;.    b
order:solid 1px;.    border-color:#ece9d8;.}..PlayLoop.{..top:95px;.  
  left:432px;.}..PlayLoopGJ.{..top:84px;.    left:214px;.}..PlayBody.{
.    width:100%;.    height:100%;.}...



GET / HTTP/1.1
Accept: text/html, application/xhtml xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)
Accept-Encoding: gzip, deflate
Host: VVV.google.com
Connection: Keep-Alive
Cookie: NID=88=C6CEKO82itAhdU0twN6URqunh6Sn9EPCs-teRRQ4QRgNCJP-EG6VgSTOkC7BafUzPUi-GjuRAoRi6F4Sx78Gd_cLieG7apk740DNnT0oV6phUdJTT3H8MUyjxWiFq3Dm


HTTP/1.1 302 Found
Cache-Control: private
Content-Type: text/html; charset=UTF-8
Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi5-AAQ
Content-Length: 262
Date: Sun, 05 Feb 2017 03:31:12 GMT
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7A
sAHGi5-AAQ">here</A>...</BODY></HTML>..HTTP/1.1 3
02 Found..Cache-Control: private..Content-Type: text/html; charset=UTF
-8..Location: hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi
5-AAQ..Content-Length: 262..Date: Sun, 05 Feb 2017 03:31:12 GMT..<H
TML><HEAD><meta http-equiv="content-type" content="text/ht
ml;charset=utf-8">.<TITLE>302 Moved</TITLE></HEAD>
;<BODY>.<H1>302 Moved</H1>.The document has moved.&l
t;A HREF="hXXp://VVV.google.com.ua/?gfe_rd=cr&ei=gJyWWM_zBI7AsAHGi
5-AAQ">here</A>...</BODY></HTML>....



GET /js/300/addthis_widget.js HTTP/1.1
Accept: */*
Referer: hXXp://songhaiyouhong.blogspot.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (compatible; MSIE 10.0; Windows NT 6.1; Trident/6.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0E; .NET4.0C; 360SE)
Accept-Encoding: gzip, deflate
Host: s7.addthis.com
Connection: Keep-Alive


HTTP/1.1 200 OK
Date: Sun, 05 Feb 2017 03:31:57 GMT
Content-Type: text/javascript
Transfer-Encoding: chunked
Connection: keep-alive
Last-Modified: Thu, 02 Feb 2017 16:20:58 GMT
ETag: "54622-5478e8ce06e80"
Content-Encoding: gzip
Timing-Allow-Origin: *
Surrogate-Key: client_dist
Cache-Control: public, no-check, max-age=600
CF-Cache-Status: HIT
X-Host: s7.addthis.com
X-Distribution: 99
Server: cloudflare-nginx
CF-RAY: 32c34addd40d595a-VIE
1b110...............z.......WA#...A...<)..-.i...=.Ng...........@...
....ol......d'Y._...>P@.P5j.8W...v.dQ........u...h.MN..{I.m.u.....&
N....O:..I.[.6..7..tm.b....O..#]5d.._..q.....s....6{b.....zv....u...7.
l.jo.....c.q.e..L...2.........*\.g.G...^.no?..i.qo/.o..E..lV7.@.{.;...
X....4.FW3.4.x.^GYp..n6a...z....F<.%.2c..H..L.\..~....k..d..Z.s..E.
.|(<M>..d.Qj.J:...........zG.$.?....&..W:o....*S......=G...S.:.r
...~z.-.nOM.z.ZaN.e....5..ZS......c.M. .l6.O.._....P.*.........>.u.
....)3...."....:.....U.....{....2.....0z....E..=.u....I.......|..,....
._.:.......a63...`..?.Y.DD..&..n.o...[{j..4./...4....0........F..M.^E.
5s.....g... H..hj...0.....H.x.q.}....&.= sw.......~...b1.m{>./..=.,
t.A...X.2X.'.(...p..&:6t&....-..lg..mkb..j.l..........}.5....r.`<..
.h..x.`.0.!..'...Y......`...ab,.o...\..qh{.I..&.5q.'..'..G.`.O.C.....7
...@b..:..3......|...#o.........._.c...r4./..._.......`..o..so>.N..
...F.m.~1..o.. ...e.c'.......x9...E....0\..6....K../......h.1....`....
............s{...x..^h/......,{4..].}.....=.!.0...K.....~=.v83.`0...=.
...1........,G.?.O.....}.l8..3S..,..b1....b<....0 j.G....s.0.G.Q.9.
...,..5_,|7.....0..C..,..0./B..mob..X.0.......ht.x~........x..xa.\.H..
.Do....!......>...........K..0t.......Ck0v.h.;......0.,.q.N..3...g.
...9.s..h..G(.X:.r....U......X....-......0.....G5oa....Z...x....|{..@a
<Y....`.,F...}>....hl/...`.X...."...0hg............Gv`[........{
....7\`.....t..v..w...e...........0.4....}..... ...0X..........x.L.kw.
......e..,.[......&#.,........9`.`.....C.b]..pi.@$\..kd......q..;.
<<< skipped >>>






The Backdoor connects to the servers at the folowing location(s):







jingling.exe_2472:




.text
`.rdata
@.data
.rsrc
tG<%u;
SSSSSh
SSSSh
t%SSh-
uùu
8%ukP
</td<\t`<.ud
8.uJIQ@P
tSHt.HHt
t.hH_G
.VVVVVSRSSj
tGHt.Ht&
<a target="_blank" href="hXXp://service.spiritsoft.cn">
spiritsoft@126.com
updurl
requrl2
requrl1
requrl
(hXXp://service.spiritsoft.cn)
rlurl
sburl
1.2.3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
f=%d&v=%d&c=%d&i=%s
urls
furl
furls
turl
turls
usefurl
useturl
maxfurl
maxturlct
maxturl
|%d|%d
%d|%d|%d|%d|%d|%d|%s|%d|%u
arr_urls
CoGetClassObjectFromURL
googlepinyin2.ime
googlepinyin.ime
jpwb.ime
sogouwb.ime
sogoupy.ime
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
URLDownloadToFileA
URLDownloadToFileW
URLDownloadToCacheFileA
URLDownloadToCacheFileW
kernel32.dll
mscoree.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
.mixcrt
KERNEL32.DLL
GetProcessWindowStation
USER32.DLL
operator
inflate 1.2.3 Copyright 1995-2005 Mark Adler
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
PSAPI.DLL
GetProcessHeap
KERNEL32.dll
RegisterHotKey
UnregisterHotKey
ExitWindowsEx
EnumDesktopWindows
USER32.dll
SetViewportOrgEx
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ShellExecuteW
SHFileOperationW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
RASAPI32.dll
WS2_32.dll
VERSION.dll
WINMM.dll
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
HttpOpenRequestA
HttpOpenRequestW
WININET.dll
CreateURLMoniker
urlmon.dll
GetCPInfo
GetConsoleOutputCP
CreateDialogIndirectParamA
CreateDialogIndirectParamW
RegOpenKeyExA
.?AVCInputURLDlg@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLInfoListCtrl@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AVCURLAreaDlg@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLMessageLoop@@
.?AVCURLCurveDlg@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOptDlg@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AVCDLURLTestDlg@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOSDlg@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepSubURL@@
.?AVCTuoIWebBrowser@@
.?AUIWebBrowser2@@
.?AUIWebBrowserApp@@
.?AUIWebBrowser@@
zcÁ
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="XP style manifest" processorArchitecture="x86" version="1.0.0.0" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
bd.dat
urlcore.dat
product.dat
Spiritsoft\urlspirit
https
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/
hXXp://
hXXps://
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
keycode
Hotkey
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
@%d/%d
Software\Microsoft\Windows\CurrentVersion\Run
urlspace
(%d%%)
(jingling.exe)
(4.0.4)
maxurls
%s?v=%d.%d.%d.%d-%d%d%d%d
URLINFO%d
urlct
4.0.4
%s?q=%d
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
(%d)-
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
tcfg.dat
@%d%%
%u,%s
hlpdfurl
hlpbuyfurl
hlpfurl
hlpsubturl
hlpbuyturl
hlpturl
<a [itxt=0%s]>
hXXp://up.spiritsoft.cn/v3/urltest.exe
urltest
"%s" %s%s %s%s %s%s
/URL=
/SubURL=
/TURL=
urltest.exe
%d~%d
%sx
xxxxxxxxxxx
spiritsoft.cn
us%d.
urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
Content-Length: %d
Host: %s
Host: %s:%d
HTTP/1.1
application/x-www-form-urlencoded
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
dbghelp.dll
urlcore2-taskcore-0010
rjingling.exe
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
"%s" /idx=%d
B%s-%d
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
urlcore3-taskcore-%d
Ftaskworker.exe
durlmon.dll
blog.sina.com.cn
<html><body><a href="%s" target="_self">go</a></body></html>
Curlcore3-taskcore-
Opera
Windows
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Lgooglepinyin2.ime
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{00020420-0000-0000-C000-000000000046}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{F5078F36-C551-11D3-89B9-0000F81FE221}
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/
Windows NT
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Dedu.cn
gov.cn
org.cn
net.cn
com.cn
dsound.dll
mf.dll
AcroRd32.exe
rKernel32.dll
jingling.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
msctls_hotkey32
urlcore
"spiritsoft@126.com"
hXXp://service.spiritsoft.cn
...:%s --
IP: %s --
: %d --
2014.10.10.101
4.0.4.1

jingling.exe_2472_rwx_00422000_00001000:




tSHt.HHt

iexplore.exe_3572:




.text
`.data
.rsrc
@.reloc
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421

iexplore.exe_3428:




.text
`.data
.rsrc
@.reloc
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421

svchost.exe_1256:




.text
`.data
.rsrc
@.reloc
msvcrt.dll
API-MS-Win-Core-ProcessThreads-L1-1-0.dll
KERNEL32.dll
NTDLL.DLL
API-MS-Win-Security-Base-L1-1-0.dll
API-MS-WIN-Service-Core-L1-1-0.dll
API-MS-WIN-Service-winsvc-L1-1-0.dll
RPCRT4.dll
ole32.dll
ntdll.dll
_amsg_exit
RegCloseKey
RegOpenKeyExW
GetProcessHeap
svchost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Services.SvcHost"
<description>Host Process for Windows Services</description>
<requestedExecutionLevel
Software\Microsoft\Windows NT\CurrentVersion\Svchost
Software\Microsoft\Windows NT\CurrentVersion\MgdSvchost
\PIPE\
Host Process for Windows Services
6.1.7600.16385 (win7_rtm.090713-1255)
svchost.exe
Windows
Operating System
6.1.7600.16385

svchost.exe_1256_rwx_10000000_0004A000:




.idata
.rdata
P.reloc
P.rsrc
ServerKeyloggerU
789:;<&'()* ,-./12345
%SERVER%
URLMON.DLL
shell32.dll
hXXp://
advapi32.dll
kernel32.dll
mpr.dll
version.dll
comctl32.dll
gdi32.dll
opengl32.dll
user32.dll
wintrust.dll
msimg32.dll
GetKeyboardType
RegOpenKeyExA
RegCloseKey
oleaut32.dll
RegOpenKeyExW
RegCreateKeyW
GetWindowsDirectoryW
UnhookWindowsHookEx
SetWindowsHookExW
MapVirtualKeyW
GetKeyboardLayout
GetKeyState
shlwapi.dll
SHDeleteKeyW
FindExecutableW
URLDownloadToCacheFileW
wininet.dll
FtpPutFileW
FtpSetCurrentDirectoryW
GetKeyboardState
ntdll.dll
ShellExecuteW
KWindows
TServerKeylogger
x.html
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
[Execute]
KeyDelBackspace
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
.html
XtremeKeylogger
Software\Microsoft\Windows\CurrentVersion\Run
.functions
icon=shell32.dll,4
shellexecute=
autorun.inf
\Microsoft\Windows
\Microsoft\Windows\
ÞFAULTBROWSER%
svchost.exe
mrx9.ddns.net
100mrx9.ddns.net
Microsoft.exe
ÞFA
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{0.HKCU
2.8.1
PTF.ftpserver.com
ftpuser
s.net

iexplore.exe_1452:




.text
`.data
.rsrc
@.reloc
>.uzf
.us;}
IEFRAME.dll
MLANG.dll
iertutil.dll
urlmon.dll
ole32.dll
SHELL32.dll
SHLWAPI.dll
msvcrt.dll
USER32.dll
KERNEL32.dll
ADVAPI32.dll
RegOpenKeyExW
RegCloseKey
GetWindowsDirectoryW
_amsg_exit
_wcmdln
UrlApplySchemeW
PathIsURLW
UrlCanonicalizeW
UrlCreateFromPathW
iexplore.pdb
KEYW
KEYWh
KEYWD
.ENNNG.
a.ry.v
l.igM4
?1%SGf
xh.JW^
.97777"7" " " !
3.... )) 
8888888888888
8888888888
.lPV)
úW1
.ApX/
H.ZAf
ð[U
%s!FK
1YYYY1YY9GEAA=77YRNNNW:.VT1
888777777
Y.hilkRROMLK=C,
..(((($$
3...((((%
3....(.''$
3.2...((((%
33.2....(,'
55323222...
(%&'00443445?
00.,,,4(
000.,,9(
0020..9(
003200;(
(#'( (''''!'!
Microsoft.InternetExplorer.Default
user32.dll
Kernel32.DLL
xfire.exe
wlmail.exe
winamp.exe
waol.exe
sidebar.exe
psocdesigner.exe
np.exe
netscape.exe
netcaptor.exe
neoplanet.exe
msn.exe
mshtmpad.exe
mshta.exe
loader42.exe
infopath.exe
iexplore.exe
iepreview.exe
groove.exe
explorer.exe
dreamweaver.exe
contribute.exe
aol.exe
{28fb17e0-d393-439d-9a21-9474a070473a}
Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings
DShell32.dll
Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe
Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}
"%s" %s
Kernel32.dll
\AppPatch\sysmain.sdb
-extoff go.microsoft.com/fwlink/?LinkId=106323
-extoff go.microsoft.com/fwlink/?LinkId=106322
-extoff go.microsoft.com/fwlink/?LinkId=106320
kernel32.dll
{00000000-0000-0000-0000-000000000000}
\\?\Volume
shell:%s
Imaging_CreateWebPagePreview_Perftrack
Browseui_Tabs_Tearoff_BetweenWindows
Frame_URLEntered
Imaging_CreateWebPagePreview
WS_ExecuteQuery
Shdocvw_BaseBrowser_FireEvent_WindowStateChanged
IdleTask_Execution_Time
9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
IEXPLORE.EXE
Windows
9.00.8112.16421

iexplore.exe_1452_rwx_10000000_0004A000:




.idata
.rdata
P.reloc
P.rsrc
ServerKeyloggerU
789:;<&'()* ,-./12345
%SERVER%
URLMON.DLL
shell32.dll
hXXp://
advapi32.dll
kernel32.dll
mpr.dll
version.dll
comctl32.dll
gdi32.dll
opengl32.dll
user32.dll
wintrust.dll
msimg32.dll
GetKeyboardType
RegOpenKeyExA
RegCloseKey
oleaut32.dll
RegOpenKeyExW
RegCreateKeyW
GetWindowsDirectoryW
UnhookWindowsHookEx
SetWindowsHookExW
MapVirtualKeyW
GetKeyboardLayout
GetKeyState
shlwapi.dll
SHDeleteKeyW
FindExecutableW
URLDownloadToCacheFileW
wininet.dll
FtpPutFileW
FtpSetCurrentDirectoryW
GetKeyboardState
ntdll.dll
ShellExecuteW
KWindows
TServerKeylogger
x.html
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_CURRENT_CONFIG
[Execute]
KeyDelBackspace
<meta http-equiv="Content-Type" content="text/html;charset=UTF-8">
.html
XtremeKeylogger
Software\Microsoft\Windows\CurrentVersion\Run
.functions
icon=shell32.dll,4
shellexecute=
autorun.inf
\Microsoft\Windows
\Microsoft\Windows\
ÞFAULTBROWSER%
svchost.exe
mrx9.ddns.net
100mrx9.ddns.net
Microsoft.exe
ÞFA
{43I0Y03J-Y3IK-5WQV-7U81-XF2A5B5ICJO0}
HKCU\Software\Microsoft\Windows\CurrentVersion\Run
{0.HKCU
2.8.1
PTF.ftpserver.com
ftpuser
s.net
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe
%Program Files%\Internet Explorer\iexplore.exe

jingling.exe_1532:




.text
`.rdata
@.data
.rsrc
tG<%u;
SSSSSh
SSSSh
t%SSh-
uùu
8%ukP
</td<\t`<.ud
8.uJIQ@P
tSHt.HHt
t.hH_G
.VVVVVSRSSj
tGHt.Ht&
<a target="_blank" href="hXXp://service.spiritsoft.cn">
spiritsoft@126.com
updurl
requrl2
requrl1
requrl
(hXXp://service.spiritsoft.cn)
rlurl
sburl
1.2.3
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789 /%%x
f=%d&v=%d&c=%d&i=%s
urls
furl
furls
turl
turls
usefurl
useturl
maxfurl
maxturlct
maxturl
|%d|%d
%d|%d|%d|%d|%d|%d|%s|%d|%u
arr_urls
CoGetClassObjectFromURL
googlepinyin2.ime
googlepinyin.ime
jpwb.ime
sogouwb.ime
sogoupy.ime
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3
URLDownloadToFileA
URLDownloadToFileW
URLDownloadToCacheFileA
URLDownloadToCacheFileW
kernel32.dll
mscoree.dll
Please contact the application's support team for more information.
- Attempt to initialize the CRT more than once.
- CRT not initialized
- floating point support not loaded
.mixcrt
KERNEL32.DLL
GetProcessWindowStation
USER32.DLL
operator
inflate 1.2.3 Copyright 1995-2005 Mark Adler
d:\Code\urlsoft\trunk\product\win32\urlcore4.pdb
PSAPI.DLL
GetProcessHeap
KERNEL32.dll
RegisterHotKey
UnregisterHotKey
ExitWindowsEx
EnumDesktopWindows
USER32.dll
SetViewportOrgEx
GDI32.dll
RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegCreateKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ADVAPI32.dll
ShellExecuteW
SHFileOperationW
SHELL32.dll
ole32.dll
OLEAUT32.dll
SHLWAPI.dll
COMCTL32.dll
RASAPI32.dll
WS2_32.dll
VERSION.dll
WINMM.dll
FindCloseUrlCache
FindNextUrlCacheEntryW
DeleteUrlCacheEntryW
FindFirstUrlCacheEntryW
HttpOpenRequestA
HttpOpenRequestW
WININET.dll
CreateURLMoniker
urlmon.dll
GetCPInfo
GetConsoleOutputCP
CreateDialogIndirectParamA
CreateDialogIndirectParamW
RegOpenKeyExA
.?AVCInputURLDlg@@
.?AV?$CDialogImpl@VCInputURLDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLInfoListCtrl@@
.?AV?$CWindowImpl@VCURLInfoListCtrl@@V?$CListViewCtrlT@VCWindow@ATL@@@WTL@@V?$CWinTraits@$0FGAAAAAA@$0A@@ATL@@@ATL@@
.?AV?$COwnerDraw@VCURLInfoListCtrl@@@WTL@@
.?AVCURLAreaDlg@@
.?AV?$CDialogImpl@VCURLAreaDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLMessageLoop@@
.?AVCURLCurveDlg@@
.?AV?$CDialogImpl@VCURLCurveDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOptDlg@@
.?AV?$CDialogImpl@VCURLOptDlg@@VCWindow@ATL@@@ATL@@
.?AVCDLURLTestDlg@@
.?AV?$CDialogImpl@VCDLURLTestDlg@@VCWindow@ATL@@@ATL@@
.?AVCURLOSDlg@@
.?AV?$CDialogImpl@VCURLOSDlg@@VCWindow@ATL@@@ATL@@
.?AV?$CAtlHttpClientT@VCMySyncSocket@@@ATL@@
.?AVCTaskStepFromURL@@
.?AVCTaskStepTargetURL@@
.?AVCTaskStepURL@@
.?AVCTaskStepSubURL@@
.?AVCTuoIWebBrowser@@
.?AUIWebBrowser2@@
.?AUIWebBrowserApp@@
.?AUIWebBrowser@@
zcÁ
Software\Microsoft\Windows\CurrentVersion\Internet Settings\Accepted Documents
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0"><assemblyIdentity name="XP style manifest" processorArchitecture="x86" version="1.0.0.0" type="win32"></assemblyIdentity><dependency><dependentAssembly><assemblyIdentity type="win32" name="Microsoft.Windows.Common-Controls" version="6.0.0.0" processorArchitecture="x86" publicKeyToken="6595b64144ccf1df" language="*"></assemblyIdentity></dependentAssembly></dependency></assembly>PADPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGXXPADDINGPADDINGX
bd.dat
urlcore.dat
product.dat
Spiritsoft\urlspirit
https
hXXp://user.qzone.qq.com/%s
hXXp://user.qzone.qq.com/
hXXp://
hXXps://
5e3342fd-8290-4b05-a431-4c1b2f4b2e53
keycode
Hotkey
A9486DFB-C8ED-4e57-A71C-802E9A67F5C0
@%d/%d
Software\Microsoft\Windows\CurrentVersion\Run
urlspace
(%d%%)
(jingling.exe)
(4.0.4)
maxurls
%s?v=%d.%d.%d.%d-%d%d%d%d
URLINFO%d
urlct
4.0.4
%s?q=%d
hXXp://urlspirit.spiritsoft.cn/urlcore/olcfgs.dat
(%d)-
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
tcfg.dat
@%d%%
%u,%s
hlpdfurl
hlpbuyfurl
hlpfurl
hlpsubturl
hlpbuyturl
hlpturl
<a [itxt=0%s]>
hXXp://up.spiritsoft.cn/v3/urltest.exe
urltest
"%s" %s%s %s%s %s%s
/URL=
/SubURL=
/TURL=
urltest.exe
%d~%d
%sx
xxxxxxxxxxx
spiritsoft.cn
us%d.
urlspirit.spiritsoft.cn
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 5.1; Trident/4.0; URLSpirit)
Content-Length: %d
Host: %s
Host: %s:%d
HTTP/1.1
application/x-www-form-urlencoded
hXXp://urlspirit.spiritsoft.cn/urlcore/svcreq%x.%s
dbghelp.dll
urlcore2-taskcore-0010
rjingling.exe
B\rundll32.exe InetCpl.cpl,ClearMyTracksByProcess 8
"%s" /idx=%d
B%s-%d
{21918AFB-D09D-4836-84CE-F6352A910B82-%d}
{E3E23319-4433-40bd-A611-79EEA469B90B-%d}
{8EF0E96B-118D-466b-A9E3-81175866B1F0-%d}
urlcore3-taskcore-%d
Ftaskworker.exe
durlmon.dll
blog.sina.com.cn
<html><body><a href="%s" target="_self">go</a></body></html>
Curlcore3-taskcore-
Opera
Windows
Software\Microsoft\Windows\CurrentVersion\App Paths\IEXPLORE.EXE
Lgooglepinyin2.ime
{05300401-BCBC-11D0-85E3-00C04FD85AB4}
{2933BF90-7B36-11D2-B20E-00C04F983E60}
{F5078F33-C551-11D3-89B9-0000F81FE221}
{F5078F32-C551-11D3-89B9-0000F81FE221}
{F6D90F11-9C73-11D3-B32E-00C04F990BB4}
{88D969C5-F192-11D4-A65F-0040963251E5}
{88D96A0A-F192-11D4-A65F-0040963251E5}
{F5078F35-C551-11D3-89B9-0000F81FE221}
{ED8C108E-4349-11D2-91A4-00C04F7969E8}
{F6D90F16-9C73-11D3-B32E-00C04F990BB4}
{d27cdb6e-ae6d-11cf-96b8-444553540000}
{8F6B0360-B80D-11D0-A9B3-006097942311}
{7B8A2D94-0AC9-11D1-896C-00C04FB6BFC4}
{3050F3B2-98B5-11CF-BB82-00AA00BDCE0B}
{3050F3BC-98B5-11CF-BB82-00AA00BDCE0B}
{3050F4F8-98B5-11CF-BB82-00AA00BDCE0B}
{25336920-03F9-11CF-8FD0-00AA00686F13}
{3050F406-98B5-11CF-BB82-00AA00BDCE0B}
{00020420-0000-0000-C000-000000000046}
{8856F961-340A-11D0-A96B-00C04FD705A2}
{F5078F36-C551-11D3-89B9-0000F81FE221}
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN; rv:1.9.0.8) Gecko/2009032609 Firefox/3.0.8 (.NET CLR 3.5.30729)
Mozilla/5.0 (Windows NT %s) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/29.0.1547.76 Safari/537.36
Opera/9.64 (Windows NT %s; U; zh-cn) Presto/2.1.1
Mozilla/5.0 (Windows; U; Windows NT %s; zh-CN) AppleWebKit/530.19.2 (KHTML, like Gecko) Version/4.0.2 Safari/530.19.1
Mozilla/
Windows NT
Mozilla/4.0 (compatible; MSIE %s; Windows NT %s%s)
Dedu.cn
gov.cn
org.cn
net.cn
com.cn
dsound.dll
mf.dll
AcroRd32.exe
rKernel32.dll
taskworker.exe
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0
System\CurrentControlSet\Control\Class\{4d36e972-e325-11ce-bfc1-08002be10318}
C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe
msctls_hotkey32
urlcore
"spiritsoft@126.com"
hXXp://service.spiritsoft.cn
...:%s --
IP: %s --
: %d --
2014.10.10.101
jingling.exe
4.0.4.1

jingling.exe_1532_rwx_00422000_00001000:




tSHt.HHt

jingling.exe_1532_rwx_00446000_00002000:




t.hH_G

jingling.exe_1532_rwx_685D8000_00001000:




g(h-V}h

SearchProtocolHost.exe_3912:




.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
MSSHooks.dll
IMM32.dll
SHLWAPI.dll
SrchCollatorCatalogInfo
SrchDSSLogin
SrchDSSPortManager
SrchPHHttp
SrchIndexerQuery
SrchIndexerProperties
SrchIndexerPlugin
SrchIndexerClient
SrchIndexerSchema
Msidle.dll
Failed to get REGKEY_FLTRDMN_MS_TO_IDLE, using default
pfps->psProperty.ulKind is LPWSTR but psProperty.lpwstr is NULL or empty
d:\win7sp1_gdr\enduser\mssearch2\common\utils\crchash.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrdmn\fltrdaemon.cxx
d:\win7sp1_gdr\enduser\mssearch2\search\common\include\secutil.hxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracerhelpers.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
</MSG></TRC>
<MSG>
<ERR> 0xx=
<LOC> %s(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%s"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%s"
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
SHELL32.dll
PROPSYS.dll
ntdll.dll
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
MsgWaitForMultipleObjects
SearchProtocolHost.pdb
2 2(20282|2
4%5S5
Software\Microsoft\Windows Search
https
kernel32.dll
msTracer.dll
msfte.dll
lX-X-X-XX-XXXXXX
SOFTWARE\Microsoft\Windows Search
tquery.dll
%s\%s
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
advapi32.dll
WAPI-MS-Win-Core-LocalRegistry-L1-1-0.dll
winhttp.dll
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<LOC> %S(%d) </LOC>
tagname="%S"
logname="%S"
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
Microsoft Windows Search Protocol Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchProtocolHost.exe
Windows
7.00.7601.17610

SearchFilterHost.exe_1828:




.text
`.data
.rsrc
@.reloc
ADVAPI32.dll
ntdll.DLL
KERNEL32.dll
msvcrt.dll
USER32.dll
ole32.dll
OLEAUT32.dll
TQUERY.DLL
IMM32.dll
MSSHooks.dll
mscoree.dll
SHLWAPI.dll
d:\win7sp1_gdr\enduser\mssearch2\search\search\gather\fltrhost\bufstm.cxx
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\mutex.cpp
RegDeleteKeyW
RegDeleteKeyExW
8%uiP
d:\win7sp1_gdr\enduser\mssearch2\common\include\srchxcpt.hxx
Invalid parameter passed to C runtime function.
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracersecutil.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.cpp
-d-d-d-d-d-d-d-%d
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\tracmain.h
d:\win7sp1_gdr\enduser\mssearch2\common\tracer\sysimprs.cxx
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
_amsg_exit
SearchFilterHost.pdb
version="5.1.0.0"
name="Microsoft.Windows.Search.MSSFH"
<requestedExecutionLevel
3 3(30383|3
kernel32.dll
Software\Microsoft\Windows Search
SOFTWARE\Microsoft\Windows Search
HKEY_CLASSES_ROOT
HKEY_CURRENT_USER
HKEY_LOCAL_MACHINE
HKEY_USERS
HKEY_PERFORMANCE_DATA
HKEY_DYN_DATA
HKEY_CURRENT_CONFIG
Windows Search Service
tquery.dll
advapi32.dll
API-MS-Win-Core-LocalRegistry-L1-1-0.dll
<Exception><HR>0xx</HR><eip>%p</eip><module>%S</module><line>%d</line></Exception>
Software\Microsoft\Windows Search\Tracing
Software\Microsoft\Windows Search\Tracing\EventThrottleLastReported
Software\Microsoft\Windows Search\Tracing\EventThrottleState
<MSG>
<ERR> 0xx=
<LOC> %S(%d) </LOC>
tid="0x%x"
pid="0x%x"
tagname="%S"
tagid="0x%x"
el="0x%x"
time="d/d/d d:d:d.d"
logname="%S"
</MSG></TRC>
Software\Microsoft\Active Setup\Installed Components\{89820200-ECBD-11CF-8B85-00AA005B4383}
.\%s.mui
.\%s\%s.mui
%s\%s.mui
%s\%s\%s.mui
%s\%s
winhttp.dll
Microsoft Windows Search Filter Host
7.00.7601.17610 (win7sp1_gdr.110503-1502)
SearchFilterHost.exe
Windows
7.00.7601.17610






Remove it with Ad-Aware




    

  1. Click (here) to download and install Ad-Aware Free Antivirus.
    2. 

  2. Update the definition files.
    3. 

  3. Run a full scan of your computer.
    4. 





Manual removal*




    

  1. Terminate malicious process(es) (How to End a Process With the Task Manager):
    

    %original file name%.exe:3308
    123213123.exe:2856
    123213123.exe:2012
    

    2. 

  2. Delete the original Backdoor file.
    3. 

  3. Delete or disinfect the following files created/modified by the Backdoor:
    

    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\jquery-1.11.1.min[1].js (57991 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\stat[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\url[1].htm (576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\alexa[1].png (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\style[1].css (806 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\tcfg.dat (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\core[1].js (763 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\main[1].js (80 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\splogo[1].png (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\product.dat (550 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Spiritsoft\urlspirit\bd.dat (676 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\stat[1].js (1081 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Roaming\Microsoft\Windows\Cookies\A6RQWI1I.txt (138 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4ZZNMJGQ\sound_high[1].gif (356 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\v2[1].js (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\green_shield[1] (810 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\getipinfo[1].htm (187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sdcysoft_com[1].htm (831 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LCZH948T.txt (383 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD3F3.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\SlideDoor[1].htm (547 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[2].js (3795 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].gif (42 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\OX9yPxVGYQhNAdcIDFDeBXfgae9vyAHITKBYJWiUq0c[1].js (9344 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (9996 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\94308059B57B3142E455B38A6EB92015 (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\fitvids-doc-ready[1].js (146 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\html5shiv.min[1].js (572 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\common[1].js (361 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab71C.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\index[1].css (88657 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\lrtk[1].css (1029 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\red_shield_48[1] (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\base[1].js (443 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slider-setting[1].js (554 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\52612bfba40c463ad5878c3862379d1c[1].png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\68FOIB9H.txt (543 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\font-awesome[1].css (10591 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NJKESBC2.txt (100 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2674 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\15541197_935117263286926_3483886767120125698_n[1].jpg (463 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G5Q7XTSM.txt (352 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JIQL3CTG.txt (654 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\init[1].js (1159 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\meiqia[1].js (77183 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\G60HOHQ1.txt (251 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\scrolltab[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\533000070202[1].htm (5653 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery-migrate.min[1].js (5375 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\1.4[1].js (10170 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14520396_203440986742644_308382618062025305_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5DPXEETN.txt (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\font-awesome.min[1].css (13482 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y3HIC4U1.txt (89 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\OJM965DM.txt (246 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\m[1].js (60021 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\REBLOFI8.txt (71 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ANJ01VHG.txt (747 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CDKMUDL9.txt (112 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\14358769_10206860846257416_7466951948784187963_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (20314 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (2032 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[1].htm (6221 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cm[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\5XISSK39\www.sdcysoft[1].xml (140 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\0.2[1].js (17481 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[1].htm (278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16114967_2227104167515605_3084083241048458185_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\sewasolo_com[1].htm (5177 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZR3XKL3Y.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\12063727_968338849875096_426343592926317394_n[1].jpg (1753 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\addthis_widget[1].js (209732 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\15965560_1833507490251421_3796225368876502291_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\adapter[1].js (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_83B4269ED5FD1ECB44E013036646BFD7 (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\start_v5[1].js (505 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\bundle__menu_ML_desktop_full.d635ce2a[1].css (28067 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\background_gradient_red[1] (868 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery-1.7.2.min[1].js (46101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\SHO3EV98.txt (107 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\TRGHUB2E.txt (307 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[1].css (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\HARCQENS.txt (97 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NZ5CQVG1.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\U4RBEDZD.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ADY29ZU2.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ZH36DV72.txt (156 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\page[1].htm (30340 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\History.IE5\desktop.ini (254 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\12115518_944101115651532_2564004755971760607_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\plusone[1].js (30566 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (21413 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\melidata.min[1].js (10800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (676 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\jquery-migrate-1.2.1[1].js (5641 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\new_suggest[1].css (7848 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Q328RLZO.txt (482 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\O4CQ6Q3M.txt (988 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\8OSH5N44.txt (103 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar71D.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\PMSKDIGW.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].js (52098 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pingjs[1].js (32 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\FMCLNATV.txt (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Y002NCFW.txt (307 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VNHNRCA9.txt (573 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[5].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[2].js (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ie8[1].js (789 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\112COZCN.txt (113 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7V44E21O.txt (117 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\classic[1].js (7741 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[2].js (704 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabF0E9.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\8A574ED5927B3CEC9626151D220C7448 (360 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0S7ZWK0B.txt (441 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\15940888_578312162362095_8869873993140981893_n[1].jpg (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ILLZJRN3.txt (87 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\JEXRN4WF.txt (470 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3DYFNGFP.txt (656 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\core[1].js (765 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\red_shield[1] (810 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\index.dat (16 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\errorPageStrings[1] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\127631110-widgets[1].js (50978 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\0IE96JSP.txt (309 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7GO3Y47L.txt (696 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WUKPO2V7.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\fontawesome-webfont[1].eot (30576 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KVU378YM.txt (121 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\WMZUWJRG\world.taobao[1].xml (11974 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\7K54OC7N.txt (422 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\_common___promote___promote.css--___template_1___styles___www___company___info.css--template_1___styles___plugin___companyFollow.css--v616.55[1]. (43888 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IEYHNN6C.txt (95 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KJQSOTOX.txt (115 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\home[1].css (73 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\pixel[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\invalidcert[2] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\705A76DE71EA2CAEBB8F0907449CE086_687524005D49A560600E2D45D44DE6E0 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\RYHTSXPY.txt (250 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\httpErrorPagesScripts[1] (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9VDPLBYE.txt (300 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\2422776291-widget_css_bundle[1].css (18236 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\pzRB6YEc2pk[2].htm (4600 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\OZDIKCNB\eco-api.meiqia[1].xml (13 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33ZUGC79.txt (101 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\css[1].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\aplus_v2[1].js (20794 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\oninput[1].js (653 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_03853CF80D3A45E4068A748249EC24F7 (6 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\0A2EA55F20CC96EF43A26E7FAF8A2217 (936 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[1].js (6103 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\0.2[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\jquery.cycle.all.min[1].js (23784 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\40E450F7CE13419A2CCC2A5445035A0A_97482851B9CF8FBB790FA8AEAB0C772D (5 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ML9RPDO7.txt (111 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player-vfl702554[1].css (142655 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMT0H4OC.txt (104 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\K5t3Ec3iy66[1].js (218774 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4Q7NOTWJ.txt (87 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KAFZHTZ0.txt (109 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\ds[1].js (63503 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\tc[1].js (6153 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\mFUry7Ewz5S[1].js (509 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\aplus_v2[1].js (3540 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.min[1].js (63266 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\navigation[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\NI1WRHMP.txt (66 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\slide_switch[1].js (145 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\A053CFB63FC8E6507871752236B5CCD5_202FDCF470E1E6CDB8E22E01DB74609C (2016 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\pixel[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\VENUV2ZM.txt (141 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\LxzEXqxaECb[1].js (108279 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (1640 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\backgroundPosition[1].js (73 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab3C0.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\14212207_653688491461426_5945484803893418677_n[1].jpg (474 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\CJPVDJJP.txt (407 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\5XKMVJSL.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\css[1].css (474 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\core-1db59222bec2e7468c559156f55a310b[1].css (165349 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar5496.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\base[1].js (613210 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\seed-min[1].js (28318 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\navigator[1].js (241 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\collect[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\A053CFB63FC8E6507871752236B5CCD5_F4C066FA094BC754843DB99590B2CE02 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\AEJDC8C7.txt (804 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\salary[1].htm (9346 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KV28ZD8Y.txt (725 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\adv_out[1].js (9557 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\css[2].css (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\harga-sewa-mobil-solo[1].htm (7822 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[6].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\C46E7B0F942663A1EDC8D9D6D7869173_D9B9F37ECE595B0B7B6AA12451D392CF (1480 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W3MS8WF7.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\94FDZEML.txt (201 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery.fitvids[1].js (719 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\bounce[1].js (25 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3FKBYQAA.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\webww[1].js (16515 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\down[1] (748 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\www-embed-player[1].js (53278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\index[2].js (40514 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[2].js (23773 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GBLRNM83.txt (108 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\33YQT85K.txt (494 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\896O94X8.txt (94 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\KHPTUO1B.txt (210 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\W9COG41E.txt (1099 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\mlb-ml-analytics.min.gz[1].js (23102 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\cb=gapi[1].js (80253 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab1013.tmp (50 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\R4SE7E96.txt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\z_stat[1].js (1081 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\DCE3BDBF5BDD86E2AB5B471CB90709B4_D5FE3430D858EEC0702EE96E01AD90B9 (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YHPCILX3.txt (263 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\M3GL7JFZ.txt (74 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD444.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[4].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\X9U38907.txt (280 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\0A2EA55F20CC96EF43A26E7FAF8A2217 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\songhaiyouhong_blogspot_com[1].htm (13673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\Xw9VNcnTyYg[1].js (26680 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (5998 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1.4[1].js (57892 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\38M8494A.txt (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\FB788E090BC1F3AA2FBC9E8FB2859601 (822 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\doorbell-i8wozeiuwodmquxr[1].js (19959 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\D47DBD2F9E3365FBBE008D71FB06716F_D33192D58AA9CA2B9097E848E9FE86DE (1224 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarD3F4.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\16472838_752115304954013_2302620675576684630_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\CabD443.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\9C1XITPC.txt (98 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Internet Explorer\DOMStore\1HUVI2AA\www.youtube[1].xml (199 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\16143282_791723427632670_7574174759107544566_n[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar3C1.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[5].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\4HVEPQN3.txt (116 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\49CU6FUZ.txt (89 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\ON7HEO01.txt (248 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\collect[1].gif (35 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\3JX5PE0Z.txt (90 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\DD884IO4.txt (939 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\config[1].js (115 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\abnormal[1].css (4745 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\WO5DW012.txt (359 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\stat[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ad_status[1].js (29 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\14303700004920[1].jpg (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\jquery[1].js (152409 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1K75GJY6.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\skip-link-focus-fix[1].js (751 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\cfb9b68598748471e884ae8e1367a070[1].png (911 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\BC2602F5489CFE3E69F81C6328A4C17C_849A9AE095E451B9FFDF6A58F3A98E26 (4 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\20TG8FQX.txt (352 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\desktop.ini (67 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[2].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\comment-reply.min[1].js (757 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\page[1].htm (13208 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\index[1].js (2739 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\tabicon[1].js (715 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LDUIT4VU.txt (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\533000070202[2].htm (3175 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\index[1].js (211 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\sewa-mobil-solo-lestari-kecamatan-sukoharjo-jawa-tengah[1].htm (27844 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\17UHOV2J.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Cab5495.tmp (51 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\57SQKGIR.txt (110 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\style[1].css (13067 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\YBPRKDDL.txt (91 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\core__large-05ccd4379b22231463c741a5faa3dff1[1].css (130591 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\match[1].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\ErrorPageTemplate[1] (2 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (1278 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\1KUYIOXW.txt (379 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\form[1].js (700 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\doorbell[1].htm (241 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\QNPEFQCF.txt (1105 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\ACF244F1A10D4DBED0D88EBA0C43A9B5_16756CC7371BB76A269719AA1471E96C (1476 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\94308059B57B3142E455B38A6EB92015 (3400 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\Tar1014.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\wp-emoji-release.min[1].js (7586 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery.tipsy[1].js (673 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\1LJ8gYX1wG6[1].css (20498 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\10698574_805310939511222_8929108492389579378_n[1].jpg (185 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\J2V4EMBS.txt (289 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\ga-audiences[1].htm (390 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\GFWYI2PB.txt (1093 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\TarF0EA.tmp (2712 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\history[1].js (18529 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\LMNUJ11K.txt (313 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\EDC238BFF48A31D55A97E1E93892934B_C20E0DA2D0F89FE526E1490F4A2EE5AB (471 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\init[1].js (1089 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\match[3].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\FB788E090BC1F3AA2FBC9E8FB2859601 (1 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\9SRP8A5J\match[4].gif (70 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\common[1].css (5895 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\global-min[1].css (33012 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\36IEFG60.txt (464 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\2C0C8HPL\MLB-812506136-tnis-nike-shox-junior-4-molas-original-na-caixa-promoco--_JM[1].htm (23237 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\EGBZ23Y3\csync[1].gif (43 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\IJEF1Z0V.txt (106 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\taskcore-iecache-0\Content.IE5\7O04R3KG\jquery[1].js (69966 bytes)
    C:\Users\"%CurrentUserName%"\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\40E450F7CE13419A2CCC2A5445035A0A_2CFCD3B0E185E4A8F87A94EFDCF71017 (1800 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe (15187 bytes)
    C:\Users\"%CurrentUserName%"\AppData\Local\Temp\123213123.exe (12342 bytes)
    C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe (2321 bytes)
    

    4. 

  4. Delete the following value(s) in the autorun key (How to Work with System Registry):
    

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "urlspace" = "C:\Users\"%CurrentUserName%"\AppData\Local\Temp\jingling.exe -h"

    [HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
    "18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"

    [HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "18.exe" = "C:\Users\"%CurrentUserName%"\AppData\RoamingMicrosoft\System\Services\18.exe"
    

    5. 

  5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
    6. 

  6. Find and delete all copies of the worm's file together with "autorun.inf" scripts on removable drives.
    7. 

  7. Reboot the computer.
    8. 



*Manual removal may cause unexpected system behaviour and should be performed at your own risk.












 
 




 
No votes yet












				


							


			

				
					  
							

		

		


					
							

	

	
	        


	

        
      
 

      
      

      
    
 

    
  
 

		


		

		
			

			

				

					Lavasoft is the maker of Ad-Aware,
					the world's most popular anti-malware 
					software with over 450 million 
					downloads.
				

				

					© 2025 Lavasoft. All rights reserved.

					Terms Of Use |   Privacy Policy
					


								

			


		

		


	

	
	

	

		x
		
Our best antivirus yet!

		
Fresh new look. Faster scanning. Better protection.

		

			
Enjoy unique new features, lightning fast scans and a simple yet beautiful new look in our best antivirus yet!

			
For a quicker, lighter and more secure experience, download the all new adaware antivirus 12 now!

			
			Download adaware antivirus 12
		

		No thanks, continue to lavasoft.com
	

	

		

			close x
			
Discover the new adaware antivirus 12

			
Our best antivirus yet

			Download Now