Overview

URLhttp://uqyporkaeminet.ru/videos.htm
IP81.177.6.72
ASNAS8342 OJSC RTComm.RU
Location Russian Federation
Report completed2012-11-08 01:55:00 CET
StatusLoading report..
urlQuery Alerts Detected SutraTDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-08 01:54:25 81.177.6.72 urlQuery Client3ET RBN Known Russian Business Network IP (362)
2012-11-08 01:54:25 81.177.6.72 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-08 01:54:25 urlQuery Client 85.17.94.1512ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-08 01:54:25 urlQuery Client 85.17.94.1512ET CURRENT_EVENTS TDS Sutra - request in.cgi
2012-11-08 01:54:25 85.17.94.151 urlQuery Client2ET WEB_CLIENT Obfuscated Javascript // ptth
2012-11-08 01:54:25 85.17.94.151 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-08 01:54:25 85.17.94.151 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - page redirecting to a SutraTDS
2012-11-08 01:54:25 81.177.139.223 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - HTTP header redirecting to a SutraTDS
2012-11-08 01:54:26 85.17.94.151 urlQuery Client2ET CURRENT_EVENTS TDS Sutra - redirect received
2012-11-08 01:54:26 urlQuery Client 85.17.94.1512ET CURRENT_EVENTS TDS Sutra - request in.cgi
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-08 01:54:25 81.177.139.223 urlQuery Client1MALWARE-CNC TDS Sutra - HTTP header redirecting to a SutraTDS
2012-11-08 01:54:26 urlQuery Client 85.17.94.1511MALWARE-CNC TDS Sutra - request in.cgi


Recent reports on same IP/ASN/Domain

Last 6 reports on IP: 81.177.6.72

Date Alerts / IDS URL IP
2013-02-13 07:03:480 / 6http://eublizzard-pandaria.ru/81.177.6.72
2013-02-11 12:36:231 / 12http://uqyporkaeminet.ru/videos.htm81.177.6.72
2013-01-27 14:40:300 / 5http://mnlotok.ru/enter_login.php?session=OWU0NQALBlkPUwACAFkJXFhWUQcCXgFdXFMBDFJaAgt (...)81.177.6.72
2013-01-26 13:59:500 / 5http://mnlotok.ru/enter_login.php?session=OWU0NQALBlkPUwACAFkJXFhWUQcCXgFdXFMBDFJaAgt (...)81.177.6.72
2012-12-25 19:28:280 / 5http://1antivirus.net/avast_free_antivirus_setup.exe81.177.6.72
2012-12-24 16:06:460 / 7http://1antivirus.net/avast_free_antivirus_setup.exe81.177.6.72

Last 6 reports on ASN: AS8342 OJSC RTComm.RU

Date Alerts / IDS URL IP
2013-02-13 10:18:511 / 16http://anastasiya-com.ru/2012/01/04/page/2217.107.34.245
2013-02-13 10:18:431 / 7http://anastasiya-com.ru/2012/01/11/page/3217.107.34.245
2013-02-13 10:18:031 / 9http://anastasiya-com.ru/2012/01/07/page/4217.107.34.245
2013-02-13 10:18:021 / 8http://anastasiya-com.ru/2012/01/07/page/5217.107.34.245
2013-02-13 10:18:011 / 16http://anastasiya-com.ru/2012/01/11/page/4217.107.34.245
2013-02-13 10:17:591 / 8http://anastasiya-com.ru/2012/01/05/page/3217.107.34.245

Last 2 reports on domain: uqyporkaeminet.ru

Date Alerts / IDS URL IP
2013-02-11 12:36:231 / 12http://uqyporkaeminet.ru/videos.htm81.177.6.72
2012-11-07 09:05:281 / 12http://uqyporkaeminet.ru/videos.htm81.177.6.72



JavaScript

Executed Scripts (8)


Executed Evals (0)


Executed Writes (0)



HTTP Transactions (22)


Request Response 
GET /videos.htm HTTP/1.1

Host: uqyporkaeminet.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Thu, 08 Nov 2012 00:54:25 GMT
Connection: close
Server: Jino.ru/mod_pizza
Last-Modified: Thu, 23 Aug 2012 22:54:21 GMT
Etag: "2bbaa29-1ae-4c7f6bd70a140"
Accept-Ranges: bytes
Content-Length: 430
GET /favicon.ico HTTP/1.1

Host: uqyporkaeminet.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: image/vnd.microsoft.icon

Date: Thu, 08 Nov 2012 00:54:25 GMT
Connection: close
Server: Jino.ru/mod_pizza
Last-Modified: Sun, 03 Jun 2012 02:07:52 GMT
Etag: "2bba881-14ce-4c187e285ae00"
Accept-Ranges: bytes
Content-Length: 5326
GET /ts/in.cgi?emxlz HTTP/1.1

Host: 1biztrsss.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://uqyporkaeminet.ru/videos.htm
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Date: Wed, 07 Nov 2012 15:57:15 GMT
Server: Apache/2.2.15 (CentOS)
Connection: close
Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1

Host: 1biztrsss.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 07 Nov 2012 15:57:15 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 287
Connection: close
GET /ts/in.cgi?emxlz&mlslp=0&tocfd=0&qhefd=3029285803&ur=1&HTTP_REFERER=http%3A%2F%2Fuqyporkaeminet%2Eru%2Fvideos%2Ehtm HTTP/1.1

Host: 1biztrsss.ru
GET /ts/in.cgi?emxlz&mlslp=0&tocfd=0&qhefd=3029285803&ur=1&HTTP_REFERER=http%3A%2F%2Fuqyporkaeminet%2Eru%2Fvideos%2Ehtm HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://1biztrsss.ru/ts/in.cgi?emxlz
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Wed, 07 Nov 2012 15:57:15 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: tzuuuemxlz=_10000_; domain=1biztrsss.ru; path=/; expires=Thu, 08-Nov-2012 15:57:15 GMT
TSUSER=emxlz; expires=Sun, 17-Jan-2038 19:14:07 GMT; path=/; domain=1biztrsss.ru
Location: http://x.iporka-porn.ru/
Connection: close
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: x.iporka-porn.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://1biztrsss.ru/ts/in.cgi?emxlz
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Thu, 08 Nov 2012 00:54:25 GMT
Connection: close
Server: Jino.ru/mod_pizza
refresh: 0.5; URL = http://1ah14.ru/tds/in.cgi?7
Content-Length: 1035
GET /jquery-1.5.1.min.js HTTP/1.1

Host: x.iporka-porn.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://x.iporka-porn.ru/
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Thu, 08 Nov 2012 00:54:26 GMT
Connection: close
Server: Jino.ru/mod_pizza
Content-Length: 1734
GET /favicon.ico HTTP/1.1

Host: x.iporka-porn.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Thu, 08 Nov 2012 00:54:26 GMT
Connection: close
Server: Jino.ru/mod_pizza
Content-Length: 1734
GET /tds/in.cgi?7 HTTP/1.1

Host: 1ah14.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=UTF-8

Date: Wed, 07 Nov 2012 15:57:16 GMT
Server: Apache/2.2.15 (CentOS)
Set-Cookie: tzuuu7=_1_; domain=1ah14.ru; path=/; expires=Thu, 08-Nov-2012 15:57:16 GMT
Location: http://dnstds.net/ero33/?xid=cosfQAsJ
Connection: close
Transfer-Encoding: chunked
GET /ero33/?xid=cosfQAsJ HTTP/1.1

Host: dnstds.net

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 302 Found

Content-Type: text/html

Server: nginx/1.2.1
Date: Thu, 08 Nov 2012 00:54:26 GMT
Content-Length: 20
Connection: keep-alive
X-Powered-By: PHP/5.3.3-7+squeeze13
Set-Cookie: hit=1; expires=Thu, 08-Nov-2012 01:54:26 GMT; path=/
Location: http://kilfuja.ru/ero33/?xid=cosfQAsJ
Vary: Accept-Encoding
Content-Encoding: gzip
GET /ero33/?xid=cosfQAsJ HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 301 Moved Permanently

Content-Type: text/html; charset=UTF-8

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:07 GMT
Content-Length: 20
Connection: keep-alive
X-Powered-By: PHP/5.3.3-7+squeeze14
Set-Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; path=/
uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; expires=Thu, 08-Nov-2012 01:24:07 GMT; path=/; domain=kilfuja.ru
PHPSESSID=deleted; expires=Wed, 09-Nov-2011 00:54:06 GMT; path=kilfuja.ru
subprj=160; expires=Thu, 08-Nov-2012 01:24:07 GMT; path=/; domain=kilfuja.ru
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location: http://kilfuja.ru/ero33/?page=21&u=794688524
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
Content-Encoding: gzip
GET /ero33/?page=21&u=794688524 HTTP/1.1

Host: kilfuja.ru
GET /ero33/?page=21&u=794688524 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: text/html; charset=UTF-8

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:07 GMT
Content-Length: 4653
Connection: keep-alive
X-Powered-By: PHP/5.3.3-7+squeeze14
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="IDC DSP COR ADM DEVi TAIi PSA PSD IVAi IVDi CONi HIS OUR IND CNT"
Vary: Accept-Encoding
Content-Encoding: gzip
GET /ero33/css/style.css HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/?page=21&u=794688524
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: text/css

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:07 GMT
Last-Modified: Sun, 21 Oct 2012 21:48:27 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:07 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
GET /ero33/js/script.js HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/?page=21&u=794688524
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Content-Length: 458
Last-Modified: Sun, 21 Oct 2012 21:48:28 GMT
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET /ero33/js/jquery.min.js HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/?page=21&u=794688524
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: application/x-javascript

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Last-Modified: Sun, 21 Oct 2012 21:48:28 GMT
Transfer-Encoding: chunked
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:08 GMT
Cache-Control: max-age=2592000
Content-Encoding: gzip
GET /ero33/images/logo.png HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/?page=21&u=794688524
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Content-Length: 23551
Last-Modified: Sun, 21 Oct 2012 21:48:27 GMT
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET /ero33/images/marker.png HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/css/style.css
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: image/png

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Content-Length: 1237
Last-Modified: Sun, 21 Oct 2012 21:48:27 GMT
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET /ero33/images/mainimg.jpg HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://kilfuja.ru/ero33/?page=21&u=794688524
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Content-Length: 147171
Last-Modified: Sun, 21 Oct 2012 21:48:28 GMT
Connection: keep-alive
Expires: Sat, 08 Dec 2012 00:54:08 GMT
Cache-Control: max-age=2592000
Accept-Ranges: bytes
GET /favicon.ico HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:08 GMT
Content-Length: 182
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: kilfuja.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=lo119jm2db9hpf3d64inp25if0; uid=IQdaOQFT5nBlAihvJoUCXTO9Bp1pVaF9W2JuD%2F4FTlvFRQoxTkXL5794eYk7PIat0tXU7%2BW32bf5oYBOzLaRc5FhMVJ1zbebmbqTfmZCBWfdsQVAmosbxyrtT0R55cVu5WI8HQCvIPkQHlx0cQyCBQ%3D%3D; subprj=160
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Server: nginx_moded_by_kam/1.1.18
Date: Thu, 08 Nov 2012 00:54:09 GMT
Content-Length: 182
Connection: keep-alive
GET /favicon.ico HTTP/1.1

Host: 1biztrsss.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: tzuuuemxlz=_10000_; TSUSER=emxlz
 
HTTP/1.1 404 Not Found

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 07 Nov 2012 15:57:18 GMT
Server: Apache/2.2.15 (CentOS)
Content-Length: 287
Connection: close
GET /favicon.ico HTTP/1.1

Host: x.iporka-porn.ru

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 404 Not Found

Content-Type: text/html

Date: Thu, 08 Nov 2012 00:54:28 GMT
Connection: close
Server: Jino.ru/mod_pizza
Content-Length: 1734