Dropped:Trojan.Generic.17338822 (B) (Emsisoft), Dropped:Trojan.Generic.17338822 (AdAware), Trojan.NSIS.StartPage.FD (Lavasoft MAS)Behaviour: Trojan
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
Summary
MD5: 4dcee49e18c9446479d1e36cc017f822
SHA1: 6a32a8406164541d96c7eedc34aaaa102e593100
SHA256: 04210c8e539636d6ae9cba167ef7280acac5019c8066fb03e1a42604729d10c4
SSDeep: 24576:N38c VVmu59mHwO6uMYllgdXKRWO6ACa4f:dj VVVqQO6u6BKRWOC/
Size: 790499 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: Speedbit Ltd.
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit
Summary: Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).
Dynamic Analysis
Payload
No specific payload has been found.
Process activity
The Dropped creates the following process(es):
taskkill.exe:1744
taskkill.exe:340
69582.exe:164
tasklist.exe:1084
tasklist.exe:1344
tasklist.exe:276
tasklist.exe:1488
tasklist.exe:832
tasklist.exe:1540
tasklist.exe:1852
tasklist.exe:1692
tasklist.exe:652
tasklist.exe:1676
tasklist.exe:500
tasklist.exe:1700
tasklist.exe:240
tasklist.exe:1880
tasklist.exe:784
tasklist.exe:1636
tasklist.exe:1556
tasklist.exe:1724
tasklist.exe:1288
tasklist.exe:1364
tasklist.exe:1688
tasklist.exe:2008
wearily.exe:460
%original file name%.exe:312
20943149.exe:456
find.exe:576
find.exe:660
find.exe:136
find.exe:832
find.exe:1984
find.exe:1612
find.exe:340
find.exe:1392
find.exe:1860
find.exe:1864
find.exe:1496
find.exe:224
find.exe:480
find.exe:1700
find.exe:1620
find.exe:780
find.exe:1800
find.exe:968
find.exe:424
find.exe:1680
find.exe:828
find.exe:2008
find.exe:516
The Dropped injects its code into the following process(es):
uncorroborated.exe:1064
Mutexes
The following mutexes were created/opened:No objects were found.
File activity
The process uncorroborated.exe:1064 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[3].xml (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAY9EDUL.xml (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA4LMNO5.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[1].xml (796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[3].xml (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abcd[1].mp4 (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[7].xml (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\itd[1].htm (1118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[4].xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[8].xml (591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jwplayer1[1].js (76309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css1[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\page-3[1].htm (3953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA6BKDAN.xml (854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAH3E7VM.xml (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lbg[1].png (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v[1].xml (654 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[1].txt (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAA3GZYL.xml (803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAIA5GXD.xml (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[2].xml (626 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (1074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[3].xml (597 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[6].xml (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[3].xml (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\ivids.net\com.jeroenwijering.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[8].xml (679 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[1].txt (550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\counter[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[2].xml (609 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[2].txt (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[5].xml (796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CACP0V2V.xml (804 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[2].txt (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\wau-widget[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\player1[1].swf (22077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[4].xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[4].xml (556 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[2].txt (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\noad[1].xml (73 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.ivids[1].txt (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[5].xml (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[6].xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\player1[1].swf (12941 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[1].txt (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivids.net\settings.sxx (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8ROLMN.xml (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo[2].png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[1].xml (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\counter[2].js (1353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[2].xml (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index5[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[7].xml (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[5].xml (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[1].xml (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAMFURQD.xml (752 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@amung[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[5].xml (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\func[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].js (1557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\collect[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[8].xml (503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\page-3[1].htm (4309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA6NW1QR.xml (803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAU3G96R.xml (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAWTOXEZ.xml (706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAKBSTKH.xml (706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[6].xml (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[7].xml (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[2].xml (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAYEJNZ0.xml (767 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[2].txt (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[1].xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[4].xml (503 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[1].txt (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[2].xml (697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAJMBGIP.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fla8.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ova-jw[1].swf (29005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[3].xml (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CACJQGXK.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[6].xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CANKAOOZ.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\count[1].htm (47 bytes)
The Dropped deletes the following file(s):
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\page-3[1].htm (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css1[1].css (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivids.net\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\collect[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\counter[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[1].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\player1[1].swf (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\1[1].htm (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[2].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\ivids.net\com.jeroenwijering.sxx (0 bytes)
The process 69582.exe:164 makes changes in the file system.
The Dropped deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsn3.tmp (0 bytes)
The process wearily.exe:460 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsa7.tmp\ExecCmd.dll (4 bytes)
The Dropped deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsa7.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsx6.tmp (0 bytes)
The process %original file name%.exe:312 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\ShellLink.dll (4 bytes)
%WinDir%\uncorroborated.exe (4952 bytes)
%Program Files%\orignal\settings.dll (11076 bytes)
%Program Files%\orignal\uncorroborated.exe (4952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\AccessControl.dll (13 bytes)
%WinDir%\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
%System%\drivers\etc\hosts (123 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\possessor.lnk (511 bytes)
%WinDir%\settings.dll (11076 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\69582.exe (1082 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\20943149.exe (3125 bytes)
%Program Files%\athough\wearily.exe (1036 bytes)
%Program Files%\orignal\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
The Dropped deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\ShellLink.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsz1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\System.dll (0 bytes)
The process 20943149.exe:456 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsd5.tmp\SimpleFC.dll (5289 bytes)
The Dropped deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\nsd5.tmp\SimpleFC.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsn4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd5.tmp (0 bytes)
Registry activity
The process taskkill.exe:1744 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "92 53 6A 34 84 38 49 4A 4F 96 F0 C4 85 F1 DA 49"
The process taskkill.exe:340 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "08 12 EE E9 E7 96 0D 20 30 E4 2E A4 CC 60 9D 9B"
The process uncorroborated.exe:1064 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090620160907]
"CacheOptions" = "11"
[HKCU\Software\Microsoft\Windows\ShellNoRoam\MUICache]
"@xpsp3res.dll,-20001" = "Diagnose Connection Problems..."
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"
[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090620160907]
"CacheLimit" = "8192"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090620160907]
"CachePrefix" = ":2016090620160907:"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090620160907]
"CacheRepair" = "0"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C FF 5A 85 E1 01 09 E5 45 20 80 19 31 F0 33 01"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016090620160907]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012016090620160907\"
The Dropped modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"
The Dropped modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:
"ProxyBypass" = "1"
Proxy settings are disabled:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"
The Dropped modifies IE settings for security zones to map all urls to the Intranet Zone:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"
The Dropped deletes the following registry key(s):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]
The Dropped deletes the following value(s) in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"
The process 69582.exe:164 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 D2 77 D4 45 B9 71 93 98 80 4A A3 D6 B1 FA E4"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = "1"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process tasklist.exe:1084 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 32 EA D4 53 5B 08 9C D3 01 5F FC 34 03 8F 68"
The process tasklist.exe:1344 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FD FD 8E 12 8B EC 78 7B B7 DB 7D 6B 5D 13 51 F0"
The process tasklist.exe:276 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DA 5B DC 7E 4E 82 86 91 9F D7 8C 97 03 E0 A5 E8"
The process tasklist.exe:1488 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D3 93 27 5D 6D CC C8 A2 7C C3 77 1A FD DE 83 97"
The process tasklist.exe:832 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B8 A2 81 62 C9 44 4C 5E C6 0B CA 9A 8B 84 78 25"
The process tasklist.exe:1540 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "39 CE DB 09 65 6E 77 72 73 F7 6A 76 43 A0 39 B3"
The process tasklist.exe:1852 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "81 D6 23 04 E2 55 CD E9 36 05 C4 61 ED 37 8D FE"
The process tasklist.exe:1692 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6F 6B 64 83 EE 1A FF A8 0A 02 2E FB 7C C6 5C 69"
The process tasklist.exe:652 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "62 8E CE C7 75 57 1D E4 02 A3 23 82 37 AB 14 35"
The process tasklist.exe:1676 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 70 97 55 21 A3 BE 07 0C A0 BC C7 42 BA 23 33"
The process tasklist.exe:500 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D4 37 53 85 4A 1B 57 45 13 EE A9 D9 33 06 A4 56"
The process tasklist.exe:1700 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3C A7 7E AA 2B 23 B1 01 D3 A0 1C 5D 7F E6 57 AC"
The process tasklist.exe:240 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C9 E1 B0 8F ED 8E 00 1E 85 EB F4 BD AB 14 A3 D5"
The process tasklist.exe:1880 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 DA E2 F7 60 E2 90 0E DC 8E AA E4 F6 07 92 71"
The process tasklist.exe:784 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "59 42 09 B3 69 7D 10 27 6E 3F 37 99 68 81 50 44"
The process tasklist.exe:1636 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "5C 57 3C AB E2 47 6A A9 A7 26 36 95 58 60 C4 5F"
The process tasklist.exe:1556 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A6 34 D0 AD 4A 68 DE A9 72 A2 0D 76 5D AA 89 9D"
The process tasklist.exe:1724 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 B5 19 BD 73 8F E7 80 E7 CD FE 17 9B D5 81 1A"
The process tasklist.exe:1288 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BB AF BB 1F 36 D5 5E 34 9E 7E 98 ED B4 FD 48 AD"
The process tasklist.exe:1364 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "90 FC 2C 60 98 22 C9 88 AD BB A9 F5 FB 4C 89 56"
The process tasklist.exe:1688 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "87 FE 71 7B 82 3E 5C FA 08 4D 75 8A 06 CE EB 17"
The process tasklist.exe:2008 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EA D4 3A 54 B7 DB 07 40 3C 0A 38 6C 5E CD C9 D7"
The process wearily.exe:460 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3D 02 0A 86 78 41 6B 8E B0 33 F7 EF 92 54 FF 72"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"wearily" = "%Program Files%\athough\wearily.exe"
"linkages" = "%Program Files%\orignal\uncorroborated.exe"
The process %original file name%.exe:312 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"
"Common Documents" = "%Documents and Settings%\All Users\Documents"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 04 B3 24 5B 20 7A 70 CF FD 33 79 9F 63 EA 4A"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adjournment" = "%Program Files%\orignal\uncorroborated.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"trappers" = "%Program Files%\orignal\uncorroborated.exe"
"midwestern" = "%Program Files%\orignal\uncorroborated.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"platzer" = "%Program Files%\orignal\uncorroborated.exe"
The process 20943149.exe:456 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A0 5B EE 05 23 6A A1 B4 0B BC 5A DD 98 09 7C 78"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process find.exe:576 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0E A9 EE 0F 30 1E A5 93 D2 6F E1 85 BA EE 61 A3"
The process find.exe:660 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE C1 DE 1D FF F8 E9 83 43 63 9C 57 A7 4B 7A A2"
The process find.exe:136 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA 23 40 A6 1F 46 28 D4 9C 26 4A B7 19 DE A9 EF"
The process find.exe:832 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 5C 7E 71 A8 6E 9D 98 E5 87 F9 BF 13 D6 62 6C"
The process find.exe:1984 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B6 CB 97 85 BC 59 EB 2A 87 56 40 D1 72 B8 D0 14"
The process find.exe:1612 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "D0 0E E9 D1 DB 7E C5 A6 2C AF E7 A0 47 12 2C 73"
The process find.exe:340 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "04 EE 3C FC EB 9C 8C CE C7 9E D3 E5 C6 DC C6 D2"
The process find.exe:1392 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2E 81 A2 FF 70 35 48 FA F2 84 A2 5C 5C 06 C6 9C"
The process find.exe:1860 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "64 E8 83 01 39 3E 16 B3 BB 96 DC 08 36 30 9A FD"
The process find.exe:1864 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "23 49 15 AE 16 87 FE 76 93 A5 3F 8F CD DF 26 3C"
The process find.exe:1496 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 E9 F1 E8 0F 3C 8C 3C D0 59 8A FA EF 6F 55 04"
The process find.exe:224 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E7 5D 2D 07 80 16 65 62 50 ED D1 D8 6B D2 A2 83"
The process find.exe:480 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "3E CB 62 DB 4B F7 12 B4 EF 08 73 20 7D 7F 65 D2"
The process find.exe:1700 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "2F 3C DF 11 C1 27 27 A1 90 CF 71 6A F3 0F 78 9A"
The process find.exe:1620 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "98 80 D6 AC 03 EB B8 78 EF 07 71 6C 71 B3 6B 12"
The process find.exe:780 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F9 7F 7B C0 D3 DC 98 0D 82 C3 94 DC 69 BA 87 32"
The process find.exe:1800 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A2 C1 A6 AA 3A A5 B9 AA CA 10 4E AC 6D 66 8A 79"
The process find.exe:968 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 69 94 50 41 C2 67 3A 8D A8 48 E2 6A 50 93 54"
The process find.exe:424 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BC F9 A5 02 38 2F 7F 79 AB 2C B3 06 73 D4 64 E8"
The process find.exe:1680 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "32 47 DE 98 E8 00 D7 A1 A1 E8 FB 33 5C 6C D9 5C"
The process find.exe:828 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "14 65 4A B2 8A 34 CE BD 02 1D B6 A2 7B 29 36 75"
The process find.exe:2008 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "DC 72 10 89 E7 7B 73 71 11 01 30 9E B3 30 1C 68"
The process find.exe:516 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FE B0 93 3A CA E6 AF BF 7F 69 9D 34 BF AF E5 F7"
Dropped PE files
MD5 | File path |
---|---|
04b4c43b7a5d2a157b083f4e2982fb88 | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\20943149.exe |
6351426f5922b23dd580621eee7b681c | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Application Data\69582.exe |
b9380b0bea8854fd9f93cc1fda0dfeac | c:\Documents and Settings\"%CurrentUserName%"\Local Settings\Temp\nsa7.tmp\ExecCmd.dll |
fac821b12aecac7d5abb16a4e36e9fb3 | c:\Program Files\athough\wearily.exe |
c8ff52bfddc6898c202c08c4a61a3d22 | c:\Program Files\orignal\Microsoft.Win32.TaskScheduler.dll |
1da0f3512390c47ec742190ade51194a | c:\Program Files\orignal\settings.dll |
9afaef17653e9d72b003f99ee0581f5a | c:\Program Files\orignal\uncorroborated.exe |
c8ff52bfddc6898c202c08c4a61a3d22 | c:\WINDOWS\Microsoft.Win32.TaskScheduler.dll |
9afaef17653e9d72b003f99ee0581f5a | c:\WINDOWS\inflict.exe |
1da0f3512390c47ec742190ade51194a | c:\WINDOWS\settings.dll |
HOSTS file anomalies
The Dropped modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses. The modified file is 857 bytes in size. The following strings are added to the hosts file listed below:
162.222.194.13 | cocomo.tremorhub.com |
162.222.194.13 | www.virustotal.com |
162.222.194.13 | virustotal.com |
Rootkit activity
No anomalies have been detected.
Propagation
Removals
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Terminate malicious process(es) (How to End a Process With the Task Manager):
taskkill.exe:1744
taskkill.exe:340
69582.exe:164
tasklist.exe:1084
tasklist.exe:1344
tasklist.exe:276
tasklist.exe:1488
tasklist.exe:832
tasklist.exe:1540
tasklist.exe:1852
tasklist.exe:1692
tasklist.exe:652
tasklist.exe:1676
tasklist.exe:500
tasklist.exe:1700
tasklist.exe:240
tasklist.exe:1880
tasklist.exe:784
tasklist.exe:1636
tasklist.exe:1556
tasklist.exe:1724
tasklist.exe:1288
tasklist.exe:1364
tasklist.exe:1688
tasklist.exe:2008
wearily.exe:460
%original file name%.exe:312
20943149.exe:456
find.exe:576
find.exe:660
find.exe:136
find.exe:832
find.exe:1984
find.exe:1612
find.exe:340
find.exe:1392
find.exe:1860
find.exe:1864
find.exe:1496
find.exe:224
find.exe:480
find.exe:1700
find.exe:1620
find.exe:780
find.exe:1800
find.exe:968
find.exe:424
find.exe:1680
find.exe:828
find.exe:2008
find.exe:516 - Delete the original Dropped file.
- Delete or disinfect the following files created/modified by the Dropped:
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[3].xml (633 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAY9EDUL.xml (933 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA4LMNO5.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[1].xml (796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[3].xml (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\abcd[1].mp4 (771 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[7].xml (644 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\itd[1].htm (1118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\crossdomain[1].xml (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[4].xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[8].xml (591 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\jwplayer1[1].js (76309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\css1[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\page-3[1].htm (3953 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CA6BKDAN.xml (854 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAH3E7VM.xml (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\lbg[1].png (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\v[1].xml (654 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[1].txt (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAA3GZYL.xml (803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAIA5GXD.xml (767 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[2].xml (626 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (1074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[3].xml (597 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (14072 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[6].xml (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[3].xml (629 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\ivids.net\com.jeroenwijering.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[8].xml (679 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[1].txt (550 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\counter[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[2].xml (609 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[2].txt (812 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[5].xml (796 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CACP0V2V.xml (804 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[2].txt (720 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\wau-widget[1].png (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo[1].png (2 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\player1[1].swf (22077 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[4].xml (580 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[4].xml (556 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[2].txt (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\noad[1].xml (73 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@www.ivids[1].txt (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[5].xml (608 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[6].xml (637 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\player1[1].swf (12941 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[1].txt (611 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivids.net\settings.sxx (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CA8ROLMN.xml (718 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\logo[2].png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[1].xml (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\counter[2].js (1353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[2].xml (700 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\index5[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[7].xml (640 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[5].xml (758 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[1].xml (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAMFURQD.xml (752 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@amung[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[5].xml (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\func[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\analytics[1].js (1557 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\collect[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[8].xml (503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\page-3[1].htm (4309 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CA6NW1QR.xml (803 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\CAU3G96R.xml (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAWTOXEZ.xml (706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\CAKBSTKH.xml (706 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[6].xml (711 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\syncnoad[7].xml (599 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[2].xml (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\CAYEJNZ0.xml (767 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[2].txt (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[1].xml (685 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQISTQM\syncnoad[4].xml (503 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[1].txt (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\crossdomain[1].xml (130 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[2].xml (697 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CAJMBGIP.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\fla8.tmp (5 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\ova-jw[1].swf (29005 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\syncnoad[3].xml (588 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CACJQGXK.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\syncnoad[6].xml (567 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OPQNSD2J\CANKAOOZ.xml (752 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\4DQJW9YN\1[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\WLMVCPYN\count[1].htm (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsa7.tmp\ExecCmd.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\ShellLink.dll (4 bytes)
%WinDir%\uncorroborated.exe (4952 bytes)
%Program Files%\orignal\settings.dll (11076 bytes)
%Program Files%\orignal\uncorroborated.exe (4952 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\AccessControl.dll (13 bytes)
%WinDir%\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
%System%\drivers\etc\hosts (123 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\possessor.lnk (511 bytes)
%WinDir%\settings.dll (11076 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\System.dll (11 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\69582.exe (1082 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\20943149.exe (3125 bytes)
%Program Files%\athough\wearily.exe (1036 bytes)
%Program Files%\orignal\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd5.tmp\SimpleFC.dll (5289 bytes) - Delete the following value(s) in the autorun key (How to Work with System Registry):
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"wearily" = "%Program Files%\athough\wearily.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"linkages" = "%Program Files%\orignal\uncorroborated.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"adjournment" = "%Program Files%\orignal\uncorroborated.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"trappers" = "%Program Files%\orignal\uncorroborated.exe"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"midwestern" = "%Program Files%\orignal\uncorroborated.exe"
[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"platzer" = "%Program Files%\orignal\uncorroborated.exe" - Restore the original content of the HOSTS file (%System%\drivers\etc\hosts): 127.0.0.1 localhost
- Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
Static Analysis
VersionInfo
No information is available.
No information is available.
PE Sections
Name | Virtual Address | Virtual Size | Raw Size | Entropy | Section MD5 |
---|---|---|---|---|---|
.text | 4096 | 23628 | 24064 | 4.46394 | 856b32eb77dfd6fb67f21d6543272da5 |
.rdata | 28672 | 4764 | 5120 | 3.4982 | dc77f8a1e6985a4361c55642680ddb4f |
.data | 36864 | 154712 | 1024 | 3.3278 | 7922d4ce117d7d5b3ac2cffe4b0b5e4f |
.ndata | 192512 | 86016 | 0 | 0 | d41d8cd98f00b204e9800998ecf8427e |
.rsrc | 278528 | 2536 | 2560 | 3.13622 | b9f20defc9dd650d8dcc7fc5d4708ad4 |
Dropped from:
Downloaded by:
Similar by SSDeep:
Similar by Lavasoft Polymorphic Checker:
Total found: 69
7bcde813c50a0b0e20e5f9f233bc3040
3bb658d8842811f2bb1727abfc9e8886
6fbb8fb46337e3f62482246f42d9b043
54f561eda86f1e84fc86247e6f2c8430
49839380f2b5206da8310e3e7a06a5ae
b341a56684c065e107316fd0df7f6581
c09676623f77c5767f18b933aaba2b62
acaa641b943db17b0caaf35156d8830d
bbfa9010ebef7ef8e0573cefda04c850
728ff14118449483f419515f9c0986a8
5ec17924d5a5120ceda2664f1b218ecb
4ad0fc6d5ebd598a467812b0f9740221
8ff5ebdddc64d38db37572540e7a1d7a
6cd19462f1f0d052f2737cc36afbcdf3
a14d0db7bb09e828c386a7ec35354e20
b1f342022972160628e55f97bc8be5cc
c3043b5ee111da57d2d1ca9bba8aef9a
838f1004aec0bf9f8092cb2bf33ace3b
d2ee31e9f93c861fb0f46832cf9cacca
4451756512961de3738d9540bafa34b3
7ad91245eac497f0b7bf8e9d2a01925d
3685385d957d8b037aed66637286a898
3e6648981ae491c49a84171eb2f8ffea
723ff258db1000397db7689ef61e55e3
050ec6260d617046e92eb82a47e46a76
Network Activity
URLs
URL | IP |
---|---|
hxxp://d3cpqb3ouewn5u.cloudfront.net/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t= | |
hxxp://d3cpqb3ouewn5u.cloudfront.net/func.js?r=5 | |
hxxp://www-google-analytics.l.google.com/analytics.js | |
hxxp://www.clangburkitt.info/count.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&rand= | 162.222.194.132 |
hxxp://cocomo.tremorhub.com/itd.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&rand= | |
hxxp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png | 67.202.94.94 |
hxxp://c.statcounter.com/10114910/0/757d7213/1/ | 216.59.38.123 |
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j46&a=735763056&t=pageview&_s=1&dl=http://www.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1914398824&cid=167001551.1473180239&tid=UA-74694740-5&_r=1&z=227060018 | |
hxxp://a5f50dedef.site.internapcdn.net/page-3.html?lid=937115 | |
hxxp://widgets.amung.us/draw/?w=colored&n=1114&c=000000ffffff&p= | 50.23.131.235 |
hxxp://109.201.148.40/report1.php?url=/ivids/page-3.html?lid=937115 | |
hxxp://ivids.net/jwplayer1.js | 162.222.194.11 |
hxxp://109.201.148.40/bck.php?1473180240000 | |
hxxp://ivids.net/1.js | 162.222.194.11 |
hxxp://a5f50dedef.site.internapcdn.net/page-3.htm?lid=937115 | |
hxxp://109.201.148.40/report1.php?url=/ivids/page-3.htm?lid=937115 | |
hxxp://109.201.148.40/bck.php?1473180241000 | |
hxxp://g1.panthercdn.com/counter/counter.js | |
hxxp://ivids.net/player1.swf | 162.222.194.11 |
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j46&a=116491976&t=pageview&_s=1&dl=http://www.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=659244252&cid=1782559488.1473180242&tid=UA-74694740-2&_r=1&z=1176070523 | |
hxxp://a5f50dedef.site.internapcdn.net/css1.css | |
hxxp://a5f50dedef.site.internapcdn.net/img/logo.png | |
hxxp://a5f50dedef.site.internapcdn.net/img/lbg.png | |
hxxp://c.statcounter.com/t.php?sc_project=10675947&java=1&security=299981d6&u1=11F02FAE42BB4FA83FEB842D21424A13&sc_random=0.3472518227683497&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=http://www.ivids.net/page-3.html?lid=937115&u=http://www.ivids.net/page-3.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 | 216.59.38.123 |
hxxp://cs28.wpc.thetacdn.net/5/10/logo.png | |
hxxp://ivids.net/ova-jw.swf | 162.222.194.11 |
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/crossdomain.xml | |
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hxxp://www.ivids.net/3.html&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=300 | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/crossdomain.xml | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,thetradedesk,google,eyeview,BidTheatre,ignitionone,dynadmic,mediamath,SundaySky,dataxu,conversant,_dmp_turbine,1,tremornet,appnexus,Videology,beeswax,adapTV,rocketfuel,TubeMogul-GP,centro,audiencescience&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://dyhd7e8p4cqed.cloudfront.net/crossdomain.xml | |
hxxp://dyhd7e8p4cqed.cloudfront.net/static/noad.xml | |
hxxp://vi.ivids.net/crossdomain.xml | 109.201.148.40 |
hxxp://vi.ivids.net/v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hxxp://www.ivids.net/3.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos ivids.net&LR_FORMAT=application/x-shockwave-flash | 109.201.148.40 |
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net&mediaDesc=Watch Entertainment videos ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=[CONTENT_LENGTH] | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=SundaySky,ignitionone,centro,Videology,google,TubeMogul-GP,eyeview,dataxu,videoamp,adapTV,mediamath,beeswax,thetradedesk,_dmp_turbine,1,audiencescience,dynadmic,Bidswitch,conversant,rocketfuel,BidTheatre,tremornet&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true | |
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | |
hxxp://www.ivids.net/img/lbg.png | 69.88.149.139 |
hxxp://xlf5t.ads.tremorhub.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hxxp://www.ivids.net/3.html&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=300 | 52.205.82.36 |
hxxp://www.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t= | 54.230.45.95 |
hxxp://www.ivids.net/page-3.html?lid=937115 | 69.88.149.139 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.google-analytics.com/analytics.js | 216.58.209.174 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/crossdomain.xml | 52.2.99.223 |
hxxp://cdn.tremorhub.com/crossdomain.xml | 52.85.173.114 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://we1sb-wwcgk.ads.tremorhub.com/crossdomain.xml | 52.200.216.188 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=SundaySky,ignitionone,centro,Videology,google,TubeMogul-GP,eyeview,dataxu,videoamp,adapTV,mediamath,beeswax,thetradedesk,_dmp_turbine,1,audiencescience,dynadmic,Bidswitch,conversant,rocketfuel,BidTheatre,tremornet&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.ivids.net/css1.css | 69.88.149.139 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.google-analytics.com/r/collect?v=1&_v=j46&a=116491976&t=pageview&_s=1&dl=http://www.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=659244252&cid=1782559488.1473180242&tid=UA-74694740-2&_r=1&z=1176070523 | 216.58.209.174 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.ivids.net/page-3.htm?lid=937115 | 69.88.149.139 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://cdn.tremorhub.com/static/noad.xml | 52.85.173.114 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://xlf5t.ads.tremorhub.com/crossdomain.xml | 52.205.82.36 |
hxxp://we1sb-wwcgk.ads.tremorhub.com/ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net&mediaDesc=Watch Entertainment videos ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=[CONTENT_LENGTH] | 52.200.216.188 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,thetradedesk,google,eyeview,BidTheatre,ignitionone,dynadmic,mediamath,SundaySky,dataxu,conversant,_dmp_turbine,1,tremornet,appnexus,Videology,beeswax,adapTV,rocketfuel,TubeMogul-GP,centro,audiencescience&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true | 52.2.99.223 |
hxxp://www.bruindorsett.pw/func.js?r=5 | 54.230.45.95 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.ivids.net/img/logo.png | 69.88.149.139 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.google-analytics.com/r/collect?v=1&_v=j46&a=735763056&t=pageview&_s=1&dl=http://www.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1914398824&cid=167001551.1473180239&tid=UA-74694740-5&_r=1&z=227060018 | 216.58.209.174 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://www.statcounter.com/counter/counter.js | 151.249.90.215 |
hxxp://l.longtailvideo.com/5/10/logo.png | 93.184.221.48 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
hxxp://partners.tremorhub.com/syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b | 52.2.99.223 |
IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)
Traffic
GET /player1.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:54 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT
ETag: "4403c4-1bb61-4fbe0230ad080"
Accept-Ranges: bytes
Content-Length: 113505
Cache-Control: max-age=2592000, public
Expires: Wed, 09 Aug 2017 00:49:54 GMT
Connection: close
Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ.....8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d........ .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6....UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O............w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s....ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... ....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f....9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h).._..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
<<< skipped >>>
GET /1.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:53 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.5.30
Cache-Control: max-age=0
Expires: Wed, 07 Sep 2016 00:49:53 GMT
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET /counter/counter.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.statcounter.com
Connection: Keep-Alive
Cookie: is_unique=sc10114910.1473180257.0; is_visitor_unique=1473180257124270528
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:20 GMT
Server: PWS/8.1.38
X-Px: ht h0-s1072.p11-fra.cdngp.net
ETag: W/"576924c5-654e"
Cache-Control: max-age=43200
Expires: Tue, 06 Sep 2016 23:24:54 GMT
Age: 19166
Content-Length: 9529
Content-Type: application/x-javascript
Content-Encoding: gzip
Vary: Accept-Encoding
Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT
Connection: keep-alive
...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u..?....@.h4..B.y..Z...Q..9..............]...K.%.<L....f...U...\..i.<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C........l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&....d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q......$|...._.;...Em..itPa......P..Gj.. .5. G..1m.....Ee...F70..ZUU&.&.?.>..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4.................#_.y..]./.y...?.....U...... ..].@...JX....v.?.H.ha8.b.*..EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t.........J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D...y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\....'..e..C.*.n..#.....-...h.M..Lj$.....@O....h.,6<,.:..8,.OA...V.`.Pa[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
<<< skipped >>>
GET /page-3.html?lid=937115 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:17 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: EXPIRED
X-INAP-Server: cdce-ams002-001.ams002.internap.com
e5c..<img src="hXXp://109.201.148.40/report1.php?url=/ivids/page-3.html?lid=937115" alt="" width="0" height="0"><script type="text/javascript" src="hXXp://ivids.net/jwplayer1.js"></script><script>var thecc ="ok";</script><script type="text/javascript" src="hXXp://ivids.net/1.js"></script><form action="http://VVV.ivids.net/page-2.php" method="get" name="redirect"><input type="hidden" name="lid" value="937115"></form>..<script type="text/javascript"> if (top.location!= self.location) { document.write('<head></head><body bgcolor="#ffffff" class="body" topmargin="0" leftmargin="0">');}</script>..<form action="hXXp://VVV.ivids.net/page-3.htm" method="get" name="redirect1"><input type="hidden" name="lid" value="937115"></form><script type="text/javascript"> if (top.location!= self.location) { document.forms['redirect1'].submit();}</script><script type='text/javascript'>..var cb = Math.round(new Date().getTime() / 1000);..var items = Array('mp4:lqbyul0x.mp4','mp4:hc6lawyi.mp4','mp4:iblsdh2f.mp4','mp4:nbsyph4t.mp4','mp4:peyjpa0x.mp4','mp4:9mzecklt.mp4','mp4:vnt9ciyd.mp4','mp4:q5fufgnb.mp4','mp4:lzcpj8vr.mp4','mp4:pfdxi3pj.mp4','mp4:romfc7uu.mp4','mp4:qgmcib5y.mp4','mp4:ifgfn0gh.mp4');..var item = items[Math.floor(Math.random()*items.length)];..var ffile = "http://thm.vidvib.com/abcd.mp4";..jwplayer('ova-jwplayer-container').setup({.. "flashplayer": "hXXp://ivids.net/player1.swf",.."file": ffile,
<<< skipped >>>
GET /page-3.htm?lid=937115 HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:19 GMT
Content-Type: text/html; charset=utf-8
Transfer-Encoding: chunked
Connection: keep-alive
Vary: Accept-Encoding
X-Powered-By: PHP/5.3.3
Server: CDCE
X-INAP-Cache-Status: EXPIRED
X-INAP-Server: cdce-ams002-001.ams002.internap.com
e5d..<img src="hXXp://109.201.148.40/report1.php?url=/ivids/page-3.htm?lid=937115" alt="" width="0" height="0"><script type="text/javascript" src="hXXp://ivids.net/jwplayer1.js"></script><script>var thecc ="ok";</script><script type="text/javascript" src="hXXp://ivids.net/1.js"></script><form action="http://VVV.ivids.net/page-2.php" method="get" name="redirect"><input type="hidden" name="lid" value="937115"></form>..<script type="text/javascript"> if (top.location!= self.location) { document.write('<head></head><body bgcolor="#ffffff" class="body" topmargin="0" leftmargin="0">');}</script>..<script type="text/javascript"> if (top.location!= self.location) { var rc = document.referrer.split('/')[2];if (rc == window.location.hostname) {document.write('<div id="ova-jwplayer-container" style="position:absolute; top:0px; left:0px;width:300px;height:250px;"></div>');}}</script>..<script type='text/javascript'>..var cb = Math.round(new Date().getTime() / 1000);..var items = Array('mp4:lqbyul0x.mp4','mp4:hc6lawyi.mp4','mp4:iblsdh2f.mp4','mp4:nbsyph4t.mp4','mp4:peyjpa0x.mp4','mp4:9mzecklt.mp4','mp4:vnt9ciyd.mp4','mp4:q5fufgnb.mp4','mp4:lzcpj8vr.mp4','mp4:pfdxi3pj.mp4','mp4:romfc7uu.mp4','mp4:qgmcib5y.mp4','mp4:ifgfn0gh.mp4');..var item = items[Math.floor(Math.random()*items.length)];..var ffile = "hXXp://thm.vidvib.com/abcd.mp4";..jwplayer('ova-jwplayer-container').setup({.. "flashplayer": "hXXp://ivid
<<< skipped >>>
GET /css1.css HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1473180242.11F02FAE42BB4FA83FEB842D21424A13.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:20 GMT
Content-Type: text/css
Content-Length: 1963
Connection: keep-alive
Vary: Accept-Encoding
Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT
ETag: "a1af7-7ab-5077d94d75640"
Server: CDCE
X-INAP-Cache-Status: EXPIRED
X-INAP-Server: cdce-ams002-001.ams002.internap.com
Accept-Ranges: bytes
A..{..COLOR: #000000; ..TEXT-DECORATION: none;..}..A:link ..{..COLOR: #000000;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 13px;..}..A:visited ..{..COLOR: #000000;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 13px;..}..A:hover ..{..COLOR: #000000;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 13px;..}..table ..{..FONT-SIZE: 10px;..FONT-FAMILY: verdana, Arial, Helvetica, sans-serif;..}..td {font-family:Verdana;font-size:8.5pt}...body {..BACKGROUND-COLOR: #ffffff;..margin-left: 10%;..margin-right: 10%; ..border: 0px solid #979696;..}...topmenu {..BACKGROUND-COLOR: #eeeeee;..border-bottom: 1px solid #B5B5B5;..height: 35px;..}...topmenufont..{..COLOR: #B5B5B5; ..TEXT-DECORATION: none;..}...topmenufont:link ..{..COLOR: #B5B5B5;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 12px;..-webkit-font-smoothing: antialiased !important;..text-shadow: 1px 1px 1px rgba(0,0,0,0.004);..}...topmenufont:visited ..{..COLOR: #B5B5B5;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 12px;..-webkit-font-smoothing: antialiased !important;..text-shadow: 1px 1px 1px rgba(0,0,0,0.004);..}...topmenufont:hover ..{..COLOR: #B5B5B5;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 12px;..-webkit-font-smoothing: antialiased !important;..text-shadow: 1px 1px 1px rgba(0,0,0,0.004);..}...logo {..b
<<< skipped >>>
GET /img/lbg.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1473180242.11F02FAE42BB4FA83FEB842D21424A13.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:20 GMT
Content-Type: image/png
Content-Length: 200
Connection: keep-alive
Last-Modified: Thu, 21 Nov 2013 20:06:42 GMT
ETag: "a1c85-c8-4ebb56fac1880"
Server: CDCE
X-INAP-Cache-Status: EXPIRED
X-INAP-Server: cdce-ams002-001.ams002.internap.com
Accept-Ranges: bytes
.PNG........IHDR.......L......O......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.b.R.b .....tV.....Z&.'B..!.;......qn...h:.z!N.T@.l..4#......|..-..z...D..g.f.![.....O...........IEND.B`.HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:44:20 GMT..Content-Type: image/png..Content-Length: 200..Connection: keep-alive..Last-Modified: Thu, 21 Nov 2013 20:06:42 GMT..ETag: "a1c85-c8-4ebb56fac1880"..Server: CDCE..X-INAP-Cache-Status: EXPIRED..X-INAP-Server: cdce-ams002-001.ams002.internap.com..Accept-Ranges: bytes...PNG........IHDR.......L......O......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.b.R.b .....tV.....Z&.'B..!.;......qn...h:.z!N.T@.l..4#......|..-..z...D..g.f.![.....O...........IEND.B`...
GET /count.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&rand= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.clangburkitt.info
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:18 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 47
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
......<meta http-equiv="refresh" content="300">HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:44:18 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 47..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html........<meta http-equiv="refresh" content="300">..
GET /10114910/0/757d7213/1/ HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.statcounter.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:17 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc10114910.1473180257.0; expires=Sun, 05-Sep-2021 16:44:17 GMT; path=/; domain=.statcounter.com
Set-Cookie: is_visitor_unique=1473180257124270528; expires=Thu, 06-Sep-2018 16:44:17 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif
GIF89a...................!.......,...........T..;..
GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=11F02FAE42BB4FA83FEB842D21424A13&sc_random=0.3472518227683497&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=http://VVV.ivids.net/page-3.html?lid=937115&u=http://VVV.ivids.net/page-3.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: c.statcounter.com
Connection: Keep-Alive
Cookie: is_unique=sc10114910.1473180257.0; is_visitor_unique=1473180257124270528
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:20 GMT
Server: Apache/2.2.3 (CentOS)
P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"
Expires: Mon, 26 Jul 1997 05:00:00 GMT
Set-Cookie: is_unique=sc10114910.1473180257.0-10675947.1473180260.0; expires=Sun, 05-Sep-2021 16:44:20 GMT; path=/; domain=.statcounter.com
Set-Cookie: is_visitor_unique=1473180257124270528; expires=Thu, 06-Sep-2018 16:44:20 GMT; path=/; domain=.statcounter.com
Content-Length: 49
Connection: close
Content-Type: image/gif
GIF89a...................!.......,...........T..;..
GET /1.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:53 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.5.30
Cache-Control: max-age=0
Expires: Wed, 07 Sep 2016 00:49:53 GMT
Content-Length: 0
Connection: close
Content-Type: text/html; charset=UTF-8
GET /img/logo.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.ivids.net
Connection: Keep-Alive
Cookie: sc_is_visitor_unique=rx10675947.1473180242.11F02FAE42BB4FA83FEB842D21424A13.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:20 GMT
Content-Type: image/png
Content-Length: 2536
Connection: keep-alive
Last-Modified: Thu, 10 Jul 2014 23:39:15 GMT
ETag: "a1c81-9e8-4fddf55270ec0"
Server: CDCE
X-INAP-Cache-Status: EXPIRED
X-INAP-Server: cdce-ams002-001.ams002.internap.com
Accept-Ranges: bytes
.PNG........IHDR.......L.....3.......gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...zIDATx..]]S.W..N.......7.NE.........(...H.8S..V.....H;j.v..%.3...^.`...3...3....7.6......>..r..n...$....a`M.ys.9.y..,..U.[..a.a9M..8M .....4.`..8..4...i...:M2MXd.&J..{..K....=.?........m.....!sX...M!.5.}...){.....].r..l.U..Vv9.afH.......Wr.i[FEX..v...;.... Y.=."d.bjy..L,.......Ph..$..I.B...]W...}.3*.B.....-..&....!..gT..{.q.`...hv.........i..8M ....#~z.|]......}a.......5y..!..&...NzV........>1....wb..A.E.|g..j....J7m./.w].Df.v.N.FN.}.%...#........g.7...G.wW..8"............SGe...x...M..%kV.%.B...7........gz.....K.....d.Da......../........=).....G?. ..<...Q...k0...v.B.....fn4.:._a...|...J7.g.(:...&..k.1.i......&.;........@....y.z..|[....w-....}.......c5....I=..J...j...5...."MV..[..8.Qw....w..........Ec}..~J.9m...A..v.?...m...FvU.; ....~...r...g..x=....... .....>V....9...~.....!.u.J.FZ.iB.L.T..S./L..*.q1..|..8.2.z1..5{....kdg....h.S..k...8.K.v.....Y..-.o.E@S..F.oo|. o.2.6.B...6..)m.T..Y........).O..........Q.'`.M.*J..p.tGW.....FO.C.=......b...*O..@....p*].h..Z.}.~....*G.....n$...D.....Q..4Y..8L..;...K...Z..H1...ai.t.*yL...`-)2E..ip..C.d.&$*....p..[{.......4Ez..Gf.V..T.D[....g....Rm......u(Y.o@HT.*>?;}..D2ks...6>-\.)}Rb..ky......Pc......-.\..?..s......319....^..D.i.C.....s.z.[..\...GJ...'8...Hi.s......-.S.#...1...)..._S.V.ocE.\..cB.*Y.Z..B..%..r..73.8..p....P.U..\......2.2u....S.....iQ.............P.y...{ 7i......v.s..N..-....K]\v.%..Vo$.P..<....}....Wb..9..7.p..$4=N Mj..0..4gj..Hie..5;-......6...8..m.(.
<<< skipped >>>
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: 130
Connection: keep-alive
Date: Sun, 24 Jul 2016 04:41:02 GMT
Last-Modified: Thu, 04 Dec 2014 23:41:04 GMT
ETag: "2cf4c5e3d4c1206209355ac1065b0efc"
Accept-Ranges: bytes
Server: AmazonS3
Age: 78843
X-Cache: Hit from cloudfront
Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Uz05uryR34hC-ggWG3NA2zmosS3DJwBp1yS-TjzeM6CdWr8laBoQFA==
<?xml version="1.0" ?>.<cross-domain-policy>. <!-- Very Liberal -->. <allow-access-from domain="*" />.</cross-domain-policy>....
GET /static/noad.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cdn.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Type: text/xml
Content-Length: 73
Connection: keep-alive
Date: Sun, 24 Jul 2016 05:41:23 GMT
Last-Modified: Thu, 04 Dec 2014 23:38:15 GMT
ETag: "074455bdeaf186ffa7b220bc14965cd5"
Accept-Ranges: bytes
Server: AmazonS3
Age: 24712
X-Cache: Hit from cloudfront
Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: sVVjYEcceYkOmuOi_3jDCS2BE0AJ8pa_sDP12355xCQcA-2T9CAdWg==
<VAST version="2.0" t:status="NO_AD" xmlns:t="hXXp://tremorhub.com/ssp"/>HTTP/1.1 200 OK..Content-Type: text/xml..Content-Length: 73..Connection: keep-alive..Date: Sun, 24 Jul 2016 05:41:23 GMT..Last-Modified: Thu, 04 Dec 2014 23:38:15 GMT..ETag: "074455bdeaf186ffa7b220bc14965cd5"..Accept-Ranges: bytes..Server: AmazonS3..Age: 24712..X-Cache: Hit from cloudfront..Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: sVVjYEcceYkOmuOi_3jDCS2BE0AJ8pa_sDP12355xCQcA-2T9CAdWg==..<VAST version="2.0" t:status="NO_AD" xmlns:t="hXXp://tremorhub.com/ssp"/>..
GET /index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t= HTTP/1.1
Accept: */*
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.bruindorsett.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: text/html
Content-Length: 906
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Encoding: gzip
Date: Tue, 06 Sep 2016 16:44:17 GMT
Vary: Accept-Encoding
X-Cache: Miss from cloudfront
Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: Ve6bY_ReGknHhXCro8OuRV5ECBYHKHegJ-SKMAix-IxvzWv_u0qI4w==
...........UMo.8..... x.....$N..t...&....b..9..Xb*..9..M..KR.r..X.lr....7o<..m...x......5.....W..tAFs..M...kF.M.:.|Tm.Q,...P.A.;.g............okXi0..[{.YfO.....,.....c^KUnH. l...d4..U.j.....[..{.{-..7.ft...\.4o..]0..9N.a.....Z...@L.\..P......Q...i..?......?..ln.......f..$;.d{;..J.....e.(.D.5.9%5..F.../..A..M.U..Y1*.......u..?.._].j ^...M......k.........P.JPC.t./..M.....k....Ith.k...P..Q.....!$\..@.d(b....u..6..W.g...N%o6(........... }..........s....?..W.Q....m...).D..w6,.'a .,.0.qf.B...5...*.]..:*.G..............O.....v.*[........l/....VJC.....Q8.Y.!.U.....JA...Yy.........1.d..h.JLH..`.>.I`Uy..p....M...{T..x..,........a..#U....t...Sz..|......Vdz..........n.>......wb.>.LDk.4../...%.........I..2.o{Y%.I....D*`..`.....l.?I'......u..._.NP}Em..F.....k).....H....h.n.kQ. m .."....>I.=<.k.N...Q............)..<.?..4K.....n...)......./>].[...]|>.t.`D2..c.K?..eH...m.Y.Bi02...t.s.....N4......v...?..[J0:...HTTP/1.1 200 OK..Content-Type: text/html..Content-Length: 906..Connection: keep-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Encoding: gzip..Date: Tue, 06 Sep 2016 16:44:17 GMT..Vary: Accept-Encoding..X-Cache: Miss from cloudfront..Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: Ve6bY_ReGknHhXCro8OuRV5ECBYHKHegJ-SKMAix-IxvzWv_u0qI4w==.............UMo.8..... x.....$N..t...&....b..9..Xb*..9..M..KR.r..X.lr....7o<..m...x......5.....W..tAFs..M...kF.M.:.|Tm.Q,...P.A.;.g............okXi0..[{.YfO.....,.....c^KUnH. l...d4..U.j...
<<< skipped >>>
GET /func.js?r=5 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.bruindorsett.pw
Connection: Keep-Alive
HTTP/1.1 200 OK
Content-Type: application/javascript
Content-Length: 597
Connection: keep-alive
Server: Apache/2.2.22 (Win64) PHP/5.3.13
Last-Modified: Mon, 18 Jul 2016 15:25:49 GMT
ETag: "90000001e1520-f7a-537ea953f7333"
Accept-Ranges: bytes
Content-Encoding: gzip
Date: Fri, 19 Aug 2016 01:35:05 GMT
Vary: Accept-Encoding
Age: 402
X-Cache: Hit from cloudfront
Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)
X-Amz-Cf-Id: 6rrRgBKGcPg4Pc5hvabRpWttMPUsV_ft1UAa7qQmVc0RqPujrjimAg==
............MO.@...H..k/vJ.8....U U.R.q.z..N.......DU.{....-.G.>l<3..wVyd.Dk.b.y..d..T.D...."W.<K.n4,X.$........AU5^..{.]_M..:.].....Z P9.p9.F?....'...d.|..o..[e...8E...{.4.U.BrB.<......> .X.9......P.B...i.J..L....V ..jr*n... ]v..g@.. .M.u.v&]..~..Bz_."..:.]... o...T.B...q....pC..B..qM...J.<J.....c]..s>...V:.......[a=..|..x.z.....=.9%}.t......T........'..t...g.....L.. *.V2..p...rv.....F..x?W..*............3_.q.q....S.~....7_e.G..P..7w..h..R ..$.w....H.41.W.n...D....wZ..x.ZG....6..:a.5!....t:O..:.5MvM...(...f.@..S.\.......SuY....:.........>...P..{|:.<.<...I...=........}..=...|.8.......{1z...HTTP/1.1 200 OK..Content-Type: application/javascript..Content-Length: 597..Connection: keep-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..Last-Modified: Mon, 18 Jul 2016 15:25:49 GMT..ETag: "90000001e1520-f7a-537ea953f7333"..Accept-Ranges: bytes..Content-Encoding: gzip..Date: Fri, 19 Aug 2016 01:35:05 GMT..Vary: Accept-Encoding..Age: 402..X-Cache: Hit from cloudfront..Via: 1.1 e7b9cdca203ddf236ea718720742caf2.cloudfront.net (CloudFront)..X-Amz-Cf-Id: 6rrRgBKGcPg4Pc5hvabRpWttMPUsV_ft1UAa7qQmVc0RqPujrjimAg==..............MO.@...H..k/vJ.8....U U.R.q.z..N.......DU.{....-.G.>l<3..wVyd.Dk.b.y..d..T.D...."W.<K.n4,X.$........AU5^..{.]_M..:.].....Z P9.p9.F?....'...d.|..o..[e...8E...{.4.U.BrB.<......> .X.9......P.B...i.J..L....V ..jr*n... ]v..g@.. .M.u.v&]..~..Bz_."..:.]... o...T.B...q....pC..B..qM...J.<J.....c]..s>...V:.......[a=..|..x.z.....=.9%}.t......T........'..t...g.....L..
<<< skipped >>>
GET /5/10/logo.png HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/player1.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: l.longtailvideo.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Cache-Control: max-age=604800
Content-Type: image/png
Date: Tue, 06 Sep 2016 16:44:21 GMT
Etag: "3015243340"
Expires: Tue, 13 Sep 2016 16:44:21 GMT
Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT
Server: ECAcc (arn/46B0)
X-Cache: HIT
Content-Length: 1845
.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP....0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......cv..9sv...3g....A-.).8j......J..*.Ge9.@....Y u(.....k.Nt.3..yR....~*]. ...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !.....Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9kL....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j.}S...@.EmE./.....U.u.-.U\..../B......;..Q......@.9....=.'.~Jm0t<c.]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{......>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'....x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`...8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.bi..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
<<< skipped >>>
GET /report1.php?url=/ivids/page-3.html?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:47:48 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:47:48 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=utf-8......
GET /bck.php?1473180240000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:47:49 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:47:49 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=utf-8......
GET /report1.php?url=/ivids/page-3.htm?lid=937115 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:47:50 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
....
GET /bck.php?1473180241000 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: 109.201.148.40
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:47:50 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Content-Length: 0
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:47:50 GMT..Server: Apache/2.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=utf-8..
GET /itd.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&rand= HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: cocomo.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:44:18 GMT
Server: Apache/2.2.22 (Win64) PHP/5.3.13
X-Powered-By: PHP/5.3.13
Content-Length: 1118
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Content-Type: text/html
<html>..<head>..<title>a</title>..</head>..<body>..<script language="JavaScript" type="text/javascript">..<!--..function reeadCookie(name) {.. var nameEQ = name "=";.. var ca = document.cookie.split(';');.. for(var i=0;i < ca.length;i ) {.. var c = ca[i];.. while (c.charAt(0)==' ') c = c.substring(1,c.length);.. if (c.indexOf(nameEQ) == 0) return c.substring(nameEQ.length,c.length);.. }.. return null;..}..function uapcc() {..//var paathname = reeadCookie('tvrg_60409');..//if (paathname.substring(0, 2) == '"4') {..//eraseCookie("tvrg_60409");..var date = new Date();..date.setTime(date.getTime() (60 * 1000));..var times = Math.floor(Date.now() / 1000);..//document.cookie = "tvrg_60409=1," times ";domain=.tremorhub.com;path=/;expires=" date.toGMTString() "";..document.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;expires=-1";..//}..}..setInterval(function() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 90);..//-->..</script>..<meta http-equiv="refresh" content="300">..</html>HTTP/1.1 200 OK..Date: Tue, 06 Sep 2016 16:44:18 GMT..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 1118..Keep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: text/html..<html>..<head>..<title>a</title>..</head>..<body>..<script language="JavaScript" type="
<<< skipped >>>
GET /jwplayer1.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:52 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT
ETag: "4403af-25d37-53444eccf91c0"
Accept-Ranges: bytes
Content-Length: 154935
Cache-Control: max-age=2592000, public
Expires: Wed, 09 Aug 2017 00:49:52 GMT
Connection: close
Content-Type: text/javascriptvar dtn = Date.parse(new Date().toString());..document.write(unescape(>>
'
GET /draw/?w=colored&n=1114&c=000000ffffff&p= HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Cookie: uid=CgH9IlfO8mGPZnOK3cSQAg==
Connection: Keep-Alive
Host: widgets.amung.us
HTTP/1.1 200 OK
Server: nginx/1.9.6
Date: Tue, 06 Sep 2016 16:44:17 GMT
Content-Type: image/png
Transfer-Encoding: chunked
Connection: keep-alive
Content-Disposition: filename=wau-widget.png
Expires: Thu, 06 Oct 2016 16:44:17 GMT
Cache-Control: max-age=259200054f...PNG........IHDR...Q...........p.....PLTE...EEEYYY.........???AAA>>
..................;<=abdWXZ""",,,............GGG...'((.............
..uvyEFG...............kln...NNN>>>...qqq...~~.vwx...hhi.....
....OPQ...ooo...............uvv...opp......UVV......bbb......bcc...ijj
}~~......dee............SSS...QQQ...]^^PPP.........TTTaaaRRR..........
..___...HHHrss.........kllJJJDDD|||BBB.....................LLLNOO.....
....@@@tttkkkvvv:::WWW............FFF.........?@@888666ppprrrCCC......
...111............000...lll......XYZ(((&&&hhhfff cdeZ[\788...dddccc.
........nnn.........ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj.55.....tRNS.@
..f....IDATH....[.1...-.@..J..R.]q.hTTp....Z.z...*..B.....(B9..4'C....
R.....{.H>...}....q.....NMN....?.....oL%|~Y8:..cX....V..._.....1<
;%q?.!.gp``.34/...snw_o........o..vI....t:=._.._p..q......3...........
;....-..o...ki..4....=...4.....P/q.^.l...).lOi.a.X.<~...-...4.|....
..5....*.=q...MUw...........Z.h%t. .I.`c....F......|..%E<....M.....
..^....%..C.........sg.:._@q F.i..R.S%.A..I.&,..W........cb.Q....."#..
..R.....x.....".....g4.........|..0.....B.J....]..a. l..l....BF. I.'.Y
..e3.@...i#n...V...@:5...N.*..2nXo.XD.h2...]...Q...v5.jL..a.....aF.^.D
.>|........\...f.aklF..d< ...M.fOCX7...t.m...^u)..%..hgf........
.....\..........OdI.x. .....b..q)1.......3..,i....k..h..sc..F...8q.F..
G,kc...2......hnB....: ....Q..P[.....jPF.{.....k.i.g....IEND.B`...0..
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: we1sb-wwcgk.ads.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 06 Sep 2016 16:44:37 GMT
ETag: W/"144-1446501138000"
Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 144
Connection: keep-alive<?xml version="1.0" ?>.<cross-domain-policy>. <!-- V
ery Liberal -->. <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....
GET /ad/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net&mediaDesc=Watch Entertainment videos ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hXXp://VVV.ivids.net/3.html&contentLength=[CONTENT_LENGTH] HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: we1sb-wwcgk.ads.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Type: text/xml;charset=ISO-8859-1
Date: Tue, 06 Sep 2016 16:44:37 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; Domain=.tremorhub.com; Expires=Wed, 06-Sep-2017 22:32:57 GMT; Path=/
Set-Cookie: tvrg_60409="2,1473180263"; Version=1; Domain=.tremorhub.com; Max-Age=46; Expires=Tue, 06-Sep-2016 16:45:23 GMT; Path=/
Vary: Accept-Encoding
x-tremorvideo-status: NO_AD
Content-Length: 517
Connection: keep-alive...........RM..0....H.....Uh.D4.."..U!.a...{B....&....M7.8lO~.....M8?.>>
.....JF.p.9=.Lq!..Ye.o.g....$...QK....l....f.k5.J..|.T..S9=;3.lm"...&.
s.0..8....P.U...e.uo{i.../.;..gP..-..........\..J.h..n#.T..Z..1..1>
...?..|?.z>x.......*Jk..I....B.RX.A%.*..jE`-8..*ZJ.Tqho.:./........
...O.8X8....3( ......J..J.;.9.9..........S..e....E7..mPsA..a...4.x)...
.....m..lS.i.....nk<.de;.r.U.<.h.5.4..y...O....M`...y.p:.<>
;...|.....9..?c..Z.......<....-.._.n.Z&....?.v.^f[..F......M&.#. ..
.d5.3......G.....u.^..o-..]...x.... ......T.V...HTTP/1.1 200 OK..Cache
-Control: no-cache, no-store, must-revalidate..Content-Encoding: gzip.
.Content-Type: text/xml;charset=ISO-8859-1..Date: Tue, 06 Sep 2016 16:
44:37 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.c
om/en/privacy-policy'..Pragma: no-cache..Server: Apache-Coyote/1.1..Se
t-Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; Domain=.tremorhub.com
; Expires=Wed, 06-Sep-2017 22:32:57 GMT; Path=/..Set-Cookie: tvrg_6040
9="2,1473180263"; Version=1; Domain=.tremorhub.com; Max-Age=46; Expire
s=Tue, 06-Sep-2016 16:45:23 GMT; Path=/..Vary: Accept-Encoding..x-trem
orvideo-status: NO_AD..Content-Length: 517..Connection: keep-alive....
.........RM..0....H.....Uh.D4.."..U!.a...{B....&....M7.8lO~.....M8?...
...JF.p.9=.Lq!..Ye.o.g....$...QK....l....f.k5.J..|.T..S9=;3.lm"...&.s.
0..8....P.U...e.uo{i.../.;..gP..-..........\..J.h..n#.T..Z..1..1>..
.?..|?.z>x.......*Jk..I....B.RX.A%.*..jE`-8..*ZJ.Tqho.:./..........
.O.8X8....3( ......J..J.;.9.9..........S..e....E7..mPsA..a...4.x).
GET /player1.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:54 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT
ETag: "4403c4-1bb61-4fbe0230ad080"
Accept-Ranges: bytes
Content-Length: 113505
Cache-Control: max-age=2592000, public
Expires: Wed, 09 Aug 2017 00:49:54 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....>>
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%Y&.Y..1V6NNNV..V...h..a.W.H.........@.L../b...@...........bJ..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T.....
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
GET /ova-jw.swf HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/player1.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Wed, 07 Sep 2016 00:49:55 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Sun, 15 Jun 2014 14:00:26 GMT
ETag: "4403b3-39741-4fbe0551c3280"
Accept-Ranges: bytes
Content-Length: 235329
Cache-Control: max-age=2592000, public
Expires: Wed, 09 Aug 2017 00:49:55 GMT
Connection: close
Content-Type: application/x-shockwave-flashCWS..A..x......U.8.!.o.{.l/.B...$.@....Nx......A...Uuw........!AQD.e.q>>
. ..(...?""..,2:.u.....t.....`....9w.[..u:q....}..~Uu.s.=..........b..
.k[R..l...;../K.........=...|..!O;.M..........3.m6K..[/....-...m."%...
BY..*Xk.....t W2.e.,..Y.3 .....V..h.X)..I-....).P...n.J..r=.fiJ-.T....
S.....k....Q.....jMn...B..Q..;3.9.......y..].K."PX...S....7....b..*92.
q..V..@...X..&...J.p...].o.L...e.Y....y.0QQ'......x.1.e}.e.|..-....l.F
..o.w.......Y......u.g......-% .#.[....:..../x.".....i..d...uuK.K.....
.tF.V.9]K.8.....9isZ/...4.KN.,.0...[...U)....i.,...o../S...,..S-]...&.
.......Q..RZ.....nm&.. ....'.ROz.J.0......_.C....~zG..... ....~C...t..
;=`...t^.....B...48.[3..Sd(.J..D4b.H.....U&&`.;..RE.../..i..X.......u@
..).......{..k.....`.@.7...... i....rI....I]LgL/..z....H.... t...|..Nk
..`...U(..?..u.#w...X"...NK\u...7.\....7.\}...o...wvO....R.d3.&Im..f}V
.....e.T..%c|...:.pQ..j.`...l9=.Zi....q..#...5...0...iw..C..j...|..%.\
)...K..... .............u.`. E2...f.*@.6....NPmJ'......L....(m.c.r.Z.H
W....f.....Y......_...7......p1..a.zx.u...go....O......!.......GNE..J6
a........3.......Mg...........Z.>.*..s.....%..<iX.5ZKlt...0.V..F
.....Ex...Y2.5R...S....J.....q .N2..B.. ..M.Z..O....../..E............
..&`".%.AZ..g3p..$.@.0..&.d....i....~....................&3p4OFb....T.
.O.J....M.....O?...jv..6.........0x.....#..;.....}..i....W....]....&.V
..a.pO...&.f:..V5}.yK.YM.e........4..:.`...].)......2.... ....uD......
p..g./.AC.....bh8.....L..'"...;;/q..-..>:Y2 ........\.D....=.......
...).0..W....69V.H.....O..N.....W.P....."hNdG"cA..........{3.;7.j&
GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: whos.amung.us
Connection: Keep-Alive
HTTP/1.1 303 See Other
Date: Tue, 06 Sep 2016 16:44:17 GMT
Content-Type: text/html
Transfer-Encoding: chunked
Connection: close
Location: hXXp://widgets.amung.us/draw/?w=colored&n=1114&c=000000ffffff&p=
Set-Cookie: uid=CgH9IlfO8mGPZnOK3cSQAg==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/0..
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:48:07 GMT
Server: Apache/2.2.15 (CentOS)
Last-Modified: Tue, 11 Nov 2014 03:08:25 GMT
ETag: "a1b01-52-5078c97abfc40"
Accept-Ranges: bytes
Content-Length: 82
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<cross-domain-policy>.. <allow-access-from domain="*"/>
..</cross-domain-policy>....
GET /v?LR_PUBLISHER_ID=38834&LR_SCHEMA=vast2-vpaid&LR_AUTOPLAY=1&LR_CONTENT=1&LR_VIDEO_URL=hXXp://VVV.ivids.net/3.html&LR_VIDEO_ID=&LR_VIDEO_POSITION=0&LR_PARTNERS=937115&LR_TITLE=Entertainment videos ivids.net&LR_FORMAT=application/x-shockwave-flash HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: vi.ivids.net
Connection: Keep-Alive
Cookie: _ga=GA1.2.1782559488.1473180242; _gat=1
HTTP/1.1 200 OK
Date: Tue, 06 Sep 2016 16:48:07 GMT
Server: Apache/2.2.15 (CentOS)
X-Powered-By: PHP/5.3.3
Set-Cookie: PHPSESSID=in11rfp0hac5ldi60vqrtp3ob4; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: private
Pragma: no-cache
Content-Length: 654
Keep-Alive: timeout=5
Connection: Keep-Alive
Content-Type: text/xml<?xml version="1.0" encoding="UTF-8"?>..<VAST version="2.0"&g>>
t;..<Ad id="1"><Wrapper><AdSystem>1</AdSystem>
<VASTAdTagURI><![CDATA[hXXp://we1sb-wwcgk.ads.tremorhub.com/a
d/tag?adCode=we1sb-fspan&playerWidth=645&playerHeight=380&playerPositi
on=1&mediaTitle=Entertainment videos ivids.net&mediaDesc=Watch Enterta
inment videos ivids.net&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageU
rl=hXXp://VVV.ivids.net/3.html&contentLength=[CONTENT_LENGTH]]]><
;/VASTAdTagURI><Impression><![CDATA[hXXp://z.frightenedomn
iscient.info/chki.php?ww=tremor&aa=hXXp://VVV.ivids.net/3.html&lrp=937
115&TIMESTAMP=2127029923]]></Impression><Creatives><
/Creatives></Wrapper></Ad>..</VAST>HTTP/1.1 200 O
K..Date: Tue, 06 Sep 2016 16:48:07 GMT..Server: Apache/2.2.15 (CentOS)
..X-Powered-By: PHP/5.3.3..Set-Cookie: PHPSESSID=in11rfp0hac5ldi60vqrt
p3ob4; path=/..Expires: Thu, 19 Nov 1981 08:52:00 GMT..Cache-Control:
private..Pragma: no-cache..Content-Length: 654..Keep-Alive: timeout=5.
.Connection: Keep-Alive..Content-Type: text/xml..<?xml version="1.0
" encoding="UTF-8"?>..<VAST version="2.0">..<Ad id="1">
<Wrapper><AdSystem>1</AdSystem><VASTAdTagURI>&
lt;![CDATA[hXXp://we1sb-wwcgk.ads.tremorhub.com/ad/tag?adCode=we1sb-fs
pan&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Enter
tainment videos ivids.net&mediaDesc=Watch Entertainment videos ivids.n
et&mediaId=&mediaUrl=[CONTENT_MEDIA_URL]&srcPageUrl=hXXp://VVV.ivi
GET /analytics.js HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Strict-Transport-Security: max-age=10886400; includeSubDomains; preload
Date: Tue, 06 Sep 2016 16:11:49 GMT
Expires: Tue, 06 Sep 2016 18:11:49 GMT
Last-Modified: Mon, 15 Aug 2016 04:25:11 GMT
X-Content-Type-Options: nosniff
Content-Type: text/javascript
Vary: Accept-Encoding
Content-Encoding: gzip
Server: Golfe2
Content-Length: 11590
Cache-Control: public, max-age=7200
Age: 1948...........}iw..........tc.m'.a.i|B...F6 ...%.6.F.....o..JR/..{.....s'>>
V..VK..J.W..Hz...=....S....=$......l.j.......d....?Q...-..K...j(FR..W]
.b._..V.Ea-.6u.......D..gF.....[.<..W...../............`z.....g.l..
~.............>..........GB..N....?...?.I2.....U...o<.....W.;...
x qq......J.......zC.q...?.<.....P.."..[.|.....\P.c...[8.......FB;/
..#..N.........,.:..}.mw.....Bx..?...r=&`..,Q....)j.v..f3.._.y....<
.}..........y.5..l...fk..E.B7].X....%. h...6m...J$O.......!=.P,..$qo..
...]]..8g?....f..Oj......M..b4.$.T$...{...R..^......_.63T-.e..#h7Y.F..
~..}..Q....\..Z.2KKO...on8..%.!.n.."V<Qo.j......0. .o{2..u(uU..M.8.
E..FDs6.y.....7..\..g.....x4.7<.......yg.{f.....>.k/s..V..k....)
....s)..@...$QC.7..\.P*I..uI.E.........U..7.<.]Wy.0.....]..........
..*.2.[.0 @e.1....qXT._... .!8..IO..........L%..}.6.%.u6'"...."*.>.
........[.U]..O.k.p.........C'QwI......*..~(..B.v.g...&.y...@.f....S.9
..........<....8@........r..R..=.y.1..M....D...G..P..O..s.v)/[.....
q.......e.s*.aE3"p[..J.[Xj<}.....u...^^.=.....u.....V....sR....Z...
...Uo....P\........M.!,L..v...[....'.hBd.n.....rr....c..@=.o.N..|A....
C..-.D...ju....E.t....s.......p$.7.HT....S...!.4....]./.X.......C.C.[.
X....~..B.d.../.e.4..O.r*q`.....d.....b...t........../^6.jg:B........'
....x4...w;D...J1.._`.@].s...'*U....&.a.KFD....<.....Y@.7.?U..a...P
..J.V..\%...O'].Q...[.7....Fn...0tgA.2S.#-....._..%....q......f..9...z
Z...l==.R .@..v...."......[.....".".;..YBf....~.....m.$....d42?.9f..K@
........7.Q_..w.<-...;z..|..*..>...D...(?r.....@F.. ..P]...2
GET /r/collect?v=1&_v=j46&a=735763056&t=pageview&_s=1&dl=http://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1914398824&cid=167001551.1473180239&tid=UA-74694740-5&_r=1&z=227060018 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=18Ape2xw6bXS5P5zyqF5&date=2016-09-03&p=none&t=
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Tue, 06 Sep 2016 16:44:17 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 06 Sep 2016 16:44:17 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;....
GET /r/collect?v=1&_v=j46&a=116491976&t=pageview&_s=1&dl=http://VVV.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=659244252&cid=1782559488.1473180242&tid=UA-74694740-2&_r=1&z=1176070523 HTTP/1.1
Accept: */*
Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115
Accept-Language: en-us
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: VVV.google-analytics.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Access-Control-Allow-Origin: *
Date: Tue, 06 Sep 2016 16:44:20 GMT
Pragma: no-cache
Expires: Fri, 01 Jan 1990 00:00:00 GMT
Cache-Control: no-cache, no-store, must-revalidate
Last-Modified: Sun, 17 May 1998 03:00:00 GMT
X-Content-Type-Options: nosniff
Content-Type: image/gif
Server: Golfe2
Content-Length: 35GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Tue, 06 Sep 2016 16:44:20 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 06 Sep 2016 16:44:23 GMT
ETag: W/"144-1446501138000"
Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 144
Connection: keep-alive<?xml version="1.0" ?>.<cross-domain-policy>. <!-- V
ery Liberal -->. <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,thetradedesk,google,eyeview,BidTheatre,ignitionone,dynadmic,mediamath,SundaySky,dataxu,conversant,_dmp_turbine,1,tremornet,appnexus,Videology,beeswax,adapTV,rocketfuel,TubeMogul-GP,centro,audiencescience&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:23 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1f4.............RMo.@...W.H.-...c....V..6*.=D.5.cX...v..............7.
ov........."v.....(%.......U.,.w.:...l..(P.....Z.p]....n.Q).......X...
.o.7...D).$.O.J..Y...M..b.Yv..o...)..z.q.D..W.i.>..).VPC...v....Rs.
.. `.p..p;..0.=Vx0g.|^z.C.WRV;.0Y.R..@X"y[.WY.../.Dy%.%.R.J.>`..5..
..-..6...k.P.d...5Z....g......O...ckz.2NSGS.....VK..83.n..p...]...e...
..`..C..~..5.5C.@4.8...Fml...p..d.._...0..S6...B9..<.:.....S.....Fk
..}...............g......N...o....K.&.J...Gs.ItG.........fO.2.v_.....[
..m.h...._................0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:24 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1f9.............R...0.}.W.H.m.B!......Z..U.....M<..".#.......^^.`..>>
...x...*;[2Vj5.B..uH..R.S.).x.{..M../. ...8P...zk..I.8C.6.&....kk..&..
k....m5...d..4.a......`.Uiv..,..Ipq...1....C..}...g..s...S...W...J....
i4.".......(..a.y.c..c..t.......{........)o>=.).%.........:[2@p.o..
. j...I..8..59.HHv.&.h i...kE....A.b....=..3....v'.X3^4.....i... ).V..
*p..=[.p3l.Dv.{F ...kL..u..d8.....p....... ..Q8..z.>.yI..O.......E.
.>.&/I.Rl|V ....Y.uQ.Jq..8.m.....{~..dE..>.......6d.E......rK...
.3......./...e...~..Wr.[......g%.....d.......vh.m#.....0..HTTP/1.1 200
OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Tue, 06 Sep
2016 16:44:24 GMT..P3P: CP='This is not a P3P policy. See hXXp://trem
orvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accep
t-Encoding..transfer-encoding: chunked..Connection: keep-alive..1f9...
..........R...0.}.W.H.m.B!......Z..U.....M<..".#.......^^.`.....x..
.*;[2Vj5.B..uH..R.S.).x.{..M../. ...8P...zk..I.8C.6.&....kk..&..k....m
5...d..4.a......`.Uiv..,..Ipq...1....C..}...g..s...S...W...J....i4."..
.....(..a.y.c..c..t.......{........)o>=.).%.........:[2@p.o... j...
I..8..59.HHv.&.h i...kE....A.b....=..3....v'.X3^4.....i... ).V..*p..=[
.p3l.Dv.{F ...kL..u..d8.....p....... ..Q8..z.>.yI..O.......E..>.
&/I.Rl|V ....Y.uQ.Jq..8.m.....{~..dE..>.......6d.E......rK....3....
.../...e...~..Wr.[......g%.....d.......vh.m#.....0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:24 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1d8.............R...@... .....8.c...w....*f..je5t.........O..u....T.5]>>
.....j...6B....C.G.P(.&v......'o.U....Q ....l....3...*..&...r........1
....:.u.(.^...P...jy2..$.......}%;..3.<~.O..O..4K..v5h .A..|O...p..
..4.p..a.... .}.s...M..GpS.Y....iv.O..F......J.W...Pg ........$.x%..Nm
N-_....d.\.....m...tlL..../..;.)HZ..|.h...%.e#.N.m..O......P@..<...
...ENd.pd...^.F.B.M....?._&.>.c.......'.?...}...D..I.i..?.....}Q.PY
U...3.v....9^<..Z.i..M...y....&.g..X.i(...w{...........Z..k. u.1.).
.e..@.....1=.T......0..HTTP/1.1 200 OK..Content-Encoding: gzip..Conten
t-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:24 GMT..P3P: CP='This i
s not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Ser
ver: Apache-Coyote/1.1..Vary: Accept-Encoding..transfer-encoding: chun
ked..Connection: keep-alive..1d8.............R...@... .....8.c...w....
*f..je5t.........O..u....T.5].....j...6B....C.G.P(.&v......'o.U....Q .
...l....3...*..&...r........1....:.u.(.^...P...jy2..$.......}%;..3.<
;~.O..O..4K..v5h .A..|O...p....4.p..a.... .}.s...M..GpS.Y....iv.O..F..
....J.W...Pg ........$.x%..NmN-_....d.\.....m...tlL..../..;.)HZ..|.h..
.%.e#.N.m..O......P@..<......ENd.pd...^.F.B.M....?._&.>.c.......
'.?...}...D..I.i..?.....}Q.PYU...3.v....9^<..Z.i..M...y....&.g..X.i
(...w{...........Z..k. u.1.)..e..@.....1=.T......0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:25 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 517
Connection: keep-alive...........R...0.}.W.H......%A,..R/.M....r2.X.... ...K.^........rf...8>>
.N.4/Ed....B......V.........4I.4...G..&........E..U.....ZZ-3...JG..o..
...)....bR.j.....8..m%.S..;.I.....y..._f.i:}...L.A.u..[.\..&.C4...0...
.l..A...d...;.......NpCM..mo..a.d.&...KE.-.@Cx...c......b...@&.x.xnBH)
.R..V.IP..."O.......}.&..N*..N.MX..........f.o.t...!#C.gv!..BnL.2..]Q.
.........>x}..,..C..w...^_...]..R..Kae.c..z.U........<y"...v..&g
t;..s"..mfb..W......^..>....f9.....L.Z...e!..f..8.)...P.a.~&-.1S...
m..D.kb;?_.;..%......7.......... .s$...HTTP/1.1 200 OK..Content-Encodi
ng: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:25 GMT.
.P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/priv
acy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content
-Length: 517..Connection: keep-alive.............R...0.}.W.H......%A,.
.R/.M....r2.X.... ...K.^........rf...8.N.4/Ed....B......V.........4I.4
...G..&........E..U.....ZZ-3...JG..o.....)....bR.j.....8..m%.S..;.I...
..y..._f.i:}...L.A.u..[.\..&.C4...0....l..A...d...;.......NpCM..mo..a.
d.&...KE.-.@Cx...c......b...@&.x.xnBH).R..V.IP..."O.......}.&..N*..N.M
X..........f.o.t...!#C.gv!..BnL.2..]Q..........>x}..,..C..w...^_...
]..R..Kae.c..z.U........<y"...v..>..s"..mfb..W......^..>....f
9.....L.Z...e!..f..8.)...P.a.~&-.1S...m..D.kb;?_.;..%......7..........
.s$.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:25 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 467
Connection: keep-alive...........R]..0.|....zoG.%!.$(...I..jr..tB......e;@.}..G?^....x.3.dq.
......L.`8..$Y.\nR...|.{..]....J..4.P..M..Z5.}.I4.n.!k.o...vn,........
.....Y.C.R.....%.........o....K.<}........../..h ......$...BsL.Y..,
..(~.DQ...V..0..X@p....x...\9.`..:p..d.^q.f.l.._....d.........R....a..
EH....a$.n......e..E ..b..b'..g..B..l}..5... *"s..Ck.jm[]qI7...N.*~...
.Mp<.0.6.M.p2.....%K.?......dz.=>@..-...% ...,...ez.v...J..w....
vV....f.....Yj`[.s.{..ql....%..I.oK...b/.)@......5......HTTP/1.1 200 O
K..Content-Encoding: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2
016 16:44:25 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremor
video.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-
Encoding..Content-Length: 467..Connection: keep-alive.............R]..
0.|....zoG.%!.$(...I..jr..tB......e;@.}..G?^....x.3.dq.......L.`8..$Y.
\nR...|.{..]....J..4.P..M..Z5.}.I4.n.!k.o...vn,.............Y.C.R.....
%.........o....K.<}........../..h ......$...BsL.Y..,..(~.DQ...V..0.
.X@p....x...\9.`..:p..d.^q.f.l.._....d.........R....a..EH....a$.n.....
.e..E ..b..b'..g..B..l}..5... *"s..Ck.jm[]qI7...N.*~....Mp<.0.6.M.p
2.....%K.?......dz.=>@..-...% ...,...ez.v...J..w....vV....f.....Yj`
[.s.{..ql....%..I.oK...b/.)@......5..........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:26 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 459
Connection: keep-alive...........RM..@...W.H...R ....n....*lzX."..a.e@3C..}M6.....<{...'.
.S.<9........kB.jQ.]b......*}.o.....#...^.......m.5...rV...ugM.R.0.
N./_......N.....#5F...5iq......~M..fX....]..}X.dE.pi..2.....w..l.WJ`.D
A.Q...>yA........QT..............z./z....@j...0.k2.....C.. .....t..
.{.l....p."iT...@}......D...(...lD..!...._.EM..pP..#..m....W..4.yE....
........~...Y...8..||Lc.O#o.j.?~..XW.MTv.W..{...|<7...5."=....k. ..
. L..<;0.PP...n...f........$....#..... ......c.....HTTP/1.1 200 OK.
.Content-Encoding: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 201
6 16:44:26 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvi
deo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-En
coding..Content-Length: 459..Connection: keep-alive.............RM..@.
..W.H...R ....n....*lzX."..a.e@3C..}M6.....<{...'..S.<9........k
B.jQ.]b......*}.o.....#...^.......m.5...rV...ugM.R.0.N./_......N.....#
5F...5iq......~M..fX....]..}X.dE.pi..2.....w..l.WJ`.DA.Q...>yA.....
...QT..............z./z....@j...0.k2.....C.. .....t...{.l....p."iT...@
}......D...(...lD..!...._.EM..pP..#..m....W..4.yE............~...Y...8
..||Lc.O#o.j.?~..XW.MTv.W..{...|<7...5."=....k. ... L..<;0.PP...
n...f........$....#..... ......c.........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:27 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 479
Connection: keep-alive...........R]..P.}...$.V..D..V.d.M...>l6f`f.(.r.E..wp......=3......>>
....;.TE%.........B..c..?y."..?Eqr..:...5...k].-KK* .7. .JK...........
.l......B....&.Eq.4.ar....W.zO^.F..n..!.?>/WQ.=_.. .`A.?.."...B...3
...7...:q].slLm..=.e6A...4..s.|k#H3~*..C.k.|NZ....sH-..:1.........v.Tv
y8....bpW.:.:....@h.}..[.X.......t.FOr...AJ.Npf.....F...~..9S'.^......
M.. ....3..q.........RV./.;...P....,.F....l......7.Qb.W...E..U..\.h..y
(kI..* ...7/..n0..ye`f"!..U...Z.l...u#[......O..F.C........9.....HTTP/
1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Tue,
06 Sep 2016 16:44:27 GMT..P3P: CP='This is not a P3P policy. See http
://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary
: Accept-Encoding..Content-Length: 479..Connection: keep-alive........
.....R]..P.}...$.V..D..V.d.M...>l6f`f.(.r.E..wp......=3..........;.
TE%.........B..c..?y."..?Eqr..:...5...k].-KK* .7. .JK............l....
..B....&.Eq.4.ar....W.zO^.F..n..!.?>/WQ.=_.. .`A.?.."...B...3...7..
.:q].slLm..=.e6A...4..s.|k#H3~*..C.k.|NZ....sH-..:1.........v.Tvy8....
bpW.:.:....@h.}..[.X.......t.FOr...AJ.Npf.....F...~..9S'.^......M.. ..
..3..q.........RV./.;...P....,.F....l......7.Qb.W...E..U..\.h..y(kI..*
...7/..n0..ye`f"!..U...Z.l...u#[......O..F.C........9.........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:27 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 484
Connection: keep-alive...........R...0... h.rkL(..%A)P.i..H.VZ."....q"........m............s>>
y..AiQ..r.....*....6....5....q..h....ROMh...SB...RE...*....3Sm.ith}...
...1.E..E..T.%.6PF.%..$...zxi....6.U..../.4~....2.....m%...3%x.M<.O
...............L&......l...p. 8T.j."6..E9p.{......"......6\.Y..e......
.g..I.V N..i.........!,..ZRS<...(.. ..'zF....L.r!.........1...F|8..
O.p0v..`.?.OOQ@~.m.T..rO.'.e6.......`.....6a.^~._.U......mV..av..#t.e.
...".*nU..t7[$.....:........L.e{..<..........M..:l8XWs._...........
...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Da
te: Tue, 06 Sep 2016 16:44:27 GMT..P3P: CP='This is not a P3P policy.
See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1
.1..Vary: Accept-Encoding..Content-Length: 484..Connection: keep-alive
.............R...0... h.rkL(..%A)P.i..H.VZ."....q"........m...........
.sy..AiQ..r.....*....6....5....q..h....ROMh...SB...RE...*....3Sm.ith}.
.....1.E..E..T.%.6PF.%..$...zxi....6.U..../.4~....2.....m%...3%x.M<
.O...............L&......l...p. 8T.j."6..E9p.{......"......6\.Y..e....
...g..I.V N..i.........!,..ZRS<...(.. ..'zF....L.r!.........1...F|8
..O.p0v..`.?.OOQ@~.m.T..rO.'.e6.......`.....6a.^~._.U......mV..av..#t.
e....".*nU..t7[$.....:........L.e{..<..........M..:l8XWs._.........
.........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:28 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 495
Connection: keep-alive...........R...0.}.W.H.VL.....,...j .....r..X.;..@...J.^..O>c......>>
....Ai.E`......I..1.v...g..w.s.'.....G.g&.rc..!FA!U^..L.D.....6.T:.>
;}.GK .#......%.6..m.....N.......h..z.m7...e.....^....l..[.FdBR6W....u
.....w....96Km:e.t..@{e.....<6....`.e.@.0..j..D...k.[X1....n..d ...
.8..n..q\.F....e..........5.wz....1H...^..YQ.M.R..W....I...2..c6.S...p
0...`.F..k.._.Z)%...1...i[.L....-."..dR.8..]?7.|.I......9........;Z...
.e.y....~.h....n........n ...B.x...C.#jF..(..p.W5z..M~.........$..]...
......-s......HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: t
ext/xml..Date: Tue, 06 Sep 2016 16:44:28 GMT..P3P: CP='This is not a P
3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apac
he-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 495..Connection:
keep-alive.............R...0.}.W.H.VL.....,...j .....r..X.;..@...J.^.
.O>c..........Ai.E`......I..1.v...g..w.s.'.....G.g&.rc..!FA!U^..L.D
.....6.T:.>}.GK .#......%.6..m.....N.......h..z.m7...e.....^....l..
[.FdBR6W....u.....w....96Km:e.t..@{e.....<6....`.e.@.0..j..D...k.[X
1....n..d ....8..n..q\.F....e..........5.wz....1H...^..YQ.M.R..W....I.
..2..c6.S...p0...`.F..k.._.Z)%...1...i[.L....-."..dR.8..]?7.|.I......9
........;Z....e.y....~.h....n........n ...B.x...C.#jF..(..p.W5z..M~...
......$..].........-s..........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:28 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1b6.............RMo.@...W.H.......X.I.HQS......v&a.....6.........of...>>
y.xu..G{.F6*q.......J..8.....Y.o..Y^\h.....,m.T..K....FW]9.M...:#.4.lg
....6.r.8.Q.......(...:-N..<......h..<m.......UVd.g...U<../.^
......$....p...q..a.{Xz...E.#.....j@B2.w.5...t`.#*:vf..J6..8=....n.|.h
....q.).>....W....kB.5...^T.<2.%.9.....vk;]JE.....~.>..}..8..
...M..?.N.C.......\k...\...X..l.'.>..&..........v......v.>....&3
....k...=..L.[^..Yh.;>..=[g..............E..M....d..........x......
0..HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Da
te: Tue, 06 Sep 2016 16:44:28 GMT..P3P: CP='This is not a P3P policy.
See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1
.1..Vary: Accept-Encoding..transfer-encoding: chunked..Connection: kee
p-alive..1b6.............RMo.@...W.H.......X.I.HQS......v&a.....6.....
....of...y.xu..G{.F6*q.......J..8.....Y.o..Y^\h.....,m.T..K....FW]9.M.
..:#.4.lg....6.r.8.Q.......(...:-N..<......h..<m.......UVd.g...U
<../.^......$....p...q..a.{Xz...E.#.....j@B2.w.5...t`.#*:vf..J6..8=
....n.|.h....q.).>....W....kB.5...^T.<2.%.9.....vk;]JE.....~.>
;..}..8.....M..?.N.C.......\k...\...X..l.'.>..&..........v......v.&
gt;....&3....k...=..L.[^..Yh.;>..=[g..............E..M....d........
..x......0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:29 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 450
Connection: keep-alive...........RM..0...WP..V.)....f..JU[..=.V..s...X.!....M7....y..3o.....
..\.....<.u.d=.y...........oeU_i.....Y..m.UkB..]....X..c.......&w?}
..7n.....wM..z...X.....SU_2..y.-.....wE..a{S...ENQm%.....$.=.....i.C..
.O.a.'I.@....4e..........,..I..`f8....a..w..V....0GaY...$..z...$)t.!.8
..Q.>...S..E..9....tjg......:.VQ..W.".CX.4J([.. .}..5..EF...V.^....
...`...^..[({"........X.;....-..*......l."}.)..<.......#7WXd..?..z6
.#u;b.........oO....y..^.. ............HTTP/1.1 200 OK..Content-Encodi
ng: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:29 GMT.
.P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/priv
acy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content
-Length: 450..Connection: keep-alive.............RM..0...WP..V.)....f.
.JU[..=.V..s...X.!....M7....y..3o.......\.....<.u.d=.y...........oe
U_i.....Y..m.UkB..]....X..c.......&w?}..7n.....wM..z...X.....SU_2..y.-
.....wE..a{S...ENQm%.....$.=.....i.C...O.a.'I.@....4e..........,..I..`
f8....a..w..V....0GaY...$..z...$)t.!.8..Q.>...S..E..9....tjg......:
.VQ..W.".CX.4J([.. .}..5..EF...V.^.......`...^..[({"........X.;....-..
*......l."}.)..<.......#7WXd..?..z6.#u;b.........oO....y..^.. .....
...........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:29 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 419
Connection: keep-alive..........dR.o.0.....!...C.." bi'U..j..CUE..-Vg.l...~.4K.......=.s....
.V. {]..,.=.y.R?..}..}...7...n....F...].w..K....7...x.......u.F[._.n.k
.. .....a..p.'..*.c.W.w9;..C l....m..}X_WM.p.7.q.....;i.{...X$Y.`.F..O
Q..i.b.B.a..P..P..-..}7_.....,?...B;...(......z..S.2..I.*..*.......t.H
.]Z!....6....M ...I_....i..c..<.8.>..a...~h........1....g....$.R
......(sls*.U....FV.kC".V..,.......z.7.......w.]......W..Ix.K.........
.a...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..
Date: Tue, 06 Sep 2016 16:44:29 GMT..P3P: CP='This is not a P3P policy
. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote
/1.1..Vary: Accept-Encoding..Content-Length: 419..Connection: keep-ali
ve............dR.o.0.....!...C.." bi'U..j..CUE..-Vg.l...~.4K.......=.s
.....V. {]..,.=.y.R?..}..}...7...n....F...].w..K....7...x.......u.F[._
.n.k.. .....a..p.'..*.c.W.w9;..C l....m..}X_WM.p.7.q.....;i.{...X$Y.`.
F..OQ..i.b.B.a..P..P..-..}7_.....,?...B;...(......z..S.2..I.*..*......
.t.H.]Z!....6....M ...I_....i..c..<.8.>..a...~h........1....g...
.$.R......(sls*.U....FV.kC".V..,.......z.7.......w.]......W..Ix.K.....
.....a.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:30 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 425
Connection: keep-alive...........R.n.0... T.....J.d...I..EZDr{..c.e,"%%..c.}i...8.'........Q
.p.Li.......0I;.r.......-.7..../...f..^..m..W...D.....N..{.1 m..:so...
7OKt.....g.t.Fm........)yy...X.~{....w.......zPFZA........P..(."L....
!..8.}l|H.O..3.......L..x.XS&..,..Q?qC[..A"...h1..Ppj.`.A.i..u......1.
.G.v(...T.%..VT....a..b..".0....~.x.~h........R........QO{.......)....
U....oRz....b.....ke}.../0O?[..2k......`...M~..........f..M.S......a..
.....HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..
Date: Tue, 06 Sep 2016 16:44:30 GMT..P3P: CP='This is not a P3P policy
. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote
/1.1..Vary: Accept-Encoding..Content-Length: 425..Connection: keep-ali
ve.............R.n.0... T.....J.d...I..EZDr{..c.e,"%%..c.}i...8.'.....
...Q.p.Li.......0I;.r.......-.7..../...f..^..m..W...D.....N..{.1 m..:s
o... 7OKt.....g.t.Fm........)yy...X.~{....w.......zPFZA........P..(."L
....!..8.}l|H.O..3.......L..x.XS&..,..Q?qC[..A"...h1..Ppj.`.A.i..u....
..1..G.v(...T.%..VT....a..b..".0....~.x.~h........R........QO{.......)
....U....oRz....b.....ke}.../0O?[..2k......`...M~..........f..M.S.....
.a...........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:30 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 442
Connection: keep-alive...........R.n.0.}.W0..6...D@..NJ.....CUE._.X...&..?'..u{.....>...l
..~Y;&..En..g[L...x.......^....eU.i..f..Z..n....h..^.c...#J....J..Un..
..k..J.....a`.PU... .c.UU.2.rx.-......"{..Z.uy{..@ja....N...p)9.q...&!
x.}..I.........g..9eB..C...Q=qM[..Q L..d0N......!..t.L.[.F...c....m...
z.......h.5...0.8. .(..xs?.=.g..]....^H.....{/t%.).].4..ga....Gf.sg^.\
..^]..W?r..1.i.....y.3.-.....o.A2u..Rd i..;.....L*`....h6.bg.W.M...3..
..yY.............S.......HTTP/1.1 200 OK..Content-Encoding: gzip..Cont
ent-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:30 GMT..P3P: CP='This
is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..S
erver: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 442..
Connection: keep-alive.............R.n.0.}.W0..6...D@..NJ.....CUE._.X.
..&..?'..u{.....>...l..~Y;&..En..g[L...x.......^....eU.i..f..Z..n..
..h..^.c...#J....J..Un....k..J.....a`.PU... .c.UU.2.rx.-......"{..Z.uy
{..@ja....N...p)9.q...&!x.}..I.........g..9eB..C...Q=qM[..Q L..d0N....
..!..t.L.[.F...c....m...z.......h.5...0.8. .(..xs?.=.g..]....^H.....{/
t%.).].4..ga....Gf.sg^.\..^]..W?r..1.i.....y.3.-.....o.A2u..Rd i..;...
..L*`....h6.bg.W.M...3....yY.............S...........
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:31 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 418
Connection: keep-alive............_o.0....).....2 ..G,..J.Z..=TUt..... .$.....f.^.v.........
...qmD.r?....U..P..._}...s..~/..b..mnP...........l....M .1.....`{...n.
...h...?4t........U.Y.,.(yk...V.|..f........3..m.{../........<....4
. }..$M....2....9....@....|.,.^!..vp...(E...(@.=Z...ppLW...=..Z......P
|.;r<...i..c..$.8.f.L.8...T?>2J...........26.r...=et._.... n....
.j..v5...'..w-;..q....v.....d......44[./.;..qn.zB.f....m.n............
...r...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml
..Date: Tue, 06 Sep 2016 16:44:31 GMT..P3P: CP='This is not a P3P poli
cy. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyo
te/1.1..Vary: Accept-Encoding..Content-Length: 418..Connection: keep-a
live.............._o.0....).....2 ..G,..J.Z..=TUt..... .$.....f.^.v...
.........qmD.r?....U..P..._}...s..~/..b..mnP...........l....M .1.....`
{...n....h...?4t........U.Y.,.(yk...V.|..f........3..m.{../........<
;....4. }..$M....2....9....@....|.,.^!..vp...(E...(@.=Z...ppLW...=..Z.
.....P|.;r<...i..c..$.8.f.L.8...T?>2J...........26.r...=et._....
n.....j..v5...'..w-;..q....v.....d......44[./.;..qn.zB.f....m.n......
.........r.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:31 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive181.............._o.0....).R.6.....#.vR.j..m..*.p.bu6.6i..s.......k.{.
.>t..?.-.F.... .=....z......._.......l...Ae...;k.%!Vs..nl.........X
..)...6...h........}WM.r....WU.)y?<..X..........e]>....V.....N.U
=.J.,.<M1.b...8M.,... .(....l(.Q!L..t6_....h])9..`;W...;...5....v..
..6v..P|6:.d.4...0.4.y.I..<\DI....y|d...t.u..A...@.*l.......}h..:..
...q...47....k.P...S...c...5./...-W.85.uCNb..........~...d.......}.o5U
.....0..HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xm
l..Date: Tue, 06 Sep 2016 16:44:31 GMT..P3P: CP='This is not a P3P pol
icy. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coy
ote/1.1..Vary: Accept-Encoding..transfer-encoding: chunked..Connection
: keep-alive..181.............._o.0....).R.6.....#.vR.j..m..*.p.bu6.6i
..s.......k.{..>t..?.-.F.... .=....z......._.......l...Ae...;k.%!Vs
..nl.........X..)...6...h........}WM.r....WU.)y?<..X..........e]>
;....V.....N.U=.J.,.<M1.b...8M.,... .(....l(.Q!L..t6_....h])9..`;W.
..;...5....v....6v..P|6:.d.4...0.4.y.I..<\DI....y|d...t.u..A...@.*l
.......}h..:.....q...47....k.P...S...c...5./...-W.85.uCNb..........~..
.d.......}.o5U.....0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=SundaySky,dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:32 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 388
Connection: keep-alive............O..0.....i..mqB.. .(.*...V%l...I.@..c..K...D...{.......N..
.w..4...p....u.......z.....>...&..dnP......jL..\.z.U......{vl,.....
.M1..-.c.....>u..X.Xy......\......[.x`..j: .bu.S..t......Z....`.dI.
Y.A.n.$I.8.*...,.C.w*.^....4......{W.i..sp.]Sqn^............:....*...c
L".F..P..Q.GA.....Q.7.\.V..sh..t..7/.......G.......A(..)1..T;.....d..a
.S.........5NM~.......\#tq].........XY..L...HTTP/1.1 200 OK..Content-E
ncoding: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:32
GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en
/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Co
ntent-Length: 388..Connection: keep-alive..............O..0.....i..mqB
.. .(.*...V%l...I.@..c..K...D...{.......N...w..4...p....u.......z.....
>...&..dnP......jL..\.z.U......{vl,......M1..-.c.....>u..X.Xy...
...\......[.x`..j: .bu.S..t......Z....`.dI.Y.A.n.$I.8.*...,.C.w*.^....
4......{W.i..sp.]Sqn^............:....*...cL".F..P..Q.GA.....Q.7.\.V..
sh..t..7/.......G.......A(..)1..T;.....d..a.S.........5NM~.......\#tq]
.........XY..L.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=dynadmic,mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:33 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 403
Connection: keep-alive...........R.n.0... <..m............[....(..Tk#.,H..... m....)>.
.G..w..7rm.^.~....e.c'......%..... ...6=.\.4.[...jA..\.......1F..]..v0
........-.c.^.R\....X.Xu.....J....%V.|.........*.Nt...NP...^6..\...4OS
.....)N.,K".#.1..&.0Q......^LW_;.Z.n.Kj....\.A.6v.u'.dpc.yRgOs.....1$.
4.p.%q...~|d.. .J.^........K..G..;bG2.@.j.....H....,...#...X?j<...J
ss8-at......s..wg.....l.........k..............?........~.u...HTTP/1.1
200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Tue, 06
Sep 2016 16:44:33 GMT..P3P: CP='This is not a P3P policy. See hXXp://
tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: A
ccept-Encoding..Content-Length: 403..Connection: keep-alive...........
..R.n.0... <..m............[....(..Tk#.,H..... m....)>..G..w..7r
m.^.~....e.c'......%..... ...6=.\.4.[...jA..\.......1F..]..v0........-
.c.^.R\....X.Xu.....J....%V.|.........*.Nt...NP...^6..\...4OS.....)N.,
K".#.1..&.0Q......^LW_;.Z.n.Kj....\.A.6v.u'.dpc.yRgOs.....1$.4.p.%q...
~|d.. .J.^........K..G..;bG2.@.j.....H....,...#...X?j<...Jss8-at...
...s..wg.....l.........k..............?........~.u.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=mediamath,BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:33 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 411
Connection: keep-alive............Qo.0....)(.y[...D..M.)R.V.t.U...&h.A....~&J.n........ww...
.i..TM R.....D..FlR....b{J..s../2...D.&:..Zw...d...]5.[...lKO...S.}.Pf
s...Z....uL.........k...../....aS<-..~...<{9.u .0@..|.E-Z.S..4J.
.&q.n..DQ....<H..$..`..7....L...U.._p0QIyW......;S*..U.6...(.~.a...
..0p]:.^_.F...J....{.!....9...o.\...[%..h#..v...>..-..j...Nx.Z.E.4.
|.....'.%.$S.z..3i&........Q.Q.....{................o.....o..........y
...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Da
te: Tue, 06 Sep 2016 16:44:33 GMT..P3P: CP='This is not a P3P policy.
See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1
.1..Vary: Accept-Encoding..Content-Length: 411..Connection: keep-alive
..............Qo.0....)(.y[...D..M.)R.V.t.U...&h.A....~&J.n........ww.
...i..TM R.....D..FlR....b{J..s../2...D.&:..Zw...d...]5.[...lKO...S.}.
Pfs...Z....uL.........k...../....aS<-..~...<{9.u .0@..|.E-Z.S..4
J..&q.n..DQ....<H..$..`..7....L...U.._p0QIyW......;S*..U.6...(.~.a.
....0p]:.^_.F...J....{.!....9...o.\...[%..h#..v...>..-..j...Nx.Z.E.
4.|.....'.%.$S.z..3i&........Q.Q.....{................o.....o.........
.y.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=BidTheatre,beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:34 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive161..............]o.0.... ..........u...-...c...B6.i........fw.8.=....
....2!....c...x....cs..^...\..$..2. .F..*6K...BJ....&...FR....R......X
&c.......h[&..t/..I.y.4}.....&4...iJ..|4N.d~.kA(..._.{^...PT4.. .Q....
. .C.....u..p...8gL.....-i...F..g..v.}?.W}.>.<.z..P.v..=..7.bA0.
.8....PkPEi..... .J.........".2.)...L..A....Zm.<......Vf..W..d...Z.
.~.Y...@..t..-.....d.........z.,.....0..HTTP/1.1 200 OK..Content-Encod
ing: gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:34 GMT
..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/pri
vacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..transf
er-encoding: chunked..Connection: keep-alive..161..............]o.0...
. ..........u...-...c...B6.i........fw.8.=........2!....c...x....cs..^
...\..$..2. .F..*6K...BJ....&...FR....R......X&c.......h[&..t/..I.y.4}
.....&4...iJ..|4N.d~.kA(..._.{^...PT4.. .Q..... .C.....u..p...8gL.....
-i...F..g..v.}?.W}.>.<.z..P.v..=..7.bA0..8....PkPEi..... .J.....
....".2.)...L..A....Zm.<......Vf..W..d...Z..~.Y...@..t..-.....d....
.....z.,.....0......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=beeswax,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:34 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 365
Connection: keep-alive............[o.0....)...I...)%D].d.....1............../..rN.....O.a.T.
Z......(....6....0.St......F..3r=1..3FN.0.2.vM.T....m..6.4:......F0#..
..KIU....P..............x.x}@.v9.eE.<.I.....?..^q.I.j..q..8...m.0..
.#..c..q.Q<...0.6.*kN.M...A.m...$....A...;...u.].Z!.~...... ...9R..
.5QN-@%.............5...N..L*.....SE..[./K...aq.,...]...r.;5....1...8W
..t...%@......`.3D...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-
Type: text/xml..Date: Tue, 06 Sep 2016 16:44:34 GMT..P3P: CP='This is
not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Serve
r: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 365..Conn
ection: keep-alive..............[o.0....)...I...)%D].d.....1..........
..../..rN.....O.a.T.Z......(....6....0.St......F..3r=1..3FN.0.2.vM.T..
..m..6.4:......F0#....KIU....P..............x.x}@.v9.eE.<.I.....?..
^q.I.j..q..8...m.0...#..c..q.Q<...0.6.*kN.M...A.m...$....A...;...u.
].Z!.~...... ...9R...5QN-@%.............5...N..L*.....SE..[./K...aq.,.
..]...r.;5....1...8W..t...%@......`.3D.......
GET /syncnoad?rid=6966d984a08f4668851db1a9d199c1ea&p=_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="1,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:34 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
Content-Length: 353
Connection: keep-alive..........d.]o.0.... X/.........1Y.e..0..Z.qP.vd.. ..>..s....o...~.
:&..M.\...k*AysH.........u..W..13...N.Q.v.......^....R-..Di..U...v..`.
Q..WI......*.j\..V.?#x)...-.a....v3.gE.9.U...X./^.F.j...[..o...B.S.T..
.'..AG...jr.4]{;?...H.....ZHS.........}..$.I.9....C.....$.i.....~..q..
.%.u..r...;o..[.T...h&.yH......o.1d!Iu2...X....w.^a.C.^.6...._.......h
......HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml.
.Date: Tue, 06 Sep 2016 16:44:34 GMT..P3P: CP='This is not a P3P polic
y. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyot
e/1.1..Vary: Accept-Encoding..Content-Length: 353..Connection: keep-al
ive............d.]o.0.... X/.........1Y.e..0..Z.qP.vd.. ..>..s....o
...~.:&..M.\...k*AysH.........u..W..13...N.Q.v.......^....R-..Di..U...
v..`.Q..WI......*.j\..V.?#x)...-.a....v3.gE.9.U...X./^.F.j...[..o...B.
S.T...'..AG...jr.4]{;?...H.....ZHS.........}..$.I.9....C.....$.i.....~
..q...%.u..r...;o..[.T...h&.yH......o.1d!Iu2...X....w.^a.C.^.6...._...
....h..........
GET /syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=SundaySky,ignitionone,centro,Videology,google,TubeMogul-GP,eyeview,dataxu,videoamp,adapTV,mediamath,beeswax,thetradedesk,_dmp_turbine,1,audiencescience,dynadmic,Bidswitch,conversant,rocketfuel,BidTheatre,tremornet&uid=575b8f7ad5d64d24a58ac20715400d3b&init=true HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="2,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:37 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1e6.............RMo.@...W.H.-.lS..X.I.H...q.Qd..cX.....1..............>>
.....f?:.6B...'.3B....J....U.,.7.:...l:.(P..M...v..Vc.t............`;.
8..o.k'.3>J.........Xl...;....}.<..x.....4~.......\..m%...U..L*.
K-x.X8....Q....?..^.^..3:...M*..=.....C. -.. .......;....R.J.J.>...
k..,.;..6$..k.Q.U...5Z..9..Q.. .iH.qA.F.N.`.....G.....&.w.C...\......6
..4`.gyQ#.."%.y.#........7..v.....M&..2.....~..s."`S/.....Y.........Z.
..a...e..Y..... ......<...9.m.j4...i....8...4.B..)..lGKzs...R./....
.-...u.a..._...d........6........0..HTTP/1.1 200 OK..Content-Encoding:
gzip..Content-Type: text/xml..Date: Tue, 06 Sep 2016 16:44:37 GMT..P3
P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy
-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..transfer-e
ncoding: chunked..Connection: keep-alive..1e6.............RMo.@...W.H.
-.lS..X.I.H...q.Qd..cX.....1...................f?:.6B...'.3B....J....U
.,.7.:...l:.(P..M...v..Vc.t............`;.8..o.k'.3>J.........Xl...
;....}.<..x.....4~.......\..m%...U..L*.K-x.X8....Q....?..^.^..3:...
M*..=.....C. -.. .......;....R.J.J.>...k..,.;..6$..k.Q.U...5Z..9..Q
.. .iH.qA.F.N.`.....G.....&.w.C...\......6..4`.gyQ#.."%.y.#........7..
v.....M&..2.....~..s."`S/.....Y.........Z...a...e..Y..... ......<..
.9.m.j4...i....8...4.B..)..lGKzs...R./.....-...u.a..._...d........6...
.....0......
GET /syncnoad?rid=cc730cd37857478e93f07a08d2307af7&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,audiencescience,centro,Bidswitch,SundaySky,dynadmic,mediamath,BidTheatre,beeswax,videoamp,_dmp_turbine&uid=575b8f7ad5d64d24a58ac20715400d3b HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: partners.tremorhub.com
Connection: Keep-Alive
Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; tvrg_60409="2,1473180263"
HTTP/1.1 200 OK
Content-Encoding: gzip
Content-Type: text/xml
Date: Tue, 06 Sep 2016 16:44:38 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Server: Apache-Coyote/1.1
Vary: Accept-Encoding
transfer-encoding: chunked
Connection: keep-alive1f8.............R.n.0... \..-....@..:i. m.Jq.A P..LX$.......]..K..g...
......{[4Vh.x.?.z......{.?.L.Y.&^...J.v4*T..%....6..A...-}.e`m....u..6
..~ .w^.....?.k.4]...C....^.=..%y.:..U........n.._...f."A._s.. .`f.$.G
...(.N.q4...U..p.......$\..YL.w.E...EWm}...BQ)...Z!E....&_.....%p... _
.@]..............[...E...F...e8*g4....N8.&....!.t....H..J..$s..=_##...
.v......&.....p.)..~K.L.I9]E.&.~..1.L....`2.C....i..i..1..
GET /crossdomain.xml HTTP/1.1
Accept: */*
Accept-Language: en-US
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xlf5t.ads.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Accept-Ranges: bytes
Content-Type: application/xml
Date: Tue, 06 Sep 2016 16:44:22 GMT
ETag: W/"144-1446501138000"
Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT
Server: Apache-Coyote/1.1
Content-Length: 144
Connection: keep-alive<?xml version="1.0" ?>.<cross-domain-policy>. <!-- V
ery Liberal -->. <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....
GET /ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hXXp://VVV.ivids.net/3.html&srcPageUrl=hXXp://VVV.ivids.net/3.html&contentLength=300 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: hXXp://ivids.net/ova-jw.swf
x-flash-version: 11,6,602,168
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)
Host: xlf5t.ads.tremorhub.com
Connection: Keep-Alive
HTTP/1.1 200 OK
Cache-Control: no-cache, no-store, must-revalidate
Content-Encoding: gzip
Content-Type: text/xml;charset=ISO-8859-1
Date: Tue, 06 Sep 2016 16:44:23 GMT
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
Pragma: no-cache
Server: Apache-Coyote/1.1
Set-Cookie: tvid=575b8f7ad5d64d24a58ac20715400d3b; Domain=.tremorhub.com; Expires=Wed, 06-Sep-2017 22:32:43 GMT; Path=/
Set-Cookie: tvrg_60409="1,1473180263"; Version=1; Domain=.tremorhub.com; Max-Age=60; Expires=Tue, 06-Sep-2016 16:45:23 GMT; Path=/
Vary: Accept-Encoding
x-tremorvideo-status: NO_AD
Content-Length: 571
Connection: keep-alive...........S.n.0.}.W...[I.%....PVH{...}.*...`A..........=T.......3.xv.>>
..#H..O...;.....W.../o#g....l............i.L=OK.....W..S.q:z.4.F%....l
..qF;i.S...i..Yi.....Y..b...%.hN....4..4_dy.t.k.......{.%...$.I8.C:...
.^.a.E......`2). .&.cT.2]...\.@KB....[.Q...8... Z..w@...Vq.Q...G.....h
.@....9..Sr^...B49.4J....kt..n.....y.[H....F.8..Bs.(...l..@....P...4.(
.._....M._Ee....,#p-.E..p.....5(.h<*..1.#..i.HF.)..8..}.....F.-.<
;?....X..........K....Q..Nfv...Y.....I.zd1..T#Q^..N,.;.........X^w.|\m
2w.p.wG............K......&xi<........._p....$..7.... D{.....~K....
..E...W......#7.....HTTP/1.1 200 OK..Cache-Control: no-cache, no-store
, must-revalidate..Content-Encoding: gzip..Content-Type: text/xml;char
set=ISO-8859-1..Date: Tue, 06 Sep 2016 16:44:23 GMT..P3P: CP='This is
not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Pragm
a: no-cache..Server: Apache-Coyote/1.1..Set-Cookie: tvid=575b8f7ad5d64
d24a58ac20715400d3b; Domain=.tremorhub.com; Expires=Wed, 06-Sep-2017 2
2:32:43 GMT; Path=/..Set-Cookie: tvrg_60409="1,1473180263"; Version=1;
Domain=.tremorhub.com; Max-Age=60; Expires=Tue, 06-Sep-2016 16:45:23
GMT; Path=/..Vary: Accept-Encoding..x-tremorvideo-status: NO_AD..Conte
nt-Length: 571..Connection: keep-alive.............S.n.0.}.W...[I.%...
.PVH{...}.*...`A..........=T.......3.xv...#H..O...;.....W.../o#g....l.
...........i.L=OK.....W..S.q:z.4.F%....l..qF;i.S...i..Yi.....Y..b...%.
hN....4..4_dy.t.k.......{.%...$.I8.C:....^.a.E......`2). .&.cT.2]...\.
@KB....[.Q...8... Z..w@...Vq.Q...G.....h.@....9..Sr^...B49.4J....k
The Dropped connects to the servers at the folowing location(s):
Map
Strings from Dumps
wearily.exe_460:
.text
.text
`.rdata
`.rdata
@.data
@.data
.ndata
.ndata
.rsrc
.rsrc
uDSSh
uDSSh
.DEFAULT\Control Panel\International
.DEFAULT\Control Panel\International
Software\Microsoft\Windows\CurrentVersion
Software\Microsoft\Windows\CurrentVersion
GetWindowsDirectoryA
GetWindowsDirectoryA
KERNEL32.dll
KERNEL32.dll
ExitWindowsEx
ExitWindowsEx
USER32.dll
USER32.dll
GDI32.dll
GDI32.dll
SHFileOperationA
SHFileOperationA
ShellExecuteA
ShellExecuteA
SHELL32.dll
SHELL32.dll
RegEnumKeyA
RegEnumKeyA
RegCreateKeyExA
RegCreateKeyExA
RegCloseKey
RegCloseKey
RegDeleteKeyA
RegDeleteKeyA
RegOpenKeyExA
RegOpenKeyExA
ADVAPI32.dll
ADVAPI32.dll
COMCTL32.dll
COMCTL32.dll
ole32.dll
ole32.dll
VERSION.dll
VERSION.dll
verifying installer: %d%%
verifying installer: %d%%
hXXp://nsis.sf.net/NSIS_Error
hXXp://nsis.sf.net/NSIS_Error
... %d%%
... %d%%
~nsu.tmp
~nsu.tmp
%u.%u%s%s
%u.%u%s%s
RegDeleteKeyExA
RegDeleteKeyExA
%s=%s
%s=%s
*?|/":
*?|/":
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp\ExecCmd.dll
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp\ExecCmd.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp\ExecCmd.dll
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp\ExecCmd.dll
"%Program Files%\orignal\uncorroborated.exe"
"%Program Files%\orignal\uncorroborated.exe"
.reloc
.reloc
EnumWindows
EnumWindows
ExecCmd.dll
ExecCmd.dll
Kernel32.DLL
Kernel32.DLL
e%uy%u
e%uy%u
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp
nsa7.tmp
nsa7.tmp
rogram Files\orignal\uncorroborated.exe"
rogram Files\orignal\uncorroborated.exe"
q uncorroborated.exe" | %SystemRoot%\System32\find /I "uncorroborated.exe"
q uncorroborated.exe" | %SystemRoot%\System32\find /I "uncorroborated.exe"
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp
\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsa7.tmp
"%Program Files%\athough\wearily.exe"
"%Program Files%\athough\wearily.exe"
%Program Files%\athough
%Program Files%\athough
wearily.exe
wearily.exe
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx6.tmp
CUME~1\"%CurrentUserName%"\LOCALS~1\Temp\nsx6.tmp
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\
%Program Files%\athough\wearily.exe
%Program Files%\athough\wearily.exe
Software\Microsoft\Windows\CurrentVersion\Run
Software\Microsoft\Windows\CurrentVersion\Run
Nullsoft Install System v2.46
Nullsoft Install System v2.46
hough\wearily.exe"
hough\wearily.exe"
l\uncorroborated.exe"
l\uncorroborated.exe"