Overview

URLhttp://promobucks004.pro/in.cgi?hankin
IP91.213.126.70
ASNAS56598 KartLand Ltd.
Location Russian Federation
Report completed2012-11-06 22:35:02 CET
StatusLoading report..
urlQuery Alerts Detected a Dynamic DNS URL
Detected SutraTDS URL pattern
Detected a TDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-06 22:34:30 91.213.126.70 urlQuery Client3ET RBN Known Russian Business Network IP (426)
2012-11-06 22:34:30 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:30 95.168.180.12 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-06 22:34:31 urlQuery Client 91.213.126.702ET CURRENT_EVENTS TDS Sutra - request in.cgi
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-06 22:34:31 urlQuery Client 46.105.39.1242http_inspect: NON-RFC DEFINED CHAR


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 91.213.126.70

Date Alerts / IDS URL IP
2012-12-03 17:30:291 / 0http://serversstatusok.pro/tds/in.cgi?1491.213.126.70
2012-11-09 12:49:180 / 0http://promobucks009.pro/in.cgi?hankin91.213.126.70
2012-11-08 20:50:070 / 0http://promobucks009.pro/in.cgi?hankin91.213.126.70
2012-11-08 09:33:500 / 1http://directs130.ru91.213.126.70
2012-11-07 13:27:230 / 0http://promobucks005.pro/in.cgi?hankin91.213.126.70
2012-11-06 10:46:400 / 0http://promobucks003.pro/in.cgi?hankin91.213.126.70

Last 6 reports on ASN: AS56598 KartLand Ltd.

Date Alerts / IDS URL IP
2013-02-12 23:23:360 / 0http://rotatorjps036.ru/in.cgi?wal91.213.126.105
2013-02-12 15:23:490 / 0http://91.213.126.10591.213.126.105
2013-02-11 19:01:141 / 0http://rotatorjps051.ru/flow2.php91.213.126.105
2013-02-04 13:04:510 / 0http://91.213.126.12691.213.126.126
2013-01-25 08:06:510 / 0http://www.valkunalt.net/for/SYMBOL5.exe91.213.126.209
2013-01-24 21:52:350 / 0http://adv.valkunalt.com/for/DINING.JAR91.213.126.209



JavaScript

Executed Scripts (7)


Executed Evals (0)


Executed Writes (1)

#1 JavaScript::Write (size: 81, repeated: 1) 

<script src='http://5.199.169.39/piwik/piwik.js' type='text/javascript'></script>


HTTP Transactions (47)


Request Response 
GET /in.cgi?hankin HTTP/1.1

Host: promobucks004.pro

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:46 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxhankin=_1_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=promobucks004.pro
TSUSER=hankin; expires=Wed, 06-Nov-2013 20:03:46 GMT; path=/; domain=promobucks004.pro
vbpnx11=_2_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=promobucks004.pro
Location: http://promoution214.ru/flow08.php
Connection: close
Transfer-Encoding: chunked
GET /flow08.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 664
Connection: close
GET /flow1.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow2.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow5.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow3.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow4.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow6.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 100
Connection: close
GET /flow7.php HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow08.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:58 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 99
Connection: close
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow1.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:46 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
vbpnx2=_17_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
Location: http://promoution249.ru/redirector.php?uid=5918
Connection: close
Transfer-Encoding: chunked
GET /redirector.php HTTP/1.1

Host: promoution249.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow7.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:59 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Content-Length: 65
Connection: close
GET /redirector.php?uid=5918 HTTP/1.1

Host: promoution249.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow1.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 22:32:59 GMT
Server: Apache/2.2.18 (CentOS)
X-Powered-By: PHP/5.2.17
Location: http://www3.l-u9q501.trickip.net/?rdnlmpetv=ltnX0KqlnqWukpnodp5nVqXm0KvNntKa2KzNYthppFk%3D&amp;bb1a2c=%01%03%05%05%05%02%04%03%05%00
Content-Length: 0
Connection: close
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow2.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:46 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
vbpnx2=_0_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
Location: http://www.google.com
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow2.php
Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=UOjfkeau7k9dzmFvAsFwVqmD4s7g_bdUMaEnGOlKRSTKCit3R_G5xg2kMKTOgRf2IL0DzvimBbfFpj1mIHK6cKNk76wCsEyOlULvzyFq8aklSyHHGXGPdMpqcZCr8LfK
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Location: http://www.google.no/
Cache-Control: private
Set-Cookie: NID=64=Qd-ZqF05DFo-FK9RmgQ4UrhxSmO_H94wv2vmARCw7F03vhZBpjTtA0B0zf3RAtYok6bjvB3WgzoSe5FpnVgq1o67YYQyP27MafoiAd9JpgQNYzl08_p8a6z4S-wAT3s8; expires=Wed, 08-May-2013 21:34:31 GMT; path=/; domain=.google.com; HttpOnly
P3P: CP=&quot;This is not a P3P policy! See http://www.google.com/support/accounts/bin/answer.py?hl=en&amp;answer=151657 for more info.&quot;
Date: Tue, 06 Nov 2012 21:34:31 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow5.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:46 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
vbpnx2=_0_; expires=Wed, 07-Nov-2012 20:03:46 GMT; path=/; domain=directs121.ru
Location: http://www.google.com
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow5.php
Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=Qd-ZqF05DFo-FK9RmgQ4UrhxSmO_H94wv2vmARCw7F03vhZBpjTtA0B0zf3RAtYok6bjvB3WgzoSe5FpnVgq1o67YYQyP27MafoiAd9JpgQNYzl08_p8a6z4S-wAT3s8
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Location: http://www.google.no/
Cache-Control: private
Date: Tue, 06 Nov 2012 21:34:31 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /?rdnlmpetv=ltnX0KqlnqWukpnodp5nVqXm0KvNntKa2KzNYthppFk%3D&bb1a2c=%01%03%05%05%05%02%04%03%05%00 HTTP/1.1

Host: www3.l-u9q501.trickip.net
GET /?rdnlmpetv=ltnX0KqlnqWukpnodp5nVqXm0KvNntKa2KzNYthppFk%3D&amp;bb1a2c=%01%03%05%05%05%02%04%03%05%00 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow1.php
 
HTTP/1.1 302 Moved Temporarily

Content-Type: text/html

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
X-Powered-By: PHP/5.4.6
Location: http://find-and-go.com/?uid=5918&amp;isRedirected=1
GET / HTTP/1.1

Host: www.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow3.php
Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=Qd-ZqF05DFo-FK9RmgQ4UrhxSmO_H94wv2vmARCw7F03vhZBpjTtA0B0zf3RAtYok6bjvB3WgzoSe5FpnVgq1o67YYQyP27MafoiAd9JpgQNYzl08_p8a6z4S-wAT3s8
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Location: http://www.google.no/
Cache-Control: private
Date: Tue, 06 Nov 2012 21:34:31 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow4.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:47 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
vbpnx2=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
Location: http://www.google.com
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow4.php
Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=Qd-ZqF05DFo-FK9RmgQ4UrhxSmO_H94wv2vmARCw7F03vhZBpjTtA0B0zf3RAtYok6bjvB3WgzoSe5FpnVgq1o67YYQyP27MafoiAd9JpgQNYzl08_p8a6z4S-wAT3s8
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Location: http://www.google.no/
Cache-Control: private
Date: Tue, 06 Nov 2012 21:34:31 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /js/common.js HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 694
Last-Modified: Mon, 25 Jun 2012 11:17:45 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow6.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:47 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
vbpnx2=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
Location: http://www.google.com
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.google.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow6.php
Cookie: PREF=ID=18d07d2c5ecbbb08:U=205ee10a10512bfa:FF=0:TM=1350344350:LM=1350344627:S=oVTvNjgbzbFNBNUF; NID=64=Qd-ZqF05DFo-FK9RmgQ4UrhxSmO_H94wv2vmARCw7F03vhZBpjTtA0B0zf3RAtYok6bjvB3WgzoSe5FpnVgq1o67YYQyP27MafoiAd9JpgQNYzl08_p8a6z4S-wAT3s8
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Location: http://www.google.no/
Cache-Control: private
Date: Tue, 06 Nov 2012 21:34:31 GMT
Server: gws
Content-Length: 218
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET /?uid=5918&isRedirected=1 HTTP/1.1

Host: find-and-go.com
GET /?uid=5918&amp;isRedirected=1 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow1.php
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=utf-8

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Content-Encoding: gzip
GET /css/findgo/main.css HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: text/css

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 2009
Last-Modified: Fri, 08 Jun 2012 13:52:18 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/bing.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 3665
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /css/findgo/mainpage.css HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: text/css

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 1377
Last-Modified: Fri, 08 Jun 2012 13:52:18 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/facebook.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 4062
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/google.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 3585
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/youtube.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 3941
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/wiki.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 4575
Last-Modified: Tue, 22 May 2012 12:49:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/amazon.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 5551
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/itunes.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 3026
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/mapquest.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 4427
Last-Modified: Wed, 09 May 2012 08:58:44 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/popular/xxx.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 14660
Last-Modified: Tue, 22 May 2012 12:49:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /js/jquery-1.7.2.min.js HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 94840
Last-Modified: Thu, 19 Apr 2012 11:45:27 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /js/jquery-ui-1.8.18.custom.min.js HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx
Date: Tue, 06 Nov 2012 21:34:31 GMT
Content-Length: 210423
Last-Modified: Thu, 19 Apr 2012 11:45:27 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /images/findgo/logo.png HTTP/1.1

Host: find-and-go.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/css/findgo/mainpage.css
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 91461
Last-Modified: Tue, 22 May 2012 12:49:55 GMT
Connection: keep-alive
Accept-Ranges: bytes
GET /piwik/piwik.js HTTP/1.1

Host: 5.199.169.39

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx/1.2.0
Date: Tue, 06 Nov 2012 21:34:32 GMT
Content-Length: 20000
Last-Modified: Mon, 04 Jun 2012 13:16:01 GMT
Connection: keep-alive
Expires: Thu, 31 Dec 2037 23:55:55 GMT
Cache-Control: max-age=315360000
Accept-Ranges: bytes
GET /piwik/piwik.php?action_name=Find-and-go.com%20Search%20Engine&idsite=6&rec=1&r=628017&h=22&m=34&s=33&url=http%3A%2F%2Ffind-and-go.com%2F%3Fuid%3D5918%26isRedirected%3D1&urlref=http%3A%2F%2Fpromoution214.ru%2Fflow1.php&_id=a68c7eea2b8abe03&_idts=1352237673&_idvc=1&_idn=1&_refts=1352237673&_viewts=1352237673&_ref=http%3A%2F%2Fpromoution214.ru%2Fflow1.php&pdf=1&qt=0&realp=0&wma=1&dir=0&fla=1&java=1&gears=0&ag=0&cookie=1&res=1176x885 HTTP/1.1

Host: 5.199.169.39
GET /piwik/piwik.php?action_name=Find-and-go.com%20Search%20Engine&amp;idsite=6&amp;rec=1&amp;r=628017&amp;h=22&amp;m=34&amp;s=33&amp;url=http%3A%2F%2Ffind-and-go.com%2F%3Fuid%3D5918%26isRedirected%3D1&amp;urlref=http%3A%2F%2Fpromoution214.ru%2Fflow1.php&amp;_id=a68c7eea2b8abe03&amp;_idts=1352237673&amp;_idvc=1&amp;_idn=1&amp;_refts=1352237673&amp;_viewts=1352237673&amp;_ref=http%3A%2F%2Fpromoution214.ru%2Fflow1.php&amp;pdf=1&amp;qt=0&amp;realp=0&amp;wma=1&amp;dir=0&amp;fla=1&amp;java=1&amp;gears=0&amp;ag=0&amp;cookie=1&amp;res=1176x885 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://find-and-go.com/?uid=5918&amp;isRedirected=1
 
HTTP/1.1 200 OK

Content-Type: image/gif

Server: nginx/1.2.0
Date: Tue, 06 Nov 2012 21:34:33 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Access-Control-Allow-Origin: *
GET /favicon.ico HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 06 Nov 2012 22:33:01 GMT
Server: Apache/2.2.18 (CentOS)
Content-Length: 291
Connection: close
GET /favicon.ico HTTP/1.1

Host: promoution214.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Tue, 06 Nov 2012 22:33:01 GMT
Server: Apache/2.2.18 (CentOS)
Content-Length: 291
Connection: close
GET /tds/in.cgi?default HTTP/1.1

Host: directs121.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow3.php
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 20:03:47 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: vbpnxdefault=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
vbpnx2=_0_; expires=Wed, 07-Nov-2012 20:03:47 GMT; path=/; domain=directs121.ru
Location: http://www.google.com
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.google.no

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow5.php
Cookie: PREF=ID=833f642268853dd7:U=b8513c9986712345:FF=0:TM=1350344350:LM=1350344355:S=LPv_BMBUAC2Sq6lO; NID=64=wjqq-34sbw8_xZ_YRV2WYW7fIZaBTx0lz0gBHcLIwqanxYn4oQAq91WrZ2VCsF5Rw54OTpvDvPxDz0V1G-U8l77CmHDtBoxYEO7q4xasLAaD13EdvlmdnYljh62qP_E8
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 21:34:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET / HTTP/1.1

Host: www.google.no

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow6.php
Cookie: PREF=ID=833f642268853dd7:U=b8513c9986712345:FF=0:TM=1350344350:LM=1350344355:S=LPv_BMBUAC2Sq6lO; NID=64=wjqq-34sbw8_xZ_YRV2WYW7fIZaBTx0lz0gBHcLIwqanxYn4oQAq91WrZ2VCsF5Rw54OTpvDvPxDz0V1G-U8l77CmHDtBoxYEO7q4xasLAaD13EdvlmdnYljh62qP_E8
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 21:34:32 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET / HTTP/1.1

Host: www.google.no

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow3.php
Cookie: PREF=ID=833f642268853dd7:U=b8513c9986712345:FF=0:TM=1350344350:LM=1350344355:S=LPv_BMBUAC2Sq6lO; NID=64=wjqq-34sbw8_xZ_YRV2WYW7fIZaBTx0lz0gBHcLIwqanxYn4oQAq91WrZ2VCsF5Rw54OTpvDvPxDz0V1G-U8l77CmHDtBoxYEO7q4xasLAaD13EdvlmdnYljh62qP_E8
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 21:34:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN
GET / HTTP/1.1

Host: www.google.no

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://promoution214.ru/flow4.php
Cookie: PREF=ID=833f642268853dd7:U=b8513c9986712345:FF=0:TM=1350344350:LM=1350344355:S=LPv_BMBUAC2Sq6lO; NID=64=wjqq-34sbw8_xZ_YRV2WYW7fIZaBTx0lz0gBHcLIwqanxYn4oQAq91WrZ2VCsF5Rw54OTpvDvPxDz0V1G-U8l77CmHDtBoxYEO7q4xasLAaD13EdvlmdnYljh62qP_E8
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Tue, 06 Nov 2012 21:34:31 GMT
Expires: -1
Cache-Control: private, max-age=0
Content-Encoding: gzip
Transfer-Encoding: chunked
Server: gws
X-XSS-Protection: 1; mode=block
X-Frame-Options: SAMEORIGIN