Backdoor.Win32.Fynloski_60d92cdbc4

by malwarelabrobot on August 3rd, 2014 in Malware Descriptions.

Trojan.GenericKD.1671062 (B) (Emsisoft), Backdoor.Win32.Fynloski.FD, Trojan.Win32.Iconomon.FD, Trojan.Win32.Sasfis.FD, Trojan.Win32.Swrort.3.FD, VirTool.Win32.DelfInject.FD, Worm.Win32.AutoIt.FD, WormAutoItGen.YR, GenericDownloader.YR, GenericInjector.YR, BackdoorFynloski.YR, TrojanDownloaderAndromeda.YR (Lavasoft MAS)
Behaviour: Trojan-Downloader, Trojan, Backdoor, Worm, VirTool

The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.

Summary

Dynamic Analysis

Static Analysis

Network Activity

Map

Strings from Dumps

Removals

MD5: 60d92cdbc473daaa6e2ce98732b1c18d
SHA1: 79b1f5e726db3e8686f0dfc0686fab14dbe5cbc4
SHA256: 4f4c79ff4623cdbc5ae7d214e48e1e50c96df68a934df3726a0c721881cf5d7b
SSDeep: 49152:mJZoQrbTFZY1iaBw/kipQc/4qXTPXU1rV4L9S5:mtrbTA1ShnQqDP6iI
Size: 1732802 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2012-01-29 23:32:28
Analyzed on: WindowsXP SP3 32-bit

Summary:

Backdoor. Malware that enables a remote control of victim's machine.

Payload

No specific payload has been found.

Process activity

The Backdoor creates the following process(es):

%original file name%.exe:1360
adf.exe:1684

The Backdoor injects its code into the following process(es):

adf.exe:1256
abcww.exe:856
abcww.exe:1864

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1360 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (0 bytes)

The process adf.exe:1684 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (0 bytes)

The process abcww.exe:856 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (0 bytes)

The process abcww.exe:1864 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (209 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (388 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes)

The Backdoor deletes the following file(s):

%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)

Registry activity

The process %original file name%.exe:1360 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C1 74 2B A4 40 0B 70 B7 E4 FC B4 FC 98 B5 8B 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp]
"abcww.exe" = "Adf.ly Bot"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process adf.exe:1256 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF B7 02 EF B4 ED 6A E5 9D 60 F0 35 98 3E AC DC"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process adf.exe:1684 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A8 CC 8F DA 42 97 07 18 4D EB 69 9B 0C 2E 33 46"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
"Personal" = "%Documents and Settings%\%current user%\My Documents"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

To automatically run itself each time Windows is booted, the Backdoor adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

The process abcww.exe:856 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "abcww.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1F 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1288215257"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E 15 A8 83 34 E7 6D 13 C9 9A 74 F8 07 10 B6 30"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process abcww.exe:1864 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1E 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4A 0B 52 20 D9 E3 5A 8F 28 78 68 4D 7E AD 45 F7"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Backdoor modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Backdoor modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Backdoor modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Backdoor deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

Dropped PE files

MD5	File path
d8dbd0146a42c4449908392dd902ce7c	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\abcww.exe
6eb4cc0ab3fe8869a86a1c866b284468	c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\msupd.exe

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

Company Name:
Product Name:
Product Version:
Legal Copyright:
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 3, 3, 8, 1
File Description:
Comments:
Language: Spanish (Spain, International Sort)

PE Sections

Name	Virtual Address	Virtual Size	Raw Size	Entropy	Section MD5
.text	4096	525852	526336	4.63347	61ffce4768976fa0dd2a8f6a97b1417a
.rdata	532480	57280	57344	3.32693	0354bc5f2376b5e9a4a3ba38b682dff1
.data	589824	108376	26624	1.49032	8033f5a38941b4685bc2299e78f31221
.rsrc	700416	79736	79872	3.95117	846a36cf3e21355324dca9cbca5ebb68

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://adf.ly/	104.20.0.4
hxxp://adf.ly/static/css/jquery.loadmask.css	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css	104.20.0.4
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://adf.ly/static/css/core30.css	104.20.0.4
hxxp://adf.ly/static/js/jquery.browserdetect.min.js	104.20.0.4
hxxp://adf.ly/static/js/common.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.placeholder.min.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.loadmask.min.js	104.20.0.4
hxxp://adf.ly/static/js/chosen.jquery.min.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.form.min.js	104.20.0.4
hxxp://adf.ly/static/js/ZeroClipboard.js	104.20.0.4
hxxp://adf.ly/static/js/modernizr.js	104.20.0.4
hxxp://adf.ly/static/js/ie6-warning.js	104.20.0.4
hxxp://googleapis.l.google.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js
hxxp://adf.ly/static/js/spin.js	104.20.0.4
hxxp://adf.ly/static/js/home.js	104.20.0.4
hxxp://adf.ly/static/js/jquery.ulightbox.js	104.20.0.4
hxxp://adf.ly/static/css/jquery.ulightbox.css	104.20.0.4
hxxp://adf.ly/static/image/header_bg.png	104.20.0.4
hxxp://adf.ly/static/image/header_gradient.jpg	104.20.0.4
hxxp://adf.ly/static/image/testimonials/andresatria_small.jpg	104.20.0.4
hxxp://adf.ly/static/image/header.png	104.20.0.4
hxxp://adf.ly/static/image/quote_photo_bg.png	104.20.0.4
hxxp://adf.ly/static/image/links_clicked_bg.png	104.20.0.4
hxxp://adf.ly/static/image/num_bg.png	104.20.0.4
hxxp://adf.ly/static/js/index/index.js	104.20.0.4
hxxp://adf.ly/static/image/logo.png	104.20.0.4
hxxp://adf.ly/static/image/shrink_bg.png	104.20.0.4
hxxp://adf.ly/static/image/shrink_button_icon.png	104.20.0.4
hxxp://adf.ly/static/image/button_join_now_tick.png	104.20.0.4
hxxp://adf.ly/static/image/fb_f.png	104.20.0.4
hxxp://adf.ly/static/image/arrow.png	104.20.0.4
hxxp://adf.ly/static/image/language_flags.png	104.20.0.4
hxxp://adf.ly/static/image/language_arrows.png	104.20.0.4
hxxp://adf.ly/static/image/safe.png	104.20.0.4
hxxp://adf.ly/static/image/ads.png	104.20.0.4
hxxp://adf.ly/static/image/lmp.png	104.20.0.4
hxxp://adf.ly/static/image/stats.png	104.20.0.4
hxxp://adf.ly/static/image/api.png	104.20.0.4
hxxp://adf.ly/static/image/scripts.png	104.20.0.4
hxxp://adf.ly/static/image/quote_top_bg.png	104.20.0.4
hxxp://adf.ly/static/image/blockquote_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_home_lr_bg.png	104.20.0.4
hxxp://adf.ly/static/image/footer_home_ll_bg.png	104.20.0.4
hxxp://adf.ly/static/image/ft_paypal.png	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/js/300/addthis_widget.js
hxxp://adf.ly/static/image/ft_payoneer.png	104.20.0.4
hxxp://adf.ly/static/image/ft_alertpay.png	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/core145.js
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr	173.194.113.210
hxxp://fallback.global-ssl.fastly.net/static/r07/widget120.css
hxxp://fallback.global-ssl.fastly.net/static/r07/widgetIE67006.css
hxxp://www.google.com/recaptcha/api/js/recaptcha.js	173.194.113.210
hxxp://www.google.com/js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/sprite.png	173.194.113.210
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://www.google.com/recaptcha/api/img/red/refresh.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/audio.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/text.gif	173.194.113.210
hxxp://www.google.com/recaptcha/api/img/red/help.gif	173.194.113.210
hxxp://www-google-analytics.l.google.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none);&utmu=D~
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF	173.194.113.210
hxxp://adf.ly/static/image/button_join_tick.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png	104.20.0.4
hxxp://adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png	104.20.0.4
hxxp://www.google.com/recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566	173.194.113.210
hxxp://adf.ly/static/image/ie6-warning/background_browser.gif	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/sh168.html
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk	173.194.113.210
hxxp://www.google.com/recaptcha/api/js/recaptcha.js?_=1406985884566	173.194.113.210
hxxp://a.ssl.fastly.net/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740
hxxp://ins-011.inscname.net/nr-411.min.js
hxxp://adf.ly/static/image/ie6-warning/browser_ie.gif	104.20.0.4
hxxp://a1294.w20.akamai.net/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7
hxxp://adf.ly/static/image/ie6-warning/browser_firefox.gif	104.20.0.4
hxxp://m.addthisedge.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0&lt=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener
hxxp://adf.ly/static/image/ie6-warning/browser_safari.gif	104.20.0.4
hxxp://adf.ly/static/image/ie6-warning/browser_opera.gif	104.20.0.4
hxxp://adf.ly/static/image/ie6-warning/browser_chrome.gif	104.20.0.4
hxxp://fallback.global-ssl.fastly.net/static/r07/layers063.js
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken	50.31.164.176
hxxp://fallback.global-ssl.fastly.net/static/r07/json2.js
hxxp://fallback.global-ssl.fastly.net/static/r07/layers052.css
hxxp://www.google.com/recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm	173.194.113.210
hxxp://www.google.com/recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX	173.194.113.210
hxxp://fallback.global-ssl.fastly.net/static/r07/layersIE6007.css
hxxp://cdn.adf.ly/static/js/jquery.loadmask.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_alertpay.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ads.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/quote_top_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/index/index.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/quote_photo_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/fb_f.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/layers052.css	185.31.17.185
hxxp://js-agent.newrelic.com/nr-411.min.js	192.33.31.101
hxxp://cdn.adf.ly/static/js/common.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/shrink_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_home_lr_bg.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/core145.js	185.31.17.185
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_safari.gif	104.20.1.4
hxxp://q.addthis.com/feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740	185.31.17.130
hxxp://b.scorecardresearch.com/b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7	188.43.72.26
hxxp://cdn.adf.ly/static/image/stats.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/header_gradient.jpg	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_paypal.png	104.20.1.4
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js	74.125.205.95
hxxp://www.google-analytics.com/__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)\|utmccn=(direct)\|utmcmd=(none);&utmu=D~	173.194.113.193
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_ie.gif	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.browserdetect.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.placeholder.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ft_payoneer.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/header_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/footer_home_ll_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/links_clicked_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery.loadmask.css	104.20.1.4
hxxp://s7.addthis.com/static/r07/layersIE6007.css	185.31.17.185
hxxp://cdn.adf.ly/static/image/arrow.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png	104.20.1.4
hxxp://www.google-analytics.com/ga.js	173.194.113.193
hxxp://cdn.adf.ly/static/image/ie6-warning/background_browser.gif	104.20.1.4
hxxp://s7.addthis.com/static/r07/sh168.html	185.31.17.185
hxxp://ajax.googleapis.com/ajax/libs/jqueryui/1.9.2/jquery-ui.min.js	74.125.205.95
hxxp://cdn.adf.ly/static/js/spin.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/logo.png	104.20.1.4
hxxp://s7.addthis.com/static/r07/widget120.css	185.31.17.185
hxxp://cdn.adf.ly/static/js/ZeroClipboard.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/core30.css	104.20.1.4
hxxp://s7.addthis.com/static/r07/widgetIE67006.css	185.31.17.185
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_firefox.gif	104.20.1.4
hxxp://cdn.adf.ly/static/image/shrink_button_icon.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/num_bg.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/chosen.jquery.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery.ulightbox.css	104.20.1.4
hxxp://cdn.adf.ly/static/image/header.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/api.png	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/button_join_tick.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/button_join_now_tick.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/scripts.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/ie6-warning.js	104.20.1.4
hxxp://cdn.adf.ly/static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png	104.20.1.4
hxxp://cdn.adf.ly/static/js/home.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/blockquote_bg.png	104.20.1.4
hxxp://m.addthis.com/live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0&lt=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener	8.21.198.203
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_chrome.gif	104.20.1.4
hxxp://s7.addthis.com/static/r07/layers063.js	185.31.17.185
hxxp://s7.addthis.com/static/r07/json2.js	185.31.17.185
hxxp://cdn.adf.ly/static/js/modernizr.js	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.ulightbox.js	104.20.1.4
hxxp://s7.addthis.com/js/300/addthis_widget.js	185.31.17.185
hxxp://cdn.adf.ly/static/image/lmp.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/language_arrows.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/language_flags.png	104.20.1.4
hxxp://cdn.adf.ly/static/image/ie6-warning/browser_opera.gif	104.20.1.4
hxxp://cdn.adf.ly/static/js/jquery.form.min.js	104.20.1.4
hxxp://cdn.adf.ly/static/image/safe.png	104.20.1.4

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:02 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=db95aed11c9f7d0cdedd6972123ced3ae1406985841821; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly

Vary: Accept-Encoding

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=bea70ac7d83ca8c8ef7b7d7e48555fc451d91abc; path=/; domain=.adf.ly

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Frame-Options: SAMEORIGIN

Server: cloudflare-nginx

CF-RAY: 153a97e76315075b-AMS

Content-Encoding: gzip
928.............X.S...... ....S.I...&8L...=z.......0.........4... .N..
B;-...J.....v....q...O.$.i.....l...$......>.1.$L.R..E.\....H"..I(..
.p..n..Gl<l6...)....|^.......~,...Y..]..`.l..<...F.HAS.....w....
......g......K.22z$..T.......N...P.L...\yN..R....H.._.?.....Q<.....
..<.F..`..P3.......jLd.Gl.......).D..=X.e&.V..r..H...~H..!.r.[....b
ag8.....K#A...w...V;.e9kDU.%.p*.N.......q.muZo,d.Jo........{..3.......
.l,._.......Ij..;6. .....v..Y...:f..t..........7.,"f.g...(......O.O.W.
[email protected].\z...... ..u..z8..p..K.]....J:H|.."(..x.........c..$,
....0/..3..as......?...]$~&...c"\.....p1..:.......J...........N.W.....
Ry.x.G.D...h.E...<[email protected](1< .{.....q/fI.nX.k......Y
.....G...D...M.p.kq....D.g.l.q.....&..3...\.....h."....u..zy`.......07
.y.\h..L...)....B$jM...;.8h8..DX....w..{I......1.t..'$.0..{c.f.Au..e/.
..n..b<}.P.w.^....6:......C....!../L...0m..8.4..d..u.>.3..h../m.
-.X............^F..A.%.cg.e..S.f:....}2'Mr.....1Q122.%.......j..."s.o.
..G>.......).9.2.4..0.$I..P.N..(.=.).......T-..h..=...<....G4..\
&..!.y.(....W,...D#.>..H....:..F.K...&......#.......$3..R...Y...Y._
.YI>:. ....R ..s...O......P........Q....y..J......Y,ER....&....m...
(......7T=..a.{.i..iw..('.7.m.....O.?...#.t...b[M.X.. ...f1...L3.4....
.....4e03'..S...$pXh.*.0..|.F....2i..-..Q[c:5.}.q.J.N..u.E0..&........
"DT......*>.H........[V....pK../m9o....f.&..P'7;...y....".......8..
..k...p.T}..7.3......g.........45.q....K.".$..1..][.Z..Ux[.........XP.
WI..[.....u...T7.?.LCc........S.]......J.V..x..~.4.$...b..F..W....<<< skipped >>>

GET /static/r07/layers052.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Wed, 23 Jul 2014 13:08:35 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 182014

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:42 GMT

Via: 1.1 varnish

Age: 234549

Connection: keep-alive

X-Served-By: cache-fra1221-FRA

X-Cache: HIT

X-Cache-Hits: 40562

X-Timer: S1406985882.968149,VS0,VE0

Vary: Host,Accept-Encoding
#addthissmartlayerscssready{color:#bada55!important;}.addthis-smartlay
ers,div#at4-share,div#at4-follow,div#at4-whatsnext,div#at4-thankyou{pa
dding:0;margin:0;}#at4-share-label,#at4-follow-label,#at4-whatsnext-la
bel,.at4-recommended-label.hidden{padding:0;border:none;background:non
e;position:absolute;top:0;left:0;height:0;width:0;overflow:hidden;text
-indent:-9999em;}.addthis-smartlayers .at4-arrow:hover{cursor:pointer;
}.addthis-smartlayers .at4-arrow:before,.addthis-smartlayers .at4-arro
w:after{content:none;}a.at4-logo{background:url(data:image/gif;base64,
R0lGODlhBwAHAJEAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2
MKiQIAOw==) no-repeat left center;*background-image:url(images000/addt
his_logo.png);_background-image:url(images000/addthis_logo.png);}.at4-
minimal a.at4-logo{background:url(data:image/gif;base64,R0lGODlhBwAHAJ
EAAP9uQf///wAAAAAAACH5BAkKAAIALAAAAAAHAAcAAAILFH6Ge8EBH2MKiQIAOw==) no
-repeat left center!important;*background-image:url(images000/addthis_
logo.png)!important;_background-image:url(images000/addthis_logo.png)!
important;}a.at4-privacy{background:url(data:image/gif;base64,R0lGODlh
CQAKAMQQANz0 IzZ5gOqynDP4Ruyz7Hl7wSqyv7//x6z0FLF2zG50 v4 xSwzcDr8QuszP
///////wAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAACH5
BAEAABAALAAAAAAJAAoAAAU0oIJAZAkZCqOYkNMsA5OU7hM0ikO6x7AcBQTBtVAsHo EgM
gABBijmoHAoCUKMxNDwCKFAAA7) no-repeat right center;*background-image:u
rl(images000/privacy.png);_background-image:url(images000/privacy.png)
;}button.at4-closebutton{position:absolute;top:0;right:0;padding:0<<< skipped >>>

GET /1/92a411bc23?a=4058140,2334836&ap=8&fe=26312&dc=23203&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSwwNV1NNdV9XQBNWXQgAERxfW1JVQQ==&f=[]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=451778de91663b63;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 21
NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=451778de9
1663b63;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: 
text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken
(null)...

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 5775

Connection: keep-alive

Server: AmazonS3

ETag: "9050946217be03f42647b3f708ef10d3"

x-instart-cache-id: 1:16954596951746155381

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Accept-Ranges: bytes

Date: Thu, 10 Jul 2014 19:02:44 GMT

x-amz-id-2: M6Z1FvhosAPz/iDGNmz4we1GllhHXR2rCe8NAa/cyM2LxF4ezoQWqSqUblbUlD30

x-amz-request-id: 7B5A513F8EC80783

X-Instart-Request-ID: 11148896140670480835:SEN01-NPPRY14:1406985881:70
...........[mw.6....B..*....8NB.V.4......fv?Hj.M....TA..G.............
I../.....Y\f.J.......V.=.(...$v..L-L)[email protected]...........|/..e"E....P.
../])T).^...F...U]n..J..{...{ e...&..\..$.z.<*S......}..=a........\
.......u6Z.. M.`hA.^.0..}.p....."".|.{.....=....TU.>.~f....<.G..
F.S.-.j....v|.,......{.6....&.............I.D&$K..G.Z.qz...?..........
.7.....4.w.'Qo....~./....G.v...Mg.b.s..o...6 ......m.*[email protected].
.J&a..0.........'0...a^f..a.1...?.1Z............n....N.......4...P.u..
w...E^....Col...Q1.1..-Px...V...F....<.A1.LU.Q.6.Se.....-..~.n.G..m
.d ..SP.d..g.....&.x0'..4...fr.. .\.........H.B..5..H..2M.....rf~....;
.D#.....)Z....0...2..T......!.T.7...p)..d-..(.U[.,4O.J.#l..0.........S
..a.....R....c...^r...2.....<.}...4B.-T.....>[email protected];.W.x..
..D..S"VoW...lA. ..g...\*O..2Oda.......|..3....J.I.P8)$.H.*.R..,4...{$
.........nE...a.&..=..oy.9.....k.x.....U....$.&A]..lAF%......k....&iX.
.>).d.,..hRVX.9....;...p.)..S.............l.Z.9s.....0RVyG..<..*
...e.....l a.<..=.,..[.....a..>...JT...[./.t5B.K]w..g...(M......
.1D9l.W..{bS...........v..l...X...^.e..J.......'...^Y.,.....{....Z...2
...E.m....].zj......x....2M.......<,.`.a(....T... B.l.^.....xP.....
..f.!4t=.].=...Fd..U.F.9......F~...bb..v...vR.V.0..|x'.0.....R...Z..!I
w.u...([.s....U..r..|..)...t.M.1..aw.}..H..C9Nd....`.vq...H.y.u.E.A.(_
..3E...../H..0v.~.X..^P-Rbh<..^...v...%`c.C0c..].W..7V.h5 .........
vP..e..mhY............5..7..o$....V...Kl.....:-...o*..hCc......A......
-...\......0,...;........3[..q.l....b.......]x.Yp.,.F..?.ES.[....F<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/jquery-ui-1.8.16.custom.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:07 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:07 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a980d75070761-AMS

Content-Encoding: gzip
df5.............\.....}.W8;X`&hud.n_.y.....E^.Z.l.eQ....1...$S........
.:d...K....KN.j.HN.(h}-X.T.cW..>.x..'$.i..CE..o.d...C.....e...Ij..W
........}..}..z.........z&...]....`.Q...(.P.." VSu..S8v<...q.,..L..
sA......2i.w............c[...Q.....\...)RJ*.....r..o..s.(r..9.~.;py.J]
.s~........X!OV..V},y.)...4.>y.....P.JV..w.T..|......c..D.D.../..E.
\..Z.K%=..a...#.P...R..B..l..y...T......y>...(....{.J........G*..SC
.#lh,@.7..8.$gV}....p.OT.....?.......(HM....T.-......~.<....t..o..!
V7...}..J.......J....)...B..B.........TV.....yg....."...L......p......
:iy)............>~....g.Q3....9..../...)5#WX.D.R8.7]o.t3..|".l3..X.
.M.. ./V{ ._..Pi..*].....F..WED.....'.M.......y$.a#7..../..i[.< ...
.y.Y.....e...9...|.SE.%z...,.5g0n..{..t........I..%./->.Hd4...8.<
;..t;tPQ..H.y.2.?..|.^...g...Ov....8...K.Jq..2#..H..b.J.|......l..)..A
U.tl.....0....`v..T...s,t=.(...;..1.q.wR1.i.ee@:]....`....w-.O._......
. l....f.B..*2...d$b..HIJ.\.6.m...,.9..Tm"O,...7{ ._.*.c..,P.QS4F...a.
..Htt.1.H.>...M.....Y..........)C.k|...Z..uq..Q...........6}..t_...
[email protected].&...e...l.......]..`....v...>[=.g....c?./
..#..A..3..q.....J.M.n.A......1.v.....1o%.s.f...spX[."....'',."[....t.
...'.d0X......,..':7..@~...-.Xn @\.i..........[......q......gq...Bj...
.R]k...".6.. .....w.....!Q...`@pXL`d....'#.AN.J.$...a.....G....1.`...@
[email protected]....(h........LH......Yi......|[email protected])H....f.H...6.U.
...&,.tD. 4.0$.s..O<..e..DS.C.y...'#...H.;...z*71.t.....t........)4
..1..."j<.T......i..i8...p.6..0....2..,...".c..\.v.d.CKA..l.Kf.<<< skipped >>>

GET /static/js/jquery.browserdetect.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983119ef0761-AMS

Content-Encoding: gzip

c2............u.A.. ...ur.Y...<@C....C...F.&....5........o...<..
(s..J......Px.U...\.m..R....g.........U.|..n..#....K..Ck....t....CM..A
.u.g......p.'w..f*:.:.wS..<7....!..rm).R.4.>...w..].n...Tk..n...
..0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Content-Typ
e: application/x-javascript..Transfer-Encoding: chunked..Connection: k
eep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control
: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 GMT..CF-C
ache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a983119ef0761-A
MS..Content-Encoding: gzip..c2............u.A.. ...ur.Y...<@C....C.
..F.&....5........o...<..(s..J......Px.U...\.m..R....g.........U.|.
.n..#....K..Ck....t....CM..A.u.g......p.'w..f*:.:.wS..<7....!..rm).
R.4.>...w..].n...Tk..n.....0......

GET /static/js/jquery.placeholder.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9832ba400761-AMS

Content-Encoding: gzip
2f1..............]o.0.... .U1.J...(..v.*.R.r...q.$k.#.)C4.}v. ........
y.9..{..>......P...4Gs....%..=.....W.X.t...y<.....)d..H...I.)...
."..2f..5z........n.@w73.}}....c.......r..y.#.#.2.&.9..f..b...$.fi^.&.
.g..E.Y..i...k..*..a}1..3.o...D.?....mI...ej...&..n..UfM...T0..k.W....
... .s...V1 .4...nt"W.]0^G....mm..x[B..Fw.".c...Q....;...M2.J.-$...c0.
.7"qx.&,.....s....\.6*K....:&<.O..N..5;fWU...O.r......{W..`.`)_..=.
T.....-......-h.v.[....\.R.........T9:.:.0............p).......M8..V..
EJ.4(..)..#-..cvw...a;...V.:M2...<}...r...d.H}.F..M\..M...G}.......
.Z...!...s..M..3..........h..j.[..6.....p0.'a.ml#-!7LX...e...\k....<
;g....#..e9....]w$o[./..V.B.D..`.R=b!.%s.e...6......$".4....L........?
f..XE}.Dn....f....3.-.<_4J..e...V.B?..,f.p...G..G.~..q.Hk.(i>.4.
.a..R/.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:13 GMT..Co
ntent-Type: application/x-javascript..Transfer-Encoding: chunked..Conn
ection: keep-alive..Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT..Cach
e-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:13 
GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a9832b
a400761-AMS..Content-Encoding: gzip..2f1..............]o.0.... .U1.J..
.(..v.*.R.r...q.$k.#.)C4.}v. ........y.9..{..>......P...4Gs....%..=
.....W.X.t...y<.....)d..H...I.)...."..2f..5z........n.@w73.}}....c.
......r..y.#.#.2.&.9..f..b...$.fi^.&..g..E.Y..i...k..*..a}1..3.o...D.?
....mI...ej...&..n..UfM...T0..k.W....... .s...V1 .4...nt"W.]0^G....mm.
.x[B..Fw.".c...Q....;...M2.J.-$...c0..7"qx.&,.....s....\.6*K....:&<<< skipped >>>

GET /static/js/chosen.jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98342a6e0761-AMS

Content-Encoding: gzip
15fd.............\{.........v.dEQR^...j...}..n..w.z..$$.K..I.z...~.^$.
.....;.XZ.q^8....F..uQ..w....H\;........1).eQ:...#.....y[.uq.%......y.
.2.o...,.._...T....z;..V.^.. .6........"w....)-.a.eNU...8.f. .;.......
Q...b.b..y../...v..s..O&r...i..^.s~Lc.W.?e.Q...h......_=......&.C.[...
L3.......5I(e.....D.4K..;I..E..$.......I...]....J...-..<..R$.:...a.
.....E.'.c8.Y....I...}I.]...-eT...p.,."!...{h....xC.0Do.....o.........
,v[.0mJ...h......4tK....O....E... #..^.[...j.>....|...g.N..~.#.Mq.&
gt;.x..-I>..IZ.(#....{._.8`.^.. ...........!..%.d...^....k...`.7.#.
...f.....x....5.....!..7.....&..3.@s7:.s..'O\.:W.u w=.'...YH.I.. P.-.v
...>}..)_...7..i.B...O?.......k...6x6...G8..:o..W.....FI.W.}F..>
......{.....%.m}......j.......r.....o..q!oE<.sr.`..H.>&x..o.....
...0.[].k?i4.l...D.h...-.[ZT..h..8............}6.......,.)...k...$....
XDE.EB.x...&'. ..V............-e.*Zr...c....K.!... 4..8.e.Y..*.]$H..ZY
T.UJm....|.p...e...z!......C..l..ol.8....X....6!RLp...,X....f.p....4b.
6:...l..7.."."_.E^.....*I.......K..Q.X.9....N.*[email protected]..."TE
[email protected]*. ..l...zQ.a...h......Q...<..Q.3ZR7/r.I.....
b!..U?>...#J....5....I..D.......c.(....SF.....vW.............YG,...
.....bW..EP.LL.`kI.;..._.=.2.lW.]EwS..gSw.,.N....k26.%....4N..Qhyb....
....E*...D....X.........=..j....zz....|U..W{D.dE.r( .=.;[email protected]
gNM..)..84.y...;.0D..Q?8G.S....,u........6 -...E...A..2.........t1..Kd
eN..E...>U...A_.. ....[(.ba.....XA.. h..\ \..<.?Im.7..].........
.u..vC.Al.5.o.E1A.....p.N..'...:B........Z..E.~.luV..`..q...8.NA.M<<< skipped >>>

GET /static/js/ZeroClipboard.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98354a920761-AMS

Content-Encoding: gzip
ef6..............ks.......mm0"A...F...e%q.....SY.........(.n...{......
.....nwo_...w.~qp.|A>..%yV.X\...rI.....~I.lV.......RZ.. 4..d.o.g$a%
|....8..zd]g.....&..YN....(.&..%Y.A:.......&~.TY....j.'4B...~.-...=:.K
.g...-.b.( `.yD..(-............V...O/A...5E.%...t...-2.\.......S..9..F
G...qt./..|]$<cE8"..EH..).y.%<8...."o....[....p..Q..D..[..yT#...
^...lN.>J.UE.Ij......^.......m".....5.....d...(..x...3...|..<...
 .O ..1..4..[......5g..}[.'...5..-...d...WL...~..9 JdB.."!.f0vt.__....
......CK.(.......g...V...`&..I.*.v...(_W..J.....O..o....".'cup?T.s....
.<......)....."P.g|[..-...rV..<V....B.#L....O.>.-.W`HK./....i
$KL..5.PT.g......q.{p.*...... .....j.b..B..o.8M/p.. .......dE...c1.ZJ.
D......t*..=..K...A!..v46.q..hX.=..............g..-.C._.....>.;.w..
...q..M.).....#..N...P....B.m.-......a.\.....$.....%.......4.... .Eu.g
<[email protected] .Fs.<..# h.6.C...\..$-.S.....
...0.|[..M ..".......2..."...r.J.,...Z.6.JGM..2|.e.pO=.O...w.V..uS....
.......?O.c..^...u.e..|.A.[[email protected]......\....NW.w......M.._....
......Yw.s..{..!.m.....H.E3./..tr....|.r..&...3tq......hg.....(.s~.*W.
....&K.....H.D?..6....I.2.K.5.D..}...;...).....|..............J..ctQ..
O...t.n}...$..*...Oa........Y......W[......z.j..:[email protected]...{....RB*
..F....Eh.....CrDN..v.z.u..x...W...............Z...@..f....F.UK....I..
!s...2.....J..*b8...'."V".:.........I.gw..... ......%.s....C.4.(..tC..
..:.2[A%.$........ >..m.._W|........P.ZC&.>a.8 j..............`.
.MB...\.Q..8.u ......&..5..o. *..2.<.3....l....)6.X..."....:...<<< skipped >>>

GET /static/js/ie6-warning.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:15 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983b0b6f0761-AMS

Content-Encoding: gzip
7bf.............X_..6.......$h..-{.V.C..k.a..n{...b).P.2l.r.a.}.,...8&
gt;..3....4E..T.X.c..E?p..d.>....@@S..P.......R..U..H6...Q.......VM
..|.h..p`[email protected]..=..Ol[s`.?.X..GV..8j.}E(C .A.;).w...,...
T6......f...A...5m.(....d..QN.....F..2!O.!.....Qks...HY..x..Z.b...G...
.PT.=....I.y..~.#L......=.....Hv...;...T...f...L..?T..P..t......@.....
tZ.y^.Z.`..|s......||...7..H#`M..~........1.vm.7..{hR...lm".....I.5R.k
......K...r...........<.5E..l...j...".H..4.v ......U..V..G..c......
J.l.......?."... .>..h...n.jab..0.;....'`e.J...)......l.>....8&l
t;....e.p.....y..9...9...9...9..[Y.fF..3#R...).....zD....B.......[..R.
.c...U..^r.k..Fx.y..&A..r. 7S\.}...i...?1||......S....A..~Bvu.........
[email protected]..".zn.A.A..8( c#L..d.....4;...;<^.4....f ,
.....8]...............i........{.....Q....R..f....l..R..f....l..R"!...
.S.m...mIk5....i...........g....:L.o.>..-r........d.{...l....'.\...
.8j8".Z... .Yj.f.J....;..hhT..@..$9....f...$.......Ow.]d..........}.m.
..<..<z....Vz.....^J..%b..y|.u.n.....F.. .w..JB.>.(s.f,......
.I..{..U'..y....,..9r.g.h.K.sJ.O.)(S5m..D.M.(.W..o*N..?YEIA..J.B.z...&
gt;'}.O..J.U...e)..D`.N.....G.......a...m...._.kK}.\u..t.....,R^....l.
.?G.l..... <[email protected]`..c...2...;.<'6........f...Ff......M.O
'.ns..(c.c..5.{....I..N..'.iM.~.P~A~8...S.........9....{@.~..@..#.....
..O.L..m...w.....).;)].&.._....^...6....lLk.6.m&.@. ....`O.v...d. ....
q#mm..p...x...@...$..\./,..3{A.,....5.... T... ......B ._..%.....6..:.
...S..\:*%.W5V.Z....k.]l,W...Vg..#........}7.X..U.Q..].>jUjWe.Z<<< skipped >>>

GET /static/js/home.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Thu, 14 Mar 2013 17:21:53 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984d4e540761-AMS

Content-Encoding: gzip
5e18...............w.I.(...W.ZhK.m.{ZF....M...m3....>eUI*..4*.c..o.
..G.d...={.Yf.T..........l?...<.~.d..$....~...Y...%....5.....^.....
P.y6..'.."8....p..?..8.......c.............$.$....`.F.<X......A6.~y
.2...y.di.............dCf{ww.:\...T..WI.eW..?LRh..|.....mG..;.v0.'..E.
@V.^N.|wg...O/.O...k. ...~...y..$....v.L}p..?...y2[..E2...b.-..yx. ...
....i...B..O....I~.....R.>^_....r......`..s(......<{.F>Z.....
b6.A.o.....,_.....5....l>.N...17......x...x.6.......>.8..yh~...X
l.D..SH]..W.........x...........j.....<.N.....4...m...kJ...r.`9Y,..
i<.*.....DHK.4.......E....-......7.d2.......<..2..p...*..*.;.}.E
.....mE./...)..(....t}w....r...0..I.K...D....'...O..K3....fK...}A..P..
vw..Q..H..7......dg1Nr..u......~.$.....5.........RR.........4.1J.Q.j..
 .L.a.O.<@.(.....b..(...:..x..0(....NZ.{.`.....0...r....c..TZ.p.3.&
N%.H$..[..p.L.0_ [email protected]*..~....;;..8..PD......]..E[5.9..ty...\.!..m.
.E.ZL...r>.S....i...."..E0..!=.......\..q...d..)...lXd.a.=.Yi....j.
..YP.NW...\.e.v$......q.2w4I..E_.t..,...fQ...t.-.....4.........*qZa...
........$.....U.R^1....n`....*u..$fK.\.c.....#.h.o...$....2.k.oo_.<
.A.p..6R.1..$..Y.G.8p...a2.(xX..&,-03..l.S.m...../ .4..<...:..6.g..
.|U.....a3.....%%..b...J!..._%...]G...&C..%.aL.. ....A......a./...$...
.!L.e..?....TI.%..T.....4..w.-....9:...Z.....i...<......#........T.
....E..........X.?. B....b.8.B.s....2....[...;[email protected]...:l.C....
jf%..2..c...q... .....1L........,_8.....E.1...8..y.|....q.k....S..$.R.
....k..(.L.._...u......r..,...G:VL;.....8..b?.....K....y.....c2BEq<<< skipped >>>

GET /static/css/jquery.ulightbox.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984f0e9c0761-AMS

Content-Encoding: gzip
816.............Xio.L.. .w...J.....~.6.......eh.1.!...6.3.LFzgw..`%...
...........Gf..h;...$.Oc.4Ah7...d.`;).._.`..d...V..[.t.eit..j.V.......
...?...L...i.i.q'[;S..;l.4......X;..V.....1..q...D.D....RkjD~..|......
....... 7h..An.l..K.o.........Z..)..kY....................0.........Lk
..X.....I.c.]..fgg...N.... .h.5.v..L-.&..C..P'...; .K.@..;....$.......
..../.~1_.Z..|J.....f..`,........`.......%..w3o'..B.........iV.....P..
V..........sZ...!..0M .......P............8-<.....fI.*k...N}.Z.#...
D. ........C...N. L.....A...Ib-|.K.CR.}[email protected].<...g.G;h..Gi...z&
gt;......o..4..pX.....o..khj.$...&[.....I...x...E.9.....3i._zR..{.....
..o]......,.....DU.<o....f.,...K...=..H.G..Xob...w:?..Lp.....!Fg...
.'...w...k....Vt.` .....>..~....H.3 .-L.2.....1........B.Z:8/..J?|.
..q..o}-....x.............I...._.....kVjDG....g*:...........rn.u.}C.."
............GP...o."R.....Hof.Z.....KU.q...u........W6..0|...P.c.v...r
......i..}..k/.x.f..tS.$p.n.Xw....=...U..r%....BW.4............R....nY
r._.Nj0.o2.m1h.......O..H..Y......vf..Na2...hO..}.vx..I...I)....H.`Ie.
p..'.._.6.b{......9...*.87*8........gsOu..H)'[email protected]..
..r....V.*.\........Q^...w/.R.........:.K.Q..f../.........9.,;`.).q..9
.A.....b..7...b.#._....D. .|..@?[..M<.}....U.Xt.tQ..4z.J.(c6p.s....
83.S.]....C....8. y...j..k....:.T..8...1.c......q........89.W.3.X._. .
W6|..bnt.v<..K...O....J....B.bm#...&..Ey.&DI..4.QsR.DZX;...I~m2.yi.
...S.....wmo...g.....%d(2r....J.%..>`8.6..dh. y.............#x<.
!sZ\.{N...Y.`qS4)x..#J.$..=.....>....xe..>..../z...:G.q...'2<<< skipped >>>

GET /static/image/header_gradient.jpg HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/jpeg

Content-Length: 6647

Connection: keep-alive

Etag: "22a8-50f9295f-8945eddba2f6146"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f9eb20761-AMS
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................r...."........................................
.................................w.........Z.`..J..([d.F.-Y*..f..E...i
..Q-.I*.U(..TP.Q(e..a..jDQ&.T.he...jK.e.e.fh.Q.....Z..K.....FV(BR.d...
............,..*,[email protected].
I..D..f.Z.....e.aK.......fR.jK%.Y(*Y..................".J.......J.*.*.
.E$.ET..DiQDP.DQ..D........DQ....D.Q.e..DXE,Y.FT.XI..Z..jFf..:.%.&.,X.
A*.d...............RU.l......X.J.*.[[email protected]
Q..j.D.P...............%K..FVK%..D.J.%...............)E,....[-..e....*
....5`.J.P...Q(....Q....D......DQ..(.D..`.Y.X.dIb.R.Y.VK.fQd.X.X.Ks...
............,....B[)l.[-...[-..e...V..K(.....Q............ (.........Q
....Y..*.K.d.Y,[email protected]..[-..f.jj.V[.j.[..m.P.
)QT..,..J......T.......DX...!a..%....D.,$.Y,.K.fHK .X.R...............
..RU.l.[..-.Y.j.Unm..f.m..[...i(KK.AniQU.....PT..APT..AP.....T.$T...@D
..B"...d..%..d.Y, .J.%...............[-.[.V.j.]f.....WYY..e.f.i.lUA.%.
.f.AR..APT..i..F..APT..di...APT.........B.."....J....0.J.......@......
........niE,%....lY..i-.f..f.&..nji.i.....TUAR.APT.di.i..F..di..F..di.
T..Ab..PT.EAd-dT.D...-.* 3.J.2.!(*Y.....................i-.....A......
i.Y..i.j..A.inVi..inF..PT..APT..i...APT..APT.B.....H..R.!..B....$X...K
b.(@,..................i-.,.KV..JTY...Y.i..i.i.eA.i.I.F.Zdi.AP[..U.iP.
.B.%AR......APT.AYF.."..!RK....AdKb.$X. "[email protected].<<< skipped >>>

GET /static/image/header.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 56313

Connection: keep-alive

Etag: "dbf9-50f9295f-f5e52cd7af085266"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98508ecd0761-AMS
.PNG........IHDR.............Q..w....tEXtSoftware.Adobe ImageReadyq.e&
lt;...fiTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:0180117407206811AC3EA2F6E16088A5" xmpMM:DocumentID="xmp.did:4C52
D47DEF8711E099BACEFA714E110B" xmpMM:InstanceID="xmp.iid:4C52D47CEF8711
E099BACEFA714E110B" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh">
; <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:26E1F8D7172068118A6D
A26CE47F5BA4" stRef:documentID="xmp.did:0180117407206811AC3EA2F6E16088
A5"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> 
<?xpacket end="r"?>...H...)IDATx......*.. .Q}9];........a.$$!..!
v..fF`..._.z.....?Ty|[email protected](v.B/....Q............R......O.
;y..qp]<S...4..?`p..t...V.6...1..a.1F.y....)./..i.<.....?y...fC.
.n.].....u..uM-..p:..|m......Ur...........K.;B>.,...J:;R.,...~AI.3.
F...#....X..Y...C...5j_.....jH.^....[.f_k.}.!...7.e.?5..........0.J\..
QeNf<[email protected]:.>.......z..DM...F..O.a...h...g..N.?..o.. A
.#..#h.0....5r..?{...=(.&.{....l,O.4...m.M...2;Kd7....k.\Q.D...y....R&
.I...?..t...*[..5N.......C./.M............EG.W..^..Q..Ft>):||&l<<< skipped >>>

GET /static/image/num_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 506

Connection: keep-alive

Etag: "5d0-50f9295f-f23fd084c8dd12c9"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98537f490761-AMS
.PNG........IHDR... ...'.............IDATH....J.Q.....o@D/.e~K.....$%.
2.b""..f.&.u........kw..j....3.;.....~/......L&......0.-^....n....CA..
..V..y.m.][email protected]....@.^...._.v.].V.xD..z.J.p.Z
.^....\.....m.R9....r]7..'..R.tf((@Xp .H............b.~.N..5......CEM5
..q86T.T..........J......g(....xR|.....7CA...[[email protected],>.......
..z](............|.A X=.....`..j..t'.,...f..@....@..$.E.@&........%..N
.c.R.......Aps1u#..,.z`6... ....2..a..|>.N...x4...... ..X,..a..PP..
.?S..5.;.B....IEND.B`.....


GET /static/image/logo.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 9758

Connection: keep-alive

Etag: "29e6-50f9295f-5b599ae239950ee8"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9853ef540761-AMS
.PNG........IHDR.......Z......}.p..%.IDATx...w|[email protected].....
.kY...q..*...W......u... .Xw]..Wl...(b$...=.....v.)3.?...7!.........33
g.3.y.g...J)....Y.D.$do........`..#.b..[*..\.p.f..._n....g......b.....
..%..$doQW\..A.p.....1.81..%..&.......>R.\.{..C..4.hR?Hx.....R8JkA.
...?Q..... .b?.....5J].wR.FA.C........s......q...Dr.Q...0Q.........Q.Q
pU@'ae&dO.9....}:.....&....~.,%..t.7Q....@..([7.z#f....%8.U...).../TR.
........*v..9bO..P...$..R-D.P,....K#M...........b.Tj..$)x.W#.$Z'!.....
}...\.%oK*..j..%..V..!..B4..._......-P..p.>.r.i.d.f`...."..........
...].r..B.$ U..2.`[).........M....(.A.....Q..0T..g..]%..~..0B*.... O..
......^Q.......*......M..E.A..JE..$i...KK">..a.lPy.{..Q..H4MBv=..eJ
.K6..T.". ....^7...}......#.R[... [email protected] ....*.d#6w......
.1VW..h...........`K..hZ.b/.G.......h......)E..L......WqLL..a5...{....
U.......... ..c...@[email protected]..%.q.. .P..{....]..42F..."Z..1.8.ON.i
...A.D)u.B..`.....R..2.b[.{.X..*.G...L....)=..(U.....4... .b....(.E..)
._9J.i.5.......KQ)"R4RN........K..D.$....i}7.'.....d...X"...S.^.p..]..
g.%p.....$...e).-E.Qb....H.&.&!...1.:...(j.Q.(..POG.......,x .S.p.B*..
.{...."h ......I..RWb.R!zJE...(.b...B*.....Dus.X.na...s...1....j.....h
..t.....w.p..~uQ....H.!..4..v.LK..$jT...4?.,...Y..._J.....S.....=}....
=..x....!.Z..^&w.h..f.0\8..S.EjG....2..O.L.5....w..bT..F...}~........(
.|....>.SM..VI......Vf..$..r..}.O/...> '....s(3...,...DC3t.~.v..
..|........!..Q.,N4KBv....(.n.{O../e......#..5.l.~....K.. ........L...
1..........@..|...D.$d.0y<y..3.>............v..6J.WF...... .<<< skipped >>>

GET /static/image/shrink_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 849

Connection: keep-alive

Etag: "6e9-50f9295f-fe86a040a88ccd38"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9854df740761-AMS
.PNG........IHDR..............hE.....IDATx....j\U...s..$t2!Xmb...B....
..u.s...[->E.A.r.......B.KM!.......\D&.d.$..p...*..9....../wN......
.p.....I.....m.].k...|......g......^.gk.....xo...._.F'y..........~....
bw........?._......<.......5.....PW.~||.4M....RZ__......m[....(....
.aJ).H9.^[email protected]_..:.....B...N....Py..G....t....5z.....Pw
.G...@'.......F.$..;.T.....{2..:..)....Py...;.t.F..;[email protected]
..}t..;.O..u...kt'..@'...3....=.0...'z8a..:Q....@..=93... ..I.....R...
@[email protected]'<.PW..R.u....
[email protected])..bG.."....p..............{...mU..PG].QJ.....{
....j.|.._..>.....S...uiW....y...R.v....?i.......ms...Mr....3]..s.5
/5.........I...7.Z.R.?Kk)MO...G.0u..V..[~Y....q..E...'.W....*.3..Uv...
 ...h..4.q#e..g..r.-1.......S..!b..Q.... ...2..b.B1..l.Q.%.w6.x4:zR...
....>........IEND.B`.....


GET /static/image/shrink_button_icon.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 1101

Connection: keep-alive

Etag: "83e-51891205-dacf17616870751b"

Last-Modified: Tue, 07 May 2013 14:39:01 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98552f820761-AMS
.PNG........IHDR.............r.......IDATH...ML.i........k....j....n[m
T...ZZ....R...].Bwew...d..^LL...=z2......1...x.j..5..q..l.$?.w....~<
;.39r.<.....Jp_....;sC.P(.A...0...{.D.....(((h.....H5....V.'...($o 
3.V....I........q..P'..-....(...z........(|[email protected]<...I....e..
O......0,........f.k.e..B.^..0...mY.!.T...I.2sK.hkk...e2...>.R....k
.:K.R.&.MB0S.h4.......hwE..0.E.........(.....Z^^~c.f...v....{^...Z....
..B.T.R..a&.......s.\....~..9pvv.....#[email protected].}".y!.........
[email protected].#....j{&&&.............S.T....a.\...r....v........../.......
.@~.......g.......{{{.nll..........P.....gff.$..J.#...4B.!.j..d....C E
..[i.....=.c ................d..b..`..1I..#.A...A...............(H....
....&g.{vii...?d.... .......z...b$!....c$..........o...n:..ql.p.onn.ip
..........3..]...d{8..-,,..&..L....P...\.A...v.V.....EhC.....pI....W4.
.4IrKKK..........B.Of"!t.....r.w.R....K........@ 0@..$..l..a.RU......O
....Az>....D.A..!.b;.C.......C..loo...!.<.. .Q_..v..........._..
...N;.sssD.........82:n.ZY.i_mm...B.....f.,.Cv.....4..>....E.V`.Xfg
gG..$..m... H}..<??O...=..%..J....Y\\..d...J.F........1..-;*....IEN
D.B`.....
<<< skipped >>>

GET /static/image/button_join_now_tick.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 730

Connection: keep-alive

Etag: "69b-517a684d-ee8d60c7a120e32e"

Last-Modified: Fri, 26 Apr 2013 11:43:09 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98560f9c0761-AMS
.PNG........IHDR.............5.7.....IDATH...Mk.A....j%."...B......V..
#.....IkjHLjcL....z..Q.A.G...... ..GQA..;2..U.....|...8.D&.I.e4....7A.
8&m.uJ..J.T~W(.a.\.G..Z%......#.J........]..... 4F.!p..j.... r.,![..kp
.p..PX.8....H.....M.E..d........P...."..j.W.7pN.r...p8<.j...D....p.
...]...e..... ..O.h..<..D... 8.*\.e..x<......@,Qb.Ql./<.....;
..........q....\ X.>.d..o..D..#._1!........`.>J.H..L&.V.%......,
....1...vR.~...e......&.........R.'..........!...6...8.& 8.N....8@....
.|>.A.i.`,i6.aA.>.p.d;By@$..A...........}.'.K.....%......#.....\
..8,..J%F..B...A.s}zwww9C4.r..1w{......../..?...l.....-..j..KpO"../..)
....@b/.....h)....V......c|Ob0......!...*z.n.S>...*...........%T...
v..L..b..V....._...O.W.. 5........$....M.DG......IEND.B`.....


GET /static/image/fb_f.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 572

Connection: keep-alive

Etag: "5d5-51839c86-dfeef352323b48a9"

Last-Modified: Fri, 03 May 2013 11:16:22 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98568fad0761-AMS
.PNG........IHDR.......!......>[email protected]*
.....I.."[..eM.3 .{.....=....s.s*... ;Q.2.tX2.....~......c...~...~T...
.vS....$.................4h...u.?!......mG.0.}....Wp...7$...%.@.>..
1.A.........v...........7..|.2....|..P..?...v......0..u....F..B$.x..#.
.W.z.1P....o6.A..[7M.....E[.....3f.{.....c.....?w../...o.k..s....^...r
.A1...>~.$..?.FR.^.......`.....z...1...W..d..SO~..C.Y.]...[........
c.p....../....._......#*D'.#g.a...s...\......a..../ ..k17........]F...
r....\~1j.....X*...=.....x.a.. ..p..{?n..........}......'.y..*.%.....@
.-.!..%d.....IEND.B`.....


GET /static/image/arrow.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 523

Connection: keep-alive

Etag: "5e4-50f9295f-ad2107aed9966ef3"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9856efba0761-AMS
.PNG........IHDR...............,.....IDAT8.... .q....kX...... ...e.8l.
.G...$..P8PX6.y_.%......Q.;..z.[$...~.g...;l}.M..~.M.....`@q..V.......
.>..|J.Q....7Y..B..V. .`..U....m....Vy.../$.1.8}.ipa[...6. .O0{p...
...@..:.%(s..h.........'.9......J..xIH..2.!P.H......'...I....r...@....
..m.!.}[email protected]#...T<AKM.X.y.w.....$H....s]...kfuz=x.......z.6..O
.5Mnzz..L. .{.kW...-../.TTQ.'..u8...\......WD.Z&x|fj-..vu.........Q.N.
Y.fs.3.K.y.......c...Pjrna{....~...9#.....a.H..].....i(...(.M.j.ILk.q.
R.....:P\.."Q...Z./....*.b^....IEND.B`.....


GET /static/image/language_flags.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 2938

Connection: keep-alive

Etag: "c02-533ef450-7c77c8bf1820113f"

Last-Modified: Fri, 04 Apr 2014 18:05:04 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9857bfd40761-AMS
.PNG........IHDR....................AIDATx...{..U..?}..GB..L..."N..H..
.....% .W..D1...........Ve#.....By.*)..|UB@-...>.......!..a2....y..
..=....G.....N..s..=...S..._...x..2......!............_......Y..=`j.dp
r'....E......s...Nn..%<u c.....q....u....,...........r.._B~........
*....w.......S7..W..,Q.<..`2...wX..{.....Vn...|.Qj../....3....l.. ^
....4S.d..p.9...!V.i;.<.C....Q.^f>..Dd.....^.g{.%2..*......`...L
.Z...$.)P.(.i....>..I.G,Xw.....m...sN..b...O."p.N...O.....<.....
.......SD..s.'...2q.N...Y......I...ba..o=....<|..D.>.;1.&......=
..9...e?.../.....W.w"7..<..s......[.....|.w.#.9...AY..}r..!q6....r.
5...o.Z...k..."...N.8v.~........O....|.....7.n...^.U"../9j..GEP.T.....
A#.u...j=....s....9..DQ.....S......;>.....E..(.."..>\.zs.E...^..
@P..N.........(.9.....VA;z..-..e...=..Z...Z.....=..T.TZ.......'d...DQ.
..iR|T...mJ.:...g.{..d.D..z.H....F.K.mY...;.u.k=e....s.N.......,.X.1..
8.....s.....F....d.k=.z.....(@.B..U`4XWX...3wV...am..D.5H.(...........
...!..k....>..55.HD.Z..1...|.P....."..*..H.]|......{.it2a<......
.?.`dY.....61q..1..9...c,^.2g..`...;o.Q...~..kL~.Ak.IRb.PJ.$.J).8F%..^
..`..`....`.5..|..."....h..&)......Y.]@.#&..Xdr.....R..I.KS.c.3Hc0....
.@.....'.:..Y..5KC.!......-.,..-..f:..'.0I`..".fN..k...C...a...8.=.f..
0..l...y].......8mI....?.~.|...K%..O^....;...J...c#....Y....^.W.Zt(Z..
C4p3.. .`.`.`..<...V..........\...*>..*..."8..._F.. ......Dg.]H~
[email protected]|.m i......C#[email protected]...,.t.^..
2...]....%W$.....(..]t.=\RRg,H.L..4p ...I.l.......2..3..[ .B..L`."<<< skipped >>>

GET /static/image/language_arrows.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 141

Connection: keep-alive

Etag: "3f8-50f9295f-d0babe0c0e84ba40"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98588ffc0761-AMS

.PNG........IHDR.......F......].....TIDATH.c...?.>.8.`.).....bU.7#.
D.....&.80E.|..0A..)Fq..I.q1.`T.......%..2..Rn4.F.....bS..5.......IEND
.B`.....

GET /static/image/safe.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1258

Connection: keep-alive

Etag: "885-50f9295f-251a6c81a43d1c3e"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9859200e0761-AMS
.PNG........IHDR...-...-......xu.....IDATX....o.V......:\..5I.{.....q.
jx4m...Ic....{.E.e.'U..#.". .|.^.{..#T....'..?._......h4.......V .:%&g
t;$..y......_.."i.|((...*..P.W....pn..DK.CA.f.....U.y.L.i.T.%F........
......i.BHc..iq]ed4.78...#3.M.!....p?t...:M..-i....qZ.Ym*.X).{M.&"....
'../.n...Z[.x.8..j.#K.;.....x..jSf...j..o.M.....)[........|Z....j....O
..*...A..?....'.).(..4....>....k..Ze.G'd.5V.T7.U.LC.vww.....T`..~o.
.-<.y}..3...B.t...O.M....x..h....e.....O t..*..(.Y.C{.......%c...T.
5^.2h....,[.....a...b.......`....:...=..5.o.|4x....Hf... .;'..q....WN.
-.E.i.Q....J.D..@.*#..Ro..4'....FY."..xKf..)te4..O...jL.b.y...K..>0
.......S.:...XV.q.ck....{..B......|`.Qb......Mq.z.Co.....K.!s...F....j
Gy...p...> .Y...>|.B..9E.%.P,..3.;.;..qz~.;<y.....c,..'lK...Y
..G....jin.!......../.F.q..C.Bu". ..5[.....w....-.>^]u.v...,H..Y..T
..L...2T l.F....r......3.S........db ..yl..IC...}..c....K...(..Eq...5D
[./......y1..dP.2......."..t......,.........D.2$U,[email protected]
^..........Vt'$..n9Q...L/IK....K6...d.r.nD.....u.......?.Q..LC..c.}X..
..q_..!.l..2.AK./&........wM..#......5.~..K...oX~B.....I.......5....\B
.`..[[email protected].|.^.u.S.......6.......}$Qg'..
.8....F..(.......o..6/....,..wf...K..Z.E.........l.>...............
........gkr1.....IEND.B`.....
<<< skipped >>>

GET /static/image/ads.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1058

Connection: keep-alive

Etag: "7b5-50f9295f-26c22340ee87da5b"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9859801d0761-AMS
.PNG........IHDR...-...-......xu.....IDATX..X.n%5.....Bw....C. ..l`...
........D...(..f....X ~(.....pw..v.r.!..nl.}....*..........HU?..].....
...s~......].j......-..f.e..MC............[..d...l.v48....1=..........
.:..kpj..U....,..UU].?...w@.................$....-^...}.`..fY..L..7?.@
.d..~...G.....(n.9.9....!..(6..1..E$...0.....H...._~.cy..S.....``*0yQx
......v...1Y.P.?U..K..X.(Wm....3...v.9?.4.3RU.z.......D..Qo..ly"...).v
l...gA]'.W........x.......P?.|..7.&.y....S.G"..jQUu..8.............U.1
......c.G.r......C./......y..c..U....[.C.Db.....4[D...W...} Y^... bc._
7"YQ...P..!_....<o.[B.1&.X.. @..&ik.l.O.03.[...`SE.9.....HD.Z.[...n
J....^.{6..........K.8..o...B{.WUeR..9k:...%oID...Lhp..?{...W..g.X...L
...?.H?..b...%~d.....KK.x..pQn:.s../......H.........IX..VK.y.2?p.....d
.R^.....c.....A..{.s..Q{f...F..uqi...Z.........}...Q..N...=.=.T.}...-.
w.....X......]...G..E<w.R|.N.L........O.....?q.:.c.s\..6z.W#....n6C
}\.............<..z..?..)..S\......1&2"..1..A]. .lG:.....`,.....[..
.c..E\......j..Q$...qH.'....)H....E....q%....p#.\{}Y.[..O......7...Lf.
...e.....IEND.B`.....


GET /static/image/lmp.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1455

Connection: keep-alive

Etag: "9da-50f9295f-d240a8a38f08f263"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985b705f0761-AMS
.PNG........IHDR...-...-......xu....vIDATX....w.Z.....k..]wUmK)..y...&
lt;U........:SP..G..1..of}.p..;..s..<.6.....[...x....O......l..|..=
..q{{G..l.y.L7......G...N..EZ.0.'..;<........7......w3....8...."...
-.....v...e..... .{'S.SR...........K0.........M7..x.Vue.....(.HIhAo20D
 ..(.K...4G0.v{u.C..IN........O....3(..."(...$.=G.;{...7.qs..F^.`./UB1
.....T.Sp.....Op...d.03O.=3..L._...t........:\......l.u8..rX.A."...1x.
...x.$.....bl&D..L..c.J..-.A..(..R.\.F.IZ.t|25...b./C...G.r\......x.`.
......|.=~1.r....8?O0$. .#'....\].m..F.."hi..Q....d....p....J...U.^.ey
u..j.......`....,-(.f......c$..h...{Xh.. .......Vm....y.B..#]z...%....
..V.X.Y."..H&..#....%\^]..&W.p.5.. .."P..Ru4....p.gd...q.T;]X..?...~..
....B=.4............-..H....z.yyyU.. .........9.w8......r......n.....V
.....-._-.....e#.....}0.. h..v.G&..H.d$..u...u}>....,..JfgZ(..3l|".
.....V...&.....8I.. .y..oo%.A...D!%8..9:.C.$.%R..L.....l\\a...{...{P..
..2 L.%.>r\]_......8....V.5.....3E.P][email protected] .#%.b%.X..99......
....J.G.T.....l.1N.........C..?`.&....4[w.....;..b.p.&(FW.....z.Y.u...
.j..<.qx....1 .......$..r3.)...t....(.f@..(.N......-h..&..3}....d.)
Z....;....n...n.p.9d.I$.....\../.]Y.:<:.(m>.....Y..A.A..I.......
O......J.!.Y. .....X.V..\._...#9R....... ...r\\^..l.....tey.....Y]....
......N:H..YI.p`n.V..qp!.x.Z......8/.8......&n.$........6W....P..g..:.
LH....T....0C.. A...........9.Rp...Cz.._<l...ja.......7X..._.#..~N.
I*xI.f_..?.Q'.....60.l.w S|.....(T.....*>..r!...7k;(..|...1..?jx=..
.y.....IEND.B`.....
<<< skipped >>>

GET /static/image/stats.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1707

Connection: keep-alive

Etag: "a5b-50f9295f-9d0ba04bcf09b269"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985bd06d0761-AMS
.PNG........IHDR...-...-......xu....rIDATX..X.W.K...?....D..-l....K[..
.b.(.D.....(b..M.|''.w.|......o..89-WV.|I3-YO.K.....~........?....]...
...3.._3..f.....u.(^..L ...r.?........Kqrum}tB#.X[...G.......P..a.Q...
....].DX....;.....o.....;.-.<<<...B@0"....0.'. -.br..J.U.bV..
...!...(;.......Z[.....S*..M_|.l...e...../..=..............n...y".....
0#.F...H....)...o>."..}~q9*..o..Q....<l.3...sy5..C. .u..3..4....
h.Z!...PA....F...-..........d.!.. ../...6...\..'.......%h..y.S..w..../
.C...#[(..IX..QV..8L....%..e..Iw.....<.Eg..\.Q..F..Jz.G8&.8..0B.\]{
....~..r*.k#.~.....R..F..U........x....W.......I.......#.5.^.E.B....F@
.D..(A......<..<.\Z............o8..c)....%Wj.ww-L..x8m..x`...].c
..S............T...?.^.8X..".O..{<H..Uc.1..Z5.m.......X..zyu.......
.8X=a..#[....nnn.$....d....G.Y.x...jf......{...*WV.$......<i.....H.
.\.[;HuF6'....].eJ........8mv.....=. .A.t...nr`\]..QB....G.SY%1.....@]
.).../b..T..3>>==.......E.-.... 4$8.9..w..S.....=..Q*.Vn{.....?o
no...A....(#:.J?9^.A3E=..."#.y59.`I<iwo.........A.7...k....0.D...W"
..Y.....b...tj....xB$2..9..j..G99.J........B...j.]..5...4<8j..1h.4.
..r..[... h)lNl.J.J...#y..yv1:.QM`....Wy....d.uP....j.M.....S|.sZ...&g
t;$...t...........V..(n...r.*....7.......N..J..j...z...T. P...S.)Jq...
W'S2..^.......3.F..|... 6&h.E....Ej.~'....".... ........dP.f....U.....
c\*h.i^...}..R.".h....=hj.1..t....8....;..?j............dv*..6N..O....
..P....._^]..>.; W.5z*7.hI..'....b...2.$Pc..;........[..M.z.FwC.R..
....4/. .\.y....v?W[...r.........(V..7.TD........A.mq..S.t~Z.[Y..x<<< skipped >>>

GET /static/image/api.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1068

Connection: keep-alive

Etag: "849-50f9295f-80af35f2c784138b"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985c40820761-AMS
.PNG........IHDR...-...-......xu.....IDATX...iW"G....9......wz....A...
...w.=...8......p.eD.<9I.........U..z..A.....Z)..l'._.........?mb.{
.~?...O_.?..?.H0..Oz...D.rN...\.Fl.....`}[email protected].`d?-y..i...t....?*..F.
.(..C.R8.%....N`.......)Y.[ww..Q...^*...`s{..?.U#>..B.J.:[email protected]<
;..v......e=6.!>yC.%><5..5.M.n.x.L.W)Q.%...'.!r.....u..[.....
.;...T..[;.h.e=.*..#.... #S...D.[G~...O..H.Q....G(1.l.*..^..(..~......
..'..u..G...AR1.V.....K.a...d...~ ym6.~......*3..k.>....q2 ..bu....
=Dke..h]...'PB4.#.X..L.&9...f.Z....r.....[Z...E..-......XH......U.u.@.
..Sb.jw.#.!Z1..........I...:.V...G4.Ex5.H/..`e..........udQ...........
DG..=f...)....@|.C..q..7....m"..6.H..N6 ...:./..S.fb<H..s3/...G'..T
Lw........9.D....W.....=...^.....W.n6.X..K...Nf._.........Q\.f.....b.x
.t..>@.#j...DP...!i..d....f&>BG.6..6......!.ql.m E{VO.S.m.)j&Aq.
.oCG..>......j%`.t.]Q ~..Q..x|..1.).p.D-.Jd.d..X`.t...^o.3/.%......
.Dz........3;.....E*W....<.....8s.?.>8..v...v.9.|[email protected]#
..........Zw......,v../...[>x.w.k4n3. n&....-......S|&Ie....._...?.
..V.@$..%....k....3.d...C.......u..:F..."...?..$....IEND.B`....
.


GET /static/image/scripts.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 1819

Connection: keep-alive

Etag: "bb6-50f9295f-3f7d24abdabfe18"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985d30a90761-AMS
.PNG........IHDR...-...-......xu.....IDATX....[[email protected]
.. bm..*jkmE...}qX.....~.y..'$g......I<?...O.7...K ..V.........|.v.
..U(..[._....x&..U...........Z...7ne..~{2D..~..'>.....T}3..../.....
...b.{.._zC;{.O.h.../P....p. Dz.......\..BB.....i...G.GA...o.=AM.8....
.G.........([email protected].. .z..r..|.>'D..Z...._/{=%..."..).{r:.c.......
cP.W..l....b}..E........P.df..Z..G..[...F{k.!w.....NDEdF.....K!..2.A6.
@..W.V............f\..\Pl4,.D..b.........o..H.4. .K.!....J33$..F..<
.c.7$.Z.w.P...)&.H.QX..K$.)./.4..r\.3.s..%.1R..w..G...K.Dz.wAA.(Vf..XT
$.....b............o..r#.........;...3N.O......v$.. xw\.s..r8..$.N...L
|!.J.\....... '`.`..?.../.=........yJ.....C.. .`l<!R.~$F.X....n...V
....).....M.a...........9.i9!<Jf... F.........C...R..../...c.b..x59
Sp.P..,P...6r.:......t.[..`P.5PM....k..9........y.".[..L.....pdfJ.j..5
]...q*E......*..k.N*[...}........~.:.....J].L)f9%.I.W..-......sB....e.
L....=.."O...H#..m...W....B..i.f. uI..F.)1f.E-.......8.Gp........Sh.i.
....p.....B<.......V.d........`7f..OO;.z.....`D....\[S...H;%.)6..\.
y..........{.8..P.4.4..8.1be....q..s.6.0..-.f.0.........njf.)b..dD...f
..n....].]z.....#..%qr..Y....#.@.?.......)F.E..q...\.ry.{.. B.$.L...},
4,.qF..TW.'....KT7....r.Za^ax.......f......O...Z""..g...Ro..M.6.......
.l6.t.".8./.n.|~.q.xY........[,.D.u.v.Ux..9.|w.8.L.......Fg.G.\.. n...
...h......V....<...3..%.Z.r...}.9.....v!....... P*..nf...\....{/.d.
9..Kj....p.k.4..|..z...d.....j..(.B..p... .^....*.......I..-kIIKp..AYk
n...""\#.?...C.....PY..}....ux......I.....a&...O......43E...[...7.<<< skipped >>>

GET /static/image/quote_top_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 195

Connection: keep-alive

Etag: "476-50f9295f-7c967d47eb356288"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985d90bd0761-AMS

.PNG........IHDR.............2.I.....IDAT....... ......7...aA....5....
.s.....5..c...*Xk.u......\;.Dd.w.u).N ........1.....,..Z.7..:'..d.&W..
.."pG5.d...b.K  . .a'..h.7A.Zna....Y...7*/.....IEND.B`.....

GET /static/image/blockquote_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:20 GMT

Content-Type: image/png

Content-Length: 311

Connection: keep-alive

Etag: "4cc-50f9295f-2e1383c751194f05"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:20 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985df0ce0761-AMS
.PNG........IHDR................;....IDAT8..U...0...).*.).).N......?..
.W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..SY.W......pN..5.J
x..w....7.........5\.l....;..4...%....4{.../.........W..j.....^E=..A.E
[email protected]..@.=1..... .. ......E...(N.'...8.........c..;HC.WE2.,[email protected]..
..'.hD..W..F..:p.g|....IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014
 13:24:20 GMT..Content-Type: image/png..Content-Length: 311..Connectio
n: keep-alive..Etag: "4cc-50f9295f-2e1383c751194f05"..Last-Modified: F
ri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=604800..E
xpires: Sat, 09 Aug 2014 13:24:20 GMT..CF-BGJ: imgq(85)..CF-Cache-Stat
us: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a9
85df0ce0761-AMS...PNG........IHDR................;....IDAT8..U...0...)
.*.).).N......?...W]'%.(J.L.,M..{.c.......{Cpp..5.E..rCEl......z...`..
SY.W......pN..5.Jx..w....7.........5\.l....;..4...%....4{.../.........
W..j.....^[email protected]..@.=1..... .. ......E...(N.'...8.........c..;HC.
WE2.,[email protected]....'.hD..W..F..:p.g|....IEND.B`.....


GET /static/image/footer_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 85

Connection: keep-alive

Etag: "3f4-50f9295f-b0859217d11bcf11"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986d83070761-AMS

.PNG........IHDR.......K.....>.z.....IDAT..c...e...d..s....zX.b....
'.%k......IEND.B`.....

GET /static/image/footer_home_ll_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 129

Connection: keep-alive

Etag: "41d-50f9295f-95da00cc70972737"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986de3100761-AMS

.PNG........IHDR.......3........x...HIDAT..e....0...t.R. ......!..:.~I
...u;....1.4....8.Y.n#S...v.n..../S}.Y.0lB.Ga......IEND.B`.....

GET /static/image/ft_payoneer.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 1634

Connection: keep-alive

Etag: "68a-5131339a-1396711c46a71c6b"

Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986e43260761-AMS
.PNG........IHDR...Q.........3.......PLTE...lmm..%.........yzz........
c~~~..................ijjPQQ...uvv................u.^__.|...........~.
..I.........[\\..N...bcc........z..v.y..x...................rss.......
.-..#eff........x......Z[[.....E....}..|..z....RSSaaa........._``WXX]^
^...abb\]]...............VWW.....................TUU...deeUVV.........
XYY.........ghh........................stt.....................YZZ...o
pp...........................cdd...............fgg..x.................
.{||...kll...................}..................h.....................
..............~.......................................................
.......x.....`..............(................................e........
........{.........8..<..=.................................noo..r...
.........{.............C.s............g...!.m.....IDATH.c..6`.r...H.{^
k.=..D....f#8<.~*....:.....L..l...2....'._..D.5W#. .............F).
..=o.........Lpd..h8...]= ..*.(]i& ..%M...N..r. s..../#.....G.O.M.....
...nv...u.w....6P$ 4.....e]....".]..n.:...i.uw.N..MY.........T.YP.....
..".....v?-ww.t..G......|x...|.c..V..l....O......Y..}.C.......r..[....
c5Q.O2J^PU...J..O....-.z:..#L...V..:H.q.q5u'....Q..~&..C8._.A?.F......
..5A,.....s.........2..(....0....,...}I[..;tN..... wDU.S".p.4...w...%.
... (.=f...^wC.rww......8......T..4.O..J.n......3.....TxF...Di.X..z.k.
.s<2.b.Z^......8f......7....z.........A.> ..........c.vkNT..d.#]
AAq,..!;.T..9dsL.....q..#.2;0...,.f..-.!..F.....n,.7!5....#).]Th..7O..
...i_iVwGii_U....H.&.N.....11......eO'...ww.....M2qO...v..`...u..d<<< skipped >>>

GET /static/image/button_join_tick.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 725

Connection: keep-alive

Etag: "6b7-51839c86-346dea2d3e41ae48"

Last-Modified: Fri, 03 May 2013 11:16:22 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9898a91d0761-AMS
.PNG........IHDR.............F.......IDAT8...Oh.a.._u%^T.).%..y..#.V..
...Pv.$<....o8.....U[[email protected]..*$x.%"C.s.........9....y~.>.
..>...`.N..p...S....V..^.!......[....Xs....^....L.......R.0..x.Z...
"o..kh\[email protected]{.{.....y .....G.3.....XUdR?Y2..R(.~(...............
...:...|..f..p.W.g1.....9..'.R.|xx..........K.Z....% ...l...\.....f..Z
YY..uH.c..].....,.j....].2.L.s5......\....yy...t....7uw..../6'..M.].W.
R.T....###.........~.U...v..V.u. ...*.N...F .....?!]....y......5.....%
.Z./..u......@.]<....q.AY[.;.....Y..[...u..M...ByllL..}......z}...|
_,.k.(~.:.kw.......lL.y<...].9A.>...K....1....\._..?.T..).....W:
.eu`a...>==./..O....;...v.U)..J..LLL.X,...c....n..K.........[[[wc..
=.9c.)5._...........G._..#.`..J..s....IEND.B`.....

GET /ga.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 12:44:45 GMT

Expires: Sun, 03 Aug 2014 00:44:45 GMT

Last-Modified: Tue, 17 Jun 2014 01:05:58 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15810

Age: 2379

Cache-Control: public, max-age=43200

Alternate-Protocol: 80:quic
...........}kW.:..w~....c...pk..f..-mii..%...e9..q.........$[NB.s.Y...
......h43v..Pd.d.z..|..y ."........(..a.B........1..Tf..K.L2....~...ep
...&y....MS...t9.....&..2... .Q.N.(o....8..q..L.!...a..0...$.pX..N&..a
. ..zB:l.8c9.p.....;l..x.$c.]BP\.....B...&..*pz.H.~......g...Ap..!....
K......V;l.H.....V.a.....s.$p....5.39...a.a7P'9.b.[H>N.$..A..... ..
^..;h.h...2l_......w9..d.@.`...N.....|....%.d.%........{.....&.A.I..:.
...F.;..c..{P*..~..JzP.Kl...F..y.U8(&.......}[email protected]. u.Y...!..R
.h.F..`./>5...*{P..(..:A.}..v.} ..u...k......w\..d....he.q..U.u..yE
..J.Re.....Y.2!.J.a..i^R....p..LG4.d.6U..........E..%..5.kz<....[..
!2o.tV.V.....|..p7o..?N&..].o>.|...../..a.\...vL3].._....q.....C.].
JG..\.[9...hp....w.Y^1..>..`..Q..!w0.U..}x.;^.......w.I............
....R..aQ2R..<..%....A%|.E...j...L..j..\.\.D.<.g....^Y)...L.*D..
......2....-..%F.T..j..,F...C.....m_.$..2..2.g...B.{.....\c......*5..c
..J.{@...Q.....j..........E..Z...#>.....>...g{...t.....i1..Yk..@
m..v.Cf..)..7.....(.......$\.S.......>......a..r..N. ........o;>
...A..>...U...J'.....X....B.q..E....()..3. .... A".uss.;.......W...
..k-..zF.\`Qp?........\d..a..A.1....5......Z.H...M"tf.GM. .X[.YU...T..
_.lH......n@=1.5N....?Z...V>&."..Q$.....&.sS..Kq....].UySz=..3..$."
....".'.Iar\Y.WVt\....;[email protected])2!..xD7...T..Di.
v.RC`.m.8.\....J....h..uss.....p..)..O3.W....5....k...y.`^ ....&1..f".
.D.w.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T
..m.^..fM....>..>d..Q..!....P1......7L...[.........;.>_W.<<< skipped >>>

GET /__utm.gif?utmwv=5.5.3&utms=1&utmn=263499665&utmhn=adf.ly&utmcs=utf-8&utmsr=1276x846&utmvp=358x169&utmsc=32-bit&utmul=en-us&utmje=1&utmfl=11.6 r602&utmdt=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&utmhid=1362955423&utmr=-&utmp=/&utmht=1406985883144&utmac=UA-6469700-8&utmcc=__utma=255621336.652463225.1406985880.1406985880.1406985880.1;+__utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none);&utmu=D~ HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Pragma: no-cache

Expires: Wed, 19 Apr 2000 11:43:00 GMT

Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Date: Thu, 31 Jul 2014 18:28:18 GMT

Server: Golfe2

Content-Length: 35

Age: 154571

Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate

Alternate-Protocol: 80:quic

GIF89a.............,...........D..;HTTP/1.1 200 OK..Pragma: no-cache..
Expires: Wed, 19 Apr 2000 11:43:00 GMT..Last-Modified: Wed, 21 Jan 200
4 19:51:30 GMT..X-Content-Type-Options: nosniff..Content-Type: image/g
if..Date: Thu, 31 Jul 2014 18:28:18 GMT..Server: Golfe2..Content-Lengt
h: 35..Age: 154571..Cache-Control: private, no-cache, no-cache=Set-Coo
kie, proxy-revalidate..Alternate-Protocol: 80:quic..GIF89a............
.,...........D..;..

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 2631

Connection: keep-alive

Etag: "eb2-50f9295f-b7350d95446e43db"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a09410761-AMS
.PNG........IHDR.......d.....p..}....IDATx....v....a^N.j.jzns...].N...
$...1.......26E....Ak8~.<.h......Hr....k....V....(........(........
....P........P.........:........:[email protected]..@A.......(........(...
\}A...?..`.(...P.........)..o.........i.....B.M...N...sz../$..uL......
..wu.......gh<VN...{..'V....k.Z..{S.W..._V... s..y*......H.y..TrL..
..s.m,....}....yd.F.L..:u. ....e?..f.....u...J)n....Q.........:..(U..1
[email protected]......|O........s...XK.G...k...q...;.9k
.....9...Mnn{c..on.........*..9...>I.p.y...R.(..-...Y?R.Nj.........
....n..s.....cJ..f....i.;.9..q..ol.........U"oR...q.u...|....D...3g>
;j........_........J..}.Y....o.s.9.:Gnu...f...`....9P.K~...h(...\uA.v'
.....=....S...9m..K...x.k.9...z.>G....X|..J..9.b.......Rq.........r
s<.n....; .J.Z{?6_5............]..7r...5O.~..........k-..N.G...Y...
....:({....u.-d..`5(...\GAo..B...bm.m.....>.mw...6.\.~c.5B.wb.Sq...
$....z.X....;qMSsU........vMF.....3..].u5GRc......MF>..]..&.>..i
.o2.m......g.z.(.K.A#....;.Y.g......z~[[email protected]..
........u.........gl\......973...]#...C.sC......P....ul.1......1..9&%.
.3..=...I..v.Z..gO.s..z....f.Y3O....F~6B-.f..Zw<gKN}S.o...yR.'.....
....l....-...gC....{....e,<.{o... G.\iA.s*B......z-..}A.../........
h...u<......>...........I....b..]<.....Wa.C..?..9~..`.<.|p
x:........^[email protected]...? .z...C........V...X.O?4.3...=..../........at...
....y.. .?..pr.M ...ZL.........>M....Y`_R..\..O.Q......'.......|...
.......{._?.....p...m..<._~...S..>m........o....[.dV.....v..<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 90

Connection: keep-alive

Etag: "5a-50f9295f-a1f214bb4b677d67"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a99560761-AMS

.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D..
..".........IEND.B`.....

GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 4197

Connection: keep-alive

Etag: "1111-50f9295f-f87e057d046f03d1"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989ae95f0761-AMS
.PNG........IHDR..............IJ.....PLTE.............................
......................................................................
......................................................................
......................................................................
.....NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|.......(.
.$......b...l..F>n~.hh.H.....IDATx..].{...>.!.P1EZ.....dv.%Y...Z
5YR.......?...D....H.e...'..$.{y....M.....PP.\..9..7O!....(l..M,....[/
.(..)..`[email protected]...@..%.c..7h. o. ..V;d.j.[.@.. .......X./.n...l7Q.`.B
[email protected] d....nz..][email protected]?HY........2.Wk....
..n]aG.,.....f....$.*.<.4....nq...QQ..)...@.]:..`........*.g,}p....
u..T...[8|.g............6w.7z>nV.;..*.......&...!....(.}.y;|e....p.
..w=!D.Un=.1...A\....... \[email protected]!.q..
a.....z.>..C.py...u .B". 8.."]x...5...&........ 6...........t.....H
..5`....<Vh. '.8..W.....\......;.[.@$...H...=Evk...U....p.........y
..B..0x4..  .vD....Z...Rwt...y8l...E....yf..bq.........`..."..B.. ....
....^..W({[email protected].#..H>@.......;.....G.........>...vH$$$$$
$....V.....g..U......kW...<.s..........*8.F.|s.]..a..:... u..[....A
~...l.H~.....p.3..jZa.. ........7}.(D.g..u...:..E8/..)P...'B.....f;!B.
1."@v...w....8.`..w.....$.G.V...cb43:*[email protected]..................@h
.Jz....>-.8.YL.KGW..iMoO...t.VO..f....i...N`....j......\C........f.
Gb9..sq.E..i....v.@....`......`....... .....K..j=4<..^.2:....1.N...
Y08.8.|[email protected].......>@.~.....:.'$$$$./d...~..<....j].`P...".<<< skipped >>>

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT

Date: Thu, 31 Jul 2014 18:45:02 GMT

Expires: Fri, 31 Jul 2015 18:45:02 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33186

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 153546

Alternate-Protocol: 80:quic
.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D..
 (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK
?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.
......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_.
..~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U.
.....r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x.
..C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......
o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m
...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F
..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.
y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rY
x..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.
p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.
j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`
..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..&
lt;.F..q5C..vR.iO)Z.(..&T..v.Z#.. [email protected]..
.=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd
.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...&l
t;.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o
{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...
,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=....
.P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....<<< skipped >>>

GET /ajax/libs/jqueryui/1.9.2/jquery-ui.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Tue, 27 Nov 2012 15:27:03 GMT

Date: Thu, 31 Jul 2014 18:45:10 GMT

Expires: Fri, 31 Jul 2015 18:45:10 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 62651

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 153545

Alternate-Protocol: 80:quic
............k{...(.........R.....`>..L.Ln'v&.QX?0.Zh([email protected]]....
......X.._.^{..........g...O~|y2<y?..y..~<.O..'.........m7......
[email protected]....&9........Ml$...wy.$.T..-...w....nz..x...)..Io.u.h}.U.K.
W (.$f.....J7}.V0..:o.v.n..S~....X...nF...w......r..Um.........sp..9..
..Z.4..zs.u....w.k..wAE.f.n.....f.......~..Z.}.l..lV............n.....
.5o3......)[email protected].. =.6.k\2:u.<~.;...c:...I.^....*...H..fz.u.
..&_.|........W..X#..6.._'E..et.>.O....x........&..|].......hZ.....
... M..,.......[...i=*.^|....|.....]...i..7.&..N..J.0(n.].....w..... .
..........(....(7.v.Gy...Z......z.wH...y...h.#Y....e..a...I.a.m.W.._w&
lt;..|.G....u....}.....8;;.?b.M..`.^......z......~][email protected].
G.u^.k....e:....o.bX,.?/..v1..BR.g...O.U..G.ax.W.=Mq.m^.)3...I@.<..
.?>..I..x..?^}.....O......i2...../.~..E........m..q...........?$...
.W..~."y.......E......_.N...........7O.?O&c.......<.:.L.*....|..R&2
E.>..L...._.....B..2..._............................._...;....../..
 ...c...G..._$.......(.G.R....U..6.......^.Q...~....... .7o.:.....lqm.
>.....M...n.j........0....r..n..{8..(.Vyh.l.Y.d...w...>(.,.j....
1q.n....R...."lZ@..].....<...zB .$...h....U..m~....9.G.. \....lx.*&
gt;.K9....=......l}. ......../y../...../.G8....L.;.._....#@s.9fy..PA..
.....,........5J..m$!Y5....rD-...J0.).Pr.wE3.........Y.9.....^..`...q.
..`..o....f.DwM.;../.6..aF.dL.......a.......5....}...^$....,..}.L.h.{.
).X.v.........`P.^..:......-....K../q4....m.."[email protected]
....M.]V3O..\_t&tp..i..i.......80.;....z<.U <..m......Y.(...<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-icons_ffffff_256x240.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 4197

Connection: keep-alive

Etag: "1111-50f9295f-f87e057d046f03d1"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989a09ee0761-AMS
.PNG........IHDR..............IJ.....PLTE.............................
......................................................................
......................................................................
......................................................................
.....NtRNS...2..P...."Tp@f`.... <.BHJ.Z&0R,.4...j...8D...|.......(.
.$......b...l..F>n~.hh.H.....IDATx..].{...>.!.P1EZ.....dv.%Y...Z
5YR.......?...D....H.e...'..$.{y....M.....PP.\..9..7O!....(l..M,....[/
.(..)..`[email protected]...@..%.c..7h. o. ..V;d.j.[.@.. .......X./.n...l7Q.`.B
[email protected] d....nz..][email protected]?HY........2.Wk....
..n]aG.,.....f....$.*.<.4....nq...QQ..)...@.]:..`........*.g,}p....
u..T...[8|.g............6w.7z>nV.;..*.......&...!....(.}.y;|e....p.
..w=!D.Un=.1...A\....... \[email protected]!.q..
a.....z.>..C.py...u .B". 8.."]x...5...&........ 6...........t.....H
..5`....<Vh. '.8..W.....\......;.[.@$...H...=Evk...U....p.........y
..B..0x4..  .vD....Z...Rwt...y8l...E....yf..bq.........`..."..B.. ....
....^..W({[email protected].#..H>@.......;.....G.........>...vH$$$$$
$....V.....g..U......kW...<.s..........*8.F.|s.]..a..:... u..[....A
~...l.H~.....p.3..jZa.. ........7}.(D.g..u...:..E8/..)P...'B.....f;!B.
1."@v...w....8.`..w.....$.G.V...cb43:*[email protected]..................@h
.Jz....>-.8.YL.KGW..iMoO...t.VO..f....i...N`....j......\C........f.
Gb9..sq.E..i....v.@....`......`....... .....K..j=4<..^.2:....1.N...
Y08.8.|[email protected].......>@.~.....:.'$$$$./d...~..<....j].`P...".<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_gloss-wave_35_f6a828_500x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 2631

Connection: keep-alive

Etag: "eb2-50f9295f-b7350d95446e43db"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989ab9fb0761-AMS
.PNG........IHDR.......d.....p..}....IDATx....v....a^N.j.jzns...].N...
$...1.......26E....Ak8~.<.h......Hr....k....V....(........(........
....P........P.........:........:[email protected]..@A.......(........(...
\}A...?..`.(...P.........)..o.........i.....B.M...N...sz../$..uL......
..wu.......gh<VN...{..'V....k.Z..{S.W..._V... s..y*......H.y..TrL..
..s.m,....}....yd.F.L..:u. ....e?..f.....u...J)n....Q.........:..(U..1
[email protected]......|O........s...XK.G...k...q...;.9k
.....9...Mnn{c..on.........*..9...>I.p.y...R.(..-...Y?R.Nj.........
....n..s.....cJ..f....i.;.9..q..ol.........U"oR...q.u...|....D...3g>
;j........_........J..}.Y....o.s.9.:Gnu...f...`....9P.K~...h(...\uA.v'
.....=....S...9m..K...x.k.9...z.>G....X|..J..9.b.......Rq.........r
s<.n....; .J.Z{?6_5............]..7r...5O.~..........k-..N.G...Y...
....:({....u.-d..`5(...\GAo..B...bm.m.....>.mw...6.\.~c.5B.wb.Sq...
$....z.X....;qMSsU........vMF.....3..].u5GRc......MF>..]..&.>..i
.o2.m......g.z.(.K.A#....;.Y.g......z~[[email protected]..
........u.........gl\......973...]#...C.sC......P....ul.1......1..9&%.
.3..=...I..v.Z..gO.s..z....f.Y3O....F~6B-.f..Zw<gKN}S.o...yR.'.....
....l....-...gC....{....e,<.{o... G.\iA.s*B......z-..}A.../........
h...u<......>...........I....b..]<.....Wa.C..?..9~..`.<.|p
x:........^[email protected]...? .z...C........V...X.O?4.3...=..../........at...
....y.. .?..pr.M ...ZL.........>M....Y`_R..\..O.Q......'.......|...
.......{._?.....p...m..<._~...S..>m........o....[.dV.....v..<<< skipped >>>

GET /static/css/jquery-ui/ui-lightness/images/ui-bg_highlight-soft_100_eeeeee_1x100.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: image/png

Content-Length: 90

Connection: keep-alive

Etag: "5a-50f9295f-a1f214bb4b677d67"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:30 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a989b4a0f0761-AMS

.PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~..D..
..".........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:30 G
MT..Content-Type: image/png..Content-Length: 90..Connection: keep-aliv
e..Etag: "5a-50f9295f-a1f214bb4b677d67"..Last-Modified: Fri, 18 Jan 20
13 10:52:15 GMT..Cache-Control: public, max-age=604800..Expires: Sat, 
09 Aug 2014 13:24:30 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Acce
pt-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 153a989b4a0f0761-A
MS...PNG........IHDR.......d.....G,Z`...!IDAT..c.....&....!D....;...~.
.D....".........IEND.B`.....

GET /b?c1=7&c2=2000001&c3=1&rn=1t6uqkf&c7=http://adf.ly/&c8=AdFly - The URL shortener service that pays you! Earn money for every visitor to your links.&cv=1.7 HTTP/1.1

Accept: */*

Referer: hXXp://s7.addthis.com/static/r07/sh168.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: b.scorecardresearch.com

Connection: Keep-Alive

Cookie: UID=dc7262f-206.167.78.17-1360768137; UIDR=1360768137


HTTP/1.1 204 No Content

Content-Length: 0

Date: Sat, 02 Aug 2014 13:24:41 GMT

Connection: keep-alive

Set-Cookie: UID=dc7262f-206.167.78.17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com

Set-Cookie: UIDR=1406985881; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com

P3P: policyref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"

Pragma: no-cache

Expires: Mon, 01 Jan 1990 00:00:00 GMT

Cache-Control: private, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate
HTTP/1.1 204 No Content..Content-Length: 0..Date: Sat, 02 Aug 2014 13:
24:41 GMT..Connection: keep-alive..Set-Cookie: UID=dc7262f-206.167.78.
17-1360768137; expires=Fri, 22-Jul-2016 13:24:41 GMT; path=/; domain=.
scorecardresearch.com..Set-Cookie: UIDR=1406985881; expires=Fri, 22-Ju
l-2016 13:24:41 GMT; path=/; domain=.scorecardresearch.com..P3P: polic
yref="/w3c/p3p.xml", CP="NOI DSP COR NID OUR IND COM STA OTC"..Pragma:
 no-cache..Expires: Mon, 01 Jan 1990 00:00:00 GMT..Cache-Control: priv
ate, no-cache, no-cache=Set-Cookie, no-store, proxy-revalidate..

GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:23 GMT

Set-Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS;Domain=.google.com;Path=/;Expires=Sun, 01-Feb-2015 13:24:23 GMT;HttpOnly

P3P: CP="This is not a P3P policy! See hXXp://VVV.google.com/support/accounts/bin/answer.py?hl=en&answer=151657 for more info."

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6676

Server: GSE

Alternate-Protocol: 80:quic
..........].m........(./5.;........Rb.06.$....t.....L.........e.gR:.s.
.#v....|.....L.....-...........g....4.G........E...u/...............d.
.z.7......i.j#.=_?...........T.(...Gi]...}...i............W...lG.#P...
xI._...?.-....u_.....C..>Jo?..4...doo....6.0j5\>..C6............
.......w......'.....o..M.~.X...e...M.......a....V..<4...J.^-...L9~|
......n...\./..<..o.=.._?.....Z_....,.o.t.../:.....Q.c.do.?.....z..
>..G...Qh ....?^.\...........?.O..........o..o..o?.c}..:.w.Gin.....
...0.....[G;....we/.8.{.m?...*w..^..Y.C.......D_IdDi.Lz4.].Wy.U....#i"
.Z.J..i.ga.......Ga.Z...i7;.tE..<...;...7Tp......e2..:...H.X...?65"
^..M........./.9zv..G......P....B.....hm...&.bi|...=...W..4.F...pe...Y
KD...*'n-........:NY..W........z.[.:J4.y...knv.>keQ......'....6T.|R
.W...K.Df....'......A..Hh)t[FS.k-.....sUn...(...7......q1Q)E.....Kb...
(#H$,h....I.v..a&.w1.;.&......b.R...,/V)..X..tbz.....$.YR...'.....^7..
...\.j.<...v...g^...S.1#..4....`......... ....Q..k%.....-.U..Z....b
.... .7...:.L....\.I6.}V..2....ZuT...B..WG...GE.wY>y%jy..K../rh..OH
X.A.i.#oOB|!..U..I...].0$F......:%$..*X^H...Olx|..7..L$F....Z.}..H.s..
.'.....c..{....b.9.#y.VL.......B9..'n.I.8..7Kv0I...._......5c.5..^....
.$..........k.._....P1.o..n...M..P......#.U.n._?.H.8.O9l.........E.b..
q.f.5...........S......H....bH....dc..2|......I.X)...V.$.=..kiG..p.d..
..`...Y....M....E.x(.}....KP...9DPi....fV.....=......98.>}.V{.l...D
...2yq.7."{]yN..oPm.$../;..>.thn.3!m...m....Px......',..z....f}:.x.
V....`vl-gJ.H.<n3F.lP33....q.X. O.g#...`f.hNM.7|.m..^u.)K...?..<<< skipped >>>

GET /recaptcha/api/js/recaptcha.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT

Date: Sat, 02 Aug 2014 13:18:08 GMT

Expires: Sat, 02 Aug 2014 14:08:08 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33075

X-XSS-Protection: 1; mode=block

Age: 376

Cache-Control: public, max-age=3000

Alternate-Protocol: 80:quic
............{{.6.([email protected].......@.$A.n.{.
y....$.....`0..j.....`U...`.1..'...,.&..[k..2....Wk.L.6..53p>s76'..
.........l.b.'a...!.7..d.b..y^....p.X.;...u.......wq..f..-.P.!.I``....
...0q..$n.l.....1W...CxI..X..,..........{.n.5Z/|.W}.D.<..^F/.0.....
...5S.3.e...~ i.......7...2...7o."..L]m [email protected].$.}k.r<...
d..|k9L.......P)cI....o......L.~k.....Z`..0LGJ.....qw.._.........M..tl
..zqUc....b...o.G../....e.x.....0......QZN.C`.Mhx(C.B...-)b......9...@
}\..YEs.......V.d.6...\k).B.[ ,.r..*.z$.....[.1.=.z.^..... ....p..F...
F<.h#..`'..h....P.....L\Q.z.i.7.\C."AI.;H...<g1o......i.W.......
.M.E...B>.5.a.-or>v?5O......z......._.77.[....>f........n*.k.
...Q........E.{Fs.....x...1...g..V......M....87#..........g..Eg./Y.$..
.4....p..A8a..a.W.p.Y....O.i2..{qC..}7..`.*FV:.h........J7....R....0~.
.$.-.....qT3.r..cw....z......>.4~....x..<:.q.2|ob.I.3J3..{JI....
.8...F."Z....%.O.e`B...O.=>:.=..(J%E..[..*.....d3~......@;.>>
...Bk(..`...&..Z............5...r.........h.P3....c.ghB1.W.....z....3.
Bo..-..'...F&?..|........6c.%6....7.!3`.L.2....-.k...c]>....'.i..&.
.BE...`.U.[........9.fX....`hH...N....1D"../...9..3...>.P......lu..
#.>.........N..h...}.{.6.........M.T0.-..e.Xt.5......&T.VL..]x..z..
.A.E(I.td.....:u]./..r..F...8~l<.y.l............F|.|.$...Y...m1SC'T
.!(..h..._.yP.....0.|....9...........h.f......w..:.a....[.... 3.......
_.0...Q3.=v....&.q\.u.G.....fY.&...j..h.{..Wcl.3.:mb3.z,...P<....G.
c..~.b........Oc........8X.s....:.k..$...c...E.../F.,@Y..7..oiU..5<<< skipped >>>

GET /js/th/Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 17 Jul 2014 12:32:21 GMT

Date: Mon, 28 Jul 2014 03:18:38 GMT

Expires: Tue, 28 Jul 2015 03:18:38 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5671

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 468346

Alternate-Protocol: 80:quic
...........:.w.....|.\[email protected]_YB{d[.4.PcH....f$...l......1.F..H
.....d\....Vz...d<.....x..R2-..4..../.._......._:|...q...6s~..?0G..
..&..K.......e..:.%7.....z&..........`.!..e?/..y.#.a..._.X$.828V..6..9
..*9..2.X.....^-..&.8.k..CX....z..8...C..MW.x.T..DEB.VF..8".J..Z("?.*.
c.yb4..g.7..Y8v.]...L.....1L,b...[..a.j2..>....}.).;.......Sm.J.n.E
8.%..-..#[....._...1..IJ.5.m.... 7.S...F. .c.........Ve.&..{...Y.Z.k..
,kX.L:.ilv....`nm..G.IH.........=......6~..Z...?.X...?.:....=.o..k.9..
.aY:a... ...%.B.%.#..l.....K...^..N..A....Z..c.'....'...g?k....}.%....
]3.w.X..R.^_3.X#..s.........P<JH.g.WSO.'kz.......s..._.>?^.K2h..
....9..-b...C..S7....x...{....3....8..7..\..S................>.hH#:
.1M.&)........Az:.N].g.qR..,..0.|.......x}h.r.{.|j...Oz...x.^.$.M...r.
.t.P..;u).~Wt|."7.s...d..!...F.....f...z~..'...}bP..u....xS<..E...Y
..0..?..........  .`@=...d...~...N;......(1...uB... .....L..L......)6.
.e0.}.GH......9... .... .t.Y...}[email protected]?Cq.....iO.w....q.
....R.........AMe.s~...G.,...8l0.Ns...nj[:....an..#@.01=B.....;....L..
F..o...W.A.mn.....h..De...yH..6l.-..E...vDp Gx.O.s...X...x...GH.......
..........o..{......_.....z..../.I4.....byyu..n7................~2.I..
......o...k...t...#..=-aKK.rV..}.)..J.a.....r1.r..*Q..z#.[..!O.....H..
...8.V.7%..TcR....q..8.$.F.<wc!..|..^!...g.....Fs.....P..:...S\....
e5.n.n..X.T.....l.6..x.zSp.L.......j..;v.C!%s..8 ..x..C..L..M..%s..4..
.=S[w/P.]......%.0..yZ*.e.jm.C~-./.pni.Y..,.>..#.iIC..@../.........
...3.d.ii....7.=gYO.@<-e=..m......b1....F....4.r]....i......-..<<< skipped >>>

GET /recaptcha/api/img/red/sprite.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Content-Type: image/png

Last-Modified: Wed, 09 Jul 2014 00:21:01 GMT

Date: Wed, 30 Jul 2014 14:19:00 GMT

Expires: Wed, 06 Aug 2014 14:19:00 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 6523

X-XSS-Protection: 1; mode=block

Age: 255924

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic
.PNG........IHDR...W...H.....B.......tEXtSoftware.Adobe ImageReadyq.e&
lt;...siTXtXML:com.adobe.xmp.....<?xpacket begin="..." id="W5M0MpCe
hiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk=
"Adobe XMP Core 5.5-c014 79.151481, 2013/03/13-12:09:15        "> &
lt;rdf:RDF xmlns:rdf="hXXp://VVV.w3.org/1999/02/22-rdf-syntax-ns#">
 <rdf:Description rdf:about="" xmlns:xmpMM="hXXp://ns.adobe.com/xap
/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.com/xap/1.0/sType/ResourceRef#"
 xmlns:xmp="hXXp://ns.adobe.com/xap/1.0/" xmpMM:OriginalDocumentID="xm
p.did:a027154a-1d27-493d-8dba-70d5c6309dcd" xmpMM:DocumentID="xmp.did:
DC3CA263F59A11E381E896CBEFA59130" xmpMM:InstanceID="xmp.iid:DC3CA262F5
9A11E381E896CBEFA59130" xmp:CreatorTool="Adobe Photoshop CC (Macintosh
)"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3d86b8b8-9b35-4
adb-b633-3cfc4eaa5dfb" stRef:documentID="xmp.did:a027154a-1d27-493d-8d
ba-70d5c6309dcd"/> </rdf:Description> </rdf:RDF> </x
:xmpmeta> <?xpacket end="r"?>...X....IDATx....XT....3..".wDT.
/...b......b....W...Si'...[...%/...).<.._iv..........x.....0..|{.a.
...0........{.Y..{..~.........Y."AC.X.1....~=as.........wl....|.l.....
A.7. 02.... ...4..w..!}}:n....bc..8..F...*.W.....I..g..I4...|.'.....5.
.C..9.]H.R.....>....~...A.Z........dg.Z~...I..b#H.\pQ..'..0...m..4.
bA.o.W.h^.:.....F.;4.....fR9....(.....Z............ZC...-.K....%.RI..c
......^nX..6.;;.....[.r..A"...c5`.R#R.D&..C.4........vL[.l..a....,a...
..hJ..^W.t......x...A!<x.2.^.a}r*....T..P".....2..=...E.m.w....<<< skipped >>>

GET /recaptcha/api/img/red/audio.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 08:09:51 GMT

Expires: Thu, 07 Aug 2014 08:09:51 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 914

X-XSS-Protection: 1; mode=block

Age: 191673

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

[email protected]......................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
...........!.......,..........o....H................X..!...)b$P.#...9.
.......Qf.(....#U~...eK.1q:,.....2y...SgC..O..I..H.M.v..4.E.Q=F. ..W..
...;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 O
ct 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 08:09:51 GMT..Expires: Th
u, 07 Aug 2014 08:09:51 GMT..X-Content-Type-Options: nosniff..Server: 
sffe..Content-Length: 914..X-XSS-Protection: 1; mode=block..Age: 19167
3..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic.
[email protected].....................................
......................................................................
......................................................................
..................................................................

<<< skipped >>>

GET /recaptcha/api/img/red/text.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 08:25:07 GMT

Expires: Thu, 07 Aug 2014 08:25:07 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 155

X-XSS-Protection: 1; mode=block

Age: 190757

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a....................4!.$..A/.M=.ZK.gY..u.........J..4..,........
..P..I...9... .la...0....h8(F.$H..$.p.......&c.YR.......>.M.. .1.&l
t;.!AN......>I0p.#..;....

GET /recaptcha/api/img/red/help.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Wed, 30 Jul 2014 14:44:34 GMT

Expires: Wed, 06 Aug 2014 14:44:34 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 367

X-XSS-Protection: 1; mode=block

Age: 254390

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic
GIF89a........4!J............}q.5"|..............j........Z.......t...
./[email protected]...'..(.......................
.................................................................,....
.........`H,......D*[email protected],x=...[8.......4....H.H$.v^.zH}
...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L..#......D....
.....J........A.;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modifi
ed: Thu, 17 Oct 2013 13:32:45 GMT..Date: Wed, 30 Jul 2014 14:44:34 GMT
..Expires: Wed, 06 Aug 2014 14:44:34 GMT..X-Content-Type-Options: nosn
iff..Server: sffe..Content-Length: 367..X-XSS-Protection: 1; mode=bloc
k..Age: 254390..Cache-Control: public, max-age=604800..Alternate-Proto
col: 80:quic..GIF89a........4!J............}q.5"|..............j......
..Z.......t..../[email protected]...'..(.........
......................................................................
.........,.............`H,......D*[email protected],x=...[8.......4.
...H.H$.v^.zH}...._.c{Dq..$._y.Hf...._m.G\..k.an .HQSUWG..."M.C!.....L
..#......D.........J........A.;....


GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6688

Server: GSE

Alternate-Protocol: 80:quic
..........].k........(./5.3]..dow.i)1... .....J@P..`..6f.....e.gR..JH.
.k..}^2.z...IS..\[email protected]<5?......g.....6l.l..?...?Ut..]
.F..o.....i.{...o.4.7.....:.sM........~....x.|v....c.#...u.?]...$.~...
9..}hN...\...5X.w....dWc.D&.....A...q.k;......4..vtoIy.o......yp....t.
...F.....g........k........<4....6......r<.......n...\...y......
........_......{.[9....E.....qT...... ....._..g...~..3.$._....5.......
n........r...p.O...g.......X_......Q.[..3.Y...f.}.....]...}Hk...?.l.].
.F..&j.mjDO...r..Ga..P.......vmT.QW..?......X.<...................b
,V..>....4....z.J.Z2OW..w..&g{.{...q.:<b.nX.~$...C?....*o...._V.
kJ.t.|............ ..QQ...l. V....~1a>J.Y....TB..Os...s.g"M....z.#]
v.I....^.X.....I|4I..j....v...9...*..R.=*a...c9Z(...&.....'\.....?....
....RN..}..\u.O..4zb.a....<.....{T....M6x.YC./.<.>,^.G^.G...C
z89......>i..y..O5..;o}..N...Cbr.....g6Y.^)<GL_....I-.T.r...db.*
.$.?..I...*.,..B.Q_...x..O6.0...0../..i.|.j....tM`.kk62..4o.lD.1\/:v-.
....J$/.K.j..{.F..b8-J..d..v.Q..W..Ta{..M.J.l$e.9..C...{m..1.gVK..m.U~
..n..|p.....o..*.i's.lz.]Q.k......x..s.........zp...kFQY.......Z..=...
c?v.-......m. d(.....P....a......k>.^M$.P6N.2.O........*.7|.....!6 
}....u......k9...Sif.'^....... ....Fi.l>.67. ....N....8..=]*...V..'
..sZ.I.....:.._.R,c...\b.3.i....b.(%.........Y.....KC..&.....K....aZ.U
o....?_........<Ka,...R.....WM.Ml.}...X......*u../%.d.,O..C..f.".`.
.J<.BDF........Z.I..}<.Vj..rme..96QY...6...5..[..zn..0.......W.9
..\...u.|[email protected]^.!<<< skipped >>>

GET /recaptcha/api/img/red/refresh.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Thu, 17 Oct 2013 13:32:45 GMT

Date: Thu, 31 Jul 2014 07:52:38 GMT

Expires: Thu, 07 Aug 2014 07:52:38 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 974

X-XSS-Protection: 1; mode=block

Age: 192706

Cache-Control: public, max-age=604800

Alternate-Protocol: 80:quic

GIF89a........4!J............}q....5"j.....].........$.y..U...........
....3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............
6$....]M........|.>,.............L;.|p.............................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............!.......,..............`.@A....*T.......4.......%4@0a...
.0.......&<...ad...*.<P.....,... .....F8!......D.aCDP..D..I....5
...9 .H.2...0B...b....#....3..* ........t.......(..M......B.J.S.K.,ye.
..;HTTP/1.1 200 OK..Content-Type: image/gif..Last-Modified: Thu, 17 Oc
t 2013 13:32:45 GMT..Date: Thu, 31 Jul 2014 07:52:38 GMT..Expires: Thu
, 07 Aug 2014 07:52:38 GMT..X-Content-Type-Options: nosniff..Server: s
ffe..Content-Length: 974..X-XSS-Protection: 1; mode=block..Age: 192706
..Cache-Control: public, max-age=604800..Alternate-Protocol: 80:quic..
GIF89a........4!J............}q....5"j.....].........$.y..U...........
....3!.1........|o.cT.6#.9&....'..(...x.F5.......wjh..q..p............
6$....]M........|.>,.............L;.|p.........................

<<< skipped >>>

GET /recaptcha/api/reload?c=03AHJ_VuvYPttqF2q1i-Xe_w7vxSeUu624qFaI-wqllz21Fjy8gNmUAk9_IflsXZQZOR1RPQga0rE3O9yvEb3hiOksEGHZ0ckhRy_rdSlNM9nl_EZVNFpLoMP8cv_fP0R9ErMrIblKseEPGN6TgaBInDeWlI7JMI29ih4Fs40mndZmoqvKlN4T2grLtkPnge-g8GakW9Pg67Tue_oEo3JosZzH2Ad0WejzuYFV5ir0ln7Q4Xx6clfFug0&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAXfYAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV0_V2SfNI5vJnOkAF HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 263

Server: GSE

Alternate-Protocol: 80:quic
..........%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A..
....nDt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....
q..}RD........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&
.v1-.{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6....HTTP/1.1 200 O
K..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Prag
ma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 Au
g 2014 13:24:30 GMT..Content-Type: text/javascript..Content-Encoding: 
gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=block
..Content-Length: 263..Server: GSE..Alternate-Protocol: 80:quic.......
.....%..n.0..._..[2.......B..V........Rn_.%{998..g.e.G. .f.&).A......n
Dt8P.#8.t..%...0>.^.*..'-..Q..n....Bul.,.M..m.d.........W.....q..}R
D........mnw$..'h.rc...K.p....C....K\*.5....^...C.j..}.....y;..k&.v1-.
{C1;c}.w.....P...WBd&...E.[..,.=`._*Q...}..7.Y6........


GET /recaptcha/api/challenge?k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&_=1406985884566 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:30 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 6676

Server: GSE

Alternate-Protocol: 80:quic
..........].k..J......./{F.t..L...I.!.... ......;1...I......}.93)e....
.b..}.......B.....-...._......_......../.........._.._.`h..w...l#....C
..N...S..~.......tY?~.w.?1t......^...9.].?}........_........Fa..r.YN.-
..v.=pH....sz.8..:,.~.....=f.$...=./.....<........~..b......]..v~|T
om.{.f?...)..v."-.{..t...?.u..uhn_3........r....W..7=....._j.y...~[...
....i.\.......o.t.......-..Y.c.d?....=.!z.._../....B[a.>.....~...24
.G.......~....p.?..........\..v.u|....<...r...{a..?w~...._..?....@.
U..._{T......C..6.V...YZ_IdDi.LzkJ.6........F.D....:.......e..........
v..1.ZZ.8W>.T..M..dg.j.i5...C......,u....Gn/.u..R.......i.s. .,..*5
f...C'jM.&..n...V...~..=....".h..]{....M....*C....$.K..< T...=.....
-.t.Q...[..6u...)[email protected]{.UP..]2....F...E.4!.......
k.s.O.D......^....&u.ab.._U.X.........,....U..I.hehK|..r....sF....V.8.
.&I(..6...r....?v..w'..T.a...F..Ve)>. {.Y..7.w....(..H.:.> AS..]
e.W1..F....'..PF...Qu.%..J:.........I,....9.=..kf[e3`.d...b...%....~..
O.....;....H..H.j........,h=.h.d.Q........S.em............E.....n.t...
n<H....tp.....l..X.R~...,...=.[.D......<.....>Y.@Cy.."...3v.C
/..M.6.c;....W..JP..]..X.....`z.m..d.X 5r4..O6............R.K...O"b&.I
r...9.N...d...S.=.u...!........v.IsM....:...%...q..fr..%....cZ.6......
{2zE....k.l"N.u."|R....'a...dG;.H.....68Hy. z-..........}[....E..~B.".
X..{..N.TZ..f!.....v. .....s#..dsPr......>...,Ps...0LD... ...*-}S..
e..$p.\...&.d.v.i............Uxt..x%..eHy..S:...{_.yA.....(;..6..}.P.]
.mMb4...^.....r.l.......rg.k.g!4t".y..7.v.&2..W.$'..W.....e.-...6$<<< skipped >>>

GET /recaptcha/api/image?c=03AHJ_VutRa9ox0QVJS6aXVk1OO6dTJv1GnVUfSAjBXCn9FiH4iCYYu9KH052tFvKvsqJ1EEhc2yrBZvtz40X6qHWgxN5xvekcoSZVQDr5H0sjHtVf6rUuXjbiCNsiw7AGRl9dbGMJRr-dxR-i-kC8Xucuzyv-6Au0wbgqgYXNngqzGL01LyCsOEeu_WEG6BUwkzKxqPRmUPgRpiMJbdJdinuuhEVcTyXJCg&th=,8bAj7yMNy8ssdLYPawwaKwns4vAAAAK_oAAAAC_YAKkFH0FFuUUPUHjrkinOmN56dp8c5mqPhTVdeFhii9Ke5-gr_R5A9kqoS5zsCs_1FcP6H7JtGNAZw8uYCQv3hw9jqypFmxweaoUrzXenTc8wNPIQ20Yt4JOblr06Op4ZkCmKCrMgLT1L5WQD6gG0gCKQ2Em0CpQwVhZnxwmQxLP7Z9gs5r2HaMDQkcV6z4jgPVp-AarTRrALigoaAMsV1aB2SfN6ceYpUNGk HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Expires: Sat, 02 Aug 2014 13:34:34 GMT

Date: Sat, 02 Aug 2014 13:24:34 GMT

Cache-Control: public, max-age=600

Content-Type: image/jpeg

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 2939

Server: GSE

Alternate-Protocol: 80:quic
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342......9.,.......................................
..................}........!1A..Qa."q.2....#B...R..$3br........%&'()*4
56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz................................
.................................................?...(.....g`.:.8....l
n.....fRT..V .....'.w...~6h....Um:.h.d....1...Lgn.....W.2j....k..CJ.u 
x..l..r.N...vgo!.#..=....5,[email protected]"3.WRT..z
R.*)f (.$..|.........:.C.M.,..{...F...(.....;....4.pH.,.....5.QE.QE.QE
.QE.QE.QE..........{.p.. .83........k.<........i....4P\... 3.f...N.
...|j..~0.b.&HRH S ...{.j......=w`y.s...U.;..Q..:..m.5..)...7.\...`.;.
O....[?.S..x^M.J.........(.....:g...^.....?.5?..<.......o1.!U...\..
.......B....-g..y cjE....@X(.....q..\......K.n..\.. .VAyl...L...s.....
v...k.!....Z...T.VCy....).'.<du....|N.......E..(uY.1t#.>f.....1.
..}Oi.YA..<..}.SQE.QE.QE.QE.QE.QE.Q\O./..x..#L.....n..#'.f.....a.5.
...~.m..mv. ..D../.l..B./.|..O.....-v.X. ..<..$a9..y,X.Ga.m|K.a...M
"X.[hd.R.]..[n....s.......>(.... .....k....Y.G.=.<...j.~..P.7w.4
..6Kwe..5....b..... ....<.W../u........1..G....=p2G........G.....^h
.)..y....0c.......X^.._.....xsI...M....|...A..I .0.c..]?./...,.N..A.y.
...Y.z\.a....q.\..~.|J.t6R..F-.......K.:.........E...A...Y..;[email protected]
...^..*.......&...Ekk..I!.......4......S..uqa.....%.......=:.u.....e..
.".........O.s..3. f.....;.;..-...X.:...pjj(..(..(..(..(..(.. ...[y.&l
t;R.GC.....W.>.O.X.c.O.....Ky...([email protected]%..e<<< skipped >>>

GET /recaptcha/api/reload?c=03AHJ_VusI_eEmhEkfWUXhL203jVTjnGNwCKzxdNvV-rOgJ85wx0HQwxgfD4I-T0iEXi-03GOaup03o4cJvDV0TAEUZCr671PSBfYVJDGHGaAOidSXNihNV5zIfE3NQ8F043KPgLUpbCwgDG8TP9x9FT9MHR0efGrwf2iCp3vL0PgCxVo92sNpO166mJ92oOch238gb6hJfJxS8kAQKGrn2k0HdVzrJMA3Fw&k=6LdDnMESAAAAAGCRC2G0PA9wSE_hqPW1G2ZFZPpr&reason=i&type=image&lang=uk&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAD7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NemujaIQd2YQPhUEm HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, max-age=0, must-revalidate

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Date: Sat, 02 Aug 2014 13:24:43 GMT

Content-Type: text/javascript

Content-Encoding: gzip

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 262

Server: GSE

Alternate-Protocol: 80:quic

..........%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q.
..Gi..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[e
o.X.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...
6.gM.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.......HTTP/1.1 200
 OK..Cache-Control: no-cache, no-store, max-age=0, must-revalidate..Pr
agma: no-cache..Expires: Fri, 01 Jan 1990 00:00:00 GMT..Date: Sat, 02 
Aug 2014 13:24:43 GMT..Content-Type: text/javascript..Content-Encoding
: gzip..X-Content-Type-Options: nosniff..X-XSS-Protection: 1; mode=blo
ck..Content-Length: 262..Server: GSE..Alternate-Protocol: 80:quic.....
.......%..N.0...W..&j`-.....u0.D.\...O..\........E6.E....k.:...d.Q...G
i..xpEpr........9..b.../.t.,0..Z\.L..J.2.yxt..#..I.F....O...t=..s[eo.X
.t_uv.p>....#......:PW...H`.m..7.re.....XL.2u.>;.r@..!.cq^...6.g
M.VSy.....IJ.mj^.F.#.....8..Q.......YE.........!.........

GET /feeds/1.0/config.json?pubid=ra-53993a6f0d2e8c74&callback=_ate.cbs.fds_ra53993a6f0d2e8c740 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: q.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Cache-Control: no-cache, s-maxage=3600

Last-Modified: Sat, 02 Aug 2014 13:16:44 GMT

Content-Type: application/javascript;charset=UTF-8

Transfer-Encoding: chunked

Date: Sat, 02 Aug 2014 13:24:41 GMT

Via: 1.1 varnish

Age: 476

Connection: keep-alive

X-Served-By: cache-fra1221-FRA

X-Cache: HIT

X-Cache-Hits: 230

X-Timer: S1406985881.334395,VS0,VE0

Vary: Accept-Encoding
20.._ate.cbs.fds_ra53993a6f0d2e8c740..8b..({"_default":{"widgets":{"tb
x":{"elements":".addthis_sharing_toolbox","numPreferredServices":5,"se
rvices":"twitter,facebook,linkedin"}}}});..0..

GET / HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:02 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: keep-alive

Set-Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; expires=Mon, 23-Dec-2019 23:50:00 GMT; path=/; domain=.adf.ly; HttpOnly

Vary: Accept-Encoding

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; path=/; domain=.adf.ly

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

X-Frame-Options: SAMEORIGIN

Server: cloudflare-nginx

CF-RAY: 153a97e75c5f075b-AMS

Content-Encoding: gzip
928.............X.S...... ....S.I...&8L...=z.......0.........4... .N..
B;-...J.....v....q...O.$.i.....l...$......>.1.$L.R..E.\....H"..I(..
.p..n..Gl<l6...)....|^.......~,...Y..]..`.l..<...F.HAS.....w....
......g......K.22z$..T.......N...P.L...\yN..R....H.._.?.....Q<.....
..<.F..`..P3.......jLd.Gl.......).D..=X.e&.V..r..H...~H..!.r.[....b
ag8.....K#A...w...V;.e9kDU.%.p*.N.......q.muZo,d.Jo........{..3.......
.l,._.......Ij..;6. .....v..Y...:f..t..........7.,"f.g...(......O.O.W.
[email protected].\z...... ..u..z8..p..K.]....J:H|.."(..x.........c..$,
....0/..3..as......?...]$~&...c"\.....p1..:.......J...........N.W.....
Ry.x.G.D...h.E...<[email protected](1< .{.....q/fI.nX.k......Y
.....G...D...M.p.kq....D.g.l.q.....&..3...\.....h."....u..zy`.......07
.y.\h..L...)....B$jM...;.8h8..DX....w..{I......1.t..'$.0..{c.f.Au..e/.
..n..b<}.P.w.^....6:......C....!../L...0m..8.4..d..u.>.3..h../m.
-.X............^F..A.%.cg.e..S.f:....}2'Mr.....1Q122.%.......j..."s.o.
..G>.......).9.2.4..0.$I..P.N..(.=.).......T-..h..=...<....G4..\
&..!.y.(....W,...D#.>..H....:..F.K...&......#.......$3..R...Y...Y._
.YI>:. ....R ..s...O......P........Q....y..J......Y,ER....&....m...
(......7T=..a.{.i..iw..('.7.m.....O.?...#.t...b[M.X.. ...f1...L3.4....
.....4e03'..S...$pXh.*.0..|.F....2i..-..Q[c:5.}.q.J.N..u.E0..&........
"DT......*>.H........[V....pK../m9o....f.&..P'7;...y....".......8..
..k...p.T}..7.3......g.........45.q....K.".$..1..][.Z..Ux[.........XP.
WI..[.....u...T7.?.LCc........S.]......J.V..x..~.4.$...b..F..W....<<< skipped >>>

GET /static/image/testimonials/andresatria_small.jpg HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/jpeg

Content-Length: 1095

Connection: keep-alive

Etag: "a11-50fec6f1-6e97f3a5aa03044c"

Last-Modified: Tue, 22 Jan 2013 17:05:53 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f9d13075b-AMS
......JFIF.............C..............................................
!........."$".$.......C...............................................
........................-.$..".......................................0
..........................!..1"A.2Qaq....BR...........................
..............................!1.A............?...W... f.N..-q....g..V
.j..-...vGnB.l.......*...7bh.%>..i...8.......w.h.ase."s.r..9/..q~..
{...g.......r...........G.......f.'...$...p...Qt..5......vv-.&.o...r.I
....,.-..aHC...~.......b[....R7.F........iS...^.....su>..4..SPn\]Q.
.;[email protected].}=v.,.lO.,-h.u} V...R..#..r.\S..]1....p.l.-6..
O..'.v....w.w."M.s..>[email protected]........%./HXm9s
.e.8..p*....N....qq.o....Xq$.|..D:.r...{..i,.)."-'. pA ...{h-j-$.eG...
...HP'g>.b...)D..]..&b.Y..5...>,..M*...\~.....m.....'..G.J..052.
.:..7Q.;[email protected],....y.R.Mf...lZ./...Am.....
...y.j....Zu.V.w[Y.eD........m........4M..p.i.....<....1.m7....Y..{
..p..JI.#..}.#..k..u..I^........g.9....3./........y.....q."...gS_.J.XX
.;.g^-.....9)'....q.('..C..=|.j..-.......7....p......Sm5.1Y......

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98de50500761-AMS
GIF89ax.z.............................................................
.......................................!.......,....x.z......<P..h.
.l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N........
..Q&Z....b.'......(....q......a.(.....................|...r...e...`...
[......(..............................(......................6..Xi .I.
.6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...
:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~.
..,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\[email protected].......
.soq......S.G........."}......Gn.:w..%M.pZ<[email protected]. ...j.4.
.......G...D....<..n..6....0.@... ....F...v... .(..$.h..."[email protected]...
0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;font>....

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98ded05e0761-AMS
GIF89ax.z.............................................................
.......................................!.......,....x.z......<P..h.
.l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N........
..Q&Z....b.'......(....q......a.(.....................|...r...e...`...
[......(..............................(......................6..Xi .I.
.6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...
:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~.
..,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\[email protected].......
.soq......S.G........."}......Gn.:w..%M.pZ<[email protected]. ...j.4.
.......G...D....<..n..6....0.@... ....F...v... .(..$.h..."[email protected]...
0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;font>....

GET /static/image/ie6-warning/browser_safari.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4834

Connection: keep-alive

Etag: "12e2-50feb3ff-92be58ed00a33337"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98df80730761-AMS
GIF89ad.d.......EEELm.4........,s.....n..[..........)))......M........
............yyyZZZA..v...........s.........{_F..?Z.U..m..B.. m.Q..d..3
..9.....S...w6.N.t..,G|g.........K.H..I...../~........jbe...........8a
[email protected]......................."f.....A.......
.......V/............ ^.......|..............W..Hz.iiib.............qv
m|...V........ppq...vE=......Yx................!.......,....d.d.......
.....................................C.>..n....n.....Cn.......R...&
gt;]..C....._.].....>M........|]...sMJn....>X]JJ........C.X.>
[email protected]'..9x..P..#.709v.....<.. .
[email protected]...].fBz...?.....D.jU6..<..lJ....*m$.../F.8X....?.....PO.
..c....@..?n..m.D..l.....e.......[.c......S........=......`Q..N.9....L
.....5..S...d......x......"eH.!..HU0$B....*........P X2@....\X/.xq.yp.
..`*.......O.\......R\`.q.I@A.>4..g_H1......fp..G.X.../...U....@I.`
....`.....!c...0...@C!...&E6_.....|............S.j.....H...e....Zj....
|a....HP..IT..,.."c.HA.Zn.p..)J)..at....,[email protected].
..d...FA......Ll...mLph.8..C.@....]V0..*.P...2.e.M..PV.}'..u.....L.e.8
....?,`[email protected].\..5.F...3.K.D0...u.F......LL.*[email protected]....
'.0.?h)...D`..j\0..cup.........dxo......?....,,`..@L`...L...8.:A.H..EC
.W...y..O..<......C....A.={qh...0..?.....hPm.7W.C.dh9...L...R...BFj
...u.P..].a ....D......4.....,q........8...l...........[7&.L...A.P..&l
t;[email protected]~..d....QX...?....ML.w.f.'.X.[.......4..1..H........
..c. .....>.dl.@.,l`..#P.....q..._.t&..._.d.!p..1.......,A.8`..<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98dff07b0761-AMS
GIF89ax.z.............................................................
.......................................!.......,....x.z......<P..h.
.l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N........
..Q&Z....b.'......(....q......a.(.....................|...r...e...`...
[......(..............................(......................6..Xi .I.
.6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...
:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~.
..,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\[email protected].......
.soq......S.G........."}......Gn.:w..%M.pZ<[email protected]. ...j.4.
.......G...D....<..n..6....0.@... ....F...v... .(..$.h..."[email protected]...
0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;font>....

GET /static/image/ie6-warning/browser_chrome.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4949

Connection: keep-alive

Etag: "1355-50feb3ff-ddf5500540a2733d"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e090850761-AMS
GIF89ad.d....C..f..*%$r..')$)( a."...O$...... .. .....".. Y%*)2;03,R*-
....56..!730J.....B43.."E77*A0:<8@;9>;?J90<>/G=..BO.,/9BC(
GL9FK*N7"Q3.T .Qm(MaKER.*/\BB9N;DGb.(0.UyNJ:KJG.#7THILJM.0(aK(.` .;4.^
..61.<?fNX^UT2fAE`IE^i.k.dZ;.S.*l=[\L.j..;C_[e.p..E6Y`W.u2.[..s.:ju
.EIJn</w:#|7ica.LGTh.(~2.{.9x=.Q;6r..aXAxM.XR/v.-.8.XI&.:sn[.\hvmo?
.F7.C#..osm$..[}\}vV3.;=..I.NQ.\.kg.eV8.A.e^8.=.xI.n[[email protected].
XH..^.Z9...tg>.BW....GL..d.f~...ydt.kn.lF.C.}z?.C..s..Um..R....wz.|
.}o..YJ.Ie.gT.S..._.....o.u..w_.].........\.X..|.....-q....#n.gw.s....
.j...........R..c..E........6..y.....s.....'........v...........M.....
D..$........d..%........Y...........N..=..............I.....4.........
..i.....&...........M..............D.................;..U..E.....O....
.g..z...........................!.......,....d.d........H......*\.....
.#J.H.....3j...... C..I....(S.\.........wO.M.2...)[email protected].
...HI......U....l.=.M%>m&....h..U[...bJ..].O^.[....k....^.....o....
q]:..L.u....%....3k.....,{..j..1Ay..t^......c...[s......j...b<r..\.
....` X...s..d..<..._....7.X).2\.d.........W0......._.[...Y ...o..7
B....T.e........6.@|.........=.......A.......$...s.M..)..$.0.D.B....I.
[email protected].#>.^.u4..I/...-...B(.....B..e.'F..5K..b .<.......
[email protected],A..K,!.....@.[.8.....bIc..J4..`A............$...x.r.,..zJ
..&p).@.(....!OI.....'..c.0oD..7..........v|..,.... ...........iP.=<
;Qc.(..c.5.(..".4....bp...& ..?. ..?.Q...bB...f.'.>....J........5.D
...m..J..8.....B...<..............2....N....Ar.G..".).x.0.o...-<<< skipped >>>

GET /live/red_lojson/300lo.json?fu4qr1&colc=1406985888754&si=53dce6964fcbf649&uid=53dce6a0d676490a&pub=ra-53993a6f0d2e8c74&rev=1406582527&jsl=33&ln=en&pc=men&vpc=&dp=adf.ly&aa=0&of=0&uf=1&pd=0&irt=0&md=0&ct=1&tct=0&abt=0<=3422&cdn=0&lnlc=us&whcs=1&tl=c=750,m=7547,i=7750,xm=11172,xp=11172&pi=1&&rb=0&gen=1000&gen=100&callback=_ate.track.hsr&mk=adfly,adf.ly,short links,tinyurl,bitly,bit.ly,earn money,link advertising,tiny url,url shortener HTTP/1.1

Accept: */*

Referer: hXXp://s7.addthis.com/static/r07/sh168.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: m.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Cache-Control: max-age=0, no-cache, no-store

Pragma: no-cache

Set-Cookie: bt2=53dce699001s70001;Path=/;Domain=.addthis.com;Expires=Wed, 15-Apr-2015 13:24:41 GMT

Set-Cookie: di2=N9OL95.UYM;Path=/;Domain=.addthis.com;Expires=Mon, 01-Aug-2016 13:24:41 GMT

Set-Cookie: bt=;Path=/;Domain=.addthis.com;Expires=Thu, 01-Jan-1970 00:00:00 GMT

Set-Cookie: dt=X;Path=/;Domain=.addthis.com;Expires=Mon, 01-Sep-2014 13:24:41 GMT

Expires: Thu, 01 Jan 1970 00:00:00 GMT

P3P: policyref="/w3c/p3p.xml", CP="NON ADM OUR DEV IND COM STA"

Content-Type: application/javascript;charset=UTF-8

Content-Encoding: gzip

Connection: close
..........5OMk.0../:m..0.%[email protected],....!....
..=G(...&r.vVPB.... .....s...W.4....o......{7f.N.3.7.|o.....{99.|..`&g
t;.@....>2@!....6...7-....#...#.......*L...^x...2#.^*.B...~Dm=..z].
..b\.......

GET /static/image/ie6-warning/browser_ie.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 3621

Connection: keep-alive

Etag: "e25-50feb3ff-74bc5aa87252c7d"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98de63740761-AMS
GIF89ad.d..../................2....s...LS^e.M..............X..LzQ..Vm~
6.....U.......O...1....Qj...... T..m......g....w...........H..>....
8i.................i...3m..^.l}...M..K.f.v.........}............5.r...
.(v...N.......~....#[email protected]...._dV....A...e.~..s.UV..6DQ......
.......|...!......?........d........2..;bw..g.....:.c...6.n."......Z..
A}......>~...$......R......A`............)..&.....!.......,....d.d.
...............................................XC.%.....*\.._.M.[[...@
.@tV_...`".[<..[..FyyF.s.>...X.M.0=<<>Vyw.w*t@>...#.
M.0p==.y#...SA..=q.......#[email protected] .:.....D..$q....$9.....G.. 4l.dE.
.AIv.IP...4G.T.y.F.r0V 0rI.....T!@...%;(...#O...p$......u*.y.....?..,q
...].\W...t...h..M2).G\...$p..........,.....H.b...hf8..b..;K.7...$....
 .."...._#..zF.G*$.r..........;...,j...B.u..$...... ..P....y.;.(.`....
[email protected]..,2....r...I`...H..~..g....P.|.PP.}........]..%.....
.C.T.1...,q.. >(..{..AK.a.a......3...P.$.\.).....PBY.............".
.~..8e.al....l..!..(J.-R1..tV...7.....]...`.9$.E.ih.vTP..j.2.<.....
..ii......C...|f.J..eFi.....h.i.A.*DP.F... ....J..5..B.8x.........".j.
P4;....QEZ..0^.e......QC.......*z...BaG..:;A.r.....0...J`...B|....~...
......N0A..f.p..j...h.Y...-*....s.....,...\...n..f......}..p.P<ls.]
t.G.Z.....80...w,.....i.....OU.........].|3.8.l..}.....-Q...../.n@0..&
.....([email protected]._[.E.n...([email protected].& ....LE...$.G.m.>x..#N
6.fG*[email protected].,......a...........'I..2..W^....Kr.S.!.$.t.....^.....
....JU...'_y. .%..4tp.....A.:.......r..%[email protected]..<<< skipped >>>

GET /static/image/ie6-warning/browser_firefox.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 4204

Connection: keep-alive

Etag: "106c-50feb3ff-6fa54936e724cc72"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98dee38b0761-AMS
GIF89ad.d......QBx..y.i...I.............H...h ...M...................o
..c..0.q..7h.'.U....)..X.s.;k.nnn..L..N.9...4..&.m`.......m*t.........
.....)O.......UTTuL,..*.i.G......C}[email protected].)...a..T...O..L..j..9.....
.........:.~!..y",|...kTN}...................a6]...X..i.../Hi.y:....!.
..>`.........dC}$.............V`.....X....i......b...1..-....O.....
....$..".....v.{...3W@<._....?D..............t....!.......,....d.d.
.........................................................x.`cyGGyy,.yc
``x...b.ymmi8.99.J9..88ii5.`b..%.cGm...ZZ.[[@J.Z....imGc.{.....A..`..&
...{....-9....._.....l...Bw.86..._...KX$d..5..6.d.....8.p.Q....y..,...
..ZfrTX..G7(.@."eB.*?.......Cb\^.!S)....r\0...#s.4x.A....fZ...G. <G
..t1....'. [email protected]........]..X.......M....Z$..`.F.
*0...."..T.z.. .............KP|q..Bm....>.`..:1Z..r%...).H9f*..8u.,
Ac.Yt...............w.*.....s..1.q..7..G........Q._..PA...q.O.8.C....F
~.|[email protected]........&x...u0...H.....>.A.4.h..sp...&. @..TpG.5..Bo.....
.....Dd1Ao.`..mZ0..<0&.....f..7. ...<...4HQ..s....;..G......SL..
^s.`D.Cd.F.<.`C..)...g.....*a.......BhV...z...K.qC.$r...;..C.>|.
...n........c.aP..@........,.....(p.f.H B.)....F..O'[email protected],....,...=..
....0D..~.....s'..)....,........p...B.s.@...<q..:d.C.E....[f.....@G
.6...l....u.$P... .q. o....H....b...*. ..El...^g...d..s.v..3.l..!.X.a.
...7.p.= E.Vj.G......`..u.d.l6.*t...?G...A&....0......................
.2.nv....3.X. ...G....&.;e6. .{..!..O..2&..Q..:.`...'>.. ....&.....
..`...k.;o5t........S..7&<p.}.8W.{..........g.....|...e0V...`t4<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98df83a30761-AMS
GIF89ax.z.............................................................
.......................................!.......,....x.z......<P..h.
.l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N........
..Q&Z....b.'......(....q......a.(.....................|...r...e...`...
[......(..............................(......................6..Xi .I.
.6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...
:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~.
..,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\[email protected].......
.soq......S.G........."}......Gn.:w..%M.pZ<[email protected]. ...j.4.
.......G...D....<..n..6....0.@... ....F...v... .(..$.h..."[email protected]...
0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;font>....

GET /static/image/ie6-warning/browser_opera.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 3275

Connection: keep-alive

Etag: "ccb-50feb3ff-4800cd42c7246c77"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e023c10761-AMS
GIF89ad.d........!.aai.xy.78..........V[.fj.............BF.77.$.......
....FK....}~......................$!.sv....=?...., ....JK.Za.......KP.
22.......*&.......B@....($....QVl...wx.MO....% .............>?.lu..
..}}7' k%&.0/.........G.....oq.................lo....*(......VHK......
.1/.......ko.*&.ab.$..MR.PL....uw....Z`.57..../..............X]...B:B.
...............rs.............ed.9:...._b.`f......!.......,....d.d....
.........................................................uQka~.b. q3F.
...Lvy!-..-X..>`.Z3w....y#^\.#RR2..2.X>.$.u..v%.g.....9.9...<
.....DWJ@...!.|......B.,-.<... !./.......r.<.Yy.C... ^."&.......
@ .H..U.<.....H."..."..YR....Y.=RBh..T...[. [email protected]..
..>I6.....) .qP#$-L..-r..D...zTP.`...3[V..  .!.U........ri....K....
J.....E...xZ.....g.....k.w.j.R...Ej.....K. .aM...D........I.FnvSo.`..X
...........X.....F..F.zYlAB......t$P.w..E..g.`.#[email protected]..\@....A.}.9
.......#[email protected] ...........p.$...^.E^....eh.G. hA..}@h@.'.....
[email protected]........^.p.$o.....qa....p..F..D.{T.c...H.s.T......Av.
.P..N....m....=$p@..(!#uk.0CU..0F..v........_x..$..PZL/..!...1.......3
.....<....L!..1..E.f.....b`...z...S=....HrA..u.N..8.))S|...3.`...F;
.....In.(..?......h...........jn.^..b$o.....D,C...bC.Z..B..o,p..B.2..T
..S..,....z..?....$.Ls..;!..^..o.....>R ..).....P.1..M.l..j.......u
..q]..{.r....`B.}$P..i....R.A..x....R.$..Ad........~.>..0...%<..
......I>@q..z...._|.9..'..........p.=..qJ.zP6.........p.....y....=.
&......`..../....O.A.'m.OPA..............*` ..C8...H.....;......%x<<< skipped >>>

GET /static/image/ie6-warning/background_browser.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b; __utma=255621336.652463225.1406985880.1406985880.1406985880.1; __utmb=255621336.1.10.1406985880; __utmc=255621336; __utmz=255621336.1406985880.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none); __atuvc=1|31


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:41 GMT

Content-Type: image/gif

Content-Length: 753

Connection: keep-alive

Etag: "2f1-50feb3ff-b51bdc9920a39332"

Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:41 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a98e093d70761-AMS
GIF89ax.z.............................................................
.......................................!.......,....x.z......<P..h.
.l..p,.t.$.#*..M..pH,....r.l:...f!.-...f..z...xL...^... e...|N........
..Q&Z....b.'......(....q......a.(.....................|...r...e...`...
[......(..............................(......................6..Xi .I.
.6J.......B.#qb....`.H...F.>.B'r!..&Q.2......c^..#s...6....e'O.9...
:.(L.-..T..iI.".~...jF...N...kC.....K....}..EkG-..k..q wn..h...{wo..~.
..,.0.....1.xq..\.C..x.....[..Ysg... .6.......&..4..\\[email protected].......
.soq......S.G........."}......Gn.:w..%M.pZ<[email protected]. ...j.4.
.......G...D....<..n..6....0.@... ....F...v... .(..$.h..."[email protected]...
0.@...`..8....<....@.)$..,.....P....!..PF)..TVi..Xf.............;HT
TP/1.1 200 OK..Date: Sat, 02 Aug 2014 13:24:41 GMT..Content-Type: imag
e/gif..Content-Length: 753..Connection: keep-alive..Etag: "2f1-50feb3f
f-b51bdc9920a39332"..Last-Modified: Tue, 22 Jan 2013 15:45:03 GMT..Cac
he-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:41
 GMT..CF-BGJ: imgq(85)..CF-Cache-Status: HIT..Accept-Ranges: bytes..Se
rver: cloudflare-nginx..CF-RAY: 153a98e093d70761-AMS..GIF89ax.z.......
......................................................................
.......................!.......,....x.z......<P..h..l..p,.t.$.#*..M
..pH,....r.l:...f!.-...f..z...xL...^... e...|N..........Q&Z....b.'....
..(....q......a.(.....................|...r...e...`...[......(........
......................(......................6..Xi .I..6J.......B.<<< skipped >>>

GET /recaptcha/api/js/recaptcha.js?_=1406985884566 HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Wed, 16 Jul 2014 09:49:49 GMT

Date: Sat, 02 Aug 2014 13:24:41 GMT

Expires: Sat, 02 Aug 2014 14:14:41 GMT

Cache-Control: public, max-age=3000

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33075

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
............{{.6.([email protected].......@.$A.n.{.
y....$.....`0..j.....`U...`.1..'...,.&..[k..2....Wk.L.6..53p>s76'..
.........l.b.'a...!.7..d.b..y^....p.X.;...u.......wq..f..-.P.!.I``....
...0q..$n.l.....1W...CxI..X..,..........{.n.5Z/|.W}.D.<..^F/.0.....
...5S.3.e...~ i.......7...2...7o."..L]m [email protected].$.}k.r<...
d..|k9L.......P)cI....o......L.~k.....Z`..0LGJ.....qw.._.........M..tl
..zqUc....b...o.G../....e.x.....0......QZN.C`.Mhx(C.B...-)b......9...@
}\..YEs.......V.d.6...\k).B.[ ,.r..*.z$.....[.1.=.z.^..... ....p..F...
F<.h#..`'..h....P.....L\Q.z.i.7.\C."AI.;H...<g1o......i.W.......
.M.E...B>.5.a.-or>v?5O......z......._.77.[....>f........n*.k.
...Q........E.{Fs.....x...1...g..V......M....87#..........g..Eg./Y.$..
.4....p..A8a..a.W.p.Y....O.i2..{qC..}7..`.*FV:.h........J7....R....0~.
.$.-.....qT3.r..cw....z......>.4~....x..<:.q.2|ob.I.3J3..{JI....
.8...F."Z....%.O.e`B...O.=>:.=..(J%E..[..*.....d3~......@;.>>
...Bk(..`...&..Z............5...r.........h.P3....c.ghB1.W.....z....3.
Bo..-..'...F&?..|........6c.%6....7.!3`.L.2....-.k...c]>....'.i..&.
.BE...`.U.[........9.fX....`hH...N....1D"../...9..3...>.P......lu..
#.>.........N..h...}.{.6.........M.T0.-..e.Xt.5......&T.VL..]x..z..
.A.E(I.td.....:u]./..r..F...8~l<.y.l............F|.|.$...Y...m1SC'T
.!(..h..._.yP.....0.|....9...........h.f......w..:.a....[.... 3.......
_.0...Q3.=v....&.q\.u.G.....fY.&...j..h.{..Wcl.3.:mb3.z,...P<....G.
c..~.b........Oc........8X.s....:.k..$...c...E.../F.,@Y..7..oiU..5<<< skipped >>>

GET /recaptcha/api/image?c=03AHJ_VuvQ4uJ4qM31rPIFRzobiKbttAeij3-nDLd0xPrOkjPg_n04ludVfZyQPpLmJbJ8JPq1mp1Jh4G9NG2Fg99XxRLyu0QsSna39R5LBxIWK5bohVXPMcejwRn4L491t5edXxP86s3jUJab1qsdxqZpctDMgD9d3Eknjr3eHjA0zYxWuhNmMiqQFqh785r_SAGBAld_exGD8QknpQCZF1frm7YY25XS4w&th=,8bB8M3CZd1lU57anv58U2FkaGfAAAAKRoAAAAF7YAKkN-Tg5pgCRA8Rm19B2lwX0yDh1KyYdkpsOFwBjkj4BXG6a6Xk4RpdNk6O6XEV5DiVEPdBwcxW9eHSb3cpleP1qth-seTrjQFjHfn1zcckx2PgvH1xixfSURFl5RSFfnD2L2RaPn2hy58mH1-6xOeFfzgkZvTOXbdWuOMRpdoMu6duOLjfwS2zK-OICQPx0DqSUmJ-kcNsHv0YNke6NfvyjaIQa8hG5G7nX HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google.com

Connection: Keep-Alive

Cookie: NID=67=NwavRQPEdQzCXNdGr9FzUJuk57rgp-yS4DXrmUgqyvFYZiWg-bHv-lIZBeSJsSzhIwVjcr_Bi6jVB-0tVftV2eDzvnwGPNcnxLnzQH6qxWf0MeFsQKb_31rFHiFqWyWS


HTTP/1.1 200 OK

Expires: Sat, 02 Aug 2014 13:34:43 GMT

Date: Sat, 02 Aug 2014 13:24:43 GMT

Cache-Control: public, max-age=600

Content-Type: image/jpeg

X-Content-Type-Options: nosniff

X-XSS-Protection: 1; mode=block

Content-Length: 2792

Server: GSE

Alternate-Protocol: 80:quic
......JFIF.............C................................... $.' ",#..(
7),01444.'9=82<.342......9.,.......................................
..................}........!1A..Qa."q.2....#B...R..$3br........%&'()*4
56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz................................
.................................................?...(.../._.....dv.E,
.2..q..FF=..^....OH..Q...d..#5._....x [email protected].............
u8....d..nr= N...`......0.5-.QE.QE.QE.QE.QE.QE.QE.W...".m.#jqj..v.Z[p.
..1(>..{......u.W.....R[/........8..^{.Hi..sJ../.m..w.....~..7....E
i.K..K..;P."X.d.;.....x.W.l.;mN..R........~..r?.<iy.|D...R.K.-e..B.
O ....1Y^/...7z..._...J...JX8.. [email protected](..(..(..
(..(..(..(.. .o....P.q....C......O...<?wi.......i.X....GQ^..HjQ...i
...../.1.\W}.j.|?..i...ts....c#o.&.....(...\";.eb'....\.......R>...
.{2..9.v.}{..>!i..4..4v0E..(.nm[/....^..th....u*....V. .K...(..(..(
...U.3..d.x..k..^...[I.K.y.q..8...!.. .....-.... ......S...>9...#x~
[email protected]... .......N........_d....m.E_..(..(..(.../.K..6P .. 
...w.?0`. .Fzz.U.....!...{..j.^O..I..E..P.....(.[...jk.j..<....9P.s
....>.:*i!/...e......}z...... .}^=SM..nP..I..}....].K.!.jv..H.tK.m.
L........f.-.....].E.. c..]p.@.`.....(....>...Z...>....?7..M....
.>...:......h.!c.....;d...)8..x.=z.{....qx........n.d.Bg.M../.l..u.
[email protected]._>....b.Ds$..Jl .....c8'.....P.alu9/...F.....g.:7<...z..
:..<Em.jVF.M7...E.0..U..8..{.....O...\.c..CM..L....8.U...9...Gj.>
;(.z.....Wk...lH.L.m.l7JN.$...G8..;.|8.L.".&.|5..m|W.....>V.;~o<<< skipped >>>

GET /static/r07/widgetIE67006.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 14 Apr 2014 12:52:34 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 1503

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:24 GMT

Via: 1.1 varnish

Age: 572230

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 236590

X-Timer: S1406985864.391919,VS0,VE0

Vary: Host,Accept-Encoding
#at15s{background:url(//s7.addthis.com/static/t00/atbkg.png);}.atPinBo
x{background:url(//s7.addthis.com/static/t00/atbkg.png);}.addthis_text
share{background:url(//s7.addthis.com/static/t00/atsh00.png) no-repeat
 0 0;}#at16p{background:url(//s7.addthis.com/static/t00/atbkg.png);}a#
at16pit{background:url(//s7.addthis.com/static/t00/tab00.gif) no-repea
t;}#at15pf .ac-logo,#at16pf .ac-logo{background:url(//s7.addthis.com/s
tatic/t00/ac12.gif) no-repeat left;}#at15pf a.at-logo,#at16pf a.at-log
o{background:url(//s7.addthis.com/static/t00/logo88.gif) no-repeat lef
t;}#at16psf{background:#f2f2f2 url(//s7.addthis.com/static/t00/atf02.g
if) no-repeat center center;}#at16ep a.at_gmail{background:url(//s7.ad
dthis.com/static/t00/gmail.gif) no-repeat left;}#at16ep a.at_hotmail{b
ackground:url(//s7.addthis.com/static/t00/hotmail.gif) no-repeat left;
}#at16ep a.at_yahoo{background:url(//s7.addthis.com/static/t00/yahoo.g
if) no-repeat left;}.at3lblight{background:url(//s7.addthis.com/static
/t00/bg-at3lb-light.png);}.at3lbdark{background:url(//s7.addthis.com/s
tatic/t00/bg-at3lb-black.png);}.at3lbnone{background:none;}#at3winhead
erclose{background-image:url(//s7.addthis.com/static/t00/at3-x.png) no
-repeat center!important;}#at3winfooter{position:relative!important;}.
at3winssi-profile{margin-right:-1px;border-left:1px solid #DEDEDE;curs
or:pointer;}.at3winssi-profile a{font-size:12px;height:50px;line-heigh
t:50px;padding:0 20px;color:#000;text-decoration:none;}.at3winssi-prof
ile a:hover{background:#dedede;}...<<< skipped >>>

GET /js/300/addthis_widget.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 29 Jul 2014 16:24:33 GMT

ETag: "57e52b7-1ae0-4ff5779877240"

Content-Type: text/javascript

Content-Length: 6880

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:23 GMT

Via: 1.1 varnish

Age: 3227

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 4085

X-Timer: S1406985863.370505,VS0,VE0

Vary: Host,Accept-Encoding
/* (c) 2008-2014 AddThis, Inc */.var addthis_conf={ver:300};if(!((wind
ow._atc||{}).ver)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn
||"//s7.addthis.com/",_euc=encodeURIComponent,_duc=decodeURIComponent,
_atc={dbg:0,rrev:1406650926,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp
:0.25,camp:1,csmp:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:
1,plmp:1,stmp:0,vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!windo
w.addthis_do_ab,qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark04
3.html",atimg:_atr "static/r07/atimg043.html",countercss:_atr "static/
r07/counter015.css",counterIE67css:_atr "static/r07/counterIE67004.css
",counter:_atr "static/r07/counter018.js",core:_atr "static/r07/core14
5.js",wombat:_atr "static/r07/bar026.js",wombatcss:_atr "static/r07/ba
r012.css",qbarcss:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floa
ting010.css",barcss:_atr "static/r07/banner006.css",barjs:_atr "static
/r07/banner004.js",contentcss:_atr "static/r07/content009.css",content
js:_atr "static/r07/content023.js",layersjs:_atr "static/r07/layers063
.js",layerscss:_atr "static/r07/layers052.css",layersiecss:_atr "stati
c/r07/layersIE6007.css",layersdroidcss:_atr "static/r07/layersdroid004
.css",warning:_atr "static/r07/warning000.html",ssojs:_atr "static/r07
/ssi005.js",ssocss:_atr "static/r07/ssi004.css",peekaboocss:_atr "stat
ic/r07/peekaboo002.css",overlayjs:_atr "static/r07/overlay005.js",widg
et32css:_atr "static/r07/widgetbig060.css",widget32whitecss:_atr "stat
ic/r07/widgetbigwhite016_32x32.css",widget20css:_atr "static/r07/w<<< skipped >>>

GET /static/r07/core145.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 28 Jul 2014 21:23:54 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 215747

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:23 GMT

Via: 1.1 varnish

Age: 403019

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 667550

X-Timer: S1406985863.722895,VS0,VE0

Vary: Host,Accept-Encoding
/* (c) 2008-2014 AddThis, Inc */.if(!window._ate){(function(){var _1,w
=window,d=document;var l;try{l=window.location;if(l.protocol.indexOf("
file")===0||l.protocol.indexOf("safari-extension")===0||l.protocol.ind
exOf("chrome-extension")===0){_atr="http:" _atr;}if(l.hostname.indexOf
("localhost")!=-1){_atc.loc=1;}}catch(e){}var ua=navigator.userAgent.t
oLowerCase(),d=document,w=window,_6=window.addthis||{},A=_6,dl=d.locat
ion,b={win:/windows/.test(ua),xp:(/windows nt 5.1/.test(ua))||(/window
s nt 5.2/.test(ua)),osx:/os x/.test(ua),chb:/chrome/.test(ua)&&parseIn
t((/chrome\/(. ?)\./.exec(ua)).pop(),10)>13,chr:/chrome/.test(ua)&&
!(/rockmelt/.test(ua)),cho:/chrome\/(1[2345678]|2\d)/.test(ua),iph:/ip
hone/.test(ua)||(/ipod/.test(ua)),dro:/android/.test(ua),wph:/windows 
phone/.test(ua),ipa:/ipad/.test(ua),saf:/safari/.test(ua)&&!(/chrome/.
test(ua)),opr:/opera/.test(ua),ffx:/firefox/.test(ua),ff2:/firefox\/2/
.test(ua),ffn:/firefox\/((3.[6789][0-9a-z]*)|(4.[0-9a-z]*))/.test(ua),
ie6:/msie 6.0/.test(ua),ie7:/msie 7.0/.test(ua),ie8:/msie 8.0/.test(ua
),ie9:/msie 9.0/.test(ua),ie10:/msie 10.0/.test(ua),ie11:/trident\/7.0
/.test(ua),msi:(/msie/.test(ua))&&!(/opera/.test(ua)),mob:/(iphone|ipo
d|ipad|android|mobi|blackberry|opera mini|silk)/.test(ua),mod:-1},_a={
rev:"1406582527",bro:b,wlp:(l||{}).protocol,dl:dl,unj:w.JSON&&typeof w
.JSON.parse=="function"&&typeof w.JSON.stringify=="function",upm:!!w.p
ostMessage&&("" w.postMessage).toLowerCase().indexOf("[native code]")!
==-1,uls:(function(){try{var _b="addthis-test",_c=window.localStor<<< skipped >>>

GET /static/r07/widget120.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Tue, 29 Apr 2014 11:58:30 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 83107

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:24 GMT

Via: 1.1 varnish

Age: 1406133

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 589045

X-Timer: S1406985864.287595,VS0,VE0

Vary: Host,Accept-Encoding
#at16lb{display:none;position:absolute;top:0;left:0;width:100%;height:
100%;z-index:1001;background-color:black;opacity:.001;}#at20mc,#at_ema
il,#at16pib,#at16pc,#at16pi,#at_share,#at_complete,#at_success,#at_err
or{position:static!important;}#at20mc{position:absolute;left:0;top:0;f
loat:none;}#at20mc a{color:#36B;}#at20mc div{float:none;}.at15dn{displ
ay:none;}.at15a{border:0;height:0;margin:0;padding:0;width:100%;width:
230px;}.atnt{text-align:center!important;padding:6px 0 0 0!important;h
eight:24px!important;}.atnt a{text-decoration:none;color:#36b;}.atnt a
:hover{text-decoration:underline;}#at16recap,#at_msg,#at16p label,#at1
6nms,#at16sas,#at_share .at_item,#at16p,#at15s,#at16p form input,#at16
p textarea{font-family:arial,helvetica,tahoma,verdana,sans-serif!impor
tant;font-size:12px!important;outline-style:none;outline-width:0;line-
height:1em;}* html #at15s.mmborder{position:absolute!important;}#at15s
.mmborder{position:fixed!important;}/*\*/ #at15s.mmborder{width:250px!
important;}/**/ #at20mc div.at15sie6{color:#4c4c4c!important;width:256
px!important;}#at15s{background:url(data:image/png;base64,iVBORw0KGgoA
AAANSUhEUgAAAAoAAAAKCAYAAACNMs 9AAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZV
JlYWR5ccllPAAAABtJREFUeNpiZGBgaGAgAjAxEAlGFVJHIUCAAQDcngCUgqGMqwAAAABJ
RU5ErkJggg==);float:none;line-height:1em;margin:0;overflow:visible;pad
ding:5px;text-align:left;position:absolute;}#at15s a,#at15s span{outli
ne:0;direction:ltr;}html>body #at15s{width:250px!important;}#at20mc
 .atm.at15satmie6{background:none!important;padding:0!important;wi<<< skipped >>>

GET /static/r07/sh168.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 28 Jul 2014 21:24:46 GMT

Cache-Control: public, no-check, max-age=86313600

P3P: CP="NON ADM OUR DEV IND COM STA"

Content-Type: text/html; charset=UTF-8

Content-Length: 63802

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:33 GMT

Via: 1.1 varnish

Age: 403027

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 886558

X-Timer: S1406985873.314992,VS0,VE0

Vary: Host,Accept-Encoding
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd"><html xmln
s="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en"><head&g
t;<title>AddThis utility frame</title></head><bod
y style="background-color:transparent" onload="run();"><script t
ype="text/javascript">/* <![CDATA[ */.if(!((window._atc||{}).ver
)){var _atd="VVV.addthis.com/",_atr=window.addthis_cdn||"//s7.addthis.
com/",_euc=encodeURIComponent,_duc=decodeURIComponent,_atc={dbg:0,rrev
:1406582527,dr:0,ver:250,loc:0,enote:"",cwait:500,bamp:0.25,camp:1,csm
p:0.0001,damp:1,famp:1,pamp:0.1,abmp:0.5,sfmp:-1,tamp:1,plmp:1,stmp:0,
vamp:1,cscs:1,dtt:0.01,ohmp:0,ltj:1,xamp:1,abf:!!window.addthis_do_ab,
qs:0,cdn:0,rsrcs:{bookmark:_atr "static/r07/bookmark043.html",atimg:_a
tr "static/r07/atimg043.html",countercss:_atr "static/r07/counter015.c
ss",counterIE67css:_atr "static/r07/counterIE67004.css",counter:_atr "
static/r07/counter018.js",core:_atr "static/r07/core145.js",wombat:_at
r "static/r07/bar026.js",wombatcss:_atr "static/r07/bar012.css",qbarcs
s:_atr "bannerQuirks.css",fltcss:_atr "static/r07/floating010.css",bar
css:_atr "static/r07/banner006.css",barjs:_atr "static/r07/banner004.j
s",contentcss:_atr "static/r07/content009.css",contentjs:_atr "static/
r07/content023.js",layersjs:_atr "static/r07/layers063.js",layerscss:_
atr "static/r07/layers052.css",layersiecss:_atr "static/r07/layersIE60
07.css",layersdroidcss:_atr "static/r07/layersdroid004.css",warnin<<< skipped >>>

GET /static/r07/layers063.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Mon, 21 Jul 2014 20:22:03 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/javascript

Content-Length: 162945

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:41 GMT

Via: 1.1 varnish

Age: 1011311

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 62609

X-Timer: S1406985881.721824,VS0,VE0

Vary: Host,Accept-Encoding
(function(e,c,f,i){var h,a;var g={};g.qwery=function(){var b=function(
){var n=document,M=n.documentElement,Z="getElementsByClassName",B="get
ElementsByTagName",m="querySelectorAll",N="useNativeQSA",x="tagName",W
="nodeType",ai,V=/#([\w\-] )/,w=/\.[\w\-] /g,ap=/^#([\w\-] )$/,al=/^\.
([\w\-] )$/,A=/^([\w\-] )$/,ad=/^([\w] )?\.([\w\-] )$/,R=/(^|,)\s*[>
;~ ]/,X=/^\s |\s*([,\s\ \~>]|$)\s*/g,aq=/[\s\>\ \~]/,I=/(?![\s\w
\-\/\?\&\=\:\.\(\)\!,@#%<>\{\}\$\*\^'"]*\]|[\s\w\ \-]*\))/,an=/(
[.* ?\^=!:${}()|\[\]\/\\])/g,j=/^(\*|[a-z0-9] )?(?:([\.\#] [\w\-\.#] )
?)/,y=/\[([\w\-] )(?:([\|\^\$\*\~]?\=)['"]?([ \w\-\/\?\&\=\:\.\(\)\!,@
#%<>\{\}\$\*\^] )["']?)?\]/,D=/:([\w\-] )(\(['"]?([^()] )['"]?\)
)?/,C=new RegExp(ap.source "|" A.source "|" al.source),t=new RegExp("(
" aq.source ")" I.source,"g"),am=new RegExp(aq.source I.source),H=new 
RegExp(j.source "(" y.source ")?(" D.source ")?");var S={" ":function(
q){return q&&q!==M&&q.parentNode;},">":function(q,ar){return q&&q.p
arentNode==ar.parentNode&&q.parentNode;},"~":function(q){return q&&q.p
reviousSibling;}," ":function(q,at,au,ar){if(!q){return false;}return(
au=aa(q))&&(ar=aa(at))&&au==ar&&au;}};function v(){this.c={};}v.protot
ype={g:function(q){return this.c[q]||i;},s:function(ar,q,at){q=at?new 
RegExp(q):q;return this.c[ar]=q;}};var af=new v(),E=new v(),K=new v(),
ag=new v();function T(q){return af.g(q)||af.s(q,"(^|\\s )" q "(\\s |$)
",1);}function aj(ar,au){var at=0,q=ar.length;for(;at<q;at  ){au(ar
[at]);}}function G(at){for(var av=[],au=0,q=at.length;au<q;  au<<< skipped >>>

GET /static/r07/json2.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Fri, 04 Apr 2014 15:06:38 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: application/javascript

Content-Length: 3353

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:42 GMT

Via: 1.1 varnish

Age: 573946

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 80873

X-Timer: S1406985882.908518,VS0,VE0

Vary: Host,Accept-Encoding
if(!this.JSON){this.JSON={}}(function(){function f(n){return n<10?"
0" n:n}if(typeof Date.prototype.toJSON!=="function"){Date.prototype.to
JSON=function(key){return isFinite(this.valueOf())?this.getUTCFullYear
() "-" f(this.getUTCMonth() 1) "-" f(this.getUTCDate()) "T" f(this.get
UTCHours()) ":" f(this.getUTCMinutes()) ":" f(this.getUTCSeconds()) "Z
":null};String.prototype.toJSON=Number.prototype.toJSON=Boolean.protot
ype.toJSON=function(key){return this.valueOf()}}var cx=/[\u0000\u00ad\
u0600-\u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\
ufeff\ufff0-\uffff]/g,escapable=/[\\\"\x00-\x1f\x7f-\x9f\u00ad\u0600-\
u0604\u070f\u17b4\u17b5\u200c-\u200f\u2028-\u202f\u2060-\u206f\ufeff\u
fff0-\uffff]/g,gap,indent,meta={"\b":"\\b","\t":"\\t","\n":"\\n","\f":
"\\f","\r":"\\r",'"':'\\"',"\\":"\\\\"},rep;function quote(string){esc
apable.lastIndex=0;return escapable.test(string)?'"' string.replace(es
capable,function(a){var c=meta[a];return typeof c==="string"?c:"\\u" (
"0000" a.charCodeAt(0).toString(16)).slice(-4)}) '"':'"' string '"'}fu
nction str(key,holder){var i,k,v,length,mind=gap,partial,value=holder[
key];if(value&&typeof value==="object"&&typeof value.toJSON==="functio
n"){value=value.toJSON(key)}if(typeof rep==="function"){value=rep.call
(holder,key,value)}switch(typeof value){case"string":return quote(valu
e);case"number":return isFinite(value)?String(value):"null";case"boole
an":case"null":return String(value);case"object":if(!value){return"nul
l"}gap =indent;partial=[];if(Object.prototype.toString.apply(value<<< skipped >>>

GET /static/r07/layersIE6007.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: s7.addthis.com

Connection: Keep-Alive

Cookie: uid=53dce6a0d676490a; uvc=1|31; uit=1; bt2=53dce699001s70001; di2=N9OL95.UYM; dt=X; loc=MDAwMDBFVVVBMDAyMzAwMjE2MzAwMDAwMDAwVg==


HTTP/1.1 200 OK

Server: Apache

Last-Modified: Thu, 22 May 2014 15:35:37 GMT

Cache-Control: public, no-check, max-age=86313600

Content-Type: text/css

Content-Length: 2211

Accept-Ranges: bytes

Date: Sat, 02 Aug 2014 13:24:43 GMT

Via: 1.1 varnish

Age: 573956

Connection: keep-alive

X-Served-By: cache-fra1220-FRA

X-Cache: HIT

X-Cache-Hits: 25755

X-Timer: S1406985883.470858,VS0,VE0

Vary: Host,Accept-Encoding
.at4-follow,.at4-follow-inner,.at4-follow-container{position:static!im
portant;display:inline;}.at4-follow-outer{position:absolute!important;
display:block!important;top:0;right:0;}.at4-follow-inner{display:block
!important;padding-left:30px!important;}#at4-foc{position:absolute!imp
ortant;display:block;}.at4-follow-close-control{height:44px;}.at4-shar
e-outer{position:absolute!important;background:none;top:20%;left:0;}.a
t4-share-outer-right{position:absolute!important;background:none;top:2
0%;left:auto;right:0;}#at4-share{position:static!important;}.at4-share
-btn{position:static!im..

GET /static/css/jquery.loadmask.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:07 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:07 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a980d85410761-AMS

Content-Encoding: gzip
16f...............j.0.._%..mPgNJ.....$Jl'b.el7.5....-..;8........-..!.
.7.N..h8.."&$'..d.I.D^pi.I.b3..y.0}.........m.A...<~..u.I.0....N..,
..;.N..*M....4.Sz.oD.h.[..cs.?5.....*{.*.i...aT...;..........QzP..(Z..
.g.pY.p.Y...8m6..L_Nu......q.Q?.V.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[
i.%.(.`..d&.h.=.....]t....\dQ.4r8.../.).Y$i.....t..*.....B.. %...p....
...e.s..#.h...J..o}7.x.....0..HTTP/1.1 200 OK..Date: Sat, 02 Aug 2014 
13:24:07 GMT..Content-Type: text/css..Transfer-Encoding: chunked..Conn
ection: keep-alive..Last-Modified: Wed, 17 Apr 2013 11:51:19 GMT..Cach
e-Control: public, max-age=604800..Expires: Sat, 09 Aug 2014 13:24:07 
GMT..CF-Cache-Status: HIT..Server: cloudflare-nginx..CF-RAY: 153a980d8
5410761-AMS..Content-Encoding: gzip..16f...............j.0.._%..mPgNJ.
....$Jl'b.el7.5....-..;8........-..!..7.N..h8.."&$'..d.I.D^pi.I.b3..y.
0}.........m.A...<~..u.I.0....N..,..;.N..*M....4.Sz.oD.h.[..cs.?5..
...*{.*.i...aT...;..........QzP..(Z...g.pY.p.Y...8m6..L_Nu......q.Q?.V
.e.W.h..*G,h.!....E..6.K.~.....Q~l.m[i.%.(.`..d&.h.=.....]t....\dQ.4r8
.../.).Y$i.....t..*.....B.. %...p.......e.s..#.h...J..o}7.x.....0..ont>....

GET /static/css/core30.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:08 GMT

Content-Type: text/css

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Tue, 13 May 2014 14:12:47 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:08 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9811d6410761-AMS

Content-Encoding: gzip
606d...................0......p.t...(QGu...io..p.g......"...)Q........
....x.j...[...H ........l..'r....O...g/..\d%..."'.....<...]...Eu._/
5.l..L....9.sWW......N$.r.yq:....MYe.^~I/yQ...p.....v.J...8.!/..|.../U
.........._..p..........e..uW.99..z.;...-.4<.....x....=..e.q....Q`.
..G..P..g.............O./_6U..a..w..v...3=~z...#......../?.\.g:...x9.1
 ....~Z....M.EI.K.......eV.U}{..../...}............C~{.%."......%G}...
G1(....M......../N....m.L...>.`.U.9 ........ahn.......VW...mJ..'...
~.l....sI....jJu.....q.. l.'J..;>....o..>.}..B.VN......N..|{..r.
\.....EF....XN$..q...d...ar..".n.,{)..t.._..</.w...E. ../..._......
....1...dU...... >X...../wl.tEg.]..6.........Cu:...p:\...f...H....o
..(^.d.Zx...T2d.o../........#.N.......C.....?..;.>..vC..E......H.p&
....g/....i..x./..bO.J'.#z....R..UQ..Q.I..1...IycZ.. ..n7)]@.k......G.
......I_.....T%&<D..<..s.I.[.W#....@..$'..Q.=,...x.....b.....8ZA
..>V%.'.Prr.).......r...z....mM7......r......4;.B.i..,H...G..C.L7.|
....R..bh.....r]...:,..|;\..B ........)~..........uZ.|...X....S.O$*.?x
u]6.. .._.....g...../kB..zG)p_.....=.=.IZ....8L.=.z.#..M..n).[.3`..`.`
..'[email protected].. ^...............H.]S..o.7...Y..!..........X..{M.hH.
...l..."/.|.a./.#T...erE...b.C.i.s.#HMn..[..O.V."7..............[U....
...V.d....z.3y.....|.].....O.....%t..I..M..#.o...{.g.....>.i.X....d
A...z.S...o...............`............N..;....t.E.FK.)%U...Z.r...}^.A
H4]@?0....f.....Jk.y...A..JV..LD......r.T.N..6Q;...`.....LlX...._-...)
.sS..*`."_....f......L.M.*\4.....0*..w...{......U....D.g .:.y.y...<<< skipped >>>

GET /static/js/common.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:13 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:13 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98321ccc0761-AMS

Content-Encoding: gzip
b25..............ks.6.3. P....L.V....VI..S7.YN.z...HHbB....q..... .R..
.3...../..74%C.......;.......o.GW.=b.......%.. .[................._...
NO...V...?N...F.8.1...^.]...{......$.`r..G.%.`.v.'.<.......w....]..
..6;.?v........,..Q.^.."N..]....<.<.....-..UB.Et.;B..m=....|...#
......g.|q.nX.#.T.....8..z..9........>...H..|......F.......Ky....`.
R..D.O9..M...N....k./.J}...Gm{.l."..8......7Ln...I....Bp.u..7..i...74.
@<p..M...M...r)..m.....2.GKF}....@.....>.X..bYF..h..U.V_Z.m..?*v
j9n.V.....F0'vc.F...I."...,H.M(...........&,....1..A4N.....U.nSc.M.'.2
&.......P.viF..)C..J...e@.^.O.4. .Y...-.h.".).....~..$......x.n.s2..MG
.O......PM......9.L~~:5A .v.......O..;f..%.[r..'w.-.h..<.......1...
"?.u...fq3FSoY.WI...0T!.2...1.f....yP.._...WI........j...6..IL....z.. 
.X...J.J. ...(Nx.".......#L.k.e.A.2........_....p....[.N.......a..XO..
.U...1(N.n...4....S.,)..v@.>.....:..~.. 0..?O`....../v......[e.....
...%..$..,^..i|...(..X}...$....F.|!..jt..d@^H...*....l.z....F~....[6{7
..\,!......._^..?.diz.. .3.Is.,(.....p.&p..U...8.ra.#?.....$xEC.l.....
...I.D.E y.1..x....A....r.....f.c...qZ..........6.;..V..l.q.[h...w...&
gt;..h..A8.........k..5..). .W.g.k..Hn.....Lz....{..Q.j._..Ip...o.Q}.C
b...b.j_nh..p..*..AA.......!.}...B.e.X..?|...%..q..WVV.|t.Hb.....c..g.
e_.YW.kM5...Z..4.......%dK.....zL.........X.. sAg).<.|#[.W......4W.
S;..Q..0Q0.m.v..%9?e.z.....5.Q......D.j...8..P...$..~.yy.|.hTXC.w.....
Q2x...O...,.TW.=j'..K....i.'.,yXzlM.4.8X.z.,...^).._...E...P.n..5U...@
?..,..?..1.$...n...3...K.Q.......o..b.E. .....G...dR...1'{..#X....<<< skipped >>>

GET /static/js/jquery.loadmask.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a98338d1e0761-AMS

Content-Encoding: gzip
321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU....d... x.n
......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI....m.5.J@.
@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d.k.:....f
....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp...........O...D.&
..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...W%.........#.
6}_%.3A.....vpb........{S.....{..4:@)w.. .`.|c .=Y......\.~...A..c..W.
;A...;.....LD..Z(....3..\.....Z.....6NE......Q...$.R.U8...q.!.c .i....
/.H.F"Z.X....^.I....MC...U.......W.g..Of..&.:.L....^.x.B...7..V@\.....
.5..>...j...:so...Isf.7e..)......... . .#..m..._/....)Y..I...".=..P
RB..P..F.h.*.')..M.1/]...[..,..5...L..H....G.%....3.8..1..m.b.g.....@d
$Sr='.p......6i>..\.K\..!u .q.^..u..........3..lHx~...:.~.=......1.
..?.g..e...0L]49...........|...FtO.....[....TD.......0..HTTP/1.1 200 O
K..Date: Sat, 02 Aug 2014 13:24:14 GMT..Content-Type: application/x-ja
vascript..Transfer-Encoding: chunked..Connection: keep-alive..Last-Mod
ified: Fri, 18 Jan 2013 10:52:16 GMT..Cache-Control: public, max-age=6
04800..Expires: Sat, 09 Aug 2014 13:24:14 GMT..CF-Cache-Status: HIT..S
erver: cloudflare-nginx..CF-RAY: 153a98338d1e0761-AMS..Content-Encodin
g: gzip..321.............TQ..8.~G.?.?...:{ t'........w.w......G..nU...
.d... x.n......f.\\<}......V..GDPt}u..}...-.h.\...C.....\...\i&LI..
..m.5.J@.@...`./..~..H.}.:I6..3u.0......>.%.........y%...~.)...G..d
.k.:....f....#.).2......PB.Y....H.uw.....5%zw....>y..c..Zp.........
..O...D.&..8[U-.b...,.._(G.pQ...N.H.l..}\..........."...R.$...o...<<< skipped >>>

GET /static/js/jquery.form.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9834cd5f0761-AMS

Content-Encoding: gzip
1340.............[ms.8..._A...`......2.*.dvr..s...l.4[ ..H.)..mE...n.|
....M]U..xi........m..N...t.>[..t. J ...E-<...[..mV.*...k...4D8.
.nj.e>.....X...[...$...I...kQ..f1....Fd..P.v ....f[..Z...t.......U.
..U...<p2..uBKYo...xp7[.p......z.x..Z"v.w.9...".......(.d......|...
..u%.........".|'.M.9.a...t.K....\.0.......@q]l.K...F..S.../..z...e..I
....j....VD.............W..~ .P..X......~ .....za....R..$..@]8."..@d..
}...N*f..=.yX<:A.WE....;Y...........Rt....)..]Y...r..P.P..W.n.}b.Tv
f....(....W6u.4..:XPy.....#..-....x.q1...,|.."..s.h....3O.l.....4r.f#.
..wr..b-.zz..V*...|.K..h 7....V...DT......R.HL...n........i.W....c-6..
...|.^[email protected]..."HT9...?.~.b.p..& D...Kh...8OI..F....
.....G.........>:E.1.{I~.;3..5..X....m..|#.J..k...'....b.k.........
'M|..e.-.(.O#...c0P'..p..%l...j../.9...C.3.V..J.S.|....m....7Vv..I2x..
R.;....v...][email protected]%.g%..mN.R.p.....6.......>..tjo.4.e.,.*C.
MT...Q.oD...N..%...K.......>..A...EY....f[.~.....,&O.=L.A&E.Jz."...
...rD]...a.:.]...N....y.e...e........v-...m.-..t.Cg[f..qK3.S....N.J7..
....oa.e..]N`.kD....1.E..!.y.....k..).p}.p|.6c3...w...."tj.....t...d..
....5.?@.&.n..M. .'.)[email protected]...).e%.f[%.'/..l'i....p....2.|a.zA.^)LDM...-
.A./.YR.....4*A.....^........`."...=h .......m.S.v....CZ..H...d..q....
{eG.....98.n..$R...9......[.....x}.PS....A.X>I..4...b.Uc.=..B....".
[email protected]]Z.htc...:``.....R3_X..$.....n.4jR.Pa..~:....s.M8I)#tHm....
i*..9.......\ ...{..U[.Pp..7*Z'e.....,.~Zg....1t6.......>...>...
=E4..u...H..hLw..1.....4.....'.a.?}........j_J.....*......./.....~<<< skipped >>>

GET /static/js/modernizr.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:14 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:14 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9835cd930761-AMS

Content-Encoding: gzip
35dd.............}.z.7...?......l.b."YI.[Fg|...wVV.&...5..FS.m.|.5...I
..........c.%......B..P(....%..W.P.i.%....fx..M.b...-..pj^..l.....l...
....AGlon>.nonm..Q>?...T.x...q..j...D^.cyQd)V.6..n..d..P.Sh@..).
.?.Y.^.......5.z.][email protected]...)w../.XL..D.Q..K...xGD.P......b$.b.K%.\..<
....H..n..`..2-..C.5...0..J....JE&.....b..E.T{.%Rb.g3..1T.R..q....C4..
..E@[email protected].)...)..xRL...L......I...Q.O._.4I.."...hp..*.q..2.D.....\..1._
...q..t.D.H$...H....3.z..B^.......t.....R.....S;[email protected].
Au.3..a.-.._.;..G......Y....W..... ....".eb,..F..'C.6.......B&..x.e*N.
..9.......b...:...E. {....b..J...X?.<w..q.^[email protected]...'2...(e....Sh
6t.?...<. q....b....!.M.Q...;...[..9.2..B~9.-......p.^.........`6`%
`u....N!..@.>L.!.;.....~{ .|.u[..sfdxn0....*0E.&.._n..//..`.]G=Y...
...l..X.s.y.....C...9.z)p*l...0...h!..1.Tad...,.5.....HL..............
.@G.=.. >.L.P...h#..t6/,.800.q6W..... .T..2.T}=z-*..h4.4&.[{..1Ev..
[email protected]....@)...=`.....w.[.c..._...Dw!.gq...i........
.P2vE T.$.....px..XD$.L.DL..8.....S&...x...Q.....o.#..<0....I......
..2.P|...l..l.b..#6.`%...0.u...7'.....D...%,7.... 1A........0.. ..<
...W. .T6"..q&.#2.z..j..@.=....h6.Q.TsX....k..T}.,T.....VM........G.?.
.i1...3...V.y.$..C..X)......1..o=..4.......G.h`..K.m..qkO.<.f..f...
..f..^.&.9.D"...AT...M..V.....g"...)0.......L.d.....Q......L3o.G.f*..2
#.y"... ......\AL.:...Zv...,....*.....r../.,.`...l......k...mu...x$..w
.J..K...f..s ...f.2...1jm.(.N.i.............M.^...IU......A..V.!." ...
.Z..".4Q.....j3......!,..F.N........~B...=Zc..&.|..A..!..t..0.R.R.<<< skipped >>>

GET /static/js/spin.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:15 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:15 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a983e1f510761-AMS

Content-Encoding: gzip
d48..............k..6....`.....lo.;..N.....IsH..... K...,.......73|...
{.F.......T....)..W.[o.y)7c..&....N.....t.m.N.&..M%.....v..n..M....U.&
gt;...OOO.){)..%V...e..&.)[email protected].[s.....f.
 .''......N.....Ur..7.K.,y-..k........O.o...P..!R4bS.lH......5..5.....
[< 3B......V..Z{.}.....H.k'j.=0.A.IV*^t.....u...... V...l%ny34$....
o.h....i.TQ.. .l...pY..[p..f..p.G..A..N..!!......5....;X......,..m..{.
.D...J.&..&..W.5..Ux2x;[email protected]`...kr..P...|....D...th.
..,....c.8f). ........[..Yu.s&.k..`..c.-...H5.hW.:;".A9....Yu`...1.=..
.9..7...H........x... ........{.....6O..g=T....w.....e....M.5/.$..\...
E.f...........I.fq..$. ..&...`...Q.E....h0..w.)9.H.......).5[...ub#...
...Qw..z........;..Os0.>..G..E..D......q/ ...zZ.....N...21$d.Z.....
.=...>....d.....{).4.....B..'.d..L...1{.G..]t.|S.....#....;M.xDt26d
f.G6y.(.g.\o..S..t2<..r...,...%Y.w.....e.y..B..... .2....<R.IlJ.
K.>.S......Er?8...-./...%?$. <i...g.."..V?...~...k.Y2x.$.p...pB 
.<\.`S......ez....}.V./.'...=.....&V......?=..p.0G]*.)`6!...W>..
.R(.L.m[..D...`.(. C [email protected]......,.........c.O..(...9.Ppr..wL...
.W..5{.....%t.3h.dk[^....K'...By..O~...[.tj...R.'Xa.6..........3..w.~.
...76.;.)s..;.B.%..=.td.....A....2z...._..n.......gQ..O.1.`.lVo.Z...p.
.)...B..e..#.>.:..1.cX...c...G4..GS..[.."..............XhYo;l.V|$.K
.uX.i..F.V..N 5.R.o...~..2.^.%......lm8.A.........jp.^.2...#r.~.!.....
.K/.5.Z.r.AQ...)ts.g<f. |..,`\.U...R.*.."Yz..r..l"./.F`Q!....G.(..(
o.,md(*.E.&!..7..P.i..R..6g).A'2c.}.i.mg.F........d2I...S.Z`..T..j<<< skipped >>>

GET /static/js/jquery.ulightbox.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 18 Jan 2013 10:52:16 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a984e42e30761-AMS

Content-Encoding: gzip
500.............W.r.6.]._qEg.*.)9...g.w.v..5...L. ...a.%A........(R...
B....8./.^M...../X...._'..z0{...b6.l6A..,V:.L..'.....1.v..mf......1...
....=.....9...1.@'...~...,.J.. , 0.z.4..s.kvpO..HX......2.... .1.../..
..g..[.r..l..<Oq..J2."A.|....O......'4V..*.Pi...%."D. ..g#........K
%5.z....t.z...u>....i..u...'..%..X.2.H..R.O ...8..W.R.:k /|..xK..MS
&c.s.b}.....]...W...uuW...(.....Q.u.....m..D..=..... ..i.$.N.^. P.2..S
1}..iw.As-...OfM..._......7.r-...d..|B.g...$..|...%...3.~H...La..d....
./[email protected]...~B.......~CzN>9 &r....!.O_ ..5B)..L...
.r..@\m..d..!~.$ Q...L.".Uc.~.....XeY.Tn....i..<_a..;.*c..$.)...e..
U.3B&]....d...A.l.u........:F..#.I.. G..2.....>.H.m*ae!....-5.u..u.
.....&.[[email protected]''.g./.s.<9.....#......e%.B\.4uy-..L.(..
....#.tD..........<.2....k...`..x.U.u.M..c.........9F....h.Y.......
.I.7....1.T...d...qM...P.4.......exDJ.......Ll...@..|.q(/...5...h...q.
f..r.;....\.!..Mif.vCi.......&...)5.K3......O..."*.......y....~%m.4...
..d..b...:b.FiC..T.,...y.P......E..g]..`4..8..........U..-RZ1........|
.@<.f .l..C[]..,....(.G...6...i.c.......K....Z.cFd.o....m..a....]E.
$U.;|..m....22/.....l.l..3g.}......Zg.....eT...Nv..:..W.'.EX.......I.9
@.......}s...=......6b>I....2..)'..)..sB......].....".:{.S8........
\3..s...7W._...7.*..#.v.1.u...[.Z[......:x..R0X.M.....0......
<<< skipped >>>

GET /static/image/header_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 230

Connection: keep-alive

Etag: "481-50f9295f-7f4e3286a18fa4ed"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a984f93270761-AMS
.PNG........IHDR.............=.#.....IDATH...1..0.E.....@....^...,TB..
..*..-....8?......p,f.........G.-c.5.>...>y..@W...?..>......w
.q..^*5..hy<./n4[Uk.......[?$.^~..}..>.....<oG....y..........
..........#.].M.....|....i....IEND.B`.....


GET /static/image/quote_photo_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:18 GMT

Content-Type: image/png

Content-Length: 169

Connection: keep-alive

Etag: "430-50f9295f-5c8366b15e404e47"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:18 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a9851b3ac0761-AMS

.PNG........IHDR...0...1......<[email protected]...&[....
..9G.?.....Y...M...|@....X>m......6...}J....... @....... @...z...1r
.....%HRf..e...,...........IEND.B`.HTTP/1.1 200 OK..Date: Sat, 02 Aug 
2014 13:24:18 GMT..Content-Type: image/png..Content-Length: 169..Conne
ction: keep-alive..Etag: "430-50f9295f-5c8366b15e404e47"..Last-Modifie
d: Fri, 18 Jan 2013 10:52:15 GMT..Cache-Control: public, max-age=60480
0..Expires: Sat, 09 Aug 2014 13:24:18 GMT..CF-BGJ: imgq(85)..CF-Cache-
Status: HIT..Accept-Ranges: bytes..Server: cloudflare-nginx..CF-RAY: 1
53a9851b3ac0761-AMS...PNG........IHDR...0...1......<.u...pIDATX....
[email protected]...&[......9G.?.....Y...M...|@....X>m......6...}J......
. @....... @...z...1r.....%HRf..e...,...........IEND.B`.....

GET /static/image/links_clicked_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: image/png

Content-Length: 433

Connection: keep-alive

Etag: "525-50f9295f-70456e5279c4711c"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a985374140761-AMS
.PNG........IHDR.......1............xIDATx...=..Q......&.... V~k.E...(
j>....!...t....S.ps.S./.....^...t>..%...|.........v...f........d
.N....uN..`2.$...v.._...K.I8..4..9.....b:.......r5..K...O".sZ,.&.%.Q..
r.4.(....r.9A.s._.o...)BN '[email protected]$'......S.G...
$"[email protected] '...8..x..(....r.9....7...@N '.....F..W.@"......r
.>...|..OI>..V..n.3.xN.IDuNUU....v{:....K2.'.$.:......~~.....K.I
D.9..y..['aB.....IEND.B`.....


GET /static/js/index/index.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:19 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:19 GMT

CF-Cache-Status: HIT

Server: cloudflare-nginx

CF-RAY: 153a9853d4260761-AMS

Content-Encoding: gzip
701.............Xmo.6..l..6.*9.d....M.4k.`]S..X...c...ZTI.........))Y?
T@b.|.x/..G..$3.dC..$M...}..I......7.."......K)..&..~..Y.b..D..x...t..
....o....#...O..dN.....Ft..X.7Rl...}.....8....2.b..L..T-/.,.R......6.H
8..I. &RL..i|.K%d.e.....Yx....._St:...oo.P.(..U...`H*7a....*...#.#.S..
Cj.;.{...F.,c2......o.].. ....@. ..]..0...I.......,........f....n.h...
.cl..3..B.I*.... .........AL..F'.&x~...."I.rtD6I..M...b..%..9..k..<
..0X(.qT........t&bv}qv...).*,.X.v.F.l.....[..#.'MP....?{.mri...*&.R2.
..3.p.I..[.R.}.... Z.s...V..F..<..4....'Z...D.;...Ws".....:.u<v.
.X....;K.6.T....W.a.......1.0.R...,.,.S=......42.....F6..3.I1cJ...V..\
_|..'..bdE..Q...A8..`..]1I...%1h.....i<... ?...X.......a]..6c.H....
a5.K..#..j.`....HL5}....4..:M.WEA8.t6=.x...............C...,.>.m...
.... `....LVa.0.A].j#..\Hv.R.."[email protected].'1d..iQ-3..R..
......TPq..C.....".qg.......V..T.jh!WK8.R.L........2...)....=.X".Sbn..
..J....#4 ....Dfu.q......j....z.<..YC.aw.........GV.R......7....|..
0.....S..AGY....7.m..`..{....s.V...^$p.......;.8T.n..Kv%\........-...O
.&.{-...8..v.~....h.~HC....&M...uX.`l*jme.x.;.)w:D.o.{u..1.YS..ex....N
^..]t....wT....S....\.dN.g.Q.....G9..q...p.`T.X..oS...,.)i0.Gf.a......
dT*f..d..1.t;[email protected]..{.....RG{.......'......xo..B..^..0
...:.0.y.r..#[yT....S.p.pU0A..z.Q.L...L.n...[9.,M*.Y....Fq..M...G...a.
w.7.........D..!jGL.gTM..~....;.Q...ya.(..X-_.....O<..>..V...K.2
.6.....KM..>..../...6\.|......~V..-r.....R)...-...d*....."........V
......'.=dPu1i........iN.......t..8v....x4..........c..?._..f..8!.<<< skipped >>>

GET /static/image/footer_home_lr_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 126

Connection: keep-alive

Etag: "415-50f9295f-1e5347f3b5265ffa"

Last-Modified: Fri, 18 Jan 2013 10:52:15 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986d995b0761-AMS

.PNG........IHDR.......3........x...EIDAT.[}....0..O..St..?U ....N .%.
..y...7..0..,..&..V..l..y..|f........A.....^....IEND.B`.....

GET /static/image/ft_paypal.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 1121

Connection: keep-alive

Etag: "489-5131339a-c928e4b38120432b"

Last-Modified: Fri, 01 Mar 2013 23:02:50 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986df9700761-AMS
.PNG........IHDR...Q.........3......GPLTE....U.......W................
..........-`....Iu.......s........;j......................e...........
......................................................................
......................................................................
......................................................................
..........................IDATH..UW..@....... ..v..{.u{........^.}...=
g.....7_2a.R...`....A^...w..B....as..m.0....0?.........*I.".....d..*..
.1.y%v0..zM..I. (.f%.......'].g.....s.tO.u....u..c.....h...g...%...2..
..v.^..C.............V..y....0..(0.....&.....,......|c_...1Z.c.~~.....
jR$....W......z.`.H..($...0.2..WQ...$&2 ...H.L...6....C.Z...$.\..b$...
..T[.....1....G..y.*.%.$...F.^0!.3.....a ..aN.(.....a...u.......Y7"/..
...;...|.Q...>j.|....N.".......kEB.. .k..Z.1.ok....N..r..J.8.R6....
.F..mJB2h...z...IQ.(.wz^..q.e...y.l...XL.....J.^.#...:IF...R.......S..
2...Mh......z.....d:*...0...<.|....x........U....?...XZ...)7.A.q.[=
..|.Z......I.P..M...w.."...>..._.63Ch.uGN\..F....T.*4m..g...r.l.-.U
.............Z......m".L0.a......7.......x...'w..%|......../.8>W..u
.....IEND.B`.....
<<< skipped >>>

GET /static/image/ft_alertpay.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: __cfduid=d18c599e4eb6bee43e5de5fd771449bb31406985841816; FLYSESSID=9ee842ff14da39675086219bb93b907708c59e2b


HTTP/1.1 200 OK

Date: Sat, 02 Aug 2014 13:24:23 GMT

Content-Type: image/png

Content-Length: 2058

Connection: keep-alive

Etag: "996-5367718a-98fe83db70031711"

Last-Modified: Mon, 05 May 2014 11:10:02 GMT

Cache-Control: public, max-age=604800

Expires: Sat, 09 Aug 2014 13:24:23 GMT

CF-BGJ: imgq(85)

CF-Cache-Status: HIT

Accept-Ranges: bytes

Server: cloudflare-nginx

CF-RAY: 153a986e798d0761-AMS
.PNG........IHDR...Q..........Lc<....IDATh....S.......w..O.c.....X.
...B..K.<B..[^.b........2;...K......(. [email protected]...]....b...zgz
.....s..G....#;.;D;..K.333....l5.4e..jV.OI...{...j}...'_.r.E.=L.o...|.
g.|....\t...C|....q.6..EQ...@....).Fp.F..J......H.W.......l1...[....&l
t;.S........V^...#Z..H.V..:..........w.:==...)X,.i|......1..3.>B...
 ..p\....;.q..k.S..l.D...........w.....0......|.2..?.s......HOO..;w0&l
t;<[email protected]).,.....O...R....A.b...a....31.>|
.nnn...B@@........???......_.V..........L&..!~.Q.X....|.t[.O.~....X&-.
....a\...#.~.B.....jE'R....<[email protected][email protected]....
mmmx......q..=455.....AKK.Z[[....aav.ss3^.~...~y...s[..../%.LLL...S...
.B.....Z.(...()).....!.[..\.....(....'..|.7.70....8..f4t.!D....Q...y!.
g............<}.7-. ...ds..\..m..../c.........T.......o..c...E.a...
...'.k..!22.6.-66.'N.......!:\.....b..]x..).>|(!g........ Y..AJ...#
V........1......F...].]H....|we..1.`|............./}.F.l...2.`...;wb..
=......h=.........`hh....b.qqqbM'O.........[..!H....>....O..>.9t
..zzz099)m..[_?C.bQ.<[email protected]<h CC_=...DE............7.......
T...9!.8p........,qgZ........;fs..........W....A.N..#G.=.\.x.555..s1..
U.y...$......._.y......W[[ ....$........V....@....&..nY......\-<...
..Gx ......R........6<m...iI*<...q ....._....w...*.....P...K0.N.
B^^.@...[5).&.s.-[..A...B.&t.f.:..8.\.DJ..,[email protected];K..v.5...._:...F\..
=LV.;...{..)s.|n..Q.....f).>.".M.6I<[email protected].....
$$U./i....Yf.r..]9@ggg.<)).!!!X.~...EC.R.E.B....T`...!..W. ..6}<<< skipped >>>

The Backdoor connects to the servers at the folowing location(s):

abcww.exe_1864_rwx_009D0000_00006000:

x{^%x

adf.exe_1684:

.text

`.rdata

@.data

.rsrc

s%j.Zf

8crtsu

:crts

crts

GetProcessWindowStation

operator

This is a compiled AutoIt script. AV researchers please email [email protected] for support.

uxtheme.dll

kernel32.dll

operand of unlimited repeat could match the empty string

POSIX named classes are supported only within a class

erroffset passed as NULL

POSIX collating elements are not supported

this version of PCRE is not compiled with PCRE_UTF8 support

PCRE does not support \L, \l, \N{name}, \U, or \u

support for \P, \p, and \X has not been compiled

this version of PCRE is not compiled with PCRE_UCP support

ICMP.DLL

advapi32.dll

RegDeleteKeyExW

Error text not found (please report)

WSOCK32.dll

VERSION.dll

WINMM.dll

COMCTL32.dll

MPR.dll

InternetCrackUrlW

HttpQueryInfoW

HttpOpenRequestW

HttpSendRequestW

FtpOpenFileW

FtpGetFileSize

InternetOpenUrlW

WININET.dll

PSAPI.DLL

USERENV.dll

GetProcessHeap

CreatePipe

GetWindowsDirectoryW

KERNEL32.dll

OpenWindowStationW

SetProcessWindowStation

CloseWindowStation

MapVirtualKeyW

EnumChildWindows

EnumWindows

VkKeyScanW

GetKeyState

GetKeyboardState

SetKeyboardState

GetAsyncKeyState

keybd_event

EnumThreadWindows

ExitWindowsEx

UnregisterHotKey

RegisterHotKey

GetKeyboardLayoutNameW

USER32.dll

SetViewportOrgEx

GDI32.dll

COMDLG32.dll

RegOpenKeyExW

RegCloseKey

RegCreateKeyExW

RegEnumKeyExW

RegDeleteKeyW

ADVAPI32.dll

ShellExecuteW

SHFileOperationW

ShellExecuteExW

SHELL32.dll

ole32.dll

OLEAUT32.dll

GetCPInfo

zcÁ

mscoree.dll

nKERNEL32.DLL

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

WUSER32.DLL

>>>AUTOIT NO CMDEXECUTE<<<

CMDLINERAW

CMDLINE

/AutoIt3ExecuteLine

/AutoIt3ExecuteScript

%s (%d) : ==> %s.:

Line %d:

Line %d (File "%s"):

%s (%d) : ==> %s:

AutoIt script files (*.au3, *.a3x)

*.au3;*.a3x

All files (*.*)

#NoAutoIt3Execute

APPSKEY

04090000

%u.%u.%u.%u

0.0.0.0

Mddddd

%s (%d) : ==> %s:

UDPSTARTUP

UDPSHUTDOWN

UDPSEND

UDPRECV

UDPOPEN

UDPCLOSESOCKET

UDPBIND

TRAYGETMSG

TCPSTARTUP

TCPSHUTDOWN

TCPSEND

TCPRECV

TCPNAMETOIP

TCPLISTEN

TCPCONNECT

TCPCLOSESOCKET

TCPACCEPT

SHELLEXECUTEWAIT

SHELLEXECUTE

REGENUMKEY

MSGBOX

ISKEYWORD

HTTPSETUSERAGENT

HTTPSETPROXY

HOTKEYSET

GUIREGISTERMSG

GUIGETMSG

GUICTRLSENDMSG

GUICTRLRECVMSG

FTPSETPROXY

\??\%s

GUI_RUNDEFMSG

SendKeyDelay

SendKeyDownDelay

TCPTimeout

AUTOITCALLVARIABLE%d

255.255.255.255

Keyword

AutoIt.Error

Null Object assignment in FOR..IN loop

Incorrect Object type in FOR..IN loop

HOTKEYPRESSED

AUTOITEXE

WINDOWSDIR

3, 3, 8, 1

HKEY_LOCAL_MACHINE

HKEY_CLASSES_ROOT

HKEY_CURRENT_CONFIG

HKEY_CURRENT_USER

HKEY_USERS

%d/d/d

%Documents and Settings%\%current user%\Application Data\adf.exe

:%Documents and Settings%\%current user%\Application Data\adf.exe

AutoIt supports the __stdcall (WINAPI) and __cdecl calling conventions. The __stdcall (WINAPI) convention is used by default but __cdecl can be used instead. See the DllCall() documentation for details on changing the calling convention.

Missing operator in expression."Unbalanced brackets in expression.

Error parsing function call.0Incorrect number of parameters in function call.'"ReDim" used without an array variable.>Illegal text at the end of statement (one statement per line).1"If" statement has no matching "EndIf" statement.1"Else" statement with no matching "If" statement.2"EndIf" statement with no matching "If" statement.7Too many "Else" statements for matching "If" statement.3"While" statement has no matching "Wend" statement.4"Wend" statement with no matching "While" statement.%Variable used without being declared.XArray variable has incorrect number of subscripts or subscript dimension range exceeded.)Array variable subscript badly formatted.'Subscript used with non-Array variable.&Too many subscripts used for an array.0Missing subscript dimensions in "Dim" statement.NNo variable given for "Dim", "Local", "Global", "Struct" or "Const" statement.0Expected a "=" operator in assignment statement.*Invalid keyword at the start of this line.

Invalid element in a DllStruct.*Unknown option or bad parameter specified.&Unable to load the internet libraries./"Struct" statement has no matching "EndStruct".HUnable to open file, the maximum number of open files has been exceeded.K"ContinueLoop" statement with no matching "While", "Do" or "For" statement.

Invalid file filter given.*Expected a variable in user function call.1"Do" statement has no matching "Until" statement.2"Until" statement with no matching "Do" statement.#"For" statement is badly formatted.2"Next" statement with no matching "For" statement.N"ExitLoop/ContinueLoop" statements only valid from inside a For/Do/While loop.1"For" statement has no matching "Next" statement.@"Case" statement with no matching "Select"or "Switch" statement.:"EndSelect" statement with no matching "Select" statement.ORecursion level has been exceeded - AutoIt will quit to prevent stack overflow.&Cannot make existing variables static.4Cannot make static variables into regular variables.

3This keyword cannot be used after a "Then" keyword.

>"Select" statement is missing "EndSelect" or "Case" statement. "If" statements must have a "Then" keyword. Badly formated Struct statement."Cannot assign values to constants..Cannot make existing variables into constants.9Only Object-type variables allowed in a "With" statement.v"long_ptr", "int_ptr" and "short_ptr" DllCall() types have been deprecated. Use "long*", "int*" and "short*" instead.-Object referenced outside a "With" statement.)Nested "With" statements are not allowed."Variable must be of type "Object".1The requested action with this object has failed.8Variable appears more than once in function declaration.2ReDim array can not be initialized in this manner.1An array variable can not be used in this manner.

HCan pass constants by reference only to parameters with "Const" keyword.*Can not initialize a variable with itself.$Incorrect way to use this parameter.:"EndSwitch" statement with no matching "Switch" statement.>"Switch" statement is missing "EndSwitch" or "Case" statement.H"ContinueCase" statement with no matching "Select"or "Switch" statement.

String missing closing quote.!Badly formated variable or macro.*Missing separator character after keyword.

abcww.exe_856_rwx_009D0000_00006000:

x{^%x

adf.exe_1256:

.text

`.itext

`.data

.idata

.rdata

@.reloc

B.rsrc

kernel32.dll

Windows

MSWHEEL_ROLLMSG

MSH_WHEELSUPPORT_MSG

MSH_SCROLL_LINES_MSG

$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)

oleaut32.dll

EVariantBadIndexError

ssShift

htKeyword

EInvalidOperation

%s_%d

EInvalidGraphicOperation

SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes

%s, ClassID: %s

%s, ProgID: "%s"

ole32.dll

USER32.DLL

uxtheme.dll

DWMAPI.DLL

clWebSnow

clWebFloralWhite

clWebLavenderBlush

clWebOldLace

clWebIvory

clWebCornSilk

clWebBeige

clWebAntiqueWhite

clWebWheat

clWebAliceBlue

clWebGhostWhite

clWebLavender

clWebSeashell

clWebLightYellow

clWebPapayaWhip

clWebNavajoWhite

clWebMoccasin

clWebBurlywood

clWebAzure

clWebMintcream

clWebHoneydew

clWebLinen

clWebLemonChiffon

clWebBlanchedAlmond

clWebBisque

clWebPeachPuff

clWebTan

clWebYellow

clWebDarkOrange

clWebRed

clWebDarkRed

clWebMaroon

clWebIndianRed

clWebSalmon

clWebCoral

clWebGold

clWebTomato

clWebCrimson

clWebBrown

clWebChocolate

clWebSandyBrown

clWebLightSalmon

clWebLightCoral

clWebOrange

clWebOrangeRed

clWebFirebrick

clWebSaddleBrown

clWebSienna

clWebPeru

clWebDarkSalmon

clWebRosyBrown

clWebPaleGoldenrod

clWebLightGoldenrodYellow

clWebOlive

clWebForestGreen

clWebGreenYellow

clWebChartreuse

clWebLightGreen

clWebAquamarine

clWebSeaGreen

clWebGoldenRod

clWebKhaki

clWebOliveDrab

clWebGreen

clWebYellowGreen

clWebLawnGreen

clWebPaleGreen

clWebMediumAquamarine

clWebMediumSeaGreen

clWebDarkGoldenRod

clWebDarkKhaki

clWebDarkOliveGreen

clWebDarkgreen

clWebLimeGreen

clWebLime

clWebSpringGreen

clWebMediumSpringGreen

clWebDarkSeaGreen

clWebLightSeaGreen

clWebPaleTurquoise

clWebLightCyan

clWebLightBlue

clWebLightSkyBlue

clWebCornFlowerBlue

clWebDarkBlue

clWebIndigo

clWebMediumTurquoise

clWebTurquoise

clWebCyan

clWebPowderBlue

clWebSkyBlue

clWebRoyalBlue

clWebMediumBlue

clWebMidnightBlue

clWebDarkTurquoise

clWebCadetBlue

clWebDarkCyan

clWebTeal

clWebDeepskyBlue

clWebDodgerBlue

clWebBlue

clWebNavy

clWebDarkViolet

clWebDarkOrchid

clWebMagenta

clWebDarkMagenta

clWebMediumVioletRed

clWebPaleVioletRed

clWebBlueViolet

clWebMediumOrchid

clWebMediumPurple

clWebPurple

clWebDeepPink

clWebLightPink

clWebViolet

clWebOrchid

clWebPlum

clWebThistle

clWebHotPink

clWebPink

clWebLightSteelBlue

clWebMediumSlateBlue

clWebLightSlateGray

clWebWhite

clWebLightgrey

clWebGray

clWebSteelBlue

clWebSlateBlue

clWebSlateGray

clWebWhiteSmoke

clWebSilver

clWebDimGray

clWebMistyRose

clWebDarkSlateBlue

clWebDarkSlategray

clWebGainsboro

clWebDarkGray

clWebBlack

comctl32.dll

AutoHotkeysd-

AutoHotkeys

\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\

ssHotTrack

TWindowState

poProportional

TWMKey

KeyPreview

WindowState

OnKeyDownL

OnKeyPress

OnKeyUpH

GlassFrame.Bottom

GlassFrame.Enabled

GlassFrame.Left

GlassFrame.Right

GlassFrame.SheetOfGlass

GlassFrame.Top

System\CurrentControlSet\Control\Keyboard Layouts\%.8x

User32.dll

TKeyEvent

TKeyPressEvent

HelpKeyword n

crSQLWait

%s (%s)

imm32.dll

TSocketPort

%d.%d.%d.%d

0.0.0.0

PSAPI.dll

TDCWebCam

127.0.0.1

BuildImportTable: can't load library:

BuildImportTable: ReallocMemory failed

BuildImportTable: GetProcAddress failed

BTMemoryLoadLibary: BuildImportTable failed

BTMemoryGetProcAddress: no export table found

BTMemoryGetProcAddress: DLL doesn't export anything

BTMemoryGetProcAddress: exported symbol not found

1.2.3

127.0.0.1:1604

#KCMDDC51#-

5.3.0

cmd.exe

SOFTWARE\Microsoft\Windows\CurrentVersion\Run

hkey

\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders

*.torrent

\Internet Explorer\iexplore.exe

explorer.exe

wlanapi.dll

80211_SHARED_KEY

user32.dll

TUploadFTP

notepad.exe

KEYNAME

%ShortCut#

RELATEDCMD

ping 127.0.0.1 -n 4 > NUL && "

DRKey

CRKey

DelMSKey

InstallHKEY

ActiveOnlineKeylogger

UnActiveOnlineKeylogger

KeylogOn

ActiveOfflineKeylogger

UnActiveOfflineKeylogger

ActiveOnlineKeyStrokes

UnActiveOnlineKeyStrokes

OpenWebPage

tmpprint.txt

URLUpdate

MSGBOX

#BOT#VisitUrl

#BOT#OpenUrl

HTTP://

http://

BTRESULTOpen URL|

Command successfully executed!|

#BOT#URLUpdate

BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|

BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|

#BOT#URLDownload

GetActivePorts

out.txt

tmp.txt

DDOSHTTPFLOOD

DDOSUDPFLOOD

%IPPORTSCAN

SAPI.SpVoice

WEBCAMLIVE

WEBCAMSTOP

PASSWORD

FTPFILEUPLOAD

URLDOWNLOADTOFILE

UPLOADEXEC

UPANDEXEC

FTPPORT

FTPPASS

FTPUSER

FTPHOST

FTPROOT

FTPUPLOADK

FTPSIZE

BTRESULTUDP Flood|UDP Flood task finished!|

PortScanAdd

BTRESULTVisit URL|finished to visit

BTERRORVisit URL|An exception occured in the thread|

POST /index.php/1.0

BTRESULTHTTP Flood|Http Flood task finished!|

Mozilla

BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|

BTERRORDownload File| Error on downloading file check if you type the correct url...|

Software\Microsoft\Windows\CurrentVersion\Run

Software\Microsoft\Windows NT\CurrentVersion\Winlogon

ERR|Cannot listen to port, try another one..|

TCaptureWebcam

taskmgr.exe

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall

\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\

DC3_FEXEC

Windows NT 4.0

Windows 2000

Windows XP

Windows Server 2003

Windows Vista

Windows 7

Windows 95

Windows 98

Windows Me

S-%u-

FAKEMSG

MSGICON

MSGTITLE

MSGCORE

deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly

inflate 1.2.3 Copyright 1995-2005 Mark Adler

%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc

advapi32.dll

RegOpenKeyExA

RegCloseKey

GetKeyboardType

keybd_event

VkKeyScanA

UnhookWindowsHookEx

SetWindowsHookExA

MsgWaitForMultipleObjectsEx

MsgWaitForMultipleObjects

MapVirtualKeyA

LoadKeyboardLayoutA

GetKeyboardState

GetKeyboardLayoutNameA

GetKeyboardLayoutList

GetKeyboardLayout

GetKeyState

GetKeyNameTextA

ExitWindowsEx

EnumWindows

EnumThreadWindows

EnumChildWindows

ActivateKeyboardLayout

gdi32.dll

SetViewportOrgEx

version.dll

WinExec

PeekNamedPipe

GetWindowsDirectoryA

GetProcessHeap

GetCPInfo

CreatePipe

RegQueryInfoKeyA

RegOpenKeyA

RegFlushKey

RegEnumKeyExA

RegDeleteKeyA

RegCreateKeyExA

RegCreateKeyA

wsock32.dll

shell32.dll

ShellExecuteExA

ShellExecuteA

SHFileOperationA

URLMON.DLL

URLDownloadToFileA

wininet.dll

InternetOpenUrlA

HttpQueryInfoA

FtpPutFileA

winmm.dll

netapi32.dll

gdiplus.dll

GdiplusShutdown

msacm32.dll

ntdll.dll

WS2_32.DLL

SHFolder.dll

SHELL32.DLL

AVICAP32.DLL

1!1,1=1|1

6 6$6(6,606

=!=%=)=-=1=

01m1

0 0$0(0,0004080<0@0

;"; ;$;(;,;0;4;8;<;@;
7 8$888<8
= =$=(=,=0=4=8=
UntKeylogger
KWindows
UntActivePorts
UntControlKey
UntCaptureWebcam
UntWebCam
UrlMon
(UntUploadFTPThread
UntFTP
_UntUDPFlood
YUntScanPorts
0UntPasswordAndData
XUntHTTPFlood
UntCPU
66006666
No help found for %s#No context-sensitive help installed
No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
1, 0, 0, 1
MSRSAAP.EXE
4, 0, 0, 0

adf.exe_1256_rwx_00050000_000B2000:


.text
`.itext
`.data
.idata
.rdata
@.reloc
B.rsrc
kernel32.dll
Windows
MSWHEEL_ROLLMSG
MSH_WHEELSUPPORT_MSG
MSH_SCROLL_LINES_MSG
$*@@@*$@@@$ *@@* $@@($*)@-$*@@$-*@@$*-@@(*$)@-*$@@*-$@@*$-@@-* $@-$ *@* $-@$ *-@$ -*@*- $@($ *)(* $)
oleaut32.dll
EVariantBadIndexError
ssShift
htKeyword
EInvalidOperation
%s_%d
EInvalidGraphicOperation
SOFTWARE\Microsoft\Windows NT\CurrentVersion\FontSubstitutes
%s, ClassID: %s
%s, ProgID: "%s"
ole32.dll
USER32.DLL
uxtheme.dll
DWMAPI.DLL
clWebSnow
clWebFloralWhite
clWebLavenderBlush
clWebOldLace
clWebIvory
clWebCornSilk
clWebBeige
clWebAntiqueWhite
clWebWheat
clWebAliceBlue
clWebGhostWhite
clWebLavender
clWebSeashell
clWebLightYellow
clWebPapayaWhip
clWebNavajoWhite
clWebMoccasin
clWebBurlywood
clWebAzure
clWebMintcream
clWebHoneydew
clWebLinen
clWebLemonChiffon
clWebBlanchedAlmond
clWebBisque
clWebPeachPuff
clWebTan
clWebYellow
clWebDarkOrange
clWebRed
clWebDarkRed
clWebMaroon
clWebIndianRed
clWebSalmon
clWebCoral
clWebGold
clWebTomato
clWebCrimson
clWebBrown
clWebChocolate
clWebSandyBrown
clWebLightSalmon
clWebLightCoral
clWebOrange
clWebOrangeRed
clWebFirebrick
clWebSaddleBrown
clWebSienna
clWebPeru
clWebDarkSalmon
clWebRosyBrown
clWebPaleGoldenrod
clWebLightGoldenrodYellow
clWebOlive
clWebForestGreen
clWebGreenYellow
clWebChartreuse
clWebLightGreen
clWebAquamarine
clWebSeaGreen
clWebGoldenRod
clWebKhaki
clWebOliveDrab
clWebGreen
clWebYellowGreen
clWebLawnGreen
clWebPaleGreen
clWebMediumAquamarine
clWebMediumSeaGreen
clWebDarkGoldenRod
clWebDarkKhaki
clWebDarkOliveGreen
clWebDarkgreen
clWebLimeGreen
clWebLime
clWebSpringGreen
clWebMediumSpringGreen
clWebDarkSeaGreen
clWebLightSeaGreen
clWebPaleTurquoise
clWebLightCyan
clWebLightBlue
clWebLightSkyBlue
clWebCornFlowerBlue
clWebDarkBlue
clWebIndigo
clWebMediumTurquoise
clWebTurquoise
clWebCyan
clWebPowderBlue
clWebSkyBlue
clWebRoyalBlue
clWebMediumBlue
clWebMidnightBlue
clWebDarkTurquoise
clWebCadetBlue
clWebDarkCyan
clWebTeal
clWebDeepskyBlue
clWebDodgerBlue
clWebBlue
clWebNavy
clWebDarkViolet
clWebDarkOrchid
clWebMagenta
clWebDarkMagenta
clWebMediumVioletRed
clWebPaleVioletRed
clWebBlueViolet
clWebMediumOrchid
clWebMediumPurple
clWebPurple
clWebDeepPink
clWebLightPink
clWebViolet
clWebOrchid
clWebPlum
clWebThistle
clWebHotPink
clWebPink
clWebLightSteelBlue
clWebMediumSlateBlue
clWebLightSlateGray
clWebWhite
clWebLightgrey
clWebGray
clWebSteelBlue
clWebSlateBlue
clWebSlateGray
clWebWhiteSmoke
clWebSilver
clWebDimGray
clWebMistyRose
clWebDarkSlateBlue
clWebDarkSlategray
clWebGainsboro
clWebDarkGray
clWebBlack
comctl32.dll
AutoHotkeysd-
AutoHotkeys
\SYSTEM\CurrentControlSet\Control\Keyboard Layouts\
ssHotTrack
TWindowState
poProportional
TWMKey
KeyPreview
WindowState
OnKeyDownL
OnKeyPress
OnKeyUpH
GlassFrame.Bottom
GlassFrame.Enabled
GlassFrame.Left
GlassFrame.Right
GlassFrame.SheetOfGlass
GlassFrame.Top
System\CurrentControlSet\Control\Keyboard Layouts\%.8x
User32.dll
TKeyEvent
TKeyPressEvent
HelpKeyword n
crSQLWait
%s (%s)
imm32.dll
TSocketPort
%d.%d.%d.%d
0.0.0.0
PSAPI.dll
TDCWebCam
127.0.0.1
BuildImportTable: can't load library:
BuildImportTable: ReallocMemory failed
BuildImportTable: GetProcAddress failed
BTMemoryLoadLibary: BuildImportTable failed
BTMemoryGetProcAddress: no export table found
BTMemoryGetProcAddress: DLL doesn't export anything
BTMemoryGetProcAddress: exported symbol not found
1.2.3
127.0.0.1:1604
#KCMDDC51#-
5.3.0
cmd.exe
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
hkey
\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders
*.torrent
\Internet Explorer\iexplore.exe
explorer.exe
wlanapi.dll
80211_SHARED_KEY
user32.dll
TUploadFTP
notepad.exe
KEYNAME
%ShortCut#
RELATEDCMD
ping 127.0.0.1 -n 4 > NUL && "
DRKey
CRKey
DelMSKey
InstallHKEY
ActiveOnlineKeylogger
UnActiveOnlineKeylogger
KeylogOn
ActiveOfflineKeylogger
UnActiveOfflineKeylogger
ActiveOnlineKeyStrokes
UnActiveOnlineKeyStrokes
OpenWebPage
tmpprint.txt
URLUpdate
MSGBOX
#BOT#VisitUrl
#BOT#OpenUrl
HTTP://
http://
BTRESULTOpen URL|
Command successfully executed!|
#BOT#URLUpdate
BTERRORUpdate from URL| Error on downloading file check if you type the correct url...|
BTRESULTUpdate from URL|Update : File Downloaded , Executing new one in temp dir...|
#BOT#URLDownload
GetActivePorts
out.txt
tmp.txt
DDOSHTTPFLOOD
DDOSUDPFLOOD
%IPPORTSCAN
SAPI.SpVoice
WEBCAMLIVE
WEBCAMSTOP
PASSWORD
FTPFILEUPLOAD
URLDOWNLOADTOFILE
UPLOADEXEC
UPANDEXEC
FTPPORT
FTPPASS
FTPUSER
FTPHOST
FTPROOT
FTPUPLOADK
FTPSIZE
BTRESULTUDP Flood|UDP Flood task finished!|
PortScanAdd
BTRESULTVisit URL|finished to visit
BTERRORVisit URL|An exception occured in the thread|
POST /index.php/1.0
BTRESULTHTTP Flood|Http Flood task finished!|
Mozilla
BTRESULTDownload File|Mass Download : File Downloaded , Executing new one in temp dir...|
BTERRORDownload File| Error on downloading file check if you type the correct url...|
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows NT\CurrentVersion\Winlogon
ERR|Cannot listen to port, try another one..|
TCaptureWebcam
taskmgr.exe
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall
\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\
DC3_FEXEC
Windows NT 4.0
Windows 2000
Windows XP
Windows Server 2003
Windows Vista
Windows 7
Windows 95
Windows 98
Windows Me
S-%u-
FAKEMSG
MSGICON
MSGTITLE
MSGCORE
deflate 1.2.3 Copyright 1995-2005 Jean-loup Gailly
inflate 1.2.3 Copyright 1995-2005 Mark Adler
%Documents and Settings%\%current user%\Application Data\dclogs\2014-08-02-7.dc
advapi32.dll
RegOpenKeyExA
RegCloseKey
GetKeyboardType
keybd_event
VkKeyScanA
UnhookWindowsHookEx
SetWindowsHookExA
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MapVirtualKeyA
LoadKeyboardLayoutA
GetKeyboardState
GetKeyboardLayoutNameA
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextA
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
ActivateKeyboardLayout
gdi32.dll
SetViewportOrgEx
version.dll
WinExec
PeekNamedPipe
GetWindowsDirectoryA
GetProcessHeap
GetCPInfo
CreatePipe
RegQueryInfoKeyA
RegOpenKeyA
RegFlushKey
RegEnumKeyExA
RegDeleteKeyA
RegCreateKeyExA
RegCreateKeyA
wsock32.dll
shell32.dll
ShellExecuteExA
ShellExecuteA
SHFileOperationA
URLMON.DLL
URLDownloadToFileA
wininet.dll
InternetOpenUrlA
HttpQueryInfoA
FtpPutFileA
winmm.dll
netapi32.dll
gdiplus.dll
GdiplusShutdown
msacm32.dll
ntdll.dll
WS2_32.DLL
SHFolder.dll
SHELL32.DLL
AVICAP32.DLL
1!1,1=1|1
6 6$6(6,606
=!=%=)=-=1=
01m1
0 0$0(0,0004080<0@0
;"; ;$;(;,;0;4;8;<;@;
7 8$888<8
= =$=(=,=0=4=8=
UntKeylogger
KWindows
UntActivePorts
UntControlKey
UntCaptureWebcam
UntWebCam
UrlMon
(UntUploadFTPThread
UntFTP
_UntUDPFlood
YUntScanPorts
0UntPasswordAndData
XUntHTTPFlood
UntCPU
66006666
No help found for %s#No context-sensitive help installed
No help found for context$No topic-based help system installedNUnable to retrieve a pointer to a running object registered with OLE for %s/%s
Invalid clipboard format Clipboard does not support Icons
Cannot open clipboard/Menu '%s' is already being used by another form
- Dock zone has no controlLError loading dock zone from the stream. Expecting version %d, but found %d.
OLE error %.8x.Method '%s' not supported by automation object/Variant does not reference an automation object7Dispatch methods do not support more than 64 parameters
Error creating window class Cannot focus a disabled or invisible window!Control '%s' has no parent window
Not enough timers available@GroupIndex cannot be less than a previous menu item's GroupIndex5Cannot create form. No MDI forms are currently active$%s not in a class registration group
Property %s does not exist
Thread creation error: %s
Thread Error: %s (%d)
Unsupported clipboard format
Invalid data type for '%s' List capacity out of bounds (%d)
List count out of bounds (%d)
List index out of bounds (%d) Out of memory while expanding memory stream
Error reading %s%s%s: %s
Failed to create key %s
Failed to get data for '%s'
Failed to set data for '%s'
Resource %s not found
%s.Seek not implemented$Operation not allowed on sorted list
Ancestor for '%s' not found
Cannot assign a %s to a %s
Bits index out of range*Can't write to a read-only resource streamECheckSynchronize called from thread $%x, which is NOT the main thread
Class %s not found
A class named %s already exists%List does not allow duplicates ($0%x)#A component named %s already exists%String list does not allow duplicates
Cannot create file "%s". %s
Cannot open file "%s". %s
Invalid stream format$''%s'' is not a valid component name
External exception %x
Interface not supported
%s (%s, line %d)
Abstract Error?Access violation at address %p in module '%s'. %s of address %p
System Error. Code: %d.
No argument for format '%s'"Variant method calls not supported
Invalid variant operation%Invalid variant operation (%s%.8x)
%s5Could not convert variant of type (%s) into type (%s)=Overflow while converting variant of type (%s) into type (%s)
Operation not supported
Integer overflow Invalid floating point operation
Invalid pointer operation
Invalid class typecast0Access violation at address %p. %s of address %p
Privileged instruction(Exception %s in module %s at %p.
Application Error1Format '%s' invalid or incompatible with argument
!'%s' is not a valid integer value('%s' is not a valid floating point value!'%s' is not a valid date and time
'%s' is not a valid GUID value
I/O error %d
1, 0, 0, 1
MSRSAAP.EXE
4, 0, 0, 0

Remove it with Ad-Aware

Click (here) to download and install Ad-Aware Free Antivirus.
Update the definition files.
Run a full scan of your computer.

Manual removal*

Terminate malicious process(es) (How to End a Process With the Task Manager):

%original file name%.exe:1360
adf.exe:1684
Delete the original Backdoor file.
Delete or disinfect the following files created/modified by the Backdoor:

%Documents and Settings%\%current user%\Local Settings\Temp\msupd.exe (196 bytes)
%Documents and Settings%\%current user%\Application Data\adf.exe (11518 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\abcww.exe (6289 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut3.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut1.tmp (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut2.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\res.ico2 (4545 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut4.tmp (1372 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\aut5.tmp (7185 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\refresh[1].gif (974 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\shrink_button_icon[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[2].css (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\footer_home_lr_bg[1].png (126 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\api[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\safe[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\core30[1].css (2710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_chrome[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\header_gradient[1].jpg (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[1].js (194 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.ulightbox[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[2].txt (1701 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\lmp[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\core30[1].css (1928 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[1].js (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_payoneer[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\CAQIL6QM (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[2].js (1405 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[2].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-bg_gloss-wave_35_f6a828_500x100[1].png (2 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (18324 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\header_bg[1].png (230 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CA1O6993.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ads[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ui-icons_ffffff_256x240[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAT4KZP5.jpg (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\challenge[1] (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\modernizr[1].js (1682 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\recaptcha[1].js (4291 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_now_tick[1].png (730 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\background_browser[1].gif (1506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask.min[1].js (801 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\CA4VYN8N (277 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\scripts[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@google[1].txt (381 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@addthis[1].txt (2450 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\blockquote_bg[1].png (311 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\andresatria_small[1].jpg (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[1].txt (370 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[2].js (5155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ft_paypal[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\index[1].js (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4486 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[2].js (7 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[1].htm (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\home[1].js (2906 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\help[1].gif (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\sprite[1].png (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery-ui.min[1].js (19027 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_home_ll_bg[1].png (129 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[2].js (788 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\logo[1].png (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery-ui-1.8.16.custom[1].css (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\stats[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\ie6-warning[2].js (8 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.placeholder.min[2].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\browser_ie[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[1].css (367 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ft_alertpay[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\arrow[1].png (523 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\footer_bg[1].png (85 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ui-icons_ffffff_256x240[1].png (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\header[1].png (3808 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\language_flags[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\fb_f[1].png (572 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[2].js (9 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\common[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.ulightbox[2].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\spin[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\nr-411.min[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\links_clicked_bg[1].png (433 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\button_join_tick[1].png (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\shrink_bg[1].png (849 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\audio[1].gif (914 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\recaptcha[1].js (4528 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\CAGD6RKX.json (256 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\ga[1].js (1597 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\browser_opera[1].gif (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\jquery.loadmask[2].css (632 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\background_browser[1].gif (753 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\Nw17OBpg1zjrn-mn0yUkeE6MiB8Imrcno_93P1Tsc6Y[1].js (2263 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\browser_firefox[1].gif (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\browser_safari[1].gif (1943 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\jquery.min[1].js (2022 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\jquery.form.min[2].js (12 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery-ui-1.8.16.custom[1].css (19 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\ZeroClipboard[2].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (3455 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\num_bg[1].png (506 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\ui-bg_highlight-soft_100_eeeeee_1x100[1].png (90 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\language_arrows[1].png (141 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\chosen.jquery.min[1].js (2001 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\jquery.browserdetect.min[2].js (366 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\text[1].gif (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\quote_photo_bg[1].png (169 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@scorecardresearch[2].txt (368 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\quote_top_bg[1].png (195 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\VV0AON24\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\adf[2].htm (24 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\63I7HS0B\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\LUDV0BYW\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\734W6CYY\desktop.ini (67 bytes)
Delete the following value(s) in the autorun key (How to Work with System Registry):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adf.exe" = "%Documents and Settings%\%current user%\Application Data\adf.exe"
Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
Reboot the computer.

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.

Permalink

Back to the blog

e-mail

Google+

Twitter

Facebook

Backdoor.Win32.Fynloski_60d92cdbc4

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet

Backdoor.Win32.Fynloski_60d92cdbc4

E-mail

Our best antivirus yet!

Fresh new look. Faster scanning. Better protection.

Discover the new adaware antivirus 12

Our best antivirus yet