Author Topic: Warning: malwaredomainlist2.com  (Read 3419 times)

0 Members and 1 Guest are viewing this topic.

November 10, 2009, 10:44:43 pm
Read 3419 times

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Just a note folks, I've been advised that malwaredomainlist2.com has now also been registered, and not by any of us that run the real malwaredomainlist.com website. There's currently no website actually there, it's parked with sedoparking.com, but we're expecting abuse, and most likely the same form as we saw last time.

Quote
Referred to: whois.above.com
By: whois.internic.net

Registration Service Provided By: ABOVE.COM, INC.
Contact: +613.95897946

Domain Name: MALWAREDOMAINLIST2.COM

Registrant:
Above.com Domain Privacy
8 East concourse
Beaumaris
VIC
3193
AU
hostmaster@above.com
Tel. +61.395897946
Fax.

Creation date: 2009-11-08
Expiration Date: 2010-11-08

Domain servers in listed order:
ns3.above.com
ns4.above.com

Administrative Contact:
Above.com Domain Privacy
8 East concourse
Beaumaris
VIC
3193
AU
hostmaster@above.com
Tel. +61.395897946
Fax.

Technical Contact:
Above.com Domain Privacy
8 East concourse
Beaumaris
VIC
3193
AU
hostmaster@above.com
Tel. +61.395897946
Fax.

Billing Contact:
Above.com Domain Privacy
8 East concourse
Beaumaris
VIC
3193
AU
hostmaster@above.com
Tel. +61.395897946
Fax.

We'll be keeping a close eye on this one but, please let us know via the MDL forums or the contact form if you notice anything before we do.
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

November 12, 2009, 02:30:52 pm
Reply #1

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Anyone else able to reproduce this?

Just loaded the site (and annoyingly, before I'd loaded Fiddler), and it went;

Code: [Select]
http://malwaredomainlist2.com/
http://malwaredomainlist2.com/js/general.js
http://malwaredomainlist2.com/check_image.php?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTEtMTMgMDE6MjQ6NTQiO2k6MTtzOjc6IjM1OTkwNTQiO2k6MjtOO2k6MztzOjEyNDoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMDsgVHJpZGVudC80LjA7IEF2YW50IEJyb3dzZXI7IE9mZmljZUxpdmVDb25uZWN0b3IuMS40OyBPZmZpY2VMaXZlUGF0Y2guMS4zKSI7aTo0O3M6MToiLyI7aTo1O3M6MTM6IjIxMi41Ni45NS4yNTMiO2k6NjtzOjI6IjExIjtpOjc7czowOiIiO2k6ODtzOjA6IiI7aTo5O3M6MjoiVUsiO2k6MTA7czoxOiItIjtpOjExO3M6MToiLSI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjI6Im1hbHdhcmVkb21haW5saXN0Mi5jb20iO2k6MTQ7czo5MzoiaHR0cDovL3NlZG9wYXJraW5nLmNvbS9zZWFyY2gvcmVnaXN0cmFyLnBocD9kb21haW49bWFsd2FyZWRvbWFpbmxpc3QyLmNvbSZyZWdpc3RyYXI9dHJlbGxpYW41IjtpOjE1O3M6NToiMzAuMDAiO2k6MTY7czo0OiIwLjAwIjtpOjE3O3M6NDY6IlN1Ym5ldCB0ZW1wb3JhcmlseSBiYW5uZWQsIHN1c3BpY2lvdXMgdHJhZmZpYy4iO2k6MTg7TjtpOjE5O047aToyMDtOO30%3D&rand=0.7826533932932574
http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
http://img.sedoparking.com/templates/classic/classic.css
http://img.sedoparking.com/templates/15/classic.css
http://img.sedoparking.com/templates/15/img/suche_go_e.gif
http://img.sedoparking.com/templates/classic/sedo_head.gif
http://img.sedoparking.com/templates/classic/pfeil_blue.gif
http://img.sedoparking.com/templates/classic/box_blue2.gif
http://img.sedoparking.com/templates/15/img/bluedot.gif
http://domain7777.info/
http://domain7777.info/is.php?ipua_id=a4f7fb6d191e0fa48642b7e9cba92cbd&search_id=2044544&time=1258035906
http://domain7777.info/css_is.php?d=domain7777.info
http://mal-ware-domain-list-2.tinker.pureleads.sendori.com/redirect/go?id=3e798b7522bce0206ed708011fa14a6d46a532bf&park=malwaredomainlist2.com%2F%3Fnozc%3D1
http://malwaredomainlist2.com/?nozc=1
http://malwaredomainlist2.com/check_image.php?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTEtMTMgMDE6MjU6MTIiO2k6MTtzOjc6IjM1OTkwNTQiO2k6MjtOO2k6MztzOjEyNDoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMDsgVHJpZGVudC80LjA7IEF2YW50IEJyb3dzZXI7IE9mZmljZUxpdmVDb25uZWN0b3IuMS40OyBPZmZpY2VMaXZlUGF0Y2guMS4zKSI7aTo0O3M6ODoiLz9ub3pjPTEiO2k6NTtzOjEzOiIyMTIuNTYuOTUuMjUzIjtpOjY7czoyOiIxMSI7aTo3O3M6MDoiIjtpOjg7czowOiIiO2k6OTtzOjI6IlVLIjtpOjEwO3M6MToiLSI7aToxMTtzOjE6Ii0iO2k6MTI7czoyOiIxNSI7aToxMztzOjIyOiJtYWx3YXJlZG9tYWlubGlzdDIuY29tIjtpOjE0O3M6OTM6Imh0dHA6Ly9zZWRvcGFya2luZy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPW1hbHdhcmVkb21haW5saXN0Mi5jb20mcmVnaXN0cmFyPXRyZWxsaWFuNSI7aToxNTtOO2k6MTY7TjtpOjE3O047aToxODtOO2k6MTk7TjtpOjIwO047fQ%3D%3D&rand=0.3723997388372887
http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
http://img.sedoparking.com/templates/15/classic.css
http://img.sedoparking.com/templates/classic/classic.css
http://img.sedoparking.com/templates/15/img/suche_go_e.gif
http://img.sedoparking.com/templates/15/img/bluedot.gif
http://img.sedoparking.com/templates/classic/sedo_head.gif
http://img.sedoparking.com/templates/classic/pfeil_blue.gif
http://img.sedoparking.com/templates/classic/box_blue2.gif
http://domain7777.info/
http://domain7777.info/is.php?ipua_id=a4f7fb6d191e0fa48642b7e9cba92cbd&search_id=2045984&time=1258035917
http://domain7777.info/css_is.php?d=domain7777.info

Headers:

Code: [Select]
GET / HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Connection: Keep-Alive
Host: malwaredomainlist2.com

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:24:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch15
Content-Length: 1451
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /js/general.js HTTP/1.1
Accept: */*
Referer: http://malwaredomainlist2.com/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Mon, 22 Jun 2009 02:04:27 GMT
If-None-Match: "3400830-63f-46ce64b36c0c0"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: malwaredomainlist2.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:24:54 GMT
Server: Apache
Last-Modified: Mon, 19 Oct 2009 01:56:37 GMT
ETag: "3064e19-63f-476400e5d311d"
Accept-Ranges: bytes
Content-Length: 1599
Connection: close
Content-Type: application/javascript

------------------------------------------------------------------
GET /check_image.php?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTEtMTMgMDE6MjQ6NTQiO2k6MTtzOjc6IjM1OTkwNTQiO2k6MjtOO2k6MztzOjEyNDoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMDsgVHJpZGVudC80LjA7IEF2YW50IEJyb3dzZXI7IE9mZmljZUxpdmVDb25uZWN0b3IuMS40OyBPZmZpY2VMaXZlUGF0Y2guMS4zKSI7aTo0O3M6MToiLyI7aTo1O3M6MTM6IjIxMi41Ni45NS4yNTMiO2k6NjtzOjI6IjExIjtpOjc7czowOiIiO2k6ODtzOjA6IiI7aTo5O3M6MjoiVUsiO2k6MTA7czoxOiItIjtpOjExO3M6MToiLSI7aToxMjtzOjI6IjE1IjtpOjEzO3M6MjI6Im1hbHdhcmVkb21haW5saXN0Mi5jb20iO2k6MTQ7czo5MzoiaHR0cDovL3NlZG9wYXJraW5nLmNvbS9zZWFyY2gvcmVnaXN0cmFyLnBocD9kb21haW49bWFsd2FyZWRvbWFpbmxpc3QyLmNvbSZyZWdpc3RyYXI9dHJlbGxpYW41IjtpOjE1O3M6NToiMzAuMDAiO2k6MTY7czo0OiIwLjAwIjtpOjE3O3M6NDY6IlN1Ym5ldCB0ZW1wb3JhcmlseSBiYW5uZWQsIHN1c3BpY2lvdXMgdHJhZmZpYy4iO2k6MTg7TjtpOjE5O047aToyMDtOO30%3D&rand=0.7826533932932574 HTTP/1.1
Accept: */*
Accept-Language: en-gb
Referer: http://malwaredomainlist2.com/
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: malwaredomainlist2.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:24:55 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch15
Content-Length: 57
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://malwaredomainlist2.com/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 11 Nov 2009 22:53:02 GMT; length=37439
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Connection: Keep-Alive
Host: sedoparking.com

HTTP/1.0 200 OK
Date: Thu, 12 Nov 2009 14:24:54 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny3
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 Nov 2009 14:24:54 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tu=313ad6538c0ef0ad3371b065bdf322e8; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=malwaredomainlist2.com; httponly
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 6605
Content-Type: text/html
X-Cache: MISS from 738071
Connection: close

------------------------------------------------------------------
GET /templates/classic/classic.css HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 20 Nov 2008 11:09:24 GMT
If-None-Match: "bb58b57c3bef855c8a5ac75d0a89bf69"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:56 GMT
Content-Type: text/css
Connection: keep-alive
ETag: "bb58b57c3bef855c8a5ac75d0a89bf69"

------------------------------------------------------------------
GET /templates/15/classic.css HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 26 Sep 2008 14:51:18 GMT
If-None-Match: "9d8c108b1ef6b69ee7eb2e99c3e559c6"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:56 GMT
Content-Type: text/css
Connection: keep-alive
ETag: "9d8c108b1ef6b69ee7eb2e99c3e559c6"

------------------------------------------------------------------
GET /templates/15/img/suche_go_e.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 Jan 2006 15:23:00 GMT
If-None-Match: "57ad08f9bcf9679b585b08a052513dd3"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:56 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "57ad08f9bcf9679b585b08a052513dd3"

------------------------------------------------------------------
GET /templates/classic/sedo_head.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "761529f6a776c463afb46b283a25be7a"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:56 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "761529f6a776c463afb46b283a25be7a"

------------------------------------------------------------------
GET /templates/classic/pfeil_blue.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "ce66806a7b2e33c64a152335a453e061"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:57 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "ce66806a7b2e33c64a152335a453e061"

------------------------------------------------------------------
GET /templates/classic/box_blue2.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "e131a5fc03d70e7be3c0ef9ff9bd9d39"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:57 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "e131a5fc03d70e7be3c0ef9ff9bd9d39"

------------------------------------------------------------------
GET /templates/15/img/bluedot.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 Jan 2006 15:23:00 GMT
If-None-Match: "f10b7d7395f482680231ebe7f2ba7f6a"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:24:57 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "f10b7d7395f482680231ebe7f2ba7f6a"

------------------------------------------------------------------
GET / HTTP/1.1
Accept: */*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Connection: Keep-Alive
Host: domain7777.info
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28693715%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSlwS%255BL1edz1sRzV%2560rC%25603Td1l2NghBJwEYsyD3SPhPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwlbKIonm5hESvTl3m5F.9o%257BrKyUm7W%2560eB%252F%252F-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:06 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Set-Cookie: R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28726665%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSlvvbL1eV61tJOpxVIdzJeZl2NghBJwEYsxc1D3iPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwmvpCqL%253AIklf%257BS%257B%253A25F.9o%257BtbCUNRm%2560ER%252F%252F-ZU1%257B; expires=Thu, 12-Nov-2009 14:55:06 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 4323
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /is.php?ipua_id=a4f7fb6d191e0fa48642b7e9cba92cbd&search_id=2044544&time=1258035906 HTTP/1.1
Accept: */*
Referer: http://domain7777.info/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: domain7777.info
Connection: Keep-Alive
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28726665%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSlvvbL1eV61tJOpxVIdzJeZl2NghBJwEYsxc1D3iPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwmvpCqL%253AIklf%257BS%257B%253A25F.9o%257BtbCUNRm%2560ER%252F%252F-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Content-Description: 1258035907.gif
Content-Disposition: inline; filename="1258035907.gif"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 50
Connection: close
Content-Type: image/gif

------------------------------------------------------------------
GET /css_is.php?d=domain7777.info HTTP/1.1
Accept: */*
Referer: http://domain7777.info/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: domain7777.info
Connection: Keep-Alive
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28726665%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSlvvbL1eV61tJOpxVIdzJeZl2NghBJwEYsxc1D3iPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwmvpCqL%253AIklf%257BS%257B%253A25F.9o%257BtbCUNRm%2560ER%252F%252F-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:07 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Content-Description: 1258035907.gif
Content-Disposition: inline; filename="1258035907.gif"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 50
Connection: close
Content-Type: image/gif

------------------------------------------------------------------
GET /redirect/go?id=3e798b7522bce0206ed708011fa14a6d46a532bf&park=malwaredomainlist2.com%2F%3Fnozc%3D1 HTTP/1.1
Accept: */*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-None-Match: "5c97481380ac12518ba30872e4bad1ed"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: mal-ware-domain-list-2.tinker.pureleads.sendori.com
Connection: Keep-Alive
Cookie: conversion=BAhbBmwrCCJ1i3k%2BAA%3D%3D; malwaredomainlist2.com=BAh7CToSYWR2ZXJ0aXNlcl9pZGkC1wg6C3Zpc2l0c2kGOglkYXRlSXU6CVRp%0AbWUNjmkbgD4geGEGOh9AbWFyc2hhbF93aXRoX3V0Y19jb2VyY2lvbkY6DXNl%0AZW5mZWVkVA%3D%3D%0A

HTTP/1.1 302 Moved Temporarily
Server: nginx/0.5.33
Date: Thu, 12 Nov 2009 14:25:11 GMT
Content-Type: text/html; charset=utf-8
Connection: keep-alive
Status: 302 Found
Location: http://malwaredomainlist2.com/?nozc=1
X-Runtime: 1ms
Cache-Control: no-cache
Content-Length: 103
P3P: CP="NOI DSP COR CURa ADMa DEVa TAIa OUR BUS IND UNI COM NAV INT",policyref="/w3c/p3p.xml"

------------------------------------------------------------------
GET /?nozc=1 HTTP/1.1
Accept: */*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-None-Match: "5c97481380ac12518ba30872e4bad1ed"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: malwaredomainlist2.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:12 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny3
Content-Length: 1367
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /check_image.php?enc=YToyMTp7aTowO3M6MTk6IjIwMDktMTEtMTMgMDE6MjU6MTIiO2k6MTtzOjc6IjM1OTkwNTQiO2k6MjtOO2k6MztzOjEyNDoiTW96aWxsYS80LjAgKGNvbXBhdGlibGU7IE1TSUUgNy4wOyBXaW5kb3dzIE5UIDYuMDsgVHJpZGVudC80LjA7IEF2YW50IEJyb3dzZXI7IE9mZmljZUxpdmVDb25uZWN0b3IuMS40OyBPZmZpY2VMaXZlUGF0Y2guMS4zKSI7aTo0O3M6ODoiLz9ub3pjPTEiO2k6NTtzOjEzOiIyMTIuNTYuOTUuMjUzIjtpOjY7czoyOiIxMSI7aTo3O3M6MDoiIjtpOjg7czowOiIiO2k6OTtzOjI6IlVLIjtpOjEwO3M6MToiLSI7aToxMTtzOjE6Ii0iO2k6MTI7czoyOiIxNSI7aToxMztzOjIyOiJtYWx3YXJlZG9tYWlubGlzdDIuY29tIjtpOjE0O3M6OTM6Imh0dHA6Ly9zZWRvcGFya2luZy5jb20vc2VhcmNoL3JlZ2lzdHJhci5waHA/ZG9tYWluPW1hbHdhcmVkb21haW5saXN0Mi5jb20mcmVnaXN0cmFyPXRyZWxsaWFuNSI7aToxNTtOO2k6MTY7TjtpOjE3O047aToxODtOO2k6MTk7TjtpOjIwO047fQ%3D%3D&rand=0.3723997388372887 HTTP/1.1
Accept: */*
Accept-Language: en-gb
Referer: http://malwaredomainlist2.com/?nozc=1
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: malwaredomainlist2.com
Connection: Keep-Alive

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.0-8+etch15
Content-Length: 57
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://malwaredomainlist2.com/?nozc=1
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 12 Nov 2009 14:24:54 GMT; length=37516
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Connection: Keep-Alive
Host: sedoparking.com

HTTP/1.0 200 OK
Date: Thu, 12 Nov 2009 14:25:13 GMT
Server: Apache
X-Powered-By: PHP/5.2.6-1+lenny3
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 12 Nov 2009 14:25:13 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
Set-Cookie: tu=8d7d4083ae576997e361c2f44576d327; expires=Tue, 31-Dec-2019 23:00:00 GMT; path=/; domain=malwaredomainlist2.com; httponly
Vary: User-Agent,Accept-Encoding
Content-Encoding: gzip
Content-Length: 6592
Content-Type: text/html
X-Cache: MISS from 766549
Connection: close

------------------------------------------------------------------
GET /templates/15/classic.css HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 26 Sep 2008 14:51:18 GMT
If-None-Match: "9d8c108b1ef6b69ee7eb2e99c3e559c6"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:13 GMT
Content-Type: text/css
Connection: keep-alive
ETag: "9d8c108b1ef6b69ee7eb2e99c3e559c6"

------------------------------------------------------------------
GET /templates/classic/classic.css HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 20 Nov 2008 11:09:24 GMT
If-None-Match: "bb58b57c3bef855c8a5ac75d0a89bf69"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:13 GMT
Content-Type: text/css
Connection: keep-alive
ETag: "bb58b57c3bef855c8a5ac75d0a89bf69"

------------------------------------------------------------------
GET /templates/15/img/suche_go_e.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 Jan 2006 15:23:00 GMT
If-None-Match: "57ad08f9bcf9679b585b08a052513dd3"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:14 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "57ad08f9bcf9679b585b08a052513dd3"

------------------------------------------------------------------
GET /templates/15/img/bluedot.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Thu, 26 Jan 2006 15:23:00 GMT
If-None-Match: "f10b7d7395f482680231ebe7f2ba7f6a"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:14 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "f10b7d7395f482680231ebe7f2ba7f6a"

------------------------------------------------------------------
GET /templates/classic/sedo_head.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "761529f6a776c463afb46b283a25be7a"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:14 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "761529f6a776c463afb46b283a25be7a"

------------------------------------------------------------------
GET /templates/classic/pfeil_blue.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "ce66806a7b2e33c64a152335a453e061"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:15 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "ce66806a7b2e33c64a152335a453e061"

------------------------------------------------------------------
GET /templates/classic/box_blue2.gif HTTP/1.1
Accept: */*
Referer: http://sedoparking.com/search/registrar.php?domain=malwaredomainlist2.com&registrar=trellian5
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
If-Modified-Since: Fri, 15 Dec 2006 13:50:23 GMT
If-None-Match: "e131a5fc03d70e7be3c0ef9ff9bd9d39"
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: img.sedoparking.com
Connection: Keep-Alive

HTTP/1.1 304
Server: CacheFlyServe v26b
Date: Thu, 12 Nov 2009 14:25:15 GMT
Content-Type: image/gif
Connection: keep-alive
ETag: "e131a5fc03d70e7be3c0ef9ff9bd9d39"

------------------------------------------------------------------
GET / HTTP/1.1
Accept: */*
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Connection: Keep-Alive
Host: domain7777.info
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28726665%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSlvvbL1eV61tJOpxVIdzJeZl2NghBJwEYsxc1D3iPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwmvpCqL%253AIklf%257BS%257B%253A25F.9o%257BtbCUNRm%2560ER%252F%252F-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:17 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Set-Cookie: R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28736595%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSltvcr1eb671RDW%2560%2560GwPWkll2NghBJwEYszsUoXhPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwovZ%257BtfwJZg9Mfx%253AG5Ff9s%257Bz8qZCJe1-ZU1%257B; expires=Thu, 12-Nov-2009 14:55:17 GMT; path=/
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 4381
Connection: close
Content-Type: text/html; charset=UTF-8

------------------------------------------------------------------
GET /is.php?ipua_id=a4f7fb6d191e0fa48642b7e9cba92cbd&search_id=2045984&time=1258035917 HTTP/1.1
Accept: */*
Referer: http://domain7777.info/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: domain7777.info
Connection: Keep-Alive
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28736595%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSltvcr1eb671RDW%2560%2560GwPWkll2NghBJwEYszsUoXhPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwovZ%257BtfwJZg9Mfx%253AG5Ff9s%257Bz8qZCJe1-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Content-Description: 1258035918.gif
Content-Disposition: inline; filename="1258035918.gif"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 50
Connection: close
Content-Type: image/gif

------------------------------------------------------------------
GET /css_is.php?d=domain7777.info HTTP/1.1
Accept: */*
Referer: http://domain7777.info/
Accept-Language: en-gb
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Host: domain7777.info
Connection: Keep-Alive
Cookie: h=a4f7fb6d191e0fa48642b7e9cba92cbd; R=c%253E%255BH%253AuZXmvO%257Bd4Oz6qcn%255Bw%2527tfbsdi%2560uzqf%253Etfbsdi%2527f%253Evl%253CHC%253C32%253C3%253C2%253C28736595%253Ctuzmf2%256032%252Fdtt%253C3%253Cjoufsdptnpt%2560bggjmjbuf%25602%2560e3s%2560efsq%253Cmbxsfodfmvhbs4%253Cmbxsfodfmvhbs4%253C%253C4483%253Cdmfbo%253C%253C0e0tfbsdi0q0joufsdptnpt0ynm0epnbjomboefs0joum0e3s0gfg0qpqdbu0w30%253Cenynm%252Fjoufsdptnpt%252Fpwfsuvsf%252Fdpn%2527jqvb%2560je%253Eb5g8gc7e2%253A2f1gb59753c8f%253Adcb%253A3dce%2527enybsht%253E17pFOzb5%255BH2ZT7wPMKxqMjGekH%253A2JDsciQTuQZr%2560Hwc1Wq.skNJc%257BN%2560JSU7QUtfKtcqZW7P6YGDDOqwH8B9PDf9ENf6J3iSltvcr1eb671RDW%2560%2560GwPWkll2NghBJwEYszsUoXhPI.EKMXgdDVYhusEjMB1ocB642NF%255BYSlrJ%253A11JZtvH1H19xy4Bw5R9NUodi%2560FJ1pDU%255BCUbfchsZzUKMk%253A%255BqFjs.%257BQQRdcdwU25%2560%2560wKh8WFmIzKzCoMWCQqvsDIVvgwovZ%257BtfwJZg9Mfx%253AG5Ff9s%257Bz8qZCJe1-ZU1%257B

HTTP/1.1 200 OK
Date: Thu, 12 Nov 2009 14:25:18 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.2.11
Content-Description: 1258035918.gif
Content-Disposition: inline; filename="1258035918.gif"
Cache-Control: no-cache, no-store, must-revalidate, post-check=0, pre-check=0
Expires: Mon, 31 Dec 2001 7:32:00 GMT
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
P3P: CP="CAO PSA OUR"
Pragma: no-cache
Content-Length: 50
Connection: close
Content-Type: image/gif

------------------------------------------------------------------
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

November 12, 2009, 02:53:29 pm
Reply #2

SysAdMini

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 3335
What's wrong with it ?
Ruining the bad guy's day

November 12, 2009, 02:57:52 pm
Reply #3

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
It never did that before, so has me suspicious
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net

November 13, 2009, 06:27:05 pm
Reply #4

MysteryFCM

  • Administrator
  • Hero Member

  • Offline
  • *****

  • 1693
  • Personal Text
    Phishing Phanatic
    • I.T. Mate
Regards

Steven Burn
I.T. Mate / hpHosts
it-mate.co.uk / hosts-file.net