MD5: 01c662dc797f1cf3c8980dec263750e8
SHA1: 159a2ce368e585b9040dd47143ff10712c407c48
SHA256: e736b03710889365fdd08e59b53dc20662a74d7083e5c63cf1f1c9b4174f3b89
SSDeep: 49152:pdM2rwh0RykDFqK9W6qruPitkUpymA1H/J9Gc:pRwh0tdW iWmn
Size: 2090496 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2013-12-12 22:56:10
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

Process activity

The Trojan creates the following process(es):

hotrolb.exe:444
H_LOADER.EXE:324
hotromaster.exe:372
%original file name%.exe:588

The Trojan injects its code into the following process(es):

ATG.exe:1700
hotro.exe:1692

File activity

The process hotrolb.exe:444 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[2].txt (167 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (0 bytes)

The process ATG.exe:1700 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\All Users\Application Data\NLA\ATG.004 (1170 bytes)

The process hotro.exe:1692 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redir[1].htm (216 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\VUcWb[1].htm (10 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (75 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[2].js (3354 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[2].css (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\zrt_lookup[1].htm (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\authorization[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[2].js (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ga[1].js (1681 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ru[1].png (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[2].js (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\icon18_wrench_allbkg[1].png (475 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\whos_online[1].gif (839 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\logo[1].gif (3568 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (593 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14660 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forum_new_lock[1].gif (881 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\adfly_2[1].css (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\x_button_blue2[1].png (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (56 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\logo_fb2[1].png (509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (70 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\view40[1].js (3252 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (1262 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1].htm (1944 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (14 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (2752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\92a411bc23[1].setToken (21 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\d_bottom_bg[1].png (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (267 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAYHDVPK.htm (1108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (175 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[1].txt (307 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon[1].png (344 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\yahoo-dom-event[1].js (468 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[1].txt (3280 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAMNWV6B.htm (3338 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\b64[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (970 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (4562 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\jquery.min[1].js (1842 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[2].js (9 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\headarka[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (495 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (145 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\thead[1].gif (204 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\home[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (1168 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][2].txt (308 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\collapse_tcat[1].gif (594 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\subforum_old[1].gif (541 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\redirecting[1].htm (103 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[2].js (1545 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yourjavascript[1].txt (235 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (28 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon4[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\icon1[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[2].css (2466 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\Content\2BF68F4714092295550497DD56F57004 (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\-WzdRTzRa5k6HlJK6-dK9Q[1].eot (776 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[2].css (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\forum_new[1].gif (934 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\collapse_thead[1].gif (594 bytes)
%Documents and Settings%\%current user%\Application Data\Microsoft\CryptnetUrlCache\MetaData\2BF68F4714092295550497DD56F57004 (408 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\bg_body[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\s[1].htm (143 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\ahl6532[1].gif (558 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (2271 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\navbits_start[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (54 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\google-logo[1].png (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (58 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\LOGO_9HACK[1].png (2227 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\tombolcari[1].gif (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ca-pub-5320542445719254[1].js (74 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (2696 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\nav[1].gif (325 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (155 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[3].txt (6 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\iframe[1].htm (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (1075 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\rent[1].txt (167 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css[1].css (466 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[2].txt (309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\powered-fps-online-gaming-outside[1].htm (268 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\en_tran[1].png (34 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\d_top_bg[1].png (156 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (1592 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\favicon[1].jpg (422 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[2].txt (410 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\stats[1].gif (899 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\6253827461219388746[1].jpg (12616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (3299 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (392 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (4065 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\1255108524618159298[1].jpg (21024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (108 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\cat[1].gif (123 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\forum_old[1].gif (361 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAIV696X.htm (446 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\lastpost[1].gif (964 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (2712 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[2].js (3 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\6[1].gif (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\DGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1 (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\jquery.min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\ca-pub-5320542445719254[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Cab1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[3].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\connection-min[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\f[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\halamanav[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\redirecting[1].ua (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@rambler[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\1market[1].php (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_read_marker[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_menu[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@doubleclick[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\3841957138-widget_css_bundle[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\zrt_lookup[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\si[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\forcar.org[1] (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\iframe[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\style-b09cab93-00002[1].css (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\vbulletin_global[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\f[2].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@adf[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1market[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\vbulletin_md5[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\s[1] (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\redir[1].html (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\vbulletin_important[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@yadro[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\yahoo-dom-event[1].js (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\Tar2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\f[2].txt (0 bytes)

The process H_LOADER.EXE:324 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

%System%\hotro.exe (32 bytes)
%System%\hotrolb.exe (32 bytes)
%System%\hotromaster.exe (24 bytes)

The Trojan deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\~DF2C90.tmp (0 bytes)

The process %original file name%.exe:588 makes changes in the file system.
The Trojan creates and/or writes to the following file(s):

C:\H_LOADER.EXE (28 bytes)
%WinDir%\DFBBYA\ATG.00 (1 bytes)
%WinDir%\DFBBYA\ATG.exe (15021 bytes)
%WinDir%\DFBBYA\ATG.02 (56 bytes)
%WinDir%\DFBBYA\ATG.01 (81 bytes)

Registry activity

The process hotrolb.exe:444 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1C 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "ED FA D5 48 DB 9D D2 D5 5A F2 86 74 EC B6 A0 5C"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process ATG.exe:1700 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "09 B1 58 33 B3 DF 38 13 80 05 5F 87 69 EE 52 77"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATG Start" = "%WinDir%\DFBBYA\ATG.exe"

The process hotro.exe:1692 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"Name" = "hotro.exe"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKLM\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication]
"ID" = "1398452974"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "42 A3 5F 22 54 0D 6B FA 3D 51 42 A7 65 81 34 59"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates\2796BAE63F1801E277261BA0D77770028F20EEE4]
"Blob" = "19 00 00 00 01 00 00 00 10 00 00 00 63 66 4B 08"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

[HKLM\SOFTWARE\Microsoft\SystemCertificates\AuthRoot\Certificates]
"2796BAE63F1801E277261BA0D77770028F20EEE4"

The process H_LOADER.EXE:324 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "69 31 CA E5 23 52 99 00 1B 3E 10 8C 69 7D 03 19"

To automatically run itself each time Windows is booted, the Trojan adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"hotro" = "C:\Windows\System32\hotro.exe"

"hotromaster" = "C:\Windows\System32\hotromaster.exe"

The process hotromaster.exe:372 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F8 8B CC 94 59 28 2D DF 5D 9E CC BA 10 DD 5A 24"

The process %original file name%.exe:588 makes changes in the system registry.
The Trojan creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 3C 3B 3D 10 63 5F 60 BF 47 EF F2 6B 27 43 73"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\%WinDir%\DFBBYA]
"ATG.exe" = "ATG"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache\c:]
"H_LOADER.exe" = "H_LOADER"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

The Trojan modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Trojan modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

"UNCAsIntranet" = "1"

The Trojan modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Dropped PE files

HOSTS file anomalies

No changes have been detected.

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

URLs

URL	IP
hxxp://adf.ly/VUcWb	69.65.52.64
hxxp://googleapis.l.google.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://cdn.adf.ly/static/css/adfly_2.css
hxxp://cdn.adf.ly/static/js/b64.js
hxxp://cdn.adf.ly/static/js/view40.js
hxxp://cdn.adf.ly/static/image/logo_fb2.png
hxxp://cdn.adf.ly/static/image/ahl6532.gif
hxxp://www-google-analytics.l.google.com/ga.js
hxxp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=	69.65.52.64
hxxp://cdn.adf.ly/static/image/skip_ad/en_tran.png
hxxp://cdn.adf.ly/static/image/d_top_bg.png
hxxp://cdn.adf.ly/static/image/d_bottom_bg.png
hxxp://a26.d.akamai.net/msdownload/update/v3/static/trustedr/en/authrootseq.txt
hxxp://c.global-ssl.fastly.net/nr-411.min.js
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken
hxxp://beacon-3.newrelic.com/1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[]
hxxp://forcar.org.ua/	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_important.css?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_css/style-b09cab93-00002.css	91.200.40.25
hxxp://forcar.org.ua/clientscript/yui/connection/connection-min.js?v=381	91.200.40.25
hxxp://adf.ly/callback/0e237ea9065e220e5889ff7139d91ba8	69.65.52.64
hxxp://forcar.org.ua/clientscript/vbulletin_global.js?v=381	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_menu.js?v=381	91.200.40.25
hxxp://forcar.org.ua/cb/cb/headarka.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/logo.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/js/adsbygoogle.js
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20140417/show_ads_impl.js
hxxp://forcar.org.ua/cb/cb/nav.gif	91.200.40.25
hxxp://forcar.org.ua/cb/misc/navbits_start.gif	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_md5.js?v=381	91.200.40.25
hxxp://www-google-analytics.l.google.com/pub-config/ca-pub-5320542445719254.js
hxxp://pagead46.l.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html
hxxp://pagead46.l.doubleclick.net/pagead/osd.js
hxxp://forcar.org.ua/cb/buttons/collapse_tcat.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_old.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/cat.gif	91.200.40.25
hxxp://forcar.org.ua/cb/cb/thead.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078
hxxp://pagead46.l.doubleclick.net/simgad/6253827461219388746
hxxp://pagead46.l.doubleclick.net/pagead/js/r20140527/r20110914/abg.js
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/icon.png
hxxp://pagead46.l.doubleclick.net/pagead/images/abg/ru.png
hxxp://pagead46.l.doubleclick.net/pagead/drt/s?v=r20120211
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47
hxxp://forcar.org.ua/images/icons/icon1.gif	91.200.40.25
hxxp://forcar.org.ua/cb/buttons/lastpost.gif	91.200.40.25
hxxp://forcar.org.ua/images/icons/icon4.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/subforum_old.gif	91.200.40.25
hxxp://forcar.org.ua/clientscript/vbulletin_read_marker.js?v=381	91.200.40.25
hxxp://forcar.org.ua/cb/buttons/collapse_thead.gif	91.200.40.25
hxxp://forcar.org.ua/cb/misc/whos_online.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/images/google-logo.png
hxxp://forcar.org.ua/cb/misc/stats.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_new.gif	91.200.40.25
hxxp://forcar.org.ua/cb/statusicon/forum_new_lock.gif	91.200.40.25
hxxp://pagead46.l.doubleclick.net/pagead/images/x_button_blue2.png
hxxp://www-google-analytics.l.google.com/v6exp3/redir.html
hxxp://www-google-analytics.l.google.com/v6exp3/iframe.html
hxxp://pagead46.l.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47
hxxp://www-google-analytics.l.google.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A
hxxp://counter.yadro.ru/hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284
hxxp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284
hxxp://counter.rambler.ru/top100.jcn?2169552
hxxp://pagead46.l.doubleclick.net/simgad/1255108524618159298
hxxp://counter.rambler.ru/top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=Автомобильный форум ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1
hxxp://www-google-analytics.l.google.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js
hxxp://www-google-analytics.l.google.com/v6exp3/6.gif
hxxp://www.gstatic.com/pub-config/ca-pub-5320542445719254.js
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20140417/show_ads_impl.js
hxxp://googleads.g.doubleclick.net/pagead/html/r20140527/r20140417/zrt_lookup.html	173.194.43.122
hxxp://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js
hxxp://pagead2.googlesyndication.com/pagead/js/r20140527/r20110914/abg.js
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47	173.194.43.122
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47	173.194.43.122
hxxp://pagead2.googlesyndication.com/simgad/6253827461219388746
hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootseq.txt	72.247.8.51
hxxp://pagead2.googlesyndication.com/pagead/images/google-logo.png
hxxp://googleads.g.doubleclick.net/pagead/drt/s?v=r20120211	173.194.43.122
hxxp://pagead2.googlesyndication.com/pagead/images/abg/icon.png
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com/v6exp3/6.gif
hxxp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078	173.194.43.122
hxxp://js-agent.newrelic.com/nr-411.min.js	199.27.74.175
hxxp://t1.gstatic.com/favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A
hxxp://pagead2.googlesyndication.com/simgad/1255108524618159298
hxxp://pagead2.googlesyndication.com/pagead/js/adsbygoogle.js
hxxp://pagead2.googlesyndication.com/pagead/images/abg/ru.png
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html
hxxp://www.gstatic.com/bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com/v6exp3/6.gif
hxxp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/redir.html
hxxp://pagead2.googlesyndication.com/pagead/images/x_button_blue2.png
hxxp://pagead2.googlesyndication.com/pagead/osd.js
hxxp://www.google-analytics.com/ga.js

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

Traffic

GET /static/image/ahl6532.gif HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "c9d-51b1c54e-616cf7bbbb5ed14c"

Last-Modified: Fri, 07 Jun 2013 11:34:38 GMT

Content-Type: image/gif

Content-Length: 3229

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT
GIF89a..:....GPL......rp3..$...{...1U2JJ-Qp.;a...........,..1...7h..y4
.....-..qOQ7..3.......5Z.................4....=Q...p..Hg..Eh.*M......[
..'%'..BUr...G............fm>.....F.....E..n......779...M]C..X...[e
=>@Fq.....ijm.6[a}._x...Q........p.3O..8Pl......\.3W.>a.....Z...
...m.... ..6.#.......Fy...U......#.!..>=6) .8l`;.....!;/.B`|J@..,A0
- .6W...7\{..R.0T./S.8^.7].;b.:a.... M.,O..Q.-P.*L.9`.)K...!.......,..
....:.....u..uR...2./...2*.....**..............o..W....W]/............
*./...(..........&.]....../............2....................v.....W...
TG..%~..*\......#J.....C(....Q....(..I..I.......eG..L..I..M~}r..i.b.!.
\...1...H.*].....P.JmZ..P..........`...A.G...L8..`..#...8.b`...^....2.
..WCx.@!...&.*n:...;g.&......9&.......r..}..C..(.{.2...0k........;...|
..e7..w^p.Fh.9.(_..y..U..8r...2g.....I....../..............M..l......l
a.`...$..ZK....v....~.6..y.5..{J(...v.'_qR8.!xE....:...[U<...(.`...
"...4..!z...Ao...F.-.`ao.h8....([email protected]<
i..h....76.....P..NJ....q.....G.......g.....@`..Vh...e....c8....f.)..A
..........yY.|.i...>.F.l,.@...`F.#8Z..."... .A..".j..m.!.g.}@..i.P\
.O......Y...rKh..4.........P..v.R......D...k....[...F{..R.K..?@.......
..3.....p...L.C..me........."1..#P...(.|/.E...e.0,..R(........k$...>
;,A...o.%......jP0.._\6.... ..@ ...38pu..J........Z..).E.q..;..a.i.pb.
-.k..wcpD....x......P....8pY.....F.....a.g...m..E.0...........N..@$.F.
..@[email protected]&.....[f.....D............*...M..D..a.|...$..
.w..z.........;...`........7...s.@o..;).....^..e8..`z....|../.a...
<<< skipped >>>

GET /static/image/d_bottom_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:22 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "a7-51d450e3-500e6ae194574ff5"

Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT

Content-Type: image/png

Content-Length: 167

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:22 GMT
.PNG........IHDR..............i.N....tEXtSoftware.Adobe ImageReadyq.e&
lt;...IIDATx.bx....................3<|.......w^.f...?....L...1.....
.,[email protected]`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 20
14 06:28:22 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: 
Keep-Alive..Keep-Alive: timeout=5, max=100..ETag: "a7-51d450e3-500e6ae
194574ff5"..Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type
: image/png..Content-Length: 167..Cache-Control: public, max-age=60480
0..Expires: Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR...........
...i.N....tEXtSoftware.Adobe ImageReadyq.e<...IIDATx.bx............
........3<|.......w^.f...?....L...1......,[email protected]
ND.B`...

GET /static/css/adfly_2.css HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:10 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "97f-51dd3f45-1ed891dab493e028"

Last-Modified: Wed, 10 Jul 2013 11:02:29 GMT

Content-Type: text/css

Content-Length: 787

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:10 GMT
.............n.0...#...F..).@ ...Z....J....jld.4i.w..l ....w.c..7...:.
.)eI.#.u.?...(..2...G....mm..p^..i.Y...X......Q...b.j.A...p..%B.B..3..
...R.OT.=.v...F#.....V...r.{..a")...xT%=)...d.&..9..1....2...D.. .^r."
4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.......K........*DW. 0.....z.
...Cg.>ji..T....3T.H.].7.....G:lmC.......k.s..U..K..B..G.n.E.>C.
../.....9VI....\...L.92.{.!Kw...6...........<.O....;..._S..n...B...
........ ...Z..y.F,.....@*,.z.YU..d~...2../../=..=..~..S...R..6=".e.hm
A..lH...T..RI.....y.`.....c..X......`.:g;U ......lj0..h<...eG.m.,..
....O...s..Lv..]..s.<Lo&.Ag>T]..z(./..\O..".oQ...._v).....1...!l
E.....4.......r.V..X!l7....B. .Z{F.._O.:.......K...a...K.e.y\o..q.M.}.
.*.....%.G......j......<w0g..2.2...E9..d.._...1bY....[...':.^......
....<.v;....`a..A.`..!....3.....|.....HTTP/1.1 200 OK..Content-Enco
ding: gzip..Vary: Accept-Encoding..Date: Mon, 02 Jun 2014 06:28:10 GMT
..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive..Kee
p-Alive: timeout=5, max=100..ETag: "97f-51dd3f45-1ed891dab493e028"..La
st-Modified: Wed, 10 Jul 2013 11:02:29 GMT..Content-Type: text/css..Co
ntent-Length: 787..Cache-Control: public, max-age=604800..Expires: Mon
, 09 Jun 2014 06:28:10 GMT...............n.0...#...F..).@ ...Z....J...
.jld.4i.w..l ....w.c..7...:..)eI.#.u.?...(..2...G....mm..p^..i.Y...X..
....Q...b.j.A...p..%B.B..3.....R.OT.=.v...F#.....V...r.{..a")...xT%=).
..d.&..9..1....2...D.. .^r."4Yx...C...a..s..ll,Y0...p\H~.....#.....fW.
......K........*DW. 0.....z....Cg.>ji..T....3T.H.].7.....G:lmC.
<<< skipped >>>

GET /static/js/b64.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:11 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "dc0-533ef451-73228b2e988dd6e8"

Last-Modified: Fri, 04 Apr 2014 18:05:05 GMT

Content-Type: application/x-javascript

Content-Length: 1103

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:11 GMT
............]r.6...s..L[R#..$Fu% ...].u.. ..L."A...0 (.... ....K...I..
.LI..&.L4.1.../.X.G/..b.....k.....5].H.~}..k6.\.;I..Q=...z.f.G..%.....
qsA.YD......F.=8.......1...LB|.......FRL...l.K.K.M..HR.r.'.... .{t.8L.
.3.9....'.h.....dq....P:..#...{..\..v..OXQ0..%c....g4.(W4~.P.'..... .@
g$.........K7j..HIU"qO0.8j....{..;.p'...'....g.........TJ....y.DgE..?~
[email protected].`<.......l...S_...um.......w;......q...g....ON_..
.....zc..O......U2..]^.....I.........K.V.D..:..q....c..#...0L..H...8..
..zM.....7DJ.}...-.y`~V>.0.q...zn2g=.....C"jf5<9.n.0...&;...].4.
..q&.|I).GQ...J.'..>....[.0......m...LV...........e..K.^.pc.Z]...8\
..N...KJ..>..:|.k..w..o...U{.d.....\X..Kb....b...YV<l......"..$.
[email protected]\..d|.....S...).vZ.....A}a..<.Y...r........6....1V~Q.......`.
4....].[....P.?.FS.7Z....Ps..!......z]...|n.p}...#l]o.=.}..d"...O.,...
Q.R...hNF.T..p........H.=..sVH..s..@....?.K......|...~f...*(..."..X..f
...p.F%......?m.......k.~5...B.....^.Z...._...t.....K..M..<s...P.e.
..o.?....]...QR..O)....Yq..........x.......j........T....vy[K-0..Q.?..
"..?.L.*...h.tM5.........J.\..........E......s.-..Q@..._...7.x.j..n...
...........
<<< skipped >>>

GET /static/js/view40.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:13 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "112ea-5372285f-283eef96a4a92c18"

Last-Modified: Tue, 13 May 2014 14:12:47 GMT

Content-Type: application/x-javascript

Content-Length: 32888

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:13 GMT
............w_...>.V&..1C.....4.i*([email protected]....?......s..z..>1!.
].^....v.X<..=.^.n.wQl.8..._.}.(. 33....:..:.3.>..............T.
..W. Y...}.......v..;.T.E...xu^... .....Y.x~.'K..8....~.;...-fZ..(kZ.@
.....r..!#......].....G.c..Y.b.;.<~....~`.g.X.....l..K."G.....d0...
F....2.pd....y..9....J... .X2......{.....,.$y.........b...$..n...@ .G.
.J.R,.A.mz.W...o/W......l......W..P.....{.Rt..a....^I.~.......r.. c..3
..Y9.d....vkf...e...5.....V1q..b.9..f/..^.O.D.!...........4..........x
.I.:.. .e..P....|..VZsg.9...6m..*.....{._..f^9.h..<.~M3G~.pF....~]{
./{Q._).eY........T..r".s|YM.....xN..q.....R...(..^9..f.D2e...8,..A..s
.2......o.q.}....B6 .z~....?..W.QRv<...C.%^...R.O...:...N.!=B..3 ,.
Z&...6.s%....I....%..^..c...{Y........6p.u@@P..9".5..5#.xa....r$.H....
.er". .?wC..4.#..e\`...Q..].(BY...:>P\........r..`.D..^..|n..({~..e
.,...1 \....P.! ...C.......Z.b.v.....,.H...r..NB.W.8..-)..Z...c9^.%...
i..5".*.[...].&m_.5'..' (^....L.:L......LW..`X.h..X.....).t.T.c...R.?.
..ck..^.<B.@P....[..{1..wc!.A..d......g.V)[email protected]]HCx....N..p.
V...R]..)..p.9......).uy...........X..^..u}.........D%T........-8,....
=.. ........8 {X.JkN.. ..s..{dz.gM...5#.....7IPv.....3..d...I....(....
...5l=(....|%i..4..K...|[email protected]"...........&.?..U.[v]A
.`...)....X.)0la}.C.......e...r.4}.sR'..8.p...!.J .ZN3=CO..5w..."'..ul
...H8....Yx...).P...&..G.v...~.N...D..p...b.P.B..!z$...9.C.8....,..!q.
...."....t5.I...K..........c9.e.9v.K)..`g../l.%..r..8.P./x.........|n]
.........b.U(B....%..M9A.......X.&By~....4...F.Z../.H..@XLs......`
<<< skipped >>>

GET /static/image/logo_fb2.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "188b-5116a59d-2f8f7edb8dce95ec"

Last-Modified: Sat, 09 Feb 2013 19:38:05 GMT

Content-Type: image/png

Content-Length: 6283

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT
.PNG........IHDR.......b.......G.....tEXtSoftware.Adobe ImageReadyq.e&
lt;....PLTE.V.s.o*p.-**.........*r.....R.l....,........;,v.-x..h."\...
...Rw..'Ns.....C%d.GIO...aT2..0}.....T..#r..c...(...$`..Y.(j.Jy.......
...b....h..6..th..#^......."s.#j.!l.......E|.-z.'n.:v.%b. t...%.y?..3.
.....m..&f.,w.8{.].......K......'h.K..R..F.......I...(l.........C$b...
...p Z.............(k.6:B*i....$_.4j.........X......t.."\... -z.Rv~.[.
z..#u......9..@.........'f.-y.... n.rto&i....#^...;)o.%`....uf;..W s..
.7.n.'t...X T.^....A...;r.-f...:...%p.'i...9...Q...g.-x....,c.:j.!..*w
...1^.......B e.&e...^# !'v.>....T!`..V.B:,&g....$a..b.!a...!......
l....Y.....T.....M#\.w...n."c....&w...1"d....._.%f..O.#)44p.,p.1b..X.)
m....#]..].)x.VWZ.x.'r. o..y. q.#h.'_..[.!X."Z."[."Z."Z.!Y.)n.#^.'h.-{
...y#_....D.....e_T(\./j.`..&b....%\.a.y.."......$[.,|.-|.!Z. y..z.0t.
 s.3z........v.d...!IDATx....\T...7.8.... B....QS..AA..d.x......0..a..
<>....&......D.@M3Q,<.I...z.q...[..oz....^k?...s.....0{.~....
.....\s7vK.Z[[o.v.[..h. .?......~..xk...e.Hh.{...w.]A...f....:..]~ .]]
6...#.!.s...m.....g. .j.j.,. .......of.K.S..I~.[..D.....g........e.%..
$.....$ 2.....?..~o.wK"[email protected]..;..
....!..y.S.....=....?.......tW.m,K.O".H(......m..c....qj...*....&.d..*
,....!Rp..Ax.r.>|........B..QC.KT'U)J.6i..u.D.`.1.0....F..~........
..t..........cH......H ..:.* .w....FGG/z...|......$k.Km5.Y5..!.....:..
....U..zc.........K.l...1...R.VT..h,M.....(x.N..[...9!.@/.]...h..<|
U....xE..6.".H.b...B..... ..g.......=.^C`.....S....X.R.......F_..H
<<< skipped >>>

GET /static/image/skip_ad/en_tran.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:21 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "13d4-51e829a4-3949693a3ed59e6e"

Last-Modified: Thu, 18 Jul 2013 17:45:08 GMT

Content-Type: image/png

Content-Length: 5076

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:21 GMT
.PNG........IHDR.......)....."c[.....pHYs................OiCCPPhotosho
p ICC profile..x..SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE.........
..Q,......!.........{.k........>...........H3Q5...B..........@..$p.
...d!s.#...~<< ".....x.....M..0.....B.\[email protected]..@F....
&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH..
...........0Q..)..{.`.##x.....F.W<. ...*..x..<.$9E.[.-q.WW..(.I.
 [email protected]..._-...."[email protected]~..,/...;.
.m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<..
....$.2].G......L......b...G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..&
gt;.5..j>.{.-.]c..K'.Xt.......o..(...h...w..?.G.%..fI.q..^D$.T..?..
..D..*.A....,.........`6.B$..B.B.d..r`)..B(....*`/[email protected]..=p..
a...(....A...a!...b.X#......!.H...$ ...Q"K.5H1R.T UH..=r.9.\F..;..2...
.G1...Q=...C..7..F...dt1......r..=.6....h...>C.0....3.l0...B.8,..c.
."......V.....c..w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.X
H,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,  .......3...!.[.
[email protected].(R.jJ....4..e.2AU..R...T.5.ZB...R.Q...4u.9...IK......h.h.i..t.
....N..W...G.....w.......g(.....g.w...L......T071......oUX*.*|.....J.&
..*/T.......U.U.T..^S}.FU3S......U..P.S.Sg.;...g.oT?.~Y...Y.L.OC.Q.._.
.. .c..x,!k...u.5.&...|v*......=...9C3J3W.R..f?...q..tN..(...~....).).
.4L.1e\k....X.H.Q.G..6......E.Y...A.J'\'Gg.....S.S.....M=:....k....Dw.
n.....^..Lo..y....}/.T.m...G.X...$.....<.5qo<./...QC][email protected]....
..<..F.F..i.\.$.m.m..&.&!&KM.M..RM..).;L;L........5.=1.2.......
<<< skipped >>>

GET /static/image/d_top_bg.png HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cdn.adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:22 GMT

Server: LiteSpeed

Accept-Ranges: bytes

Connection: Keep-Alive

Keep-Alive: timeout=5, max=100

ETag: "9c-51d450e3-8ab0ff4e53d010b5"

Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT

Content-Type: image/png

Content-Length: 156

Cache-Control: public, max-age=604800

Expires: Mon, 09 Jun 2014 06:28:22 GMT
.PNG........IHDR.......;.....5.w.....tEXtSoftware.Adobe ImageReadyq.e&
lt;...>IDATx.b..Ifb.........4..a......j...!.E.......z.......O...u..
...k/.........IEND.B`.HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:22
 GMT..Server: LiteSpeed..Accept-Ranges: bytes..Connection: Keep-Alive.
.Keep-Alive: timeout=5, max=100..ETag: "9c-51d450e3-8ab0ff4e53d010b5".
.Last-Modified: Wed, 03 Jul 2013 16:27:15 GMT..Content-Type: image/png
..Content-Length: 156..Cache-Control: public, max-age=604800..Expires:
 Mon, 09 Jun 2014 06:28:22 GMT...PNG........IHDR.......;.....5.w.....t
EXtSoftware.Adobe ImageReadyq.e<...>IDATx.b..Ifb.........4..a...
...j...!.E.......z.......O...u.....k/.........IEND.B`...

GET /1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:24 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"

Cache-Control: max-age=0, no-store, no-cache, must-revalidate

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 02 Jun 2014 06:28:24 GMT

Cache-Control: post-check=0, pre-check=0

Set-Cookie: adfly_421124=1480940; expires=Tue, 03-Jun-2014 06:28:24 GMT; Max-Age=86400; path=/

Set-Cookie: market_421124=1480940; expires=Mon, 02-Jun-2014 06:29:24 GMT; Max-Age=60; path=/

Content-Type: text/html

Content-Length: 1299
...........Vmo.6..>`..%.TBhYN.!...M....nh...g..DYleR%.......$.d.2l.
!....sw...ev.....(.,.7..h.-C..E..-.-....\..xUp..vF...l.9..8c.pKo...c..
.#.kQXd.....nY ..K!.....}~....k...}.......Ws..2.BI..I._..H{0...HN...n.
F..1...Bik.....$.p..,.=.tKd.V.M...t".C.m....LE...".K..V.Vka.8..%..E.R.
.........^.{8T#..\.m6T..>.7QS......'......nJv.........M.....(..g3a@
'..,C...N.>.U"An.... )~..h..Q...u....|-y..U0..Lr...5..)i....5..n..~
kpu.gx.?.U...y d.h..f8....=..9p..r.si./|..!f.3...bo.._0S.......*......
...e..a..rwg.c.K._..Y.......nD...L..d....K0a..%sp%-.Xsf.../...;...K.c.
a........e.,.y.e.............r...d...&{{....0.v.%j.....V..UK.O.%.._~0.
v,........- .II.sK.Z...K..1..$y~..W..N\c...Z.g....z....-....Y.q..-I*..
.J"@G..s!.....Rs.M...........__w...*p.."....Ym ...._Lb.).....A..s..v..
bg...5N.6v...w9$U..5...........c.{..N....[..c..!.....V.N#^.o= ..]....R
....l!.hYf.....W....p.^2..'.!.Da.?t.z...B...=...U.w/...|....P..<...
..OC..t|B...[..\-#..$.r..`...f..Z8....s.....`...3.....m.....{|t0...=..
r..J.}W.....~w;.\P.v...F".l..xPy.Q.. ...u.M..<...9.<X.....E.3.(=
.JH.H([email protected]$6..DwYwc|:...:.....p..i.g.e.:r;
[email protected]:9`G..,>8..{7.,..O..G!98<<:>..4..Ys...n..
..y7....}x}y.%..........Y|.6.~..z.6.^.qs=......f.lp...U).p....?V_.l...
...Z.J.'..q..>.D......Y.A...X.lz..^....2D.,..>.\oh6.wt..........
.......
<<< skipped >>>

GET /1/92a411bc23?a=4058140,2334836&ap=14&fe=16968&dc=16968&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZc0xHFVZcSxYLXERBU15cRiJWXxAXDF9aUEQfTFoyUV4WEQZd&f=[]&jsonp=NREUM.setToken HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Set-Cookie: JSESSIONID=5f58b1292c8fd66a;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT

Content-Type: text/javascript;charset=ISO-8859-1

Content-Length: 21
NREUM.setToken(null).HTTP/1.1 200 OK..Set-Cookie: JSESSIONID=5f58b1292
c8fd66a;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..Content-Type: 
text/javascript;charset=ISO-8859-1..Content-Length: 21..NREUM.setToken
(null)...

GET /v6exp3/6.gif HTTP/1.1

Accept: */*

Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i2-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT

Date: Mon, 02 Jun 2014 06:28:57 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, must-revalidate

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 35

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
GIF89a.............,...........D..;..

POST /callback/0e237ea9065e220e5889ff7139d91ba8 HTTP/1.1

x-requested-with: XMLHttpRequest

Accept-Language: en-us

Referer: hXXp://adf.ly/VUcWb

Accept: */*

Content-Type: application/x-www-form-urlencoded

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Content-Length: 538

Connection: Keep-Alive

Cache-Control: no-cache

Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; adf1=244bd98b1d9d5c84dea3f2c4c65771e3; adf2=99fd33e8b8190f39bff84ea07c6fdc1b; adfly_421124=1480940; market_421124=1480940; __utma=255621336.1513332806.1401690508.1401690508.1401690508.1; __utmb=255621336.0.10.1401690508; __utmc=255621336; __utmz=255621336.1401690508.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)

hithere=TAkyVOUyNICD4MwxQIyjkLi1L4CyJMygZIWFZTlDcBiCIV6FI5ikILsgIsmDlOk0ZYWj5L02IAjToNw0LACjJLmwb4GyFMzgaICFIT6DMBCCwViFc52kNLygZsXzNN3yIcjDoMx1M4jCcM2uLICDJIzSYx30JQlgcQ2VgRiOO5jCgI07NEijwViTdB2yJOyxZ4XSNN3gIQjloT4gMMT3cdsvIRnmdbipcdmFVIz7aACjIL62NADSgRxJLNCVJTtgbs2TJZpsbJGWUai0OFjGAcstI9m21YvoYAmClMsuZQVz9LvhcxyGIb6pIpk35bvNIJiiwOiiYQWnNb0ladWW9YuyIVj2oc51LJCCJL6iIgjToYiiMFCT4OykMlTzkM3xMcDjEZ5mOlTDYO34NUTTUZ3wIIijwMilaVGjFNzwakCTIY6lIdjzNMhyOUTGgMziNoTjAIxkNlj2BXinO9DGkb0iZwTiQI11ZcGDIM2xNIDiIO4iZImXVZj2YJ2CNLiwZoDjIIy4IJny0eu=
HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Date: Mon, 02 Jun 2014 06:28:33 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

Expires: Thu, 19 Nov 1981 08:52:00 GMT

Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0

Pragma: no-cache

Content-Type: text/html

Content-Length: 20
......................

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG

x-amz-request-id: EA9C911887CF8508

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

ETag: "9050946217be03f42647b3f708ef10d3"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 14831

Accept-Ranges: bytes

Date: Mon, 02 Jun 2014 06:28:27 GMT

Via: 1.1 varnish

Age: 247262

Connection: keep-alive

X-Served-By: cache-d98-DAL

X-Cache: HIT

X-Cache-Hits: 5380

X-Timer: S1401690507.845602036,VS0,VE0

Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"=
=typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return
 o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exp
orts:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(
o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof 
__nr_require&&__nr_require,i=0;i<t.length;i  )r(t[i]);return r}({1:
[function(n,e){e.exports=function(n,e){return"addEventListener"in wind
ow?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,
e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});v
ar i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metr
ics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function
(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,
min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&
&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n
]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o 
 )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}
function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})
}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=
e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefine
d"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.expor
ts={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){f
unction t(n){return c[n]}function r(n){return null===n||void 0===n
<<< skipped >>>

GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:42 GMT

Server: cafe

Cache-Control: private

Content-Length: 21706

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
..............#Kv [email protected]".&..J...;...y...[D`.L3.i&....dz.%........
d.....9.. .dU.......BF.z......?..._r.a%.d}.|.`.....A........._..2Y.\_\
.RY....h....%..m....<y....9..'[.F.........[...J7`.....Z.<./..._.
.5.q$.%...o.Yn.T.|*.(.b)..._&.G....y..n..s3n..M..&.Z.c.S<...Ca..=.7
I...qM..&<.....a!.2.9.Am..R,C.`.g..mXMW'..CC...9.8o....M....p.s....
..v9.].....2..H.I0..J.oI.7.tt....10......%A.).~L.J<.{...."......Jn.
....w.*0/4....(.Yl.%i7.x>....D.........q...M...n....~........p.,...
.. `..YB....JI.c.<..1..;y..........!.).>..]_......&OD."...=...y.
.."........*vj(...!/..pp......q.S.9...5E....\[email protected]>
;t.R..}aJ<.....0....%U!.3I.&.K...0...Evl.....).;_a.5*k.....?_'.u__.
..*....I.2..W.{..$P..&......Dx.Hr.......o^.?..W.........2.f.j...1..).8
v.\`.V.3.p.i.\..Y.z}..$`..T...D.Q.....f.F.>R6..2......b...t......].
..5....\0...9...o.3H.....`Z../..)....z]. I\...g=.h... .....!..YM_...%.
p.Ar..'..hi........LB....;.YXc..v..#..V..M..Gb.G..P........T....%E..B*
4Y_....!w..8...e..U.......g."C.....A..u.f{.Y.'...^_W.W._.9....Z.......
...r./@0...............-2R......}...9(.@.....!...'.N.....]...".z.0>
Y0n.....os......x...$.$.....E.LR.....U.....].?...k.3ni.....d.$.3$.U..#
*.]B....H.VK.y`...jKe......i..0..:..g...".v...J...........n'..=r....."
..8e..!.z.&L&..;.........q.k.g.e!..\l.........,..>.#.] ....5m....U%
........8:.W.t.*.?..N*&.S.YfK........2. .R.Tn-.'.x6.............S..@..
R..[^..Ma7..w..S.._ilOz.....3G.~......|...>............s.N`_.<.z
...5..|8..5'..l.X.{.u{.k.W.RZ*Hi..JG....._l.L...$G..Cx=....J..5..~
<<< skipped >>>

GET /pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:44 GMT

Server: cafe

Cache-Control: private

Content-Length: 24103

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
............Y.#Mr..>.......P.L.G..p.....m.'....L.]e&.f........].}..
.,G.I.._..G....].=..LK.;..........q.{.i.._.........y...g.{...>.....
_R.. .0......y?'m.k./K.......RK.q.*&)...A.B....=X..:R.%.y.L..j>.H..
}..1.....!.o......`.lyI....E.^..,.....-...a..........]\..Kj ...}4..1.A
.&q..M:.}@...../...t.g..@....=..Y.y... .d.3$WJ.<v..ax.....U..g.V...
7.....p...........6....~..<....v{q..{.......1V~ ......ln?.Q....'.h.
........}..<J.&o!R.B.`!..y.yU4gO(....^..o..U...5...=..=...>z.f..
....k'A8..".}.z./.-z..2..........fI..bZ.a.2....{j..4UH./G6ae..e<.y~
..g0../a..y..~.....^...0....Z#.6.}..}n.....-......G.....{.9Y...p> .
.V?{.9..9...p...^s........U....YAx.....8.P...C(F<\.......^du..j....
.~7M._. ..@..~.#.......p.L.....a.*..}.j...hk...U..X....f_.....(g\.....
..m.....,b.g.4..63.......w.......1.<2k..T.....1..........t..B8...8:
jG....cCA"f.{...G.....%...:6..'..=1.4..X......|...\.#.......4.s.U..\j.
[..31F..1I.....b/%l......s..O.QV...74...&bg........T ....$4........).&
gt;?y?.......~..*Z..``[email protected].....:.B..IZ...
Z6..#<XEX..H^...Ps..mw.S..0=..uYu....d....\...g.........r,l..[v....
(^.....z.^..Q.gD..........{.<Kf...t.U........".c1......OEJ.0.....!.
=.U.2....e|.F..i...Lfh...v..:.#..a....~.....J..fZ.l).~,...q<I. u..p
*.T..3........Q..gP...6fP...D.<...#.t.=?/._..z..1.5.rH....l'Z..m(..
..v.......Y..........L.6<..QZx........o.Q6m.$.....D.#..KY......]...
..GIu..h.G~..=R.......s.}..DK.=.[Lq.>../.9k..&Ky...gK...i..O....O.O
......e^..V..mF...h..:....:..d.f^]$.3...Q W.`0J8...y\...#Z......s.
<<< skipped >>>

GET /pagead/html/r20140527/r20140417/zrt_lookup.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

ETag: 17039503424336669516

Date: Thu, 29 May 2014 00:33:36 GMT

Expires: Thu, 12 Jun 2014 00:33:36 GMT

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: cafe

Content-Length: 4660

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 366904

Alternate-Protocol: 80:quic
...........Z.{......".....j ..)...m....6.g/...m.(..........d.C...9....
. i...........~.....8.EO.....v4V2xz.2.^...g.M...I.:J.E.t.T..\.*...$...
..|....$U....r..{G..N...=;\.~>Ib..^.t.$..$..E5/..'...J.}.NB.J.O..-!
<.!`...I..2...8M..KU.HcK..r.a..C..}.%<.0..<M..p:yr...x..2..K.
.7...:...j.J..[A...&GC-.V..y*......x......T.$V.u.^....W.....J..W...V..
"...^.-s....."...}I.N.....It...R..JE../f..`.==E.VPP..2.&..B)...iM..g..
.ZP5.g..B...4.y.;.<gK}=...6s=g............j.,...{l..... .5$.....=..
Eny...{....^..m.#.6^.U.........k.D.z..zcg...[.vx...x.>.}A"9.P......
.*diW.....&.s}q.v.T..~...?....tg.v.*..5U.........Ijk*...%..\.2{...(4..
..Y......e..r.Kf.|.. ...&.....O..t-%|.......y$......N,g..G.!".RT..C...
.;j...o5....T....-....r.$1v`....5.....4.t^X.G|.C.7.Al5C.........l&B.bC
....".l{...............Z.... h.......!......c17.o....[#N.J...m...b....
...I..i~...r......#..w.hj...L.o..j..A/[email protected]..%U/...}.'
q....E...:.......l.}Y........&..c ..`..q.\...R...?..X.:.n..0J..s....$m
.]..q5..`..X...8q..sbE7....i..._>..=...K.W..J...\O..8....^..W.x....
oe>v...df.#.[..N..J;j...O..F*.8l.....S..Ij5}...D..>...K.{mM.....
ge....w[....(IF..n.`R......P..Z.'........._...Bey.\...,...h.b..4......
I.hd[.....8Y...!.^.&o..............k,.....P.}9.bq..N...`7.A2m!.T.<.
...... &.\f."U.'.....g.l...T....vU....7....j.=.~.....=....J."E?......g
[email protected].<A.r...`.....O..>..i.C.......bG.:.....
.....Y...&.......[!T..dk.F......vea..#.m.Q>...E.d....1.....d..t..#.
W.....8.c.i...=....N.p.}.0....2..{.9i..r{..G.....?...B......:..7.;
<<< skipped >>>

GET /pagead/drt/s?v=r20120211 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

X-Frame-Options: ALLOWALL

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 05:37:23 GMT

Server: safe

Content-Length: 145

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 3080

Alternate-Protocol: 80:quic
..........%....0.Ew...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.f
k....$...-...<o....RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./
6PzR....HTTP/1.1 200 OK..X-Frame-Options: ALLOWALL..Content-Type: text
/html; charset=UTF-8..X-Content-Type-Options: nosniff..Content-Encodin
g: gzip..Date: Mon, 02 Jun 2014 05:37:23 GMT..Server: safe..Content-Le
ngth: 145..X-XSS-Protection: 1; mode=block..Cache-Control: public, max
-age=3600..Age: 3080..Alternate-Protocol: 80:quic............%....0.Ew
...]....h..F....x.$-....o..=..9..t..g{.Kwk.}..k]e.fk....$...-...<o.
...RxzyZ...ML..bwX.).g.#..r..2....,U.....Q......M./6PzR........


GET /pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: googleads.g.doubleclick.net

Connection: Keep-Alive

Cookie: id=c21c6444d00007f||t=1360768149|et=730|cs=002213fd480b36e81315d0d96e

HTTP/1.1 200 OK

P3P: policyref="hXXp://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml", CP="CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR"

Content-Type: text/html; charset=UTF-8

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: cafe

Cache-Control: private

Content-Length: 19387

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
...............J. .._.dU.%.. ...d.q...ys..;H...p....n..L=..L.jIoz.)uM.
......?.q,$.D......Z.*...........;F......c-}...e....n.$...w.....$Q^...
hER.'....?. z...h...<A.....D.......=<|..q..iMT....g.PK....[.....
..N..e....S..lEd|..\...>?.?......Y\.....5 ..<k.%.?..u.*.).VV..N.
...._........v..O0.J:...l. .....rV/t.=B........u....... .C!;)D....t(..
....4........nR...2.  =D..I\...D..(.-.>P.. .........k0..^cU. 2..`.0
...`........c.....!?.....t0K|d.qM:D=..P.v...W.d.q.W.d..I_.....j.aj..b.
'B...k<.;y<4.Xp........F. . ....Z.a?...~..... ..D..a.s....$eO.#.
)o..%.. ....of..k..Y.X..O....|.~...Zt...r.l......sJ......S$e..,..z.."-
<..>.........H........G].9........\:.E8.I.42.$..&.RcQ..P....G...
..?......h....{& ..._L.....B.L.L.......,.....*....... }./.....^_..0...
.wT..g..y..M.....#1T.0.-X...8.....H..@...`..H .wd..OO..P.x....{.....o.
0T.%.^y..O.`. RD..*w....g..K.Y...3.....|..S5 ..r.........v...L...z~zG:
.........}v....-..B@\>........ .. .....`Z...>.U../...l@..<.(N
.Lh........M#.7......B#.e......A..Dd...Z.E..(.x..........a.2.Vs~.X..x.
....f... XH......Z....i.dGaX ..\5..\.F..BP..8...gI...t.k....(....g8Uq.
...........3..fB-.c.....E$.V._..../....Z9......m....xjP.....5.M@.'.`.!
...g_..Gl..R..Ob9..........~...z...!x..V...J.....B....Sf......P....F..
D&....../.....H<U.6.').'Ad.V..T.,D....tE2.......@;..E.9......0.. ZZ
=.(.z..\.Ai y.n....}.V./F-.. .m....Qs...~.X..lq./..\.p.....Ip..._~Z...
......~S..j.|.\...q...k.~....4;....S.J.p2(.;...z...8...[.....5].......
....1....,I....f Fn.c......Vc........6.......E....SF....5../..|..j
<<< skipped >>>

GET /msdownload/update/v3/static/trustedr/en/authrootseq.txt HTTP/1.1

Accept: */*

User-Agent: Microsoft-CryptoAPI/5.131.2600.5512

Host: VVV.download.windowsupdate.com

Connection: Keep-Alive

Cache-Control: no-cache

Pragma: no-cache

HTTP/1.1 200 OK

Content-Type: text/plain

Last-Modified: Wed, 12 Mar 2014 05:29:31 GMT

Accept-Ranges: bytes

ETag: "806f4cbb43dcf1:0"

Server: Microsoft-IIS/7.5

X-Powered-By: ASP.NET

Content-Length: 18

Cache-Control: max-age=7809

Date: Mon, 02 Jun 2014 06:28:26 GMT

Connection: keep-alive

X-CCC: CA

X-CID: 2
1401CF3DB40B609892HTTP/1.1 200 OK..Content-Type: text/plain..Last-Modi
fied: Wed, 12 Mar 2014 05:29:31 GMT..Accept-Ranges: bytes..ETag: "806f
4cbb43dcf1:0"..Server: Microsoft-IIS/7.5..X-Powered-By: ASP.NET..Conte
nt-Length: 18..Cache-Control: max-age=7809..Date: Mon, 02 Jun 2014 06:
28:26 GMT..Connection: keep-alive..X-CCC: CA..X-CID: 2..1401CF3DB40B60
9892..

GET /pub-config/ca-pub-5320542445719254.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:40 GMT

Expires: Mon, 02 Jun 2014 18:28:40 GMT

Cache-Control: public, max-age=43200

Content-Type: text/javascript

X-Content-Type-Options: nosniff

Content-Encoding: gzip

Server: sffe

Content-Length: 75

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
...........H..O.I.O,..K.O..K.LW.U(..K./..&YS.P].......X.S...T^]k......
?J...HTTP/1.1 200 OK..Date: Mon, 02 Jun 2014 06:28:40 GMT..Expires: Mo
n, 02 Jun 2014 18:28:40 GMT..Cache-Control: public, max-age=43200..Con
tent-Type: text/javascript..X-Content-Type-Options: nosniff..Content-E
ncoding: gzip..Server: sffe..Content-Length: 75..X-XSS-Protection: 1; 
mode=block..Alternate-Protocol: 80:quic.............H..O.I.O,..K.O..K.
LW.U(..K./..&YS.P].......X.S...T^]k......?J.......


GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209280

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf
...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...
A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.
k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b..........
.w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b
...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a
.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.
2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$
..u$.T.F..d.N.\3.Pc.f.|[email protected].$EB....f.......X....H.Fu......z.
.....'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'
.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z
.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..
&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... .
..{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."
8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;..
.-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G...
.M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..
5....)."..C....X......."t........8..|......#..j..;.............[#.rD..
...'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r...
.....x...............z`.....E8....x.......h..vgo.............<FO..t
.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!
86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<< skipped >>>

GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209282

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf
...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...
A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.
k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b..........
.w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b
...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a
.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.
2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$
..u$.T.F..d.N.\3.Pc.f.|[email protected].$EB....f.......X....H.Fu......z.
.....'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'
.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z
.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..
&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... .
..{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."
8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;..
.-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G...
.M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..
5....)."..C....X......."t........8..|......#..j..;.............[#.rD..
...'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r...
.....x...............z`.....E8....x.......h..vgo.............<FO..t
.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!
86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<< skipped >>>

GET /top100.jcn?2169552 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.rambler.ru

Connection: Keep-Alive

Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==

HTTP/1.1 200 OK

Server: nginx/1.4.4

Date: Mon, 02 Jun 2014 06:28:45 GMT

Content-Type: application/x-javascript

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Pragma: no-cache

Cache-Control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"

Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT
1ac5..(function(window){var f=!0,i=!1,j,k=this;Math.floor(2147483648*M
ath.random()).toString(36);function l(a,b){this.width=a;this.height=b}
l.prototype.toString=function(){return this.width "x" this.height};var
 aa=/^[a-zA-Z0-9\-_.!~*'()]*$/;function m(a){a="" a;return!aa.test(a)?
encodeURIComponent(a):a};function o(){this.e={};this.i=[]}j=o.prototyp
e;j.a=0;j.j=function(){return this.a};j.c=function(a){return Object.pr
ototype.hasOwnProperty.call(this.e,a)};j.set=function(a,b){Object.prot
otype.hasOwnProperty.call(this.e,a)||(this.a  ,this.i.push(a));this.e[
a]=b};j.get=function(a,b){return Object.prototype.hasOwnProperty.call(
this.e,a)?this.e[a]:b};j.h=function(){return this.i.concat()};j.d=func
tion(){for(var a=[],b=0;b<this.i.length;b  )a.push(this.e[this.i[b]
]);return a};var p=Array.prototype;function q(a){return p.concat.apply
(p,arguments)};function r(a){this.b=new o;this.q=!!a}j=r.prototype;j.a
=0;j.j=function(){return this.a};j.c=function(a){a=s(this,a);return th
is.b.c(a)};j.h=function(){for(var a=this.b.d(),b=this.b.h(),c=[],e=0;e
<b.length;e  )for(var g=a[e],d=0;d<g.length;d  )c.push(b[e]);ret
urn c};j.d=function(a){var b=[];if(a)this.c(a)&&(b=q(b,this.b.get(s(th
is,a))));else for(var a=this.b.d(),c=0;c<a.length;c  )b=q(b,a[c]);r
eturn b};.j.set=function(a,b){a=s(this,a);this.c(a)&&(this.a-=this.b.g
et(a).length);this.b.set(a,[b]);this.a  ;return this};j.get=function(a
,b){var c=a?this.d(a):[];return 0<c.length?c[0]:b};function s(a,b){
var c="" b;a.q&&(c=c.toLowerCase());return c}j.toString=function()
<<< skipped >>>

GET /top100.scn?2169552&rn=445673780&v=0.3i&bs=797x382&ce=1&rf=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&en=windows-1251&pt=Автомобильный форум ForCar.org.ua&cd=32-bit&sr=1276x846&la=en-us&ja=1&acn=Mozilla&an=Microsoft Internet Explorer&pl=Win32&tz=-180&fv=11.6 r602&sv&le=1 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.rambler.ru

Connection: Keep-Alive

Cookie: ruid=RMH4BY4FHlERLgEAARsEgw==; top100rb=MQ==

HTTP/1.1 200 OK

Server: nginx/1.4.4

Date: Mon, 02 Jun 2014 06:28:45 GMT

Content-Type: image/gif

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Thu, 01 Jan 1970 00:00:01 GMT

Pragma: no-cache

Cache-Control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PSD IVA OUR IND UNI COM NAV INT"

Set-Cookie: top100rb=MQ==; path=/; domain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT
31..GIF89a...................!.......,...........T..;..0..HTTP/1.1 200
 OK..Server: nginx/1.4.4..Date: Mon, 02 Jun 2014 06:28:45 GMT..Content
-Type: image/gif..Transfer-Encoding: chunked..Connection: keep-alive..
Expires: Thu, 01 Jan 1970 00:00:01 GMT..Pragma: no-cache..Cache-Contro
l: no-cache..P3P: policyref="/w3c/p3p.xml", CP="NON ADM DEV TAI PSA PS
D IVA OUR IND UNI COM NAV INT"..Set-Cookie: top100rb=MQ==; path=/; dom
ain=.rambler.ru; expires=Mon, 09 Jun 2014 06:28:45 GMT..31..GIF89a....
...............!.......,...........T..;..0..

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2694

Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.
c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b
/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny"[email protected]:...!F.e.
..U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...
M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%..
...-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..
U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7
A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#
[email protected]>M........x...k f..u.(..<..V......jD3
....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>
;....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*...
.0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M
....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z.
.8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b
.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X.
..l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E "
.w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......
a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X
.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/....
.W..b .Ga.i{.2|[email protected]|.........vg.~
.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m.....
.<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<< skipped >>>

GET /pagead/js/r20140527/r20110914/abg.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 6552112912997271778

Date: Wed, 28 May 2014 22:46:58 GMT

Expires: Wed, 11 Jun 2014 22:46:58 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 2366

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 373304

Alternate-Protocol: 80:quic
.............r.H.._a..* T...:.Z..W..{f<./...Q....P.,.....Bj$...=O..
FIeV.Uy..d..,.RE}^....l.<.b_}.)......n.h.l...O..4.n...4e.......D9.T
.....*..\Q.X3..n....,..)9.sw....el5.Z..>.b...l.N.......W.}.yZD.....
.n.x...f..K..U...I.!...W*..#[..qr......q.*......DA....=...".l2z....P:O
......eTK...K..vJ....v. ....>y.I.P...s..j.l.q.hJ......>1....s.H`
[..W.e)j....O5.8.S.........;......!.......^}fQ\h1...D..._.......I ..2.
@A>H.=.(.......X...V.......g.........6..........#...6Q..w...S.;...&
lt;..m.U........BU....I.....~...1..7.s.....p(...h~..TQ.q.g...r.>...
P"..dNPB'.....Tj..~J..;r..B....|.w".....o..:..m.8....|.......A.4.5f...
.8..Qt....2...`.3EF..c....yJ..bY.pf..#RU.....#..F..K...\.]......7.....
..GH.K....@..[.Y.&T....R3.X......L-Q.3eN....m.6W..uz..|.Iz5...Jk.|..N.
......'..'..M.k.Jy<...p..|..Ge.\.b~x...l-mJ.r%*e........~=j.D......
...8...%\.....P.U...1F.l^.lAsy......)..Jp[%`....... .A.:W..k....4i..0.
.0=T..T..y%.....C7IA.c....r...]-..SS...b."..Su\....A....*h..,.....n@G4
.#.....,.......C.rw".%.....Qw......hYN}.D..i.....5u.?....J8U........v.
........[D...*q..A..j..3%h..c...h.e..8..(A....l..B..K...XG........@.".
2..d.o(P.'j ~.R..x...3H.a.5;B._.....Bj.........../.....F....3~....[.3.
..e....... ...{..L5I.%l_.E.AY..AE.e...V.{.P...%z.|....$...R....8...<
;....U.?Qy.J=..`.7...(.e0.5>.......K.).Uh.|-.."..@v..:.9.....@_..i.
r7- .Myla....{..Q.$Z..'Zh.....s....l..M....=...........g....3.k=..}...
..Z.0...........gk.E......=.qW3...w@.^....5..............Z.7.uc0...-..
.. 6YF.....[.i.}.......r^.......6.:.`.l....Q}..os.z..........q...g
<<< skipped >>>

GET /pagead/images/abg/ru.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 12244217470317852716

Date: Sun, 01 Jun 2014 23:18:09 GMT

Expires: Mon, 02 Jun 2014 23:18:09 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 728

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 25834

Alternate-Protocol: 80:quic
.PNG........IHDR...m...........A.....gAMA......a.....IDATH....J$A..'..
.....t.s.........^.....X0..P8..\..;...wgw..|.C....._.-...ap.g.........
.k..x..Y,..'..\.....(|......h....DX......~.|.....l.b..e^.|....v...I:.N
=. ....*...{.6#(F.y..y..z....B.v...B...Du.V..pU.!......Q.~..~l...-....
..."...@.^Ab..(.."T}.g..?....w.R..].....h.q.U.....h..1t..I..q].G.g.=..
.:.....(."...t:[email protected]..:W}H..{Ql..R..m..................b....i|.. 4:..BO
hz...s.....X..;<....y..AX ^..;..6T... ......G.Q..9.<.i4O....f..O
x.........6-=.......i)h..D....s...[..N..9LE..:....*D..u.G...7.e...2...
.\.5(....l.X'S.A.ta.. .5=.C..i....D.......J!..w..H...8f.T.w..[..O..RaJ
.e...8.8F.....&*L@;l._.3B....t.p.....k'..h.G.)..ZQ.kQ...o/..Pl.JD.;.J.
_..)v.b..8o.....%3........IEND.B`.....


GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2696

Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.
c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b
/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny"[email protected]:...!F.e.
..U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...
M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%..
...-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..
U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7
A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#
[email protected]>M........x...k f..u.(..<..V......jD3
....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>
;....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*...
.0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M
....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z.
.8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b
.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X.
..l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E "
.w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......
a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X
.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/....
.W..b .Ga.i{.2|[email protected]|.........vg.~
.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m.....
.<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<< skipped >>>

GET /hit?t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.yadro.ru

Connection: Keep-Alive

HTTP/1.1 302 Moved Temporarily

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: 0W/0.8c

Content-Type: text/html

Location: hXXp://counter.yadro.ru/hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284

Content-Length: 32

Expires: Sat, 01 Jun 2013 20:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru
<html><body>Moved</body></html>.....


GET /hit?q;t26.5;rhttp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=;s1276*846*32;uhttp://forcar.org.ua/;0.4685960488597284 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: counter.yadro.ru

Connection: Keep-Alive

Cookie: FTID=1JZ1cT0ZFRrE1JZ1cT

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 06:28:45 GMT

Server: 0W/0.8c

Connection: Close

Content-Type: image/gif

Content-Length: 145

Expires: Sat, 01 Jun 2013 20:00:00 GMT

Pragma: no-cache

Cache-control: no-cache

P3P: policyref="/w3c/p3p.xml", CP="UNI"

Set-Cookie: VID=1kHag50MM1bE1JZ1cT; path=/; expires=Mon, 01 Jun 2015 20:00:00 GMT; domain=.yadro.ru
GIF89aX......fff...!.......,....X.....h......_.......g...Hr`..d3...cl.
R....~..N..j-[."..^. .yl&....DT".[..*.9............a.........k=...!8HX
.Q..;..

GET /favicon?q=tbn:ANd9GcSCB2mlG8uLb4YBBBqzIaaPfI5bU5Bv8ISLaYr0-anT9GuCide8MSBkWmUkLMUpoRJv8uT82ZfSz3Pd8A HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=234x60&output=html&h=60&slotname=9346772342&adk=293520130&w=234&lmt=1401690525&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690525783&bpp=15&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=2&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: t1.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Mon, 17 Mar 2014 08:25:46 GMT

Date: Mon, 02 Jun 2014 06:28:45 GMT

Expires: Tue, 02 Jun 2015 06:28:45 GMT

Cache-Control: public, max-age=31536000

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 422

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
......JFIF......................................... ."" ...$(4,$.1'..-
=-157.::# ?D3,C49:7........... ...                                    
              ..........."...................................,........
...............!....Aa..$..."13QR.....................................
....................?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.].
.I.[....QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ
.8...HTTP/1.1 200 OK..Content-Type: image/jpeg..Last-Modified: Mon, 17
 Mar 2014 08:25:46 GMT..Date: Mon, 02 Jun 2014 06:28:45 GMT..Expires: 
Tue, 02 Jun 2015 06:28:45 GMT..Cache-Control: public, max-age=31536000
..X-Content-Type-Options: nosniff..Server: sffe..Content-Length: 422..
X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic........JF
IF......................................... ."" ...$(4,$.1'..-=-157.::
# ?D3,C49:7........... ...                                            
      ..........."...................................,................
.......!....Aa..$..."13QR.............................................
............?..y.W4^.....a..2...O.......e!S.=..w..]...Z...f.]..I.[....
QJ.]..D..,.m1w.6!....3[4...d.>..Wc.!......X..'......:....WZ.8.....

GET /VUcWb HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: adf.ly

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Encoding: gzip

Vary: Accept-Encoding

Transfer-Encoding: chunked

Date: Mon, 02 Jun 2014 06:28:10 GMT

Server: LiteSpeed

Connection: close

X-Powered-By: PHP/5.5.8

Set-Cookie: FLYSESSID=b6141ec4859eabfeada18475fa2b9f3336d62da0; path=/; domain=.adf.ly

Set-Cookie: adf1=244bd98b1d9d5c84dea3f2c4c65771e3; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly

Set-Cookie: adf2=99fd33e8b8190f39bff84ea07c6fdc1b; expires=Tue, 03-Jun-2014 06:28:10 GMT; Max-Age=86400; path=/; domain=.adf.ly

P3P: policyref="hXXp://adf.ly/w3c/p3p.xml", CP="ALL DSP COR CURa ADMa DEVa TAIa IVAi IVDi CONi HISi TELi OUR IND PHY ONL FIN COM NAV INT DEM GOV"

Cache-Control: max-age=0, no-store, no-cache, must-revalidate

Pragma: no-cache

Expires: Sat, 26 Jul 1997 05:00:00 GMT

Last-Modified: Mon, 02 Jun 2014 06:28:10 GMT

Cache-Control: post-check=0, pre-check=0

Content-Type: text/html
ee7.............:.V.....WT....bk.1.6"[email protected]......{.
$[.b....XF5...\%.....vO.Cr.....zR.m.......s.5.V.e.......Q..G.i........
n.d....}fD.K.;.....$C.$.dKf......g.=F=..l..$Ukk..Apgk{<.,...Q.4..=[
..^..Z..=*.&......F.....A,...l.......3."...._..O~.(.....R.....@.... re
....FUVy..D.......%..<.QA....#....I.q<.H..4.t..a...Tu.6.A.B..2..
.&..)....U.U^.@V..,.........l.w.}R.H%. .u|..)u....... {...u..w..*.^...
.....s..([email protected]|...r.....4..QY........A......T.x..... ..P*c.#@.U.?.(..
..L.{..,.9<.h..L$..W..W..?...\..t.Z%.x.z0..?.U.%i.z...Vv..; u....i.
l....eQ..`#5.{.\.h.._...Ow.7.<.z,....%.0...X.........RO.......m....
.3...AY.Sq.U/5...zZ.. .2d7.c...Jv..>.W.2...,......3..)o.4...^.z....
`..G...8d.!........".^.re..:...<...7cq.......#6$....w.<.. ye...,
U.V....o..=.=..ps....wp...A.......JI......]...!OUR.%.VI...S#y.......U.
..A...>Hs X....w....m....>.d.;.-0......U5.j....~|...............
@.t2..T.:...Hg...dX}.l=7h0f.d.....{f.....1..m#5...$ki(.[...#[...6r.x.(
.h.....l4....c.]...C..N..Y.X.7....p./@........p...d..'8.?..=....".....
..TA.<G.....w\/..=...FuzK.4.yz........}c.m4.k....V.z.enX...i..-.y=7
~]7....i.M=..3[..:..MX.x..g.[)&W..`...^...i.F.B.{.[i.$Z...1Ga*.0.n.`!.
 DAV.|..j...H..Mt...3..;....j..M6<...Q...%.........j;............y.
...`]g.&..;3RK...^(..../h.].=.....4LX..&.I9a.O V....y..,D3.; .c.F.,v..
.y..MV:..f.......=.a...X..g.-.......-...]...v..q..p.........|.\.~Q...Y
...4......r\[email protected].`.A.,I.........S.T.c..!k.(...E$
..G0..>....$..6...F...A..e...T.:l.d6.f.9..I...^E7u!....,xXp.>
<<< skipped >>>

GET /bg/FvkvZ9O52_Yn54Fr-_G1jYKvUvDoQDyMY1mbQmD_BTc.js HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript

Last-Modified: Thu, 22 May 2014 16:48:47 GMT

Date: Fri, 30 May 2014 20:20:46 GMT

Expires: Sat, 30 May 2015 20:20:46 GMT

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 5861

X-XSS-Protection: 1; mode=block

Age: 209281

Cache-Control: public, max-age=31536000

Alternate-Protocol: 80:quic
...........;.w........V....m0.........G...1...4.....$.........z.F...hf
...W9..ic..3...GI%.W...2.a8.T..Q...b.|).;.r6;h~i..x.7.Y.`.?:...<...
A.>.....(`.r..9^E^2.G&.).xh.q....^..K........^.1....,.L...]..~.I9g.
k......o..}x..6.-.}....X8..lB....1....<.'7.A...y".h~....b..........
.w..r.f...s........6....F=.SA~z.[.E8ML.2..YL.as4.*~.V}K|..;/...4-.L..b
...8.yl:...(H&..).g-'.qb....#M]....g.P.......\........i......2...r...a
.;..m.......b..6....O&...7a.4Eu.t=j,.x...c........V.[....z..g..8a.akF.
2..W..........z#`...W<G.....`;...$Qc.~.^b.p......e.#.a..e.s...6. .$
..u$.T.F..d.N.\3.Pc.f.|[email protected].$EB....f.......X....H.Fu......z.
.....'..@,b...[..a...An.%'.T.=.w......I.jCP...Z.5..V.0.#[....v.D. S..'
.>.....5v.YlE.j..d.#.. I....).VK..."J...t].o.qc./*.z}..c...P... ..z
.8.?.`.QB@G..../.Wk.J......wON.......9.z~N.Q...N.r_Z....C..A.......8..
&..g3._.x)N.9O.C2PRk.8...9..B.Er...F..tBC.....J.U..o..|D.OTi.5..4... .
..{...ux~..#...zZ(..6.0H..j...x.r..YT.....k:M).AO8...........AC0....."
8..0.`........=bP#.y...p.9.h.".C...C@,....%.=,..qK8,r...jS'R....yF@;..
.-..I...L.&.r.N.....5.V..F.U.......z2..D....}.........l..(}ij.G...G...
.M^...2J. ''.HLw.t...3....p.0..|.....d..cf..J_........[.X&.....aW.Q~..
5....)."..C....X......."t........8..|......#..j..;.............[#.rD..
...'.....N.xBO..>..cv.c...eC..~LP...D....>8(..^.;....%.8|xt|r...
.....x...............z`.....E8....x.......h..vgo.............<FO..t
.8}.?@...* _.%....:9.y..9?...#40...s.p.................P.$>.v.A_..!
86#&.f..)6....}........Z.Z....S.C...as\......'Ro.@I7..]t.-<....
<<< skipped >>>

GET /pagead/js/adsbygoogle.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8993832363057935277

Date: Mon, 02 Jun 2014 05:43:47 GMT

Expires: Mon, 02 Jun 2014 06:43:47 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 8335

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=3600

Age: 2691

Alternate-Protocol: 80:quic
...........|i{.6..w...o.LF.6/mH....m.&i..yZY...Z"Z.I.K,......$..9...$.
c0..g0.9Z..t..M..F.. .N......B..<._...&...4".K......O.....<I...b
/.X.[q....!..p6.....B5..~<.R[.8J#...F...t>ny"[email protected]:...!F.e.
..U....R..1_^.A..lJ.0...I.a,.~0........".z.c..."...7.9..b..([..a..1...
M>..5........_..5U.([yc..IP...%.8{2......T...C.\.l...-3.s.g=.LU.%..
...-.K.D<...ib...].C.. ...m.<....l.;...5V..s..%&KhU4.eUX.....O..
U.r6K-..d:J..<.....F.Y..{.*V".....2.....'J6....c..^3..>...X..H.7
A..|.m....'.a..x.=.C.{9..<....i`..A.qz.`].....zX....$.......\...`=#
[email protected]>M........x...k f..u.(..<..V......jD3
....\......Q.....5]..NVu.z#.4e..a..w...w.f...F..!...!..P..y....,..)>
;....0.P.mMD..v....h..0...FCVl.\.@...=.bX.....`.jD.%.|....|D......*...
.0..;..4....y...kF3...[..?...............f..k.o..|u.u$_G.:..sz..kL..|M
....R~,;..k..H...r....4HR.P_....u....................;...V....*ZaV..z.
.8X.....`e..Uk.6....1t...8.........H..T..{r..GMn`V..;.>......X`.`.b
.....[.........`....F.Lk..).S<.........}<C.%...{. i#i../..=.N.X.
..l_~..j..*......C....];*.".d....i|. .i ......._.J..'......JmY...u.E "
.w....k....$\#.....J.3..,5. ........[..d...|.....FX[x.*..N..n4\.......
a........h.e.......R.P[.,Oj...m)m .3.B.l.;..a..YBo.,.c..~..K......H'.X
.TW.ee...J............<..H.mv-G......4"].AV.C.. .b9....a.....D/....
.W..b .Ga.i{.2|[email protected]|.........vg.~
.a5dc'2vH!..t.bI.;.G...=?..v...u|Rl.s....j...Y.jV..o5.z....|.{~.m.....
.<......J..W........;>.$...}N;u.~>bz..hM}...C.4}..w.`.R..
<<< skipped >>>

GET /pagead/js/r20140527/r20140417/show_ads_impl.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 8183703479083339399

Date: Thu, 29 May 2014 00:33:36 GMT

Expires: Thu, 12 Jun 2014 00:33:36 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 39485

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=1209600

Age: 366904

Alternate-Protocol: 80:quic
...........}g[....w~....n.....M[ @.....0...(.(Y-.l..}.9..:........g...
N.tr..l.L{..i...&.}w..%..\..Y.&.t6....z.rm.u.9.u.......^5..{S........c
...k...2|....>...Io<}|.C........x411.:^...;.....b..^<5-..V...
3}..\...oC..A!..~..,..j...0.;......d...H.....wA......Fw....eK.....a...
e....1..G..p].. ............`.j......9.B....`=..c...h:.:....t..v....C]
..K.../.a8......6.6gI.......1...h...'5..l.Fqo...J..S.D.R...h2}.OZPp4..
>...'../.......^..loi.8..MM......7.Q?..E.p.0..`S..,.L .l..."'{....(
F.u#."..S..)..e.a...\.6-..9....."....[..B.s.{r.d....Gs.....@.......*.g
......W.a.3o..I.N....bN.....v'....d.G....m.O..oq..&.v^. Ul;..m.._....o
...<.lH...Z.BU.'..7.y.....6"s6,....[K...ruu...([email protected].`t...`.M{..r0.
a/7.{......h.Nrf...9.w........<..._......m.sCEW...4..=o.U.......V.J
..9..F.....u..y._......Y..........~...5.E....@...#.V&.`:..K.$.^....,..
[email protected]:.co.D..#o..U....;2.......z.]..{}.F.u......E....(.b
. 5{....3X...pp.=w.o...n..rU.^.._.ln.W.em..u.j<[g?.u.S"w.{..7...8m|
..G........i......,.P.N..l.L.k<.V.y.....>...&..I<......W.[..n
..'..5..T.....2?.j...S..3...x.1....j/7^.....?<w..-.se....>.b..1.
...L...R..c......m'^.~....0:.Q..yaR.T........Mu.M.......^..{...Q....a.
.<: ....E.OCY|..z...d......h....;.......a..s..O......D}....Q&. F.k.
.....j.E.....<...V......._5,@.....Co...^..............z..e?/...I...
.V dH....k.......;..m.............~....7..r../......w...u..%k.8..#..t4
[email protected]..)._z....cC.b.m..1.6...7....'...._.&..y.~.5.F..5,._.m(MO.X9
l........]#... .C.......]o...5.Cw.#.6.$2*~5..p..u.7~.t..1;. ...h..
<<< skipped >>>

GET /pagead/osd.js HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: text/javascript; charset=UTF-8

ETag: 4143958178504196695

Date: Mon, 02 Jun 2014 05:37:24 GMT

Expires: Mon, 02 Jun 2014 06:37:24 GMT

X-Content-Type-Options: nosniff

Content-Disposition: attachment; filename="f.txt"

Content-Encoding: gzip

Server: cafe

Content-Length: 18066

X-XSS-Protection: 1; mode=block

Age: 3077

Cache-Control: public, max-age=3600

Alternate-Protocol: 80:quic
...........}iw.H.....D/'#..c'....'......&~8-.e.x.K..}....^...f....w.X.
..W......;.... 1....Nw...6A.X.%\.&.^w.{5/`)....z.;.L....&.er.....b..|.
K{...D.p.cXFI.'..ig{..<.M:.l..A.....j.M7.......\...'.?..R..K...U...
.f$..........2.zPQ.A...7...T...v0...`,.........<o...i3......h<..
...tx:.w..Z"z=h.:p.z...;H....$1.....Qw(.b..f.X.!`.d'...R.u.2...T\.D...
......xr.....{.wc.<..Tm^.>9.................aUy...{K...M.;.A..b.
.6.l.B/x....b.{...M..\[email protected][.%.....Lh.8...gY..j.,.e...c..L..f..
..$. p>......-YV..,1.......w..Z.;..q..q0.@...%a..D0........@....}[N
...r...8go.{U.<S.....\.v..*.D..f..Vzh.Km.B..h...V..9..d.....l9..Lno
W.[.%Z...5....p..b.....0....D.6..9...5f...u.......m..#.....qm4.tJ.cuF.
/.0K.v'.. .H.'.Yo(..y..N..7.^,...q..E...UAW...5ju.d?..^......<.@...
B....Xf.........Z.)........S.....L.T.5...[..3....x*.4L.*$..... /.....@
....r..0.S..m..E.$Ws....a...,....W..]../....s..s6,......1...=*.}q]....
..u.ofg..0..;m6..}......;._.~.../..._..>'.y.......Z;....7dK..@...%.
....._L..E.UY..;P.....$M.._..X)...1.....O5 [email protected]{...E.JE....N...
m...4.#.A...G.._\.w....n.1..;...Q:.j....x~...9.H.......A!..8t.)...z..U
[email protected]:.......Q.....r..@...].O..A.......y.....b`.w.d....l...
Ym..q.l..%;t.Y.;.....O..........V..\Zs. ...H.C1.0..P....g.|E#.M.......
~pq~....4...\.g............;....p...x....>&^..M...o.-.....M....W.V.
[email protected]..@ rm......=.....r.;.r..N.*..Xx:.Q...0.[[..3..0..B;c....2
...T..C.O|.......!g...-/!......O.. Iuc..aB.....(....8....B.`;6E..Zt...
|.N...........U ...K..y..~........ Y......?......(.!..D.$....c....
<<< skipped >>>

GET /simgad/6253827461219388746 HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Thu, 22 May 2014 12:51:08 GMT

Date: Mon, 02 Jun 2014 06:28:42 GMT

Expires: Tue, 02 Jun 2015 06:28:42 GMT

Cache-Control: public, max-age=31536000

Access-Control-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 31224

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
......Exif..II*.................Ducky.......P......hXXp://ns.adobe.com
/xap/1.0/.<?xpacket begin="..." id="W5M0MpCehiHzreSzNTczkc9d"?> 
<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c01
1 66.145661, 2012/02/06-14:56:27        "> <rdf:RDF xmlns:rdf="h
ttp://VVV.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rd
f:about="" xmlns:xmpRights="hXXp://ns.adobe.com/xap/1.0/rights/" xmlns
:xmpMM="hXXp://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="hXXp://ns.adobe.
com/xap/1.0/sType/ResourceRef#" xmlns:xmp="hXXp://ns.adobe.com/xap/1.0
/" xmpRights:Marked="False" xmpMM:OriginalDocumentID="xmp.did:F92FB113
1E2068118C148986F5689C08" xmpMM:DocumentID="xmp.did:304BB6EED91C11E3BC
DDD312383FBDD3" xmpMM:InstanceID="xmp.iid:304BB6EDD91C11E3BCDDD312383F
BDD3" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)"> <xmpMM:
DerivedFrom stRef:instanceID="xmp.iid:39C4BF2017206811808387219DA5F3ED
" stRef:documentID="xmp.did:F92FB1131E2068118C148986F5689C08"/> <
;/rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket
 end="r"?>....Adobe.d..............................................
......................................................................
.............................Z........................................
........................................................!1A..Qa".q.2#.
.B...Rbr.3u6...Cs..$T...V.....Sc..4t.._7.....f.8....................
...!1.AQa..q.".....2....RrBb..3S........#4..C5.c$............?........
."(..,.~/#.|F.A~{..........U....q....Jh..x o....?...L.X=KC....H@..
<<< skipped >>>

GET /pagead/images/abg/icon.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 6766994032117382215

Date: Sun, 01 Jun 2014 22:01:57 GMT

Expires: Mon, 02 Jun 2014 22:01:57 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 344

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 30406

Alternate-Protocol: 80:quic
.PNG........IHDR.............;..J....gAMA......a.....IDAT([email protected]..
......,l..;.....A....hPDD...`r..A....M..-.......UI...O.%.QB.[D......;.
nA....:..^S..].....].B0..mH]..I..f.F./.4H... .g...*....C...Q..T..]..B.
..8..0.....#....(...N.80\.t../.SA...i..O.N~2.B.t.....6..#.6.(.......w.
.... ....`..3.Q......md.A._.O.mC.L........}O"...........IEND.B`.>....


GET /pagead/images/google-logo.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 13513653691308934734

Date: Sun, 01 Jun 2014 11:43:30 GMT

Expires: Mon, 02 Jun 2014 11:43:30 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 4114

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 67513

Alternate-Protocol: 80:quic
.PNG........IHDR...j...$......t......IDATh..[.\SG.......Q ...*`D.r..E.
C.'...D..x"...Q.z..(...R.bD.r..T....e..6.Z/ /.w....~;.......Zw..g>$
/.f.w}.........cI.'.....58...X..}Yq....t..Z.....<(5....u..F......./
..g...........O.oHqL.a.E.6c..,......Z..M.U..>........".SE.I..H..n..
.)...w..O`...r...5..".H..u.$.:.P........\.8.L.Q..._....._..."fk..`?...
........~|J [email protected],.?.0. RX.Q;SS%.....s....n. ..{.'p.....< 
.z"..g`xr..Qw..5s.~s[...........4.... .Z{....(b_u..._..9o.b..M.li!bya.
.-.p.L..m 7..j1..o.y..g6.J.......B7\Fs..zM..}B.H(...j.4-.<i......Bc
n/....z..........x5C...@$......A..Xt...f`Z[.....g.......{`t.e...5_....
=.D....J..{X*7.PG;.m.`..K..KW......$.x...- .?\[.....}.....#.{..p......
\.E..g(!.I.wD........%.... x.~.-.Zj..\...r.%V.~.5......?q.. f...0[..o.
[email protected].......%o.0...2kyc.Z.u..#.H[..j.t...c.....<C...N..........
..G....xh*.%|~....... [email protected].>.....W.......`GG.*X.1..d.#..
...'[email protected];..q.NY.r.5....r..=.=f..@...')6H..&..
..##.o:..@{A3-.;.#.......F..e......u.|.k.F.2.....V# ..Q....C.@.....'..
.....x....I.^o......p..g.W.>.......C.ps......XU....._b.........f.p.
?Tk3l.4^...../.6q..l...VZ..<8...[...Q...,.f-..8r.7#..<7n_E<7.
O.a..0...=Q*!B.."...s.......SJLI... ..v...X.^'b.E..........Q......PZ..
..s..&....M...ve....7...5.,...x.^.F$....T...e.........%.....Q.........
.j.%N."...sX.....=....0......7.Q....fK.[O..?....~..!..........V.......
.LI.......2.P.... I.n..ymw_.. ..Q..zM.q...B%l.;..u..y..ta.L7..^h.e..{K
%x...r}....#.A.l.'.`...xP..d..},.(.\]..B[M....p...&.....).L...i"..
<<< skipped >>>

GET /pagead/images/x_button_blue2.png HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

P3P: policyref="hXXp://VVV.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"

Content-Type: image/png

ETag: 291775052866240956

Date: Sun, 01 Jun 2014 21:58:27 GMT

Expires: Mon, 02 Jun 2014 21:58:27 GMT

X-Content-Type-Options: nosniff

Server: cafe

Content-Length: 145

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=86400

Age: 30617

Alternate-Protocol: 80:quic
.PNG........IHDR.............b..x...XIDAT(.c.....3g.G........#.*."@q..
..9#..E.4...#[email protected][email protected].%..ap.%.V.2}\.......IEN
D.B`.HTTP/1.1 200 OK..P3P: policyref="hXXp://VVV.googleadservices.com/
pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"..Con
tent-Type: image/png..ETag: 291775052866240956..Date: Sun, 01 Jun 2014
 21:58:27 GMT..Expires: Mon, 02 Jun 2014 21:58:27 GMT..X-Content-Type-
Options: nosniff..Server: cafe..Content-Length: 145..X-XSS-Protection:
 1; mode=block..Cache-Control: public, max-age=86400..Age: 30617..Alte
rnate-Protocol: 80:quic...PNG........IHDR.............b..x...XIDAT(.c.
....3g.G........#.*."@q....9#..E.4...#[email protected]..@..
H.%..ap.%.V.2}\.......IEND.B`.....


GET /simgad/1255108524618159298 HTTP/1.1

Accept: */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=1823505541&adk=1148484070&w=728&lmt=1401690526&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690526939&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&prev_fmts=728x90,234x60&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=797&ish=382&ifk=1815552000&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=3&dtd=47

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: pagead2.googlesyndication.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/jpeg

Last-Modified: Wed, 28 May 2014 13:41:32 GMT

Date: Wed, 28 May 2014 23:47:44 GMT

Expires: Thu, 28 May 2015 23:47:44 GMT

Access-Control-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 47732

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 369661

Alternate-Protocol: 80:quic
.....fExif..II*...........................x...........................
................................................(...........1.........
..2...........i...........,..............'.......'..Adobe Photoshop CS
5.1 Windows.2014:05:27 15:06:17.............0220.........K............
......................Z...............................z...............
(.......................................H.......H.............Adobe_CM
......Adobe.d.........................................................
......................................................................
......................."................?.............................
.............................................3......!.1.AQa."q.2.....B
#$.R.b34r..C.%.S...cs5....&D.TdE..t6..U.e.....u..F'...............Vfv.
.......7GWgw........................5.....!1..AQaq"..2.....B#.R..3$b.r
..CS.cs4.%......&5..D.T..dEU6te......u..F...............Vfv........'7G
Wgw.................?....P....c..P...CA&'._.c..~...v6wYu..K.Ux.<..&
lt;.YX...3n..Y......Y^?.k........2m.SS6a..e4.,..YVR.....[l.g..Z..)...'
..>....k..EH.....7..bX...my.eO...;..\..G..<R1.K.............N3..
.O...Y..X.....,z.=..o..h.......A.n....'......._[....n.8.j...4.T.~.....
.A..l......'.bd.f`..p2E%.:.)...G..[=....G.Mv....~..-..?.?6...}.......m
..um.{v.....{.....?.EJ..q..cB.<.....g.1...2....do.s?.NnORu..2...,..
r...\.q..n...E.......[.0..u...................-.W8{ .........u....u...
H......f..m..{j.t.m....~.Y......Tl.......|....K.....{......w..^..E]?..
.2..%...U.]Q.#...q.r.]....C^}2.^5u..u.~..z..l.}..]}.....v5..b..[..
<<< skipped >>>

GET /nr-411.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: js-agent.newrelic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

x-amz-id-2: 6CeMIe04eHDxYl3UIzhPH6N4C4xCWtKapRrJ2b0qJUFkcKTFXHK0lHXHhy/AummG

x-amz-request-id: EA9C911887CF8508

Cache-Control: public, max-age=315360000

Expires: Thu, 31 Dec 2037 23:55:55 GMT

Last-Modified: Thu, 01 May 2014 23:15:58 GMT

ETag: "9050946217be03f42647b3f708ef10d3"

Content-Type: application/javascript

Server: AmazonS3

Content-Length: 14831

Accept-Ranges: bytes

Date: Mon, 02 Jun 2014 06:28:27 GMT

Via: 1.1 varnish

Age: 1406641

Connection: keep-alive

X-Served-By: cache-d64-DAL

X-Cache: HIT

X-Cache-Hits: 228114

X-Timer: S1401690507.845181704,VS0,VE0

Vary: Accept-Encoding
!function(n,e,t){function r(t,i){if(!e[t]){if(!n[t]){var u="function"=
=typeof __nr_require&&__nr_require;if(!i&&u)return u(t,!0);if(o)return
 o(t,!0);throw new Error("Cannot find module '" t "'")}var a=e[t]={exp
orts:{}};n[t][0].call(a.exports,function(e){var o=n[t][1][e];return r(
o?o:e)},a,a.exports)}return e[t].exports}for(var o="function"==typeof 
__nr_require&&__nr_require,i=0;i<t.length;i  )r(t[i]);return r}({1:
[function(n,e){e.exports=function(n,e){return"addEventListener"in wind
ow?addEventListener(n,e,!1):"attachEvent"in window?attachEvent("on" n,
e):void 0}},{}],2:[function(n,e){function t(n,e,t,o){l[n]||(l[n]={});v
ar i=l[n][e];return i||(l[n][e]=i={params:t||{}}),i.metrics=r(o,i.metr
ics),i}function r(n,e){return e||(e={count:0}),e.count =1,f(n,function
(n,t){e[n]=o(t,e[n])}),e}function o(n,e){return e?(e&&!e.c&&(e={t:e.t,
min:e.t,max:e.t,sos:e.t*e.t,c:1}),e.c =1,e.t =n,e.sos =n*n,n>e.max&
&(e.max=n),n<e.min&&(e.min=n),e):{t:n}}function i(n,e){return e?l[n
]&&l[n][e]:l[n]}function u(n){for(var e,t={},r="",o=0;o<n.length;o 
 )r=n[o],t[r]=a(l[r]),t[r].length&&(e=!0),delete l[r];return e?t:null}
function a(n){return"object"!=typeof n?[]:f(n,function(n,e){return e})
}function c(n,e){"undefined"==typeof e&&(e=(new Date).getTime()),d[n]=
e}function s(n,e,r){var o=d[e],i=d[r];"undefined"!=typeof o&&"undefine
d"!=typeof i&&t("measures",n,{value:i-o})}var f=n(1),l={},d={};e.expor
ts={store:t,take:u,get:i,mark:c,measure:s}},{1:20}],3:[function(n,e){f
unction t(n){return c[n]}function r(n){return null===n||void 0===n
<<< skipped >>>

GET /ajax/libs/jquery/1.7.1/jquery.min.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ajax.googleapis.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/javascript; charset=UTF-8

Last-Modified: Mon, 02 Apr 2012 18:24:28 GMT

Date: Wed, 28 May 2014 11:27:19 GMT

Expires: Thu, 28 May 2015 11:27:19 GMT

Access-Control-Allow-Origin: *

Timing-Allow-Origin: *

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 33186

X-XSS-Protection: 1; mode=block

Cache-Control: public, max-age=31536000

Age: 414051

Alternate-Protocol: 80:quic
.............~.F....?......!J......7.......Y...h....w.T*.".Y.Y...|.D..
 (g..;.....b=q.8......?.....w.....>.......g{s.....2...........e. WK
?VI.h....~.<n...fy6.....e.z...8.{.U......(.. .e.8....V...}.[..|../.
......j-.~'...Q.....%Q.KV...Ec....q.{...x........*..^...^Vn........&_.
..~.....o.Z..~..^....{?.S..&.w.W.|A...r......t.../V.,.Dt.Pf...&yYLv.U.
.....r.Q}.^']...*W.:H.........~_=.r..s.^..T..=l.]..)Vj.......^.ys...x.
..C_.h..&............`.^b<.^:_m1'Y....c.....e..1Oo....q...q.x......
o...........?..q:..;.>.whu.....=.... . P..i...I..E.!..f.&v(.......m
...r...w~.SW.......6p>...........,.........Lsj...L7..j.......y..'.F
..h44..SY.V.......i.mw...4Yi.H{'.._..].9?...}..Jn................5Q%m.
y.,v.5U.(.^..\-.R...?^m."...7e..vy...b...L..%....]..f...l5>...nw.rY
x..|8..V.......0F..|4....<.q....d.(~...h....p.......q1.......y..ZF.
p1..;.^..W.Y...(.....<x.F...iI.t..n..p.-......w.p:..I.\.:x\...H..T.
j...../i..h....3....Y..w.......5...:..n.....U...]B..`.ZQ..nE}.....L..`
..A..W....C.\'......e^./.j\[...6.v."..u...-..K.3Tb....24>,..hD.R..&
lt;.F..q5C..vR.iO)Z.(..&T..v.Z#.. [email protected]..
.=Q...RZ ..SIt.}.....J.me.....Yq`..5......5.....28L..~.-L.=...b)M'..Gd
.....1..,.:H...f.....h..T. Q...~.|%#%....y....7....L......"QU.y0H...&l
t;.s....n....I'Z............A........K...k..2...P._..1Z...B..4~.&..h.o
{.y..q.......Z..R...l......&.....>....P.......&.;W.3...L......@$...
,....Q..U1..hC1.$ .;ByWj.M..... B=1....s_....:HP...&.7.&..>7.(=....
.P.b8...Q..Nw,...E........t;.4..`..._ F.P.......t....hm..w...Q....
<<< skipped >>>

GET /v6exp3/6.gif HTTP/1.1

Accept: */*

Referer: hXXp://p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com/v6exp3/iframe.html

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-240564-i1-v6exp3-ds.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: image/gif

Last-Modified: Tue, 14 Aug 2012 10:47:46 GMT

Date: Mon, 02 Jun 2014 06:28:57 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-

GET /v6exp3/redir.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Wed, 09 Jan 2013 10:49:06 GMT

Date: Mon, 02 Jun 2014 06:28:44 GMT

Expires: Mon, 02 Jun 2014 06:28:44 GMT

Cache-Control: public, max-age=0

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 175

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
..........M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[..
..M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|
.x..yY7^..a........,h\..wUI17.?."?....B.....HTTP/1.1 200 OK..Vary: Acc
ept-Encoding..Content-Encoding: gzip..Content-Type: text/html..Last-Mo
dified: Wed, 09 Jan 2013 10:49:06 GMT..Date: Mon, 02 Jun 2014 06:28:44
 GMT..Expires: Mon, 02 Jun 2014 06:28:44 GMT..Cache-Control: public, m
ax-age=0..X-Content-Type-Options: nosniff..Server: sffe..Content-Lengt
h: 175..X-XSS-Protection: 1; mode=block..Alternate-Protocol: 80:quic..
..........M.... ....O..:X..]..Dctp<.5b. .6...P..?w..KN.v...v...9[..
..M.2d.."g!...K.k|.fT<b...p.}G.....z>(.FpX~5.Dj.,....)...&..)."|
.x..yY7^..a........,h\..wUI17.?."?....B.........


GET /v6exp3/iframe.html HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-5320542445719254&format=728x90&output=html&h=90&slotname=5254649948&adk=1649480091&w=728&lmt=1401690523&ea=0&flash=11.6.602.168&url=http://forcar.org.ua/&dt=1401690522595&bpp=1&shv=r20140527&cbv=r20140417&saldr=aa&correlator=1401690523626&frm=6&ga_vid=997431296.1401690524&ga_sid=1401690524&ga_hid=566522996&ga_fc=0&u_tz=180&u_his=0&u_java=1&u_h=846&u_w=1276&u_ah=818&u_aw=1276&u_cd=32&u_nplug=0&u_nmime=0&dff=tahoma&dfs=12&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=813&ish=382&ifk=1833785067&eid=317150304,42631041&oid=3&top=http://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=&rx=0&eae=4&jp=1&osd=1&vis=0&ppjl=d&fu=0&ifi=1&dtd=1078

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: p4-afbqojzkbfeto-skn646ixusmbjvtu-if-v6exp3-v4.metric.gstatic.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Vary: Accept-Encoding

Content-Encoding: gzip

Content-Type: text/html

Last-Modified: Fri, 07 Jun 2013 05:23:08 GMT

Date: Mon, 02 Jun 2014 06:28:44 GMT

Expires: Mon, 02 Jun 2014 06:28:44 GMT

Cache-Control: public, max-age=0

X-Content-Type-Options: nosniff

Server: sffe

Content-Length: 1262

X-XSS-Protection: 1; mode=block

Alternate-Protocol: 80:quic
...........VKo.8...W..6.k...4.Xf.b.C....^..QP$.H..DIn.........=H.p.!g.
..j...__...q..4....Aq...u..W3;.V......0T...=.........o.]..9A..........
..X...O8.D..Y....."(.Bk..<..3.S....O..^z._..xn...`sW....,.. .S.iQW.
....O.)'u.,=4.!.y>...!|.|..>.q..K.I.h....e..r....[*]...w$.....Q\
[email protected]...~.d....Z]..p.z....w.Y..$`F.........
..Jy..9.c..<Kr.....].Pe.........3..*`.> P....=....w...gx.sG=3z..
......;..rrB.>.X2t.`.....U..zvK.80k...G...8..I.....\674U.... .5."O.
....duFHV.....to....%...{[email protected]...[_$T.f..82..
4....SN.k. .`;.j....S...*...J.f..-..<L.Qr..&.9.D.`0/[email protected].
< r...s.F.&.7(..c....B.....b..kH.se..X0..}....L.$...@-H2Pw..;.~.kR.
/..}.{.BP.E..0.JE.....cH....S;[email protected]....... ....=......-...&g
t;C..E.D..\...4M....2......c.9.UVx...^..T...Pq.}..0......8..D w...38[B
->.8.......Ra...j.[Z=L'9[...y.p....x#.bO. .L.d.d.r1...Y..5,.G...{Su
.^..!..,X"..........A.p.A .H?1~..\....*.....k..T.....T..oW.....S.ge...
g*a.d{.=u.-.uGRP =...Z.6B..k...H..?;x......4;...[E..].jq...z..........
i..}S.Ny.x.;..$....n.=.......l..m}r.>.8lc.....Q^.......O.s..R......
...:..?.....&...:..$...K. @.b.z..>.4xz..{...Z.......%.......7.*c...
.j.R.6 .g...u.R.Q.K...k.(.......>P6nsH..kh...6.....k...TBV?...6...[
...vv..... =...|.a._....j.{%....?.G.9k.....
<<< skipped >>>

GET /clientscript/yui/yahoo-dom-event/yahoo-dom-event.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:57 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
2cb1.............}{s.I....)p.....H.=/p..xH......V..%..@...............
..F..]...GVVVfV>.w~..4.._L..W)..I....=H}.^...R..(.*N.)~.L-.e....sh4
.R..(.-.q.n6....u....SGR...z.........t~.-r..mn..v..&;.yn.}...h...g....
....~..ir...o..e.K....C.F......^.......B..x,<ran6.....Q.^..F t.K.b8
\\..D..2.....4(..A.p9_..p.Pz_.M.....P.K...C9,.Jg...t.....)TB.....~y.{.
....|.......u/..>.R....gg...^....Ux|\D...,U)<.d...........`_..}.
...U.h~u.-.@.~:.O.2../..K..c4]F....?0..j.]M..ha. ...,...x..k.f>..FK
..UmP<.<....Z.e~p.\.M.cz.b..T'8..9U-8.3W..N.S.a."(....E<.&.!.
.Ix`K........./U.....'..t.\..^(.E...X.*.....0..V*w\.tk.........2......
=..j.d.g.La...).e...m...d...F;gP.B)a. ..'C......7..2.l.......(...ur7Ln
.R.0....m.!.^E.....-..k.....b2...I..E~.. .:.~.\.W.E....x.....(.......N
&... .4.P.I..^......F..N..v..D..'.?w....\.....P'.t.8..m.....2.N....o..
[email protected].....<8.4.
[email protected].?....6.;.6..:w.8 ..:}&...Sy.5...3.m&l
t;i.1.G.O..R....|.k'.....&S..........Zl&.GB..CWz.........DUYN........p
.....s.........$.Q.....XD...B.Q..........X.pv..........].nP...j.]-&.  
..pz.5/..`..zY\,..y.E.,. ,.s.e..."Z.ZNe..PZ.....o..P.H..`......p.._UR.
/....R...mt.?j.a.V...m-..aq\.f...g\.K.....*.>.y....h..._N......sM..
qLe2...bG..G.,e......?jd...;.U*.Tu.=.[!p7.M..G...."M..2._.}I..rX&..h.0
,[email protected]_.i.Q5.P..$...-.... ..i>.e.A-8`:|U..v.yX]/
..R..[..X@Bc'S....,|......(5....f9\A.zC........h.-S.E...F..1.R..4.. ..
hY...}..:.....S....:.. ......w..#V*.n0'.g......P.,..f5VF...r.cJ.W.
<<< skipped >>>

GET /clientscript/yui/connection/connection-min.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:32 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:32 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
fd2.............ZYs.F.~....@.!.Qr..%..xJ.....S\.."F"...........9......
.....\........~.xI..Y.0.Vc....n.....}c.M.Fw>o......%.,p0(`.y8eQ...2
.X..f...2h.....Y.-:...{d.x.....u"...,.]9....w.,I.8.4...8.w?....{|q.,.p
...(b..[.<.....E...Agb...$N....vvz|uui....|.......h4.........x.Y...
...;..2.f.......yv...L..d...u=..X.l~...>.<==......2..h...nc:...e
......F1.....?....{.%...:.......g...3...1.C......#l....!.:.Eh....b...j
......h9..7|...|.{.....Y........0........w~i. .....3o t..|...=.(..?_.E
p....0.X...y...P.Z.w.v....l..-...j....%.a.S../..g.Y.G?it....,....5{..%
.N...........%}?e..yF.-...l.&{Y.fS.....5..n.N85...-..y....q...6...exF.
...^2.].-7a.2..t.....%..-....O2..N.......,~.]......b.s....P.....S....#
.1.............7....:..o..9:'....`..L.}!..n.,.m.......E..E.k .yCt_.wh"
.O4...'..~.H......H....X..y`...Y0Iqt...^.m..K..1.^)Z.Ze.0uJ..YF.,..=..
.Q.aQ/aP....M..!M...a....*.j....u.5..%........Q>r.)..k}W.f.......{.
....|i.Ea......,.*Z>...f..n.f.<U...P1.4a~.p...?.F.N.....]7K^V]..
...L..z.).p.kg..h.....3s`.`.M......A........j.`.Kta...7..ss..w]..-...Z
.o. ..0.....4RC:-L...0....r.~....xb........../(*....u.{...w..o..a*....
..`.uk.Z...".S=F..../.T:iMbv....).......C.`..L.....mq..<s.l...0....
...nrj.!{.s.. ..*....(K.....5ch..!.H7..@.*......B.$L...4....".2....?..
.m.~.hx...O.."....=..Q.<.....>_........g...c4..%........\.......
.B.....ju..J.m.;"..W.:c..q_......$...I..{!.p....,p........!.w..G..<
.7......,}/(*.....#...v~...q...a\.M".<[aL.....M.{..w...]-b.T.~.rv.=
.{.v. . 2...'2*;....qM(..*6UM/$;`..zdT8....9.... ^....H..,.....ah.
<<< skipped >>>

GET /clientscript/vbulletin_menu.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:36 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:36 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
b3e.............Z{S.....>......W..RI.t[.1...Q.=.v.JHc[..F%.......L.
..4.%/[K... ......nq...,??|.f...}..k......*.).../...#.|[email protected]....
...p..~...'.s6..$.4K.(..u.C.r.....s...4..0.I]/...E1....J..n...0.y...8.
-.......Yy4O.Y....R?...U.~./../.&..7...z...:..L...g...................
.............(.IN.._.%.gR...2..o....0...Mx....4Y]-.=...Yq...V.VI.#...y
.X.J.s?.c.u{..4j..&^.i.;G..rh.....qNq..2w...G.$..r.._w{.B1.$..m.`;..g|
.R..s...... u.{..$...c6.w.....5...\E $.-..zC.....LiV.t:p.cu......y...k
.....;?.F.{...[{...>eK{NA. p. .A...;.tjk..M..s.uG..^.@;Z..,p.._.N/.
...q...v<..E..G3..Z...9..Z. ...U.X....X.e...=.......Rs.fk nlA....I 
.4....;3l.V.Mn.M..n....<8K....H...q....~".G}.lE....#.Z0.k.R.c..H]..
.g,.D....5a...S...y,.3.WA?....o.n;O...o....M.xb!.=.U.....a.J..r.f.qO..
.R|K..Q.,<v.;.8.j.....b..&..[J.s4=9.R:.1.. o6...w9./.....~Mp..X.[.[
..5.e.e7.(y.\.]...T.,W...!I.>....,.r>^Dq.....'m.....q....kHc..l.
.~........v.<....t..[.A...#.....N......AF..k...0p0bAP......Pr.-.Z..
$..^..)...-B.a.0r.......y.c....~...^Z..P.m.>R.h.n.99...o..0A!....*.
ZCF.VY.2'e..1...y.kY"..S..D.....r....H.%K.......H.. ".NLM. .g.....l..k
#.(1o.9].. .}.......El..2r..``...9..G.....9.j.................,..,q...
......q;a)...i.....C..4z`..@&..........T.*.pB....M.U.....~..5..a...U..
..(9...;..;.E.*......0.~N..rS..y'.z"<$..G...Z....`.?N..&s.89.....U@
...Wt8...).........3...v.....b?.U|....R....z.t.NG.G7wH. vD....1N.$.t.e
k..D.?...)H..-.o.RX.=..@`.%Z....,....n.d.8G.~...b..."6.\%.D....i......
.p.|tUbA....Hg$...U..%8.....f......!:Xh.01.Dt.RB.\...G..4..W.^...D
<<< skipped >>>

GET /cb/cb/logo.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:38 GMT

Content-Type: image/gif

Content-Length: 11690

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:38 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a,.z....e~.o..f..b}.I\.h..s..\v.K^.H[.m..M`.G[.d..e..GZ}Uh.w.....
...`q.Ob.|..FY|..._x._y....iy.......ev.Vl.Yq.j........{..GY}FY}m.....d
|.j........u........q.................Y........Qd......6...Na.........
.g~...oP.._....2..T.....Ye....3........K...Ey.hy...f.....Fv..Oq....Qdy
e....... ..v8Ok..E...........\r~.bz.ny.FTjn....?..A.....{<g.fw.}.y^
v.Dh.^p.cu....Zk...YL_.m..Zl.Re.J].c~.GZ~b}.M`.b|.!.......,....,.z....
.{................................................}...................
...........................................................lu... @t...
[email protected]..)*...#...=v....C.%S*AI..K%.`[email protected][email protected]
..\.....P.J.8s...H........`....U...h..].....p...e'.A...........C..%...
.... ^lXAc... .Lyr....k.......C...t.V..S..i:k.../W.].r...s...{....a.'.
....[..^..,r..5.PR`.a...3>.........O.......1...g......B...Y.....9..
..(....g...tg..... w.>.a...h!w..'...v(.Z......tS.._.... ....0.(c...
[email protected]..#...X#.<.X..D.i..1.....,...R(F..smqx..6....\v...`v.%.H.9#...e
..l...[.)...a.i..x....G...|...Vkm...i zX...4.h..>....Fj...f......i.
9.)#.m..&............. .....(G"................k)..RZ,..*...<.Z...V
 ....Z......... ......`.....~.i..]r*....k...:.........v4....L...'....q
{.V.Y.!.\.{....g.1...y&..s4.......(....*. ....X...[`A.7.L...#;i.I.....
............t...:1....).7_...\w...`....8.\..8..3.Hn..G#....L....F.=..R
..$.c.,o.b.n...'.8.eG.u....../....t....%.LV.S.(.....v.6..z..t.z....{..
.>.....8..VM...Z..^$s.9..$....7.....j..D.a.......W;.....^;...._...w
.....~6....{....}..[O..*..........<U..z....(...%.}....'HA../|..
<<< skipped >>>

GET /cb/misc/navbits_start.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: image/gif

Content-Length: 1004

Last-Modified: Tue, 27 May 2014 21:33:48 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a...................~.....}................................k.....
k..bx................u.....Xi.w..y........z..............r...........b
y....o...........x........l.....fx.`q...................z..v.....~....
......................{...........v..v.....l.................y........
......v...........m.....}..q..t.....}.....g}.......~........Wh....@M.`
q.............l........fw....z.................t.....o..x...........^s
......................bx.............Vc...............................
......................................................................
......................................................................
......................................................................
......................................................................
...........!.......,[email protected]... u....`...x8.... .E...(....%<
;..9$...$j.,.....9R..)..Q..D.h..&..?.,....G #......... ....%...W].)...
..'...1....2.LB....Di*1...B..Z2..c.....^......I..Ph.....Y.lhScF..4..p.
......M.D... 7.Hp.H.......;....


GET /cb/buttons/collapse_tcat.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 594

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....
1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>
Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}.............
.f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.
w..5O.Ig.......}..q..Ba.4My...........................................
...........................................................!.....`.,..
......@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..
`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...M
T%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....


GET /cb/cb/thead.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 204

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a......._z.C\.D].F_.Kc.[w.Oh.C[.c..Mf.^y.G`.Ng.Yv.Ha.a}.E^.e..Pi.
`{.b..]x.Le.BZ.Ib.b~.AY.d..............!.......,..........I`$.[i.H.R,.
..#.S].8..{...`.A$J.G.R.h6.P.e:%X..l.......X.)..ht`.>...x\C..C.;ont>....


GET /cb/buttons/lastpost.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 964

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a..........PY.MY....PX....JP{...............QY.............Va.fj.
...~.....}........{..Xb.......z.....ny.is................~..|.....x..x
........IQxY[u...`q.........................|.......................FN
v.........NV....{.....:Bq......}..dh.............>F..........N[}...
.........w................................PY.Xd................z.....i
|._h............................|..w..kr.r............................
......................................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............!.......,[email protected]..@<.8`....-.^t.P......(1..
....Bl8`[email protected]'.....\.sD..A.....C.....P@"...8n....g...N L.....7.@..
....,OF.abe...cn..se..3dt..#"N..)4P.i....;@.I.".."...` .M@.;...
.


GET /cb/statusicon/subforum_old.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 541

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.....t.......mx.mz....,A......................u.................
..................v........^l.........................................
...........q..............Wg.......|..................................
......................................................................
.................................y....................................
...............................................!.....t.,[email protected].
T._[p. tt.6eE`V]>iSLB7@XQhr..*kW'J...bNPl1O<G=5A&,oq#/..\;...9..
^n(gs2%.....Z.!U.R j.Fa..8m).0fCc?.K....4HI.:.D$"-d.3M..;....


GET /cb/buttons/collapse_thead.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 594

Last-Modified: Tue, 27 May 2014 21:33:44 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.....`.......3Jr............Ij....2Iq=X................r..~.....
1J.u...I.2M...._|.&<m...Nn.... 7j"<wr..Fb..........@\.Hg.h..>
Z.3Hz/Iz.........Qr.=U....1Iw8S.:S.5MvHa.(>h8P.Db....}.............
.f..Ii.|........ 3]...B^.a...........;T.6Nw_~.f..)?n F.a..8Q|c..Rq.Zz.
w..5O.Ig.......}..q..Ba.4My...........................................
...........................................................!.....`.,..
......@...`..^.....&-?7_..'...^`..H.F._ .S8..^.#.(.6U!GA..:<XZI/=..
`^.@>...Q.14.`."W...]^_............_......B*9[_.PRY..^.D.L..$\,...M
T%JK..Q0......H8p... O".x.`..'5RT.0...q^..`...8l...;....


GET /cb/statusicon/forum_new.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 934

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.......d..............k........p..Tt.`{..........~........B^.8d.
f..Ng....j.....z.....w..............Rm....;_.{.....r.....b|.<g._{..
........b..^z.Aj.[x.^z.a|.[w._z.b~.b}.Gn.}..6_.?_.e.....`|............
.Fn...................Oh.o.....`w.............Bk.n.....}..............
...c}.............c..h..p..l.....m..|..Kq.r........a|....v..a}....s..D
l....Fn.c~.d~.[w....\x.]y...................1_.2_.!.......,...........
.;{......;|pu......b|| 2/.../......2.. t.t2........|mv.......mw......u
.h0330.....-....3.....<..Y)CB%@.BCj...<...T1..il).F.E...F.F..|..
[email protected].*."%....*y......$:..8aA....x.3.L.* D..Isf.....a.r..-}.T.
q....O.80zC...?xV..C...A.j..u...)5P.....'*.p.....%K..R.P)I...4.....V&.
.F.cb/.Jcr(.0...,?~..J..c%.L(.q......le`....(.l..:..J_p....I..... .{D.
&..X...M%.....Z....6...........H.....~$p....x?...G........@..<.....
...{%/..._....^|..7.z..G....g....._..mG`..N8`...aC.$.8..%....,.8E%=.!.
.4.h..|..E.<[email protected]&.......;..

GET /1/92a411bc23?a=4058140,2334836&ap=19&fe=2000&dc=2000&v=411.b2946c1&to=YlNSbUYAV0IFBhdaWVsZZUtdTghcBRcIVkIbRlhJ&f=[] HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/1market.php?p=ZwCiII64NEjmEY3xNkjDkZ25LMCTJMu3IYjmoZy5OgTDgO51NUDGkMsyIImTZZs1YYXDNMo5IEjWoZw3LMCjJMtlbB2jJIp6bIGCUdiiOwjiAIsxIImi1OviYMm2lcsiZwVi9IvtcNyjII66IIki5YvjIJny0ei=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: beacon-3.newrelic.com

Connection: Keep-Alive

HTTP/1.1 204 No Content

Content-Type: image/gif

Set-Cookie: JSESSIONID=9603aa4a7a720f8;Path=/

Expires: Thu, 01 Jan 1970 00:00:00 GMT
HTTP/1.1 204 No Content..Content-Type: image/gif..Set-Cookie: JSESSION
ID=9603aa4a7a720f8;Path=/..Expires: Thu, 01 Jan 1970 00:00:00 GMT..

GET / HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Connection: Keep-Alive

Host: forcar.org.ua

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:29 GMT

Content-Type: text/html; charset=windows-1251

Content-Length: 11484

Connection: keep-alive

X-Powered-By: PHP/5.2.17

Cache-Control: private

Pragma: private

X-UA-Compatible: IE=7

Content-Encoding: gzip

Set-Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; path=/; HttpOnly

Set-Cookie: bblastvisit=1401690509; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/

Set-Cookie: bblastactivity=0; expires=Tue, 02-Jun-2015 06:28:29 GMT; path=/
...........}.s.....\......RL.....jts...QYrf3.)V.h.-.h..A...?.....U..Q.
J..[.3S3/[.R.........)...s......&.E..A.........r.s.G.~~../o]g%.Rf.>
.....,4...m.j$r..5._~v...,...;.V...0.Z9...a..J.S.F".....D...#w>....
bt..8......bh.....'....v.O?.L&#n...a.Be....V][email protected].....
.-.MM.k....rNmJ.u.X..nY.bE...Yu....U.)~g.E..q.~..t.w.Tl`..4.....2..[z.
Bc........x....t_..~...T..BI.l..-....lO..)9..|..ZE.....ni...t.`.J.\...
...tX..%..vO_Y6.....k;...jk.e..3..Nwwk....4..nc....E..;k....$.6V;;..i.
y....j....>.Co.....K4.y.n..{Oh>..|.^mu.be.C/.v.2jD..w.d.....uU..
.#^..|...c.h.#x1....^...;..7...x.......\.}..vV..].uGP.E..`.($...Q..`F1
.Z......@.......~.zV....y.Y6q..kUv.\....}.81 .....,...... .R3-.....P.l
.H.|G.....M......$......h.....e..b...c.^......B{^.d...A..#.....i).H.4-
./.w.qQ.......&..1.*.<t.nDV..iN.........=|W.a...I..s.'.c.z.(9.}....
a.A..)....f...o.....?....c!;.L.2..-..3.3....LR L'b.h!.*N...a...W?...._
....\...].........k7>..y..U.V.G*.]PW...E...e}^...G.....U.|(..d.(.F$
".......b..k.a....{.V.j......|T.....j....T.V .....e..A'.........i.p]c.
A.......,.}@....R....Z.....H...t. Z5l...".j.u1.......AM.]...;pp.#.!...
^&.......#...J.Y..;4j..A.<.......e...r.L....z.\..E......vM .....X..
..u...c.....OE..c.....cR.e.&..1.. .-.....}.8...!..2.......(..<.....
~./.........0B..#`...h....w..9...........C.. XCZ7z...{.iz.NOX.*.3_....
..|...jA.N$R..1....i.Bu.T......".F....h.WD#0.Q.'7I.AQ. .g|..p0..ZN..!9
r.Jr!H.ZY[..Uh.}*_6..f..dg....YA..L.v_.Z..mJ N......j..T*.....d25...S.
..v....pe:..$....#&LJ~|:..)...na....-..._...v..?..........%(.K../.
<<< skipped >>>

GET /clientscript/vbulletin_important.css?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: text/css

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
251.............T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{
..3.o...o8:.d...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4.
..k..Y..)a..5L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oW
W.....gp}3..i....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>
;cN.,iUC....S.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%
I!.K.Z...C.......,......qX....~..6....9..WI... H.E....4.A.p.x.X....!..
.C....d.A.MY...&.9....D.....m..........'..Oi%.}.......1..b........8...
..*..E.....3..z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;
..Ep0=..{..|.........G..`. ...G......`.....0..HTTP/1.1 200 OK..Server:
 nginx/1.2.1..Date: Mon, 02 Jun 2014 06:28:30 GMT..Content-Type: text/
css..Last-Modified: Tue, 27 May 2014 21:33:55 GMT..Transfer-Encoding: 
chunked..Connection: keep-alive..Expires: Tue, 03 Jun 2014 06:28:30 GM
T..Cache-Control: max-age=86400..Content-Encoding: gzip..251..........
...T.N.@.=...Qz.j;PU.F..5...)I.%.Z..x....^.A..._v.&4..P.{..3.o...o8:.d
...f.o.X..tT.:k.DK.....a...s1...\W......G.....'......XY4...k..Y..)a..5
L.F.B.n......D(.=(m!A0.Qm.%....F[hFh.5-....e....;.^....oWW.....gp}3..i
....b.}2._...Uam..a...*y:. .%l.o.PR.......M5P[.C.[.y..>cN.,iUC....S
.....)... .Y..`\.O.G.."A..icjm".0...]2P.....V.o.u;.n.p.!%I!.K.Z...C...
....,......qX....~..6....9..WI... H.E....4.A.p.x.X....!...C....d.A.MY.
..&.9....D.....m..........'..Oi%.}.......1..b........8.....*..E.....3.
.z.S.Gg.2....q!,...'.....6....ou.......c..!....A....n...;..Ep0=..{..|.
........G..`. ...G......`.....0......
<<< skipped >>>

GET /clientscript/vbulletin_css/style-b09cab93-00002.css HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:30 GMT

Content-Type: text/css

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:30 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
5bd.............X.R.8.]..P..f(....1........-.V.X.[I.).}.../[email protected].
G.${.^....Oi%w...y.......,....c...Hd.Br_*.....B..V.(B2 ...0RR.D.....-.
a... ......G.....;.....0...*!....7.....3.a.].......}.L.yuEhHc%.......Z
?cX.&^.....%M..C.f..~...s|q.......W$.8.hu..*..HV ...g......!..%j..F...
_.J.S..-....5.U.?..5......S6ME./.x...<.%K..Du$o...E$s... .4m....[&g
t;..{6......E.q.?..n...3Xh.....~..Zw..V...O......<...V..l.B...B;z..
[email protected]..}<b..F.v.......N..j..1.1...Q.... 6}....)..u.j.F...p
.^-|.W.~.^i..........G.._s....7...ia.._.(.L.[...&.......=.....z.......
.J.dp(Q...6.A. w.......8.%..v.v`.-..I-~s][mB.$t ......N)Y...Xu.<P..
.............]oi...;...t...jG.k......jf.4.L.D..........;&...!.....L~..
=S...}\/:...s...*..._m..w...#R...C{.>.eY.T....5.l..4....bk4.......8
.y..O......1.........l{v...M......<T.DE....e)E.x.U._h.v..~.mx....A.
.x.>..O..R.'...C.^.>..O@-P)K.Nzd.....}.hAM..8.....t.#....}...m.G
%{#...!....~..w;..B..C.\2.C...8..{.>..BF.g!....5.^.:.....P.?.P.?...
.Y.c6}}I..!.z....DV."......*.........."\.S;.....H.g.....r...H.y..V..fb
 .B^.....B.._.-.b.........R.W...%......".{.e.V..\........,X<.b'....
e.n.R.>k...X.H'.o...O...`-.9....Ug..Q.............W.y8.47...kk7..m6
.%\..@m......[..u....4;...3.}....K.B....6IcoQ......8U"x......2.$p.mH..
[email protected].:..*h....A.[......[...;!#....>&.&......x..U
....!p..t..r.J.jG&x..j..C4."b....sw.......i....I.a5.R.F.D7..&.=...'.."
t.Y.6.aC..nKx........Bb.........|.W.} ..7....{....M...E..X...:... ..B.
S.....[.)....:o..\..:]..l..........`...a.....0......
<<< skipped >>>

GET /clientscript/vbulletin_global.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:34 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:34 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
22ac.............]kw....._A#1...%..R.u..l......GTx .........Q?....3...
..d...E.......<3.....K..f......_._m.fR...j>..(.=o.....;... .....
m.............O....,..k.8..e.eaV{.O.5.>.}..Y.C...u.....U....yX[...8
.k.a-..Q....*..5t..*A.$.e.,...I...e..m..r.j..~y.fx..]..I.........v....
_.........|......i__..lO.Em]..jw.M.8..W.b^....u.W-...E....(.&7.Q.a`..'
.[.2J....qg...........0...y2sZ....3./.|..i..0M...A....XD?...b./.4Y-..0
..k.-B.!.L.ULU.4...e...).Q....$u....;.....<.g..A...;q.....s.r.O.(..
....=.8....~....o<7.]..e.-.5<.Y...2...s.8]............9}...;....
.....]_,.. ....I.z....4.n.FW..$z..4...3.....$..X%y8.......Y....,..k..0
..r.l......s..........<].....w...~.X.yt1....Qx.L.|L.........2X...)f
?Y.^.;..~.....N...h.. m...'o..0.c...b3Y.i..nQ.K<....u...x..t....].!
~....64.,....,...&........... ....\....,m.^...S......b..H.....EU.E...h
..>...N......T....[PD.(...cG.k..e.==.Q...T.a..2{^...<..r,..gV...
.O4V....t5.1./....1..9..........$.....8..[.}....?T.2N...|.VY.,..7..hZ.
B..{.kY.:...c.......<|[L.".Tv....-....x.J3.J1.G.U.!.u.[.qp.#7..1.yB
2.}......i...X...s..m..F.l....!.u.....h...Z..iH.........$....[....p..;
..}.w.}.q...(4N..x[^nvFT*..k..;4...o.....i..5Zt......`......{.?.....8}
..X....]E.X..h...d.h.P.{{-.#>...[=.&9.....{..f.q.....`..9.7....Q...
U...0.\.....I..A.&.....=...<.....S=.[....7.D0.o...3.|.0..v.fy.\W...
..C^.J..2W......&i...y.fzFw...i0{...>[email protected]....&.4..#]^u.P...5
..]tN......6...i2..q(g...^..B..!N....v...|.N{y.....'.... m......Rb<
.v.'....*...8.}l.&$..<.X....v<[-.a..x.:.1.).q.&...[.A.<..
<<< skipped >>>

GET /cb/cb/headarka.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:38 GMT

Content-Type: image/gif

Content-Length: 1753

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:38 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a?.z....Od.a|.]v.]w.FY|Tk.b}.\u.[t.Qg.Ma.^x.Mb.H[.GZ}K_.Ul.Wn.Rh.
Wo.`z.I\.J^.Xp.I].Yq.Si.H\.`z.L`.Uk.Zr.\v.Pe.^w.GY}Yq.Vn.Sj.c~.Pf.b|.N
c.Vm.b|.Oe.Qf.J].[t.Xp.Ri.J^.K_.Zs.Yr.K`.Tj.\u.G[.FY}^x.Vm._x.La.`{.Zr
.[s.I].L`.Nc.Nb.Um.Rh.Pf.Nd.Pe.H[._y.b}.a{.GZ~c~......................
......................................................................
...............................................!.......,....?.z.....Q.
.................'..........N..................................)......
....,[email protected] ....*\..
....#J.Hq!...3j...... C..Irc..(S.\.....0c..I....7}[email protected].*]
.....P.J.J....X.j... U.`...K....h..X.....p....K....x............L.....
..X......#K..9....3k....g..B..M.....S.^......b..M.....s.......0...N...
............K.N]z....k..........O.......G.........O..|................
.h...&....6.....H...Vh...f........ .(..$.h"......,....0.(..4.hc......&
lt;....@.)..D.id..$....L6...PF)..TVie.%d...\v...`....d.i..h....l....p.
)..t.i..u....|......*(...j...&....6....F*i..Tj...f....v.i...*....j....
.....J*...*....j....j......... ...j`...&....6....F ....`...f....v.-.H.
 ....k....{......... ....k.....o........,....l...'....7....G,...K.....
g....w....'!..$.l..(..2.K....0.,..4.<s.8....<[email protected]'...
I....PG-..TWm..Xg...R ...`.-..d.m6.*....l....p..v.t.m..x....|.m.......
..n...3....7....G....Wn... ....w..........n...............;.D.n.......
...{.../....o...'....7O...G/...Wo...[....w...../.....o....O........./.
...`..........?......H......L......:../...'H..Z......1...z.. ...GH
<<< skipped >>>

GET /cb/cb/nav.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: image/gif

Content-Length: 325

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a..#.............................................................
......................................................................
.................................................................!....
...,......#[email protected].).'H.b.L8..h.B.F...V..v.`pc<....t..f_...\>...
x.`......................[Z...... ..............A.;....


GET /clientscript/vbulletin_md5.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:40 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:55 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:40 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
86a.............X.w....W..L..LF.%Y....|...m...#'.C..h.H.df'.......xaz.
......{..,....&.....8a.W\.h.<.K....v.X~IL..ev...g.|.t....[.W/......
Q..w;[email protected].._....<.nm. ;P.NH.......
=Nu.~..s.q..E0..........pa:.....C../.=.nj.w....t....*..r.'<..2..aq.
,i...B.......Bdqg.....|....f.;....y3.......y.T/9 .....N.a.<......yp
......2o.. .Z.0..8.~{XF...GQ.*."h.&VZ*...2..Q ...E.f.3ex....(;.y..^...
8.R......M..x.%[email protected]........!.%?........Mx..!h<.......Y.-k
<&...(a/m.".8)...{I...`-..d..f. (.....4..A.~E.....\p.:.C...o..a!b..
..t.>.B.B...o.=<...e(..*....f.!..7...Ct....X....~#R.....D.w.!.j8
. .....Q..s5h..."........H.8..p1..~`.J...LF&.U.Z...%d.).FF....H*P.H.R.
........@yRj/6.....B...5B..,.h.....#l..HG.J`3\j..5E.J.S.~C........ .d.
..X#..m<. 8.B...&...A.T...h..B.NC...-.o..58E....i.U...)j?....z..} B
..B. ..a/2..4...]........."ab...8.MS:%..h..........2-..[..CT....1...5\
...Z..T....5i.9...!B..GnU......H3.s.f..04.u.L..4.k5`..B&.7\..>..uM.
Ku..".pnj.!#...8.Ze0i..N....4....:.$.QU..T.VB..K..!l.n.|.W..2fn.A`.o4.
.Tx7.Y..6b...z%.....j.H*. .K..u.$....'tLq%\.....U....8..Z#.-H... ..#..
....X4.....tSH.....Li..1M..P.Go!h-4 W\.C....*..d...:8Z..9....)....j...
*.P....j....6'.Bh...............c..,..`.......]..._o6..b1..tm...0.>
..A..Y..}.,7 ...tu..?z......8pW)....8.....'........^v4..z......[,.y...
.<....y?...P.....d........h.~|......Pl(.n.8.....^....^.......~..!. 
..........Ao....2.............*...c..J.it...qt..0#L.z..;=...nG..f..V\4
......9.........b....t....i..)...6.6{./..)........^.A..A.y..9.X...
<<< skipped >>>

GET /cb/statusicon/forum_old.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 361

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a................................................................
.......................................!.......,........... '.di."..l.
./[email protected].,....t:-R...v.-....x<.N...z..f...|>w...w
Q......E............E.......E............E.......E.......E.......E....
...E.......E.......E.......E.......E.......E.......E0..-..........[..C
....*\...B..8...;....


GET /cb/cb/cat.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:41 GMT

Content-Type: image/gif

Content-Length: 123

Last-Modified: Tue, 27 May 2014 21:33:45 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:41 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.......................................................!.......,
..........(.H#......'J.4d....2H...1.Ca.A.8|....p....;....


GET /images/icons/icon1.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 1032

Last-Modified: Tue, 27 May 2014 21:34:03 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a...............................|....................kop}........
...........................255...VX]........................'))..."%%.
.................HLM.....................efm......8:<..............
.uyz............??D.................. ,/......ABG............oqx......
...Z__.......................................BCG...............?AB....
................................489............................... "..
.............* .......................................................
......................................................................
......................................................................
......................................................................
......................................................................
..............!.......,............ .:d.J.!.FH...L..o.....L...1bxX....
i.8i.'....8.H.....k 1j.q.G;....C"..@,..0...".@>[email protected]`
...... [email protected]..'e.P.................%.....4.t
. ...F..y4. ...-/$d.....(.c.......G.<..'.T#A6..s..#&.....;..
..


GET /images/icons/icon4.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 1019

Last-Modified: Tue, 27 May 2014 21:34:04 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.........4..5..5..4..3|\...5..5}\...4..:..8..'..8..4..:..*.|$.}#
Z[d..7gX...8...........5..6..8..6jny..7_[a........7?5...7.j?^`k..7..:.
.8`]].p<.q;.u7..1NQX........6..9..$..$VA.........>..)\S@~\.llv..
7..%~^[email protected]?bag..5or....1*......5..5..8}]...7.. ..7..6..9..:..8vc;..8
.t"..9..&..6..6..-........6..6...qq}..:...VK.2,.ZL...-.|D..8..........
p:..8..:.....8.....9z\...B....f }gBtbF...LB3..8|\...7..4YUV..(...cU4..
2YX^.r!........7......................................................
......................................................................
......................................................................
......................................................................
......................................................................
.................!.......,.................M.2..*L."........ ......P..
F...}\.!...;.@......,YL`$....=k8,.q....#..I... ..A..r E.3..P.1!!....(@
"D....Z...d...cH...$..#0...q`..9\.A. @....V`...../e*.. `../....0 .."."
.0. ..B7..xA......$......|..h...m.....Rg....;....


GET /clientscript/vbulletin_read_marker.js?v=381 HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: application/x-javascript

Last-Modified: Tue, 27 May 2014 21:33:56 GMT

Transfer-Encoding: chunked

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Content-Encoding: gzip
4e6.............V.r.8.........Dv.?..L..w.n...N?&.2..Q...D\o..... .m..k
g.....G...s.~........-....t{....W.).4Go.o.M...?..X..X1.t.H..~.....w..I
..%.....SA.:..Fn.....hH......P.......,...I4!........$B..,a`.8.t....A.Q
.p..^...}..NN...St<B..1.0...h.a........J.,....l..'u.q.2t...j.4$. 8.
Y..z..^...........$.>...p.&f..|!.Y..../8....ck..e......wV.S&YNf ..t
....T...U.h,.q....\..~r.5b0].F.....F...6...?.. 8..}....5..............
...b..C.WI.4.?...a....'...0b..R8..c....7..C"..^M.<.(..p......%'...s
.mI3.Jy....8(S...%[....[...ht<8=....A..S9........;........O[....u.6
....G...C..N .`%<U}.....C.P...].h...t`...D../..0{..Q0..o.O.......S.
.N....pJ..L.n.Ua.9..{.c...%4.p.".%HK...*.(..o..<....~}>...~.F...
..67Z`Ic._..N...v..'2q...LxU...'.-]..v..<..T..B.S../..hD.....u.9.f.
.......:.,.....7VY.*..<l.v.PUZh.F)=(...]..S.T..{..F...........7.qGo
*y..,.y.q]..0.R..by.3..G?.....3wTQ..........W..*.7.....h6`.....>.h.
a..$...n....&..L..~..u...Q#7...\~%....9.Y..O.s.........z.k..!1...c.2./
..i..e...m...L.......80T..W..r"K..^c...Tu.......J5{, .I')Q...r Z.....S
....J.V3...p7#73.Gl.S..<........7..MM..4..Z..:.8...j(...FD.t.}u.P..
.W........k.5O.*.B..&z.TZV"...0.6h6}9}y.......Z.... ....}.6...h_...{&g
t;...:...y..wg......_..7..M..n...n..MVW.c...~..}..\O...p}.X....6.....S
.l...Qu...)R..G.T..<L......@.?.B.....0......
<<< skipped >>>

GET /cb/misc/whos_online.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 839

Last-Modified: Tue, 27 May 2014 21:33:49 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.......E^.\z.Rq.Qp.Zy.Ts.Xw.Vu.E^.On.F_................Om.]{....
.................................Pn....Nl.......Qp.E_.AY....Ga.AY....f
..F`....F`.Wv.:Oyy..Xw.Ga.......m.....?V................y.....Tr....Ts
.Fa....F`.8Mv...\y.............Vt.Zw................m........r........
{.....9Nx......^{.F`.Xv.Ut.=T.Zw.[y.B[....?V....AX.......Yx.?V....=S.^
|.D\.C\.D].`~.b........BZ.AY.c..d..C[.BZ.......!.......,............".
......"~.{........z........u.....`^..u.t...t.Vk51...p....*T!Zc...p....
.M*;!6Gd..........F9=.al.......AK...Q?.......#:...4#.............gT.0.
a'..#F......8.@...... AB..A.I,. .\.).../A..r.&.. `.....O...T.@....?.vB
..iS.i.L......X;.......]8.......h;.Y.... ..xt."...9.....w...j6.8..p.Nr
. ^.....&..YLYN'>.3kV .A..f.h...2..q`d@.!....;..M.....n0!....>..
..!fK..oJ.........K..).....k........<.p.............v...O..........
.......;....


GET /cb/misc/stats.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 899

Last-Modified: Tue, 27 May 2014 21:33:48 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a.......Ts.BZ.......s........9Nwl..D\.Je.Lh.......C\.Pn....Jf.Rq.
......E^[email protected]`.Po.\z.<S~Ts.AY.Fa.?V.W
v.BY.@W.\z.Vu.Zy.On.Qp.Xw.F_.E^.D]....Yx.Yw.Om..........n..|.....`|...
.Zx.......Mj.......m..Li.Vt.......Sr.Kg.Nl.Qp.Rp.Sq.C]....w........Ga.
......Zw....[x....Gb.......Vt..........Je.i..Hc.Hc....Pm.\y.Lh.d..AZ..
..C[.>T.;Qz^|.......AY.c..`~.b..d..BZ.C[.BZ.......!.......,........
....:.......:~.z........w........y.......x.......s...s.66A,...,...)L.=
=T\[email protected])...1..1.`.flG .%@i?-...-..L.Vag.< DW!U.$....
...%6.P....18.(@R@C...;I......H.HxpD@.."... .#.N0b.| ....0p...$....p..
...Q.N...`....H.f.SD....dh......2.`..F.V/..,...S..o...ip....LL$x.....p
.v.A.../](4ig...2....P.p'..3......=4B4i..B...3wJ....8#.lYr.../[email protected]'
...;X...............;..N}...$N4YP...8..W...z..r..'..<.N}...O.~}....
..i.....(....a...&.... .....Q..uTh...fx..5..C.t.(..$.8b.>....,.... 
...;....


GET /cb/statusicon/forum_new_lock.gif HTTP/1.1

Accept: */*

Referer: hXXp://forcar.org.ua/

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: forcar.org.ua

Connection: Keep-Alive

Cookie: bbsessionhash=481947a98e9f7262674ac63140c45d62; bblastvisit=1401690509; bblastactivity=0

HTTP/1.1 200 OK

Server: nginx/1.2.1

Date: Mon, 02 Jun 2014 06:28:43 GMT

Content-Type: image/gif

Content-Length: 881

Last-Modified: Tue, 27 May 2014 21:33:51 GMT

Connection: keep-alive

Expires: Tue, 03 Jun 2014 06:28:43 GMT

Cache-Control: max-age=86400

Accept-Ranges: bytes
GIF89a..........Ib.?U.>T.:OyAX.AX.=S.F_.E^.E^.D].Qp.On.C\.Zy.Rq.Vu.
Xw....Ts............................C[....8Mu............=S}F^.Lc.?U.L
f.......D\....Wv.\q.]r....Mh.Ok.......C\....>S~.........bv.|.......
....On....:Nw...r..Qp.............:Pz<QzKb....Qo.......Pg.Vk.ey....
@V....Jd.m...........l.....Mk.Ol....AY.D^....y..?V.8Ms[p.Fa.......Li.M
j.E`.Vu.Qm.C[.D\.......AY.c..^|.`~.b..d..\z.BZ.BZ.......!.......,.....
.......~.......-.......-~.z........v........y.......x.......w.......{.
.........3.r.r2..2.r.p.......'.... )) ..a&......o.ZP..DT0B..5EX..JQ.H.
..."F....F..@..!8......,......:<v.......K1X.....d.l.I3..._Z.,.....A
.....hQ/9N....g).P.B.`@...X.X.#5j..`..uPF...fy,......p..6......I...[j.
....p.@.....{.....4f,.T.@...$./T9..q)..C{.a....&^.0m.....K..=.....qg!.
dK..?.x..G6q>...(Qb...%..`......K....... ... ...!.A,1..{...........
......T....(........6...1.....F(!.1....$.....v.!.$..G .;..

GET /ga.js HTTP/1.1

Accept: */*

Referer: hXXp://adf.ly/VUcWb

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Mon, 02 Jun 2014 01:20:56 GMT

Expires: Mon, 02 Jun 2014 13:20:56 GMT

Last-Modified: Thu, 08 May 2014 18:54:47 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 15790

Age: 18448

Cache-Control: public, max-age=43200

Alternate-Protocol: 80:quic
...........}kw.:[email protected].,.iH.....$...3#......s.z7.
.<..e4....x2.Y/.....>^.<.C.D......j...0c!...qo.....A*....L&..
x.K..w.*8..%.<..|..)d.X.......&..*... .Q...(.....8..q..\.!...a..0..
.$.tX..N&..a?!..zB:l.8c9.p.....;l..x.$c.]AP\..>..B...&..:pz.H......
..g...Ap..!.5..K......V;l.H.....V.a.....s.$p......39...a.a.P'9.b.;H>
;N.$..A..... ..^..{h.h...2l_..N...w9..d.@.`._.N..7..|....%.d.%......%.
{[email protected]..:....F.{..c.nzP*..a..LzP.sl...V..y.U8*&.......}[email protected]..
.Ty. u.Y...!..R.h.V..h./>3...*.P..(..:A.}..v.C ..M..Vk.......\..d..
..he.q..u.u..yE./J.Re..|:u..L...B..E..Tn/v \.<...8..MU.g.....{.`..}
.;n.....x................4...kG..[q....0r7.....l.n?..@|.%W.g....V..../
.a......P`....t W.VNq.#.......}.WL....,X.a....{..*..!<W.......e.{.$
.e......[......S....(.).K..........>....X5o{i&.X..A.F.T"h.....KB...
^]..f..z3.jyYcy......@..#Y*.z.Jl.#w...S...^..a..A..F....q.!...6~...1..
..P.......`..= .M.(.^[email protected].".v.........L...R.....[...fx....o..
.K...s..!..........oa.F..V......)..ym...;......a..r..N. ....Y.5o.u|..K
...}l[i.....N.-%...4.I..(..'.....PR..gnAx...A.D.....w..5W..m. .....Zno
........d<hpf...s.e#..v...p..g...[.G.k.2.c.6.....5..Lcc.fUm/.P!....
!U.c.......d78!7.......V>&."..Q$.....&.sS..Kq....].UySz=..3..$.".;.
.".'.Kar\[...t\....;...h._.O..b...2....{[email protected])2!..xD7...T..Di.w.R
C`.m.8.\....J....h..u{{.....p..)..O3.W.........k...y.`^ ....&1..f"..D.
W.}.;D:d.F....p#... ......d...T..iU7n.;-hh..T..^P....U.....>...T..m
....fC....>..>d..Q..!....X1......7L...[.........;.w...[L.LB.
<<< skipped >>>

The Trojan connects to the servers at the folowing location(s):

.text

`.rdata

@.data

.rsrc

udPh

PSSSSSSh

PSSSSSSh!

vSSSh

FTPjK

FtPj;

C.PjRV

tGHt.Ht&

.EKSWU

FTPG

FTPj

FtPS

=KNILw.tT=RCNEw

_0 _8 _4;_,

SHA1 block transform for x86, CRYPTOGAMS by 

SHA256 block transform for x86, CRYPTOGAMS by 

DlSHA512 block transform for x86, CRYPTOGAMS by 

Montgomery Multiplication for x86, CRYPTOGAMS by 

6-9'6-9'

$6.:$6.:

*?#1*?#1

>8$4,8$4,

AES for x86, CRYPTOGAMS by 

Camellia for x86 by 

RC4 for x86, CRYPTOGAMS by 

FRegDeleteKeyExW

MARGIN-BOTTOM: 11px; BORDER-STYLE: solid; BORDER-COLOR: #DFDFE5; BORDER-WIDTH: 2px; BACKGROUND-COLOR: #DFDFE5; }H2 { COLOR: black; BACKGROUND-COLOR: #FFFFF; FONT-SIZE: 12pt; FONT-WEIGHT: normal; MARGIN-BOTTOM: 0px; MARGIN-TOP: 10px;}

[email protected]

Date: %d %s %d %d:%d:%d

EHLO %s

,qop=%s

,response=%s

,digest-uri="%s"

,cnonce="%s"

,nc=%s

,nonce="%s"

,realm="%s"

charset=utf-8,username="%s"

smtp/

AUTH PLAIN %s

^%s^%s

AUTH LOGIN

LOGIN

--%s--

RCPT TO:<%s>

MAIL FROM:<%s>

Please contact the application's support team for more information.

- Attempt to initialize the CRT more than once.

- CRT not initialized

- floating point support not loaded

operator

GetProcessWindowStation

USER32.DLL

portuguese-brazilian

ADVAPI32.DLL

kernel32.dll

UxTheme.dll

OLEACC.dll

passed a null parameter

DSO support routines

x509 certificate routines

error:lX:%s:%s:%s

ssl_sess_cert

ssl_cert

evp_pkey

x509_pkey

%s(%d): OpenSSL internal error, assertion failed: %s

lhash part of OpenSSL 1.0.0d 8 Feb 2011

Stack part of OpenSSL 1.0.0d 8 Feb 2011

supportedAlgorithms

crossCertificatePair

certificateRevocationList

cACertificate

userCertificate

userPassword

supportedApplicationContext

Microsoft Local Key set

LocalKeySet

id-Gost28147-89-None-KeyMeshing

id-Gost28147-89-CryptoPro-KeyMeshing

password based MAC

id-PasswordBasedMAC

X509v3 Certificate Issuer

certificateIssuer

certicom-arc

Proxy Certificate Information

proxyCertInfo

Microsoft Smartcardlogin

msSmartcardLogin

joint-iso-itu-t

JOINT-ISO-ITU-T

set-rootKeyThumb

setAttr-Cert

setCext-cCertRequired

setCext-certType

setct-CertResTBE

setct-CertReqTBEX

setct-CertReqTBE

setct-AcqCardCodeMsgTBE

setct-CertInqReqTBS

setct-CertResData

setct-CertReqTBS

setct-CertReqData

setct-PCertResTBS

setct-PCertReqData

setct-AcqCardCodeMsg

certificate extensions

set-certExt

set-msgExt

id-ecPublicKey

id-cmc-confirmCertAcceptance

id-cmc-getCert

id-regInfo-certReq

id-regCtrl-protocolEncrKey

id-regCtrl-oldCertID

id-it-revPassphrase

id-it-keyPairParamRep

id-it-keyPairParamReq

id-it-unsupportedOIDs

id-it-caKeyUpdateInfo

id-it-encKeyPairTypes

id-it-signKeyPairTypes

id-it-caProtEncCert

id-mod-attribute-cert

id-mod-qualified-cert-93

id-mod-qualified-cert-88

id-smime-aa-ets-certCRLTimestamp

id-smime-aa-ets-certValues

id-smime-aa-ets-CertificateRefs

id-smime-aa-ets-otherSigCert

id-smime-aa-smimeEncryptCerts

id-smime-aa-signingCertificate

id-smime-aa-encrypKeyPref

id-smime-aa-msgSigDigest

id-smime-ct-publishCert

id-smime-mod-msg-v3

sdsiCertificate

x509Certificate

localKeyID

certBag

pkcs8ShroudedKeyBag

keyBag

pbeWithSHA1And2-KeyTripleDES-CBC

pbeWithSHA1And3-KeyTripleDES-CBC

TLS Web Client Authentication

TLS Web Server Authentication

X509v3 Extended Key Usage

extendedKeyUsage

X509v3 Authority Key Identifier

authorityKeyIdentifier

X509v3 Certificate Policies

certificatePolicies

X509v3 Private Key Usage Period

privateKeyUsagePeriod

X509v3 Key Usage

keyUsage

X509v3 Subject Key Identifier

subjectKeyIdentifier

Netscape Certificate Sequence

nsCertSequence

Netscape CA Policy Url

nsCaPolicyUrl

Netscape Renewal Url

nsRenewalUrl

Netscape CA Revocation Url

nsCaRevocationUrl

Netscape Revocation Url

nsRevocationUrl

Netscape Base Url

nsBaseUrl

Netscape Cert Type

nsCertType

Netscape Certificate Extension

nsCertExt

extendedCertificateAttributes

challengePassword

dhKeyAgreement

Big Number part of OpenSSL 1.0.0d 8 Feb 2011

ASN.1 part of OpenSSL 1.0.0d 8 Feb 2011

keylen <= sizeof key

EVP_CIPHER_key_length(cipher) <= (int)sizeof(md_tmp)

len>=0 && len<=(int)sizeof(ctx->key)

j <= (int)sizeof(ctx->key)

keylength

keyfunc

EVP part of OpenSSL 1.0.0d 8 Feb 2011

.\crypto\pkcs12\p12_key.c

SHA1 part of OpenSSL 1.0.0d 8 Feb 2011

SHA-256 part of OpenSSL 1.0.0d 8 Feb 2011

SHA-512 part of OpenSSL 1.0.0d 8 Feb 2011

RSA part of OpenSSL 1.0.0d 8 Feb 2011

RAND part of OpenSSL 1.0.0d 8 Feb 2011

You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html

value.bag

value.safes

value.shkeybag

value.keybag

value.sdsicert

value.x509cert

value.other

cert_info

hexkey

rsa_keygen_pubexp

rsa_keygen_bits

NETAPI32.DLL

KERNEL32.DLL

value.single

value.set

PKCS8_PRIV_KEY_INFO

pkey

pkeyalg

enc_key

key_enc_algor

cert

d.encrypted

d.digest

d.signed_and_enveloped

d.enveloped

d.sign

d.data

d.other

X509_PUBKEY

public_key

.\crypto\asn1\x_pubkey.c

%d.%d.%d.%d/%d.%d.%d.%d

%*s%s:

d.registeredID

d.iPAddress

d.uniformResourceIdentifier

d.ediPartyName

d.directoryName

d.dNSName

d.rfc822Name

d.otherName

name.relativename

name.fullname

certificateHold

Certificate Hold

cessationOfOperation

Cessation Of Operation

keyCompromise

Key Compromise

%*sOnly Attribute Certificates

%*sOnly CA Certificates

%*sOnly User Certificates

AUTHORITY_KEYID

keyid

X509_CERT_PAIR

X509_CERT_AUX

%d.%d.%d.%d

EC part of OpenSSL 1.0.0d 8 Feb 2011

ECDSA part of OpenSSL 1.0.0d 8 Feb 2011

.\crypto\ec\ec_key.c

DSA part of OpenSSL 1.0.0d 8 Feb 2011

Diffie-Hellman part of OpenSSL 1.0.0d 8 Feb 2011

.\crypto\dh\dh_key.c

\X

IP Address:%d.%d.%d.%d

URI:%s

DNS:%s

email:%s

EdiPartyName:

X400Name:

othername:

d.usernotice

d.cpsuri

CERTIFICATEPOLICIES

%*sExplicit Text: %s

%*sNumber%s:

%*sOrganization: %s

%*sCPS: %s

ddddddZ

ddddddZ

pubkey

priv_key

pub_key

EC_PRIVATEKEY

publicKey

privateKey

value.implicitlyCA

value.parameters

value.named_curve

p.char_two

p.prime

p.ppBasis

p.tpBasis

p.onBasis

p.other

.\crypto\evp\evp_pkey.c

ECDH part of OpenSSL 1.0.0d 8 Feb 2011

%'%1%=%C%K%O%s%

.%.-.3.7.9.?.W.[.o.y.

C%C'C3C7C9COCWCiC

%s: (%d bit)

Public-Key

Private-Key

recommended-private-length: %d bits

public-key:

private-key:

PKCS#3 DH Public-Key

PKCS#3 DH Private-Key

Public-Key: (%d bit)

Private-Key: (%d bit)

X.509 part of OpenSSL 1.0.0d 8 Feb 2011

OPENSSL_ALLOW_PROXY_CERTS

x%s

%s - d:d:d%.*s %d%s

'() ,-./:=?

CONF part of OpenSSL 1.0.0d 8 Feb 2011

%*sPolicy Text: %s

%*scrlUrl: