It would seem folks, IAC/MindSpark aren't happy with their current methods of attracting new victims, err, users. Now they've decided to go with a scamming approach.
What does this entail you ask? Well, look at the screenshot to your left - there's two adverts there. One asks which is a better presenter, offers a "free" (sic) $500 Visa gift card, and claims to be leading you to myrewardsvault.com (FYI,
myrewardsvault.com is also a phishing scam, though seperate to his particular case) - in actuality however, the path (note, other sites are loaded via webfetti.com itself) you're taken through is;
gnspf.com/click/?s=12064&c=209703
fbgdc.com/click/?s=12064&c=209703&internal=P_i6q4m_1
webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Headers:
GET /click/?s=12064&c=209703 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: gnspf.com
Cookie: BIGipServertracking-pool=16912556.20480.0000
HTTP/1.1 302 Found
Date: Thu, 18 Feb 2010 06:23:59 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 18 Feb 2010 06:24:00 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DEVa TAIa OUR BUS"
Location: http://fbgdc.com/click/?s=12064&c=209703&internal=P_i6q4m_1
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
------------------------------------------------------------------
GET /click/?s=12064&c=209703&internal=P_i6q4m_1 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Cookie: 1444=KpIYL2uZmgg4yIJzEYBGyQ%3D%3D%7CqjyUwp8DXB9V1V5TMGJkPSlTNVlAjeL74g6%2BPMEneNa4Z6RpC7zW9QFEWUcve0Yl%2B8oqlmF7zn90JSJZeTfITzv7oMCc0nToxsi1O19dKCB9lyanI4LgY73jrpHvpQ0kQqDBK8kdQVOy5%2FD1Aa%2B4X77aKrtx%2BEsk%2FzjS9rGchGL2u5drA7pq17NXA6MD2vrUlUCnEkGTUu2kWVNhvIATkCfIcHnPhfZGNLvmuKC5YRHqtTytab3RN9175GmloAb8AFIUKNIRfly%2FAbFbgowvkqvrAb3fTnaIfR3xIjng4JNs%2BVcyNo8r1fRoueThopUnE9tptsH80njl2oVhkHEEVdq%2FiY92tU4JVdxBe19osUel%2BbMWt9zUfrjnqmESICOaTT8S2liDyEL9SgAH8gqFgptKLC9ALKdHG%2F773bXPz3SvNFWrTDa9oerKJUy97AS4JBoBUsOU4%2FBsBm2pCQFV4ofrFt1lRukrYIRjuRLvgR%2B9oR04tutzZPEnbXOyM%2BVPv%2BEXbB8Vz7GJO2dnBBmas%2FtAdgDeog3lsf8qpHeUcMIldPB2Sc%2BZl%2FNRReOYYmfgvrCEoxUgOiiWXH3aQDfexZk%2BQMoI%2F940Fv8a968F7h8RD%2FIYHNAx3yQo7DR%2BnOFmEhHNdM6Dgq5mt6RbXR7G2F1xTnhcVu77FHRyzVWn%2Fx77bI7QGb0UtEJuWrLavrkMo5ONcGvMFFpZSdrStN1fCDy5GwnddxVd3l9qm2GlOpqoOGp6yWrqS%2Fad9VLSz3YML1%2BSadvEtjwilzHnhXzWQ6H31ThqsAgaRa1diaQtRAhhWRnxBGd222pTYZUYE2I4Q7sbrY5sTWz7ucyxh3LFsn64R%2FfZYI8H4f%2BsRjyiJbGUoUay6fdFJ4OFLP%2BB2b20jkGrNXfylMsUlp1LNS%2FCkLPQNwlv8BRvC8r%2F2Xh6QfPDmDVx%2FUFjCRHd6o0fdtXk%2FyVxoloxn8HZseQR%2BxW6HTCLjb%2FKBv19l5PVzzHirZs%3D; 1444-encoded_click=HDYls521-; 1444-affiliate_id=31826; 1444-site_id=12064; 1444-subid=redirect_from_6471_to_1444; 1444-2378=Z2z2asUNHzcxmaw0ynMegA%3D%3D%7CtshesoOPB3UHr%2BS5ChA2621ZRA%2BEw7AjRSgorteE%2FNK74nW4d5q2AM3SvYf3LMXaR1tcZOCMrxz75lPhulFluQ%3D%3D; 1444-2378-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5449=adY0WdbTzSZpTEq2L14taA%3D%3D%7C1FD22QIwSrWIFxhAWIEAYJch1LzDpGS%2FN56KiBBRgVX5PDckVK%2BHhiJQ8W9RB%2F5VkVv8a9P%2BiLKZJ00YJnsSjg%3D%3D; 1444-5449-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5450=jby15tERjZmHHorIXxobBg%3D%3D%7C3v9J3o%2BGdmKze3u3l9LRIh2ZMesmz4gyr5awW8S4PgR2cjMER8wIdTUARlQx9y66s2SwZEdkVnxnd1gknvXExQ%3D%3D; 1444-5450-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5451=SpssNVCIGQvBeLWjaSD1LQ%3D%3D%7Cd77q%2BNbs2SBTucOnkYKGxQmrHK2HdA7KOSPm3trhLmiBdzDXu6kD7s2UGdThXHDgh2CWDak1jK7YDo%2FYwaSVQA%3D%3D; 1444-5451-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5481=yCI7pWNRV5Yt1Fg2omnf8A%3D%3D%7Ct0AwAP%2BrcZaIyyfYz3rY%2Fd0H5mkrfJAjuO2%2B14J8pAIqJUDIpCT302wCUwDjZzOh9QxHfdbC9ZWsk6LfBs6nMw%3D%3D; 1444-5481-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5482=ojzalu2fMmT3w43Ko7sLbg%3D%3D%7COXlb8JTzkyeFA6HXqkSmI73OLuahw6i4pOUut1wALR7cdRNDxN4tnYjzT47VQkjoBEmi5yLb7y5S%2Bh%2FPFUoYeg%3D%3D; 1444-5482-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5483=zpADcNHI2qtsUc2Wt%2Bk%2Fyg%3D%3D%7C%2BoxJht7mTbd9SBe3nR2HgwoPjEmcrCuk71vxiD29hEk181JnpnE4L5HE0U%2BfZddYK0veY8OGAvOxtPF3Q9hb1A%3D%3D; 1444-5483-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-6255=29juYjYW1tYJ5pQsG%2BtgXw%3D%3D%7CF9l1X2oEiBLrsUL14jAMzwuLXeRgfNrxsQDtQHShQbdvYeV2nskixZJKrsQdYuXfFn3xz0OMWbPA4OPbXgOeYQ%3D%3D; 1444-6255-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-7742=KQEq%2BhO02iXamXej3Pd6XA%3D%3D%7C0t9QWq%2B0JFJ0VV3ZKYtZ64b%2F%2BUPBugH0gKSw%2BgglT%2BeSx26WuP2zrYkokX4QkLC3x%2Bj5%2BkspwJQB5eM2caqKjw%3D%3D; 1444-7742-converting=317a05143c8f1656b95559c0f339974892f4cd69; BIGipServertracking-pool=16978092.20480.0000
Host: fbgdc.com
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:24:04 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 18 Feb 2010 06:24:04 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DEVa TAIa OUR BUS"
Set-Cookie: 1444-2378=YdptRXGxNQG5IohFGonDgQ%3D%3D%7CJE3gg24QTSzyuX22CcyLBjJTH%2FFW4bJS4swvdXvptwYz4QRk1mrQNIXg1F6oI1t8xItVV%2FsQjq2XbSMPTLXpKw%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-2378-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5449=1WhgdNsqXda7JGenynONkw%3D%3D%7CJ2404Gcek%2FzCxIBKZigM%2FhVCDd48NmFnyou4WBHLWtfcw2Jecf%2BxNYuTyYiCedUWuQWPqxUUi9feh17CTEiiTw%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5449-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5450=7LomrXgULt929GiWG5jf0g%3D%3D%7C9wakmhYex26XFYQrpQqMS%2FlHwikSnu0mht%2BPYLGXZb%2BObCo5DIFrk%2Fi4ExiY%2BLdijTCEfaQMlnoVPUDca40jpw%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5450-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5451=JwMW1js74qIieapB3WpJNw%3D%3D%7CRpJR7wMx93ueVmp10Zvw9tMV2m4%2BPv2yxblJlaLntrfO8GWGPGh7FuOX5j88evS5WhA4eY4o5Znv4h6zIMo5SQ%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5451-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5481=FqOS6ISyP8CfRFkVzZnyDA%3D%3D%7Cux%2FQ6C0Utm%2BYeSEQKK5xddyMRtwQ319FUKstK%2FX49vuTBGVzixsVTkLhrZbkgPyAqio70d7e4fwMcDRaCBWBfQ%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5481-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5482=TqQNc1PGPN%2FrkYY28xiX7w%3D%3D%7CE%2BhXF4RkXJo1ZoXFBjedvbaQj8TCR4yLh%2BAISaaGZ2VMhRuslDjTyc4mYlSdl9jZaPc%2Fmop8R501XTsQKEkMBA%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5482-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5483=hUmKRrUyDCTJHcIGj7c2HQ%3D%3D%7CQL5dFiB%2FfVOvqjlUmApbSxYRhEog6XDlXxvOpfNqAN0vTi5JDmp67rAENuiMR61%2BwEc%2BRF6LI1eG0S8Gs%2FmT8w%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-5483-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-6255=vZojfgVC9BlD3drz0wSKdw%3D%3D%7C3X9OxHiFeuoS0EJ2JOy%2FujFlC3s4XjfG8Rp3SRtPZMxzr5lXIticrs4Sl9KQuBU%2B%2Fza3zcdMlnbTcmg8H3jmwQ%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-6255-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-7742=C%2BFz0sqBLuTkryT1Tg8dzw%3D%3D%7C%2B8iXNv2Q7p%2FFPIh5xobW8WRLvg%2FKk%2BNkuG0EvzY7oyIQVbUJqv2f%2F4vhUjzehbNSXm9cFrK%2FvRapzjF3v%2F0jug%3D%3D; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Set-Cookie: 1444-7742-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:24:04 GMT; path=/
Content-Length: 802
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
------------------------------------------------------------------
GET /dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.webfetti.com
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:24:07 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Language: en-GB
Content-Length: 5445
Connection: close
Content-Type: text/html;charset=UTF-8
------------------------------------------------------------------
GET /dl/toolbarDetect/toolbar.js HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 17 Feb 2010 19:46:07 GMT
If-None-Match: W/"35985-1266435967000"
Host: www.webfetti.com
Connection: Keep-Alive
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 304 Not Modified
Date: Thu, 18 Feb 2010 06:24:10 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Connection: close
Vary: Accept-Encoding
------------------------------------------------------------------
GET /dl/generateExternalObject.js HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 17 Feb 2010 19:46:07 GMT
If-None-Match: W/"7350-1266435967000"
Host: www.webfetti.com
Connection: Keep-Alive
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 304 Not Modified
Date: Thu, 18 Feb 2010 06:24:10 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Connection: close
Vary: Accept-Encoding
------------------------------------------------------------------
GET /http%253A%252F%252Fplugin%252Esmileycentral%252Ecom%252Fassetserver%252Fcursor%252Ejhtml%253Fcur%253D1%2526i%253D9646a/image.gif HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: plugin.smileycentral.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 18 Feb 2010 06:24:13 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.8
Location: http://plugin.smileycentral.com/assetserver/cursor.jhtml?cur=1&i=9646a
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain
X-Pad: avoid browser bug
------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=1626143730&utmsr=1280x800&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Webfetti%20-%20Add%20FREE%20Customized%20Layouts%2C%20Generators%2C%20Graphics%20and%20Bling%20to%20Your%20Page%21&utmhn=www.webfetti.com&utmr=-&utmp=/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0 HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: utm.trk.webfetti.com
Connection: Keep-Alive
Cookie: __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:24:13 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Cache-control: no-store
Expires: -1
Last-Modified: Tue, 10 Feb 2009 19:06:11 GMT
ETag: "b4221-23-4991d023"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: image/gif
------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=805765985&utmsr=1280x800&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Webfetti%20-%20Add%20FREE%20Customized%20Layouts%2C%20Generators%2C%20Graphics%20and%20Bling%20to%20Your%20Page%21&utmhn=www.webfetti.com&utmp=/clicks/splash/partner/ZKxdm194YYGB HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: utm.trk.webfetti.com
Connection: Keep-Alive
Cookie: __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:24:16 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Cache-control: no-store
Expires: -1
Last-Modified: Tue, 10 Feb 2009 19:06:12 GMT
ETag: "b4221-23-4991d024"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: image/gif
------------------------------------------------------------------
GET /assetserver/cursor.jhtml?cur=1&i=9646a HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjQ3MV90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: plugin.smileycentral.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Date: Thu, 18 Feb 2010 06:24:16 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.8
Vary: Accept-Encoding
Location: http://i1img.com/images/cursormania/files/19/9646a.ani
Content-Language: en-GB
Content-Length: 0
Connection: close
Content-Type: text/html;charset=UTF-8
------------------------------------------------------------------
The second advert, is pretty much the same outline as the first, though doesn't seem to claim to be from myrewardsvault.com this time (if it is, it's in the blacked out part), and again, the URL's;
npvos.com/click/?s=12064&c=196741
fbgdc.com/click/?s=12064&c=196741&internal=U_136o6o_1
webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Headers:
GET /click/?s=12064&c=196741 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://short.strange-company.info/happy/27851
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: npvos.com
Connection: Keep-Alive
Cookie: BIGipServertracking-pool=17240236.20480.0000
HTTP/1.1 302 Found
Date: Thu, 18 Feb 2010 06:28:46 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 18 Feb 2010 06:28:46 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DEVa TAIa OUR BUS"
Location: http://fbgdc.com/click/?s=12064&c=196741&internal=U_136o6o_1
Content-Length: 0
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
------------------------------------------------------------------
GET /click/?s=12064&c=196741&internal=U_136o6o_1 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://short.strange-company.info/happy/27851
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: fbgdc.com
Connection: Keep-Alive
Cookie: 1444=KpIYL2uZmgg4yIJzEYBGyQ%3D%3D%7CqjyUwp8DXB9V1V5TMGJkPSlTNVlAjeL74g6%2BPMEneNa4Z6RpC7zW9QFEWUcve0Yl%2B8oqlmF7zn90JSJZeTfITzv7oMCc0nToxsi1O19dKCB9lyanI4LgY73jrpHvpQ0kQqDBK8kdQVOy5%2FD1Aa%2B4X77aKrtx%2BEsk%2FzjS9rGchGL2u5drA7pq17NXA6MD2vrUlUCnEkGTUu2kWVNhvIATkCfIcHnPhfZGNLvmuKC5YRHqtTytab3RN9175GmloAb8AFIUKNIRfly%2FAbFbgowvkqvrAb3fTnaIfR3xIjng4JNs%2BVcyNo8r1fRoueThopUnE9tptsH80njl2oVhkHEEVdq%2FiY92tU4JVdxBe19osUel%2BbMWt9zUfrjnqmESICOaTT8S2liDyEL9SgAH8gqFgptKLC9ALKdHG%2F773bXPz3SvNFWrTDa9oerKJUy97AS4JBoBUsOU4%2FBsBm2pCQFV4ofrFt1lRukrYIRjuRLvgR%2B9oR04tutzZPEnbXOyM%2BVPv%2BEXbB8Vz7GJO2dnBBmas%2FtAdgDeog3lsf8qpHeUcMIldPB2Sc%2BZl%2FNRReOYYmfgvrCEoxUgOiiWXH3aQDfexZk%2BQMoI%2F940Fv8a968F7h8RD%2FIYHNAx3yQo7DR%2BnOFmEhHNdM6Dgq5mt6RbXR7G2F1xTnhcVu77FHRyzVWn%2Fx77bI7QGb0UtEJuWrLavrkMo5ONcGvMFFpZSdrStN1fCDy5GwnddxVd3l9qm2GlOpqoOGp6yWrqS%2Fad9VLSz3YML1%2BSadvEtjwilzHnhXzWQ6H31ThqsAgaRa1diaQtRAhhWRnxBGd222pTYZUYE2I4Q7sbrY5sTWz7ucyxh3LFsn64R%2FfZYI8H4f%2BsRjyiJbGUoUay6fdFJ4OFLP%2BB2b20jkGrNXfylMsUlp1LNS%2FCkLPQNwlv8BRvC8r%2F2Xh6QfPDmDVx%2FUFjCRHd6o0fdtXk%2FyVxoloxn8HZseQR%2BxW6HTCLjb%2FKBv19l5PVzzHirZs%3D; 1444-encoded_click=HDYls521-; 1444-affiliate_id=31826; 1444-site_id=12064; 1444-subid=redirect_from_6471_to_1444; 1444-2378=YdptRXGxNQG5IohFGonDgQ%3D%3D%7CJE3gg24QTSzyuX22CcyLBjJTH%2FFW4bJS4swvdXvptwYz4QRk1mrQNIXg1F6oI1t8xItVV%2FsQjq2XbSMPTLXpKw%3D%3D; 1444-2378-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5449=1WhgdNsqXda7JGenynONkw%3D%3D%7CJ2404Gcek%2FzCxIBKZigM%2FhVCDd48NmFnyou4WBHLWtfcw2Jecf%2BxNYuTyYiCedUWuQWPqxUUi9feh17CTEiiTw%3D%3D; 1444-5449-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5450=7LomrXgULt929GiWG5jf0g%3D%3D%7C9wakmhYex26XFYQrpQqMS%2FlHwikSnu0mht%2BPYLGXZb%2BObCo5DIFrk%2Fi4ExiY%2BLdijTCEfaQMlnoVPUDca40jpw%3D%3D; 1444-5450-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5451=JwMW1js74qIieapB3WpJNw%3D%3D%7CRpJR7wMx93ueVmp10Zvw9tMV2m4%2BPv2yxblJlaLntrfO8GWGPGh7FuOX5j88evS5WhA4eY4o5Znv4h6zIMo5SQ%3D%3D; 1444-5451-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5481=FqOS6ISyP8CfRFkVzZnyDA%3D%3D%7Cux%2FQ6C0Utm%2BYeSEQKK5xddyMRtwQ319FUKstK%2FX49vuTBGVzixsVTkLhrZbkgPyAqio70d7e4fwMcDRaCBWBfQ%3D%3D; 1444-5481-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5482=TqQNc1PGPN%2FrkYY28xiX7w%3D%3D%7CE%2BhXF4RkXJo1ZoXFBjedvbaQj8TCR4yLh%2BAISaaGZ2VMhRuslDjTyc4mYlSdl9jZaPc%2Fmop8R501XTsQKEkMBA%3D%3D; 1444-5482-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-5483=hUmKRrUyDCTJHcIGj7c2HQ%3D%3D%7CQL5dFiB%2FfVOvqjlUmApbSxYRhEog6XDlXxvOpfNqAN0vTi5JDmp67rAENuiMR61%2BwEc%2BRF6LI1eG0S8Gs%2FmT8w%3D%3D; 1444-5483-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-6255=vZojfgVC9BlD3drz0wSKdw%3D%3D%7C3X9OxHiFeuoS0EJ2JOy%2FujFlC3s4XjfG8Rp3SRtPZMxzr5lXIticrs4Sl9KQuBU%2B%2Fza3zcdMlnbTcmg8H3jmwQ%3D%3D; 1444-6255-converting=317a05143c8f1656b95559c0f339974892f4cd69; 1444-7742=C%2BFz0sqBLuTkryT1Tg8dzw%3D%3D%7C%2B8iXNv2Q7p%2FFPIh5xobW8WRLvg%2FKk%2BNkuG0EvzY7oyIQVbUJqv2f%2F4vhUjzehbNSXm9cFrK%2FvRapzjF3v%2F0jug%3D%3D; 1444-7742-converting=317a05143c8f1656b95559c0f339974892f4cd69; BIGipServertracking-pool=16978092.20480.0000
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:28:49 GMT
Server: Apache/2.0.63 (Unix) mod_ssl/2.0.63 OpenSSL/0.9.8e-fips-rhel5 PHP/5.2.12
X-Powered-By: PHP/5.2.12
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Last-Modified: Thu, 18 Feb 2010 06:28:49 GMT
Cache-Control: no-store, no-cache, must-revalidate
Cache-Control: post-check=0, pre-check=0
Pragma: no-cache
P3P: CP="NOI DEVa TAIa OUR BUS"
Set-Cookie: 1444-2378=DL9SiYGr7dCPA55N3H%2Bp%2FQ%3D%3D%7Cm%2B0JeXztVz3VC%2F%2BUInGWSGBNf1aSA77NnlUYKsYAapoNdhuLpYMlFcPOFiNa1qbgM9NQvbSP5HOOFJWwXVkOjQ%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-2378-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5449=q5ZNWkuyU6AWgWU2X3SXig%3D%3D%7CFGSJw8rY3%2F4IWWm4yrvulf9upqqTljhVz%2FPeAgaKugYQOgSq8MW%2FE5KhAlswPpOfA58BEN%2BJwuu%2F%2BDHVd%2BlJGw%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5449-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5450=bu90d63x5AJ9wsBf3N46mg%3D%3D%7CY4TruIbXDnmUoOV0h8UnK566RrpFk5zZfnQNn3lunXDOuRcyXZIbcCi62HR9dALsNVE%2FYimuGkMlpL%2BEDHZV9w%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5450-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5451=mx4fZhZ%2BVw5sc%2FVMYhzPbg%3D%3D%7CJmE2n0WQa8EXbnHXk7sIWSbq9O9x5Jn3ybSkEhGzj%2BU%2BHbVhhmLhU1GfHvr3zTc%2B2F2GTxS1OfKWTnOK1UaZmQ%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5451-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5481=yJ4HBleHToQYTWb2C8GcIg%3D%3D%7CZKmukpuqaU%2BqKiFl80DRZbNDljGB3gNDG%2BjRHZsB%2FvfaRk36hLbpqXeFhcwol99T5Xtc4R53O8kjJUsw07BelA%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5481-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5482=mlI4l6CJ3TlsQlbGNL0ueg%3D%3D%7C0rh8C1n4zqEA7UoeLsWdnb8QVXWnCOzQ3LgMnNgwg%2F%2F2iy4rDvw3snabtmZVn5DEvYoFf4f%2BhgGL6dCRafZAFw%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5482-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5483=pwlBftSpPdOWRuke7vfARA%3D%3D%7CXQDHuUCkScii1fNK5yvUWqzRpVKyJLXri7vUmJ6mwSvm8bEM%2BRBEQpCf4xM31ykQ98rxmq3tHbINiDTXZdcF2Q%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-5483-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-6255=8P%2B7C495%2FHaYEGIvyphgmA%3D%3D%7C7eqmYSxN1VkkT7SmRKKscKLtn69LzuU85Up1BsDAUatbMYH8obJdEVsJpxO%2F5OR3cLYvhPnuBN1PVtARvK2GzA%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-6255-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-7742=DjgxrJMe3QMaX1NBqhfxXw%3D%3D%7CQgfBx9ZcykgOGWpwyrmnkeBgbipOtsFrYaedpvFSanrgJ5FPAujOl7YtiAhVd7i1nKjGR1w%2FG6LR1Iu1j74%2Fgw%3D%3D; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Set-Cookie: 1444-7742-converting=317a05143c8f1656b95559c0f339974892f4cd69; expires=Thu, 18-Mar-2010 06:28:49 GMT; path=/
Content-Length: 802
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
------------------------------------------------------------------
GET /dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0 HTTP/1.1
Accept: image/gif, image/jpeg, image/pjpeg, application/x-ms-application, application/vnd.ms-xpsdocument, application/xaml+xml, application/x-ms-xbap, application/x-shockwave-flash, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Connection: Keep-Alive
Host: www.webfetti.com
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:28:53 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Vary: Accept-Encoding
Content-Encoding: gzip
Content-Language: en-GB
Content-Length: 5446
Connection: close
Content-Type: text/html;charset=UTF-8
------------------------------------------------------------------
GET /dl/toolbarDetect/toolbar.js HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 17 Feb 2010 19:46:07 GMT
If-None-Match: W/"35985-1266435967000"
Host: www.webfetti.com
Connection: Keep-Alive
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 304 Not Modified
Date: Thu, 18 Feb 2010 06:28:56 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Connection: close
Vary: Accept-Encoding
------------------------------------------------------------------
GET /dl/generateExternalObject.js HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
If-Modified-Since: Wed, 17 Feb 2010 19:46:07 GMT
If-None-Match: W/"7350-1266435967000"
Host: www.webfetti.com
Connection: Keep-Alive
Cookie: ltmcookie=2365676042.20480.0000; __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 304 Not Modified
Date: Thu, 18 Feb 2010 06:28:56 GMT
Server: Apache/2.2.11 (Unix) mod_ssl/2.2.11 OpenSSL/0.9.8c DAV/2 mod_jk/1.2.28
Connection: close
Vary: Accept-Encoding
------------------------------------------------------------------
GET /http%253A%252F%252Fplugin%252Esmileycentral%252Ecom%252Fassetserver%252Fcursor%252Ejhtml%253Fcur%253D1%2526i%253D9646a/image.gif HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: plugin.smileycentral.com
Connection: Keep-Alive
HTTP/1.1 302 Found
Date: Thu, 18 Feb 2010 06:28:58 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.8
Location: http://plugin.smileycentral.com/assetserver/cursor.jhtml?cur=1&i=9646a
Connection: close
Transfer-Encoding: chunked
Content-Type: text/plain
X-Pad: avoid browser bug
------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=1737558123&utmsr=1280x800&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Webfetti%20-%20Add%20FREE%20Customized%20Layouts%2C%20Generators%2C%20Graphics%20and%20Bling%20to%20Your%20Page%21&utmhn=www.webfetti.com&utmr=-&utmp=/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0 HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: utm.trk.webfetti.com
Connection: Keep-Alive
Cookie: __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:28:58 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Cache-control: no-store
Expires: -1
Last-Modified: Tue, 10 Feb 2009 19:06:12 GMT
ETag: "b4221-23-4991d024"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: image/gif
------------------------------------------------------------------
GET /assetserver/cursor.jhtml?cur=1&i=9646a HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: plugin.smileycentral.com
Connection: Keep-Alive
HTTP/1.1 302 Moved Temporarily
Date: Thu, 18 Feb 2010 06:29:01 GMT
Server: Apache/1.3.27 (Unix) mod_jk/1.2.8
Vary: Accept-Encoding
Location: http://i1img.com/images/cursormania/files/19/9646a.ani
Content-Language: en-GB
Content-Length: 0
Connection: close
Content-Type: text/html;charset=UTF-8
------------------------------------------------------------------
GET /__utm.gif?utmwv=6.1&utmn=614745390&utmsr=1280x800&utmsc=32-bit&utmul=en-us&utmje=1&utmjv=1.3&utmfl=10.0&utmdt=Webfetti%20-%20Add%20FREE%20Customized%20Layouts%2C%20Generators%2C%20Graphics%20and%20Bling%20to%20Your%20Page%21&utmhn=www.webfetti.com&utmp=/clicks/splash/partner/ZKxdm194YYGB HTTP/1.1
Accept: */*
Referer: http://www.webfetti.com/dl/index.jhtml?partner=ZKxdm194&spu=true&sub_id=31826&spu=true&nbCode=OjI6R0I6SERZbHM1MjEtOjMxODI2OjEyMDY0OnJlZGlyZWN0X2Zyb21fNjE2Ml90b18xNDQ0
Accept-Language: en-gb
User-Agent: Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 6.0; Trident/4.0; Avant Browser; OfficeLiveConnector.1.4; OfficeLivePatch.1.3)
Accept-Encoding: gzip, deflate
Host: utm.trk.webfetti.com
Connection: Keep-Alive
Cookie: __utma=87938462.236408141.1266455021.1266455021.1266473839.2; __utmc=87938462; __utmz=87938462.1266455021.1.1.utmcsr=ZKxdm194|utmccn=(not+set)|utmcmd=(not+set); __utmb=87938462
HTTP/1.1 200 OK
Date: Thu, 18 Feb 2010 06:29:01 GMT
Server: Apache/1.3.33 (Unix)
Pragma: no-cache
Cache-control: no-store
Expires: -1
Last-Modified: Tue, 10 Feb 2009 19:06:12 GMT
ETag: "b4221-23-4991d024"
Accept-Ranges: bytes
Content-Length: 35
Connection: close
Content-Type: image/gif
------------------------------------------------------------------
short.strange-company.info resolves to an IP at GoDaddy (
72.167.42.140, as does strange-company.info (
68.178.232.100. Both are shared servers, worse of course, is we already know how lax GoDaddy are when it comes to dealing with abuse. All of the domains referenced in the headers, are owned by IAC, so feel free to blackhole the lot of them (personally, I've got their IP ranges blackholed, but that's just me).