Backdoor.Win32.Farfli_943b2a335d
Gen:Variant.Kazy.146288 (BitDefender), Trojan:Win32/Alureon (Microsoft), Trojan-Dropper.Win32.TDSS.awvu (Kaspersky), Trojan.Win32.Generic!BT (VIPRE), Artemis!943B2A335DB0 (McAfee), WS.Reputation.1 (Symantec), Trojan.Win32.Tdss (Ikarus), Gen:Variant.Kazy.146288 (FSecure), Generic31.CJXV (AVG), Win32:Malware-gen (Avast), TROJ_GEN.RC1CDBP (TrendMicro), Backdoor.Win32.Farfli.FD, GenericInjector.YR (Lavasoft MAS)
Behaviour: Trojan-Dropper, Trojan, Backdoor
The description has been automatically generated by Lavasoft Malware Analysis System and it may contain incomplete or inaccurate information.
MD5: 943b2a335db0ff72f940ab128fa6e1ec
SHA1: 7e19a7a9842bce41b0e3fe8ba564a177ea8ef4ae
SHA256: 7ba2a3ee13c3e026a7ed774967889b15c56f7b3b894b8ab42041748c878dd913
SSDeep: 1536:DpGdosMYo4BMoVUaAn MXhELwfYD0ZOHwOVZFRg0kHUwxi q5Wx1apJJXILwfyoU:gV7UnS8U0YHH601wi5Wx1aDhiogmTt
Size: 132096 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: BorlandDelphi30, UPolyXv05_v6
Company: Firseria
Created at: 2012-06-12 20:39:22
Summary:
Backdoor. Malware that enables a remote control of victim's machine.
Payload
No specific payload has been found.
Process activity
The Backdoor creates the following process(es):
Reader_sl.exe:1064
wuauclt.exe:344
jusched.exe:1056
%original file name%.exe:2004
The Backdoor injects its code into the following process(es):
spoolsv.exe:1436
File activity
The process spoolsv.exe:1436 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%WinDir%\Temp\2.tmp (30 bytes)
The Backdoor deletes the following file(s):
%WinDir%\Temp\2.tmp (0 bytes)
The process wuauclt.exe:344 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (3576 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
The Backdoor deletes the following file(s):
%WinDir%\SoftwareDistribution\DataStore\Logs\tmp.edb (0 bytes)
The process jusched.exe:1056 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\jusched.log (347 bytes)
The process %original file name%.exe:2004 makes changes in the file system.
The Backdoor creates and/or writes to the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\1.tmp (673 bytes)
The Backdoor deletes the following file(s):
%Documents and Settings%\%current user%\Local Settings\Temp\1.tmp (0 bytes)
Registry activity
The process Reader_sl.exe:1064 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"
[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"
The process spoolsv.exe:1436 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3.tmp, , \??\%WinDir%\TEMP\4.tmp,"
[HKLM\System\CurrentControlSet\Services\989f9760]
"imagepath" = "\??\%WinDir%\TEMP\2.tmp"
"type" = "1"
The Backdoor deletes the following registry key(s):
[HKLM\System\CurrentControlSet\Services\989f9760]
[HKLM\System\CurrentControlSet\Services\989f9760\Enum]
The process %original file name%.exe:2004 makes changes in the system registry.
The Backdoor creates and/or sets the following values in system registry:
[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BF 7E 00 39 DA B3 5E 71 18 59 4C D5 F1 63 E5 93"
[HKLM\System\CurrentControlSet\Control\Session Manager]
"PendingFileRenameOperations" = "\??\C:\DOCUME~1\"%CurrentUserName%"\LOCALS~1\Temp\3.tmp,"
Network activity (URLs)
| URL | IP |
|---|---|
| hxxp://newyear2014x.com/x/ (ET RBN Known Russian Business Network IP (352) ) |  |
| hxxp://newyear2014x.com/z/ | |
| hxxp://newyear2014x.com/i/1094/5051/1385807904630_58595546707761/ | |
| hxxp://newyear2014x.com/d/ | |
| hxxp://newyear2014x.com/j/js1 (Malicious) | |
| hxxp://newyear2014x.com/j/js2 (Malicious) | |
| hxxp://newyear2014x.com/j/js3 (Malicious) | |
| hxxp://newyear2014x.com/j/js4 (Malicious) | |
| hxxp://newyear2014x.com/j/js5 (Malicious) | |
| hxxp://newyear2014x.com/j/js6 (Malicious) | |
| hxxp://newyear2014x.com/j/js7 (Malicious) | |
| hxxp://newyear2014x.com/j/js8 (Malicious) | |
| hxxp://newyear2014x.com/j/js9 (Malicious) | |
| hxxp://newyear2014x.com/s/1094/5051/1385807904630_58595546707761/11/ | |
| hxxp://newyear2014x.com/ | |
| hxxp://newyear2014x.com/?q=credit debt management services | |
| hxxp://newyear2014x.com/r/1094/5051/1385807904630_58595546707761/11/ | |
| hxxp://96.31.89.134/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/9 |  |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=5-ZNdPtQTFJTQDoCQBTjuU03SBAJY_1lskzEi--iMbjU8okOiMibXZxc_wCJaN0CRc7wwUqleE1PctezQowdxSsdXwJNj6-9P_WIA3qFtGcLcXQysacH9dlgcY6hizxGpCJqtbPwq4PmU09RARGdmckUE1qZStkISEdFyDlByWyAoqadyt6LxXCSGeBzUF-ShKc5OtwHFALUnxyQTA3tgWxyH2DkS68mtcJdlKIFfXcIZQKf8l2zKQhOYxUfFt8g8lGgw3_mR6hrppFHI1C0DKG3hsHDfXQSc2tBZLQBjxE=&l=HNXvWyc-nRlVWJvaRUs_xjqyop18iaPB6HEB2IYYJNbFx-eg0M430sHQ9pTnAYvxS-73_ydRqmN4FYHGvKj_Wf6vqH-NzRctNuZtcCgjWLuuQk5LfZuAtYFVhaoyJUP25GaiLDXorR1xyhyxhLRmccFDA_eSCzfijhFPOio2szQlzYevu13z4PrcH8uSemcGbw_i2y4zoc32mxC5-1aQa511guWUMsxrWBGF3Q_RZs4228Vj6lLFTDcylhq4lPv-9hkM2zhjD5qVmWKNvlRh4gqOLA7fEmhyDe-Rq91B9hTESKk5n3bMp7HkuC3ii3jo5HIxAMSO4k5kM7eJKoVzDQ== | |
| hxxp://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://a1092.g.akamai.net/synapse/on.js?usr=diyfashion | |
| hxxp://diyfashion.com/themes/zen/zen/ie.css?2 | |
| hxxp://diyfashion.com/sites/diyfashion.com/files/advagg_css/css_c7963081a1a852d5dc85f83ff61f621d_0.css | |
| hxxp://diyfashion.com/sites/diyfashion.com/files/advagg_css/css_e831467d02d887fe0fe2065af32e4f7a_6.css | |
| hxxp://diyfashion.com/sites/diyfashion.com/files/advagg_css/css_add18ac74b8d91c3e8bc0f8f8ec9c8dd_7.css | |
| hxxp://diyfashion.com/themes/diyfashion/takeover.css?2 | |
| hxxp://googleapis.l.google.com/ajax/libs/jquery/1.3.2/jquery.min.js | |
| hxxp://diyfashion.com/themes/diyfashion/ie.css | |
| hxxp://diyfashion.com/sites/diyfashion.com/files/advagg_js/js_ad82d021f783e20d04d79aee88558fbb_2.js | |
| hxxp://diyfashion.com/sites/diyfashion.com/files/advagg_js/js_9da548680e1f04dbed718afe324bca51_21.js | |
| hxxp://96.31.89.134/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/5 | |
| hxxp://diyfashion.com/themes/diyfashion/js/takeover.js?2 | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=1R3PJWtiwt7P0nk-ubDdkhyEun5MMylcmQvH6CiNtxpyp4KJbPBuQ_kGj0nBIJaHXhqQpr073zn2AspK0gC9RriVI_9yQXtLxR_8fx_7iiyW8fnTaJN7E53FsFlQdZp6Zx7ej-XH8iNxlI3ki3JAFmqUGVAqBYvnHClWAq35YpMHSCOqha3Usy-PwW08LISmy2OOu9gy-Kz0eD_FWSG7568-rZBE1Hp3ofgNr9_C9WFTbt0yuiiu6s88srBEvaB7e5idhsJD7y8Bs2PkuWJ9FxO282kvrCZGd-aLSkU1Hdo=&l=TNMhxzUwN1yCx7nzPJkkFl91Q_Hq1TiMpFlzQvCLHJFswM6i8sSFAju09Fpj72eruFcrCVzh1BoIZAOXqC8WfZLfiYh4V-RNCHITQtIhILqMny_YGVNLjlhvv6iKFxDuwIoomXMG3HiepQ9r-EE-fkv-VovTeldPwxVzhMthL6jG2Fu_EcJ5_fIrbCbF6fKUXwVukAhDFZLqy5aHvEqCP6XHXWP5AqUOJcX6Oo6XROL9AZWZTtntz602kjrrW_sYrcphGOy3_JC4IQjjn6mMGx_BVya909nwwCQP2xqGZTLEB1ejrdQo0VjvVcPtQArj238QJ9a_4sBnNNPocSnByg== | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/jstag | |
| hxxp://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 |  |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?ai=cf780953-c7b4-4bbc-4e0f-61d6681f73cb&o=2505297219&callback=OX_2505297219&ju=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://googleapis.l.google.com/ajax/libs/jquery/1.2.6/jquery.min.js | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?cc=1&ai=cf780953-c7b4-4bbc-4e0f-61d6681f73cb&o=2505297219&callback=OX_2505297219&ju=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://movieroomreviews.com/themes/zen/zen/ie.css?T | |
| hxxp://dh31mamiqa6c5.cloudfront.net/sites/movieroomreviews.com/files/advagg_css/css_df21821a05bf240ac616cff19f6b4132_0.css | |
| hxxp://dh31mamiqa6c5.cloudfront.net/sites/movieroomreviews.com/files/advagg_css/css_d25d8e03fa351db8343d55c41546bb45_0.css | |
| hxxp://prod-mkt-d.d.xx.openx.com.akadns.net/w/1.0/sc?r=http://ox-d.bluefinmedianetwork.com/w/1.0/acj?cc=1&ai=cf780953-c7b4-4bbc-4e0f-61d6681f73cb&o=2505297219&callback=OX_2505297219&ju=http%3A//diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501&jr=http%3A//26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://prod-mkt-d.d.xx.openx.com.akadns.net/w/1.0/sc?cc=1&r=http://ox-d.bluefinmedianetwork.com/w/1.0/acj?cc=1&ai=cf780953-c7b4-4bbc-4e0f-61d6681f73cb&o=2505297219&callback=OX_2505297219&ju=http%3A//diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501&jr=http%3A//26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://movieroomreviews.com/sites/movieroomreviews.com/files/advagg_js/js_930c59462249c15f5772a10464b0850f_0.js | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?mi=0eb536fb-4334-46f1-4635-c86bdf72bfef&mn=1&mc=1&cc=1&ai=cf780953-c7b4-4bbc-4e0f-61d6681f73cb&o=2505297219&callback=OX_2505297219&ju=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://movieroomreviews.com/sites/movieroomreviews.com/files/advagg_js/js_cb61833dce2e1e67287b088b4a221604_0.js | |
| hxxp://184.107.129.74/click.php?c=cee239f605888a404db28406830862a8a35f098a3aed514eee6a15ff8da5975515646fc8c9ccb74f52c8bbfdec58ebf7f21e3a4b9bb454180f669d6606f6d5128b9c1883cd9ef8fa122be9cf145ea923 | |
| hxxp://diyfashion.com/themes/diyfashion/images/DIYFashion_logo.png | |
| hxxp://stats.l.doubleclick.net/dc.js | |
| hxxp://movieroomreviews.com/sites/movieroomreviews.com/files/advagg_js/js_004f446e6eb06af6e6570b5e9b590427_5.js | |
| hxxp://prod-mkt-d.d.xx.openx.com.akadns.net/w/1.0/pd?plm=5&ph=8d578bcbcf8bba03616d68c5c8f0260fe0a6a177 | |
| hxxp://a1294.w20.akamai.net/beacon.js | |
| hxxp://adnproxy.bluefinmediasites.com/www/delivery/ajs.php?zoneid=10&target=_top&cb=64481447968&charset=utf-8&loc=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://ib.anycast.adnxs.com/getuid?hxxp://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=$UID | |
| hxxp://ttd-useast-match-adsrvr-org-1999903436.us-east-1.elb.amazonaws./track/cmf/openx?oxid=dd1909a2-eab3-7906-1ce3-0083bb558c12 |  |
| hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=79545&x=wSYJ9FIQPT8JCg:WWbjETV8q:3xIvMjoP5wqRVpzPTjd9OLjlHZcccnVzxjNs6jH0ULt9VjblTKDQV;M0MTpdgXCQqNM9V6965ZHye85c3pbBr:vXMltjUwmZQpqPqX4964vJTMMcen0XbxHZ5XlTHyKPq8I1O8bxiwPccqggbjX;mtM8cgHCr;ey:sY3ATOCOJ4pZqskZJ5ZUNR3emXXb6KKij7pkND0SsJB6a7TVwU2MXp1b;bvas5q58sIrL4jHxNOVJvwV8UWsIBQ5J0KqiApkMXtZXKekEuTVIBPsEb1M8ZQFLQPgtC5sIP83JoTU;q6Qas4iaojoJDsfLD;Y8RmO:SAkKvrUw5jqlK5tYfjVJH8rpwKtECc54TDtTdox9fHsjF8bgTVFK08cnCqF;hAfNcWgSbaOgxLk4c2Ygdi | |
| hxxp://r.turn.com.akadns.net/r/du/id/L21rdC8xL21jaHBpZC8x | |
| hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=5&redir=http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D[MM_UUID] | |
| hxxp://pagead.l.doubleclick.net/pixel?google_nid=openx&google_cm&google_sc | |
| hxxp://ttd-useast-match-adsrvr-org-1999903436.us-east-1.elb.amazonaws./track/cmb/openx?oxid=dd1909a2-eab3-7906-1ce3-0083bb558c12 | |
| hxxp://pixel-origin.mathtag.com/sync/img?mt_exid=5&redir=http://r.openx.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid%3D[MM_UUID]&mm_bnc&mm_bct | |
| hxxp://pagead.l.doubleclick.net/pixel?google_nid=openx&google_cm=&google_sc=&google_tc= | |
| hxxp://mobile.anycast.adnxs.com/bounce?/getuid?http://r.openx.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=$UID | |
| hxxp://d.p-td.com.turn.com.akadns.net/r/dm/mkt/4/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://d.audienceiq.com/r/dm/mkt/44/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://r.openx.net/set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=3678817233014156322 | |
| hxxp://v10.xmlsearch.adkapi.net/ppc/click-audit.js | |
| hxxp://r.openx.net.akadns.net/set?pid=0b83a084-dd0b-4bfe-9e2e-ab3706fc9955&rtb=uuid=5299c02e-d36d-0b66-0b96-5ec4d7a0f0c5 | |
| hxxp://r.openx.net.akadns.net/set?pid=b0ceb663-1089-7152-cddd-8bfc62e9c357&rtb=c5aca4d6-4909-451a-9c8f-f17741c333c9 | |
| hxxp://r.openx.net.akadns.net/set?pid=408c9df8-85fe-6893-4938-ccbfd204601e&rtb=2912095395977092768 | |
| hxxp://r.openx.net.akadns.net/set?pid=9ca165a9-d9fe-2ff6-d83d-d145a80b0d37&rtb=CAESEOYLGvlpGgbxIHg87llE2tg&google_cver=1 | |
| hxxp://diyfashion.com/themes/diyfashion/images/navbar.png | |
| hxxp://d.audienceiq.com.turn.com.akadns.net/r/dm/mkt/44/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://d.audienceiq.com/r/dm/mkt/73/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://r.openx.net/set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=3678817233014156322 | |
| hxxp://v10.xmlsearch.adkapi.net/ppc/swfobject.js | |
| hxxp://96-31-89-134.static.hvvc.us/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/2 | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/ri?df=c&ts=1fHJhaWQ9OGMxMzgxZjEtMmQ4MC00YjFhLWFmYWMtZWQ4Y2ZlZjU0YWVkfGF1aWQ9MTEyODc1fGx3PTE0NDF8YWlkPTYzMjg2MnxvaWQ9MTAzOTUwfGJtPUJVWUlORy5OT05HVUFSQU5URUVEfHNzaWQ9MTAxMjl8YWR2PTIyODY3fHNpZD05NDA1fGFzPTcyOHg5MHx1cj1qNXpOR3htNVNWfHBpZD0xMjMzNnxwdWI9NDEyNXxhdW09RE1JRC5XRUJ8bGlkPTM2NDcyMnx1PTF8dD00fHJpZD1mYjZlM2ViZS0wY2U1LTQ3ZTEtYmJiNi0wYTI4YjIyOTI3M2J8cGM9VVNEfHA9MjQ2fGFjPVVTRHxwbT1QUklDSU5HLkNQTXxydD0xMzg1ODA3OTE3fGxjPTJ8cHI9MjQ2 | |
| hxxp://diyfashion.com/themes/diyfashion/images/Spanish_Icon.png | |
| hxxp://ym.adnxs.com/st?ad_type=ad&ad_size=728x90§ion=3628118&pub_url=${PUB_URL} | |
| hxxp://d.audienceiq.com.turn.com.akadns.net/r/dm/mkt/73/mpid//mpuid/3678817233014156322/mchpid/1/url/hxxp://r.openx.net/set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=3678817233014156322 | |
| hxxp://r.openx.net.akadns.net/set?pid=21a19823-5de3-4917-bc81-a4edea5127ff&rtb=3678817233014156322 | |
| hxxp://ib.anycast.adnxs.com/ptj?member=324&size=728x90&inv_code=3628118&referrer=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&redir=http://ad.yieldmanager.com/st?anmember=324&anprice={PRICEBUCKET}&ad_type=ad&ad_size=728x90§ion=3628118&pub_url=${PUB_URL} | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=77&charset=UTF-8&cb=22088658728&charset=UTF-8&loc=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=kCZHVWVsN9Dm_Vr0s2r1Ccl0UQUxmsTBfEvtZ75cMayzrWiS35IyQ_s7hkFnDfpNJDfiIu2aoejFqQfxL8IkdkPjg2NDhiKHgsesD5e1eNREj5ra0iAAP5sNaw9xVQMsyAQtjKlEJV7kVovEUk2_yZS0rlHUlc-49PqEOJ7QEH1s96IMnJU0KWoAoW-Eo7uh2ixP2hACaVDwLCB95bOALZNYk9u_kptwgGgx33xepNsTlZeZG288sN4Sz4G-wVSgChDCVhtoTC5rJMGs_OHooLYt22Emxpnewxc7Zi7dud8=&l=JdLwgbNjTIYxcQC6ecwPHlhst74nfLFthVz53Zwaqg_drhjYaPjYdstWrBk-P3zTcvdKAcH5pKr11jD5m2VQ-aQbAG_8KRI-k7cY2E6Fx9S9ZlCWkrjKkscu9WWBs7dTzxCzGZTi497h8dFAVKjAfB7ZGameFgd7041ZLMMRyFPIMQ3-FH2xshhzBhdo-Hdi4_84ApJP6UPVliIzzU3gM3L58IkWbVs3In1tUnLPCt0bO3ILe_Gim1zv9-frVogFxIvMSpIzRar4LM5G2TQr9NUZkaIZhy54comH-Wjn9KHdpPLYj9OYaC-T9zBMY5CtNJXS_17NB4EeftZB0i-Qqg== | |
| hxxp://pda.mv.bidsystem.com/ppc/ncvp.js?1385791199 | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/st?anmember=324&anprice=&ad_type=ad&ad_size=728x90§ion=3628118&pub_url=${PUB_URL} | |
| hxxp://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=76&charset=UTF-8&cb=39782918590&charset=UTF-8&loc=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/st?anmember=324&anprice=&ad_type=ad&ad_size=728x90§ion=3628118&pub_url=${PUB_URL}&_msd=1&_xcf=0&rmxbkn=0&_cbv=337586566 | |
| hxxp://flx396.lporirxe.com/flp/flprocv1_56.php?1=f2.3.2&2=e7b842dab75d175a&3=396&4=665&5=http://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=79545&x=wSYJ9FIQPT8JCg:WWbjETV8q:3xIvMjoP5wqRVpzPTjd9OLjlHZcccnVzxjNs6jH0ULt9VjblTKDQV;M0MTpdgXCQqNM9V6965ZHye85c3pbBr:vXMltjUwmZQpqPqX4964vJTMMcen0XbxHZ5XlTHyKPq8I1O8bxiwPccqggbjX;mtM8cgHCr;ey:sY3ATOCOJ4pZqskZJ5ZUNR3emXXb6KKij7pkND0SsJB6a7TVwU2MXp1b;bvas5q58sIrL4jHxNOVJvwV8UWsIBQ5J0KqiApkMXtZXKekEuTVIBPsEb1M8ZQFLQPgtC5sIP83JoTU;q6Qas4iaojoJDsfLD;Y8RmO:SAkKvrUw5jqlK5tYfjVJH8rpwKtECc54TDtTdox9fHsjF8bgTVFK08cnCqF;hAfNcWgSbaOgxLk4c2Ygdi&6=edcf67a1838fcba9&7=6f775a704368714c567365496b755a436d447736&8=1c4451d943b8242dff645aa79a5c11297e8486e1532eac60ff61beeef0760193120494ac58dad264bc0e968283382786516d53b480487aec19968b4632c6b67b&9=&10=http://papaleo.info/?q=credit debt management services&15=1&11=03339936b7e47833&12=undefined&13=&17=f8dcbd93a26a16c5&18=&19=691854c6d3760130&21=&WPr4y=99dae441445061c0b9a9ac947df6e665&14f5fl=220c16d60883f11579430604b2e5b147594b077f65da83594db0d70bab134c08145d4d7d1df619e363f7ec41c388e7cf2057056a2a4e8e407a2c19e3b97dc225c938d5fae37a998a9655370d6571dce13ec058d444cbe91f687ffc5ebaa6b25bc0f4afd939d8aa808eb7af0593790847c130d9544b3fbd50004db4461de518c0b62f8a90d60e69bf4fc1b278a920abe999e623a846dd14bd27229d5fd211a338145d4d7d1df619e30d9e3380f5efc90d50969424024a5070f31fc4e44829015bced14f7998cce98c227c7933fbfdb516210bd40b9ea15df95c9de08856663d5ef768e3ae20b670e | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/imp?_cbv=337586566&_msd=1&_xcf=0&Z=728x90&anmember=324&anprice=&rmxbkn=0&s=3628118&_salt=0&B=10&H=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&u=http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&M=4&r=1 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=67&charset=UTF-8&cb=46403048260&charset=UTF-8&loc=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/get-user-id?ver=2&s=3628118&ts=1385807919&sig=4487360e9bc7620c | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?o=3448306783&callback=OX_3448306783&ju=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://pda.mv.bidsystem.com/bin/findwhat.dll?clickthrough&y=79545&x=MIzkgYYQGPhkGJdTXXtMyFh5UH12YEtRGsB5ssiHGPt9g8GAVl47DHl39ot6mqtwshGxgFtdVjsteFH:sEQWBJ8FejX:gF3ZOF4wJ9heDTid9hdhVEFxkhB;ypi5Gj8ugJThqjR:D9llVX1wyF8JyppqGjh2FthdOMB8DHwyc9toM0b:2HewGhHDJ6nOdLQ1GtLuEkwU4kLeyiXLd9aoVX3qk6tsEtXtsunk9qfsyFBaFE8WF9HdYWnevshU6hGukp16zFLhMshaX2YBesLlkPD4EtRock8qR89XyFYBG29dF2hceYGQGqbF4EY82TLRyhH5OpfU6MfRkBLtmLGtMVhLU8dSe8shRhBekjFq4ozzkFLw2iiEko9FDsTNLAQ9DA7z32tn2XeNzBsl2HlFvYHYeLX7XqKd:8erVGT7FVn8MTLYFX$Xv&c=BEF2B3F7-2330-4F45-8454-E8774C8A6BF4&cid=3D5BC107-B1A0-4873-BD84-6EFDA03281D8 | |
| hxxp://ib.anycast.adnxs.com/ttj?id=1859521&cb=[CACHEBUSTER] | |
| hxxp://96-31-89-134.static.hvvc.us/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/0 | |
| hxxp://x.bidswitch.net/sync?ssp=switchconcepts | |
| hxxp://e6603.g.akamaiedge.net/AdServer/js/syncuppixels.html?p=37855 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/lg.php?bannerid=187&campaignid=101&zoneid=67&loc=1&referer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&cb=7a9ccd71c4&tc=1385807919.4663 | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/v2/cexposer/SIG=12t6uitnj/*http://ad.yieldmanager.com/get-user-id?ver=2&s=3628118&ts=1385807919&sig=4487360e9bc7620c | |
| hxxp://x.bidswitch.net/ul_cb/sync?ssp=switchconcepts | |
| hxxp://e6603.g.akamaiedge.net/AdServer/js/showad.js | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/get-user-id?ver=2&s=3628118&ts=1385807919&sig=4487360e9bc7620c&SIG=10vbvnn6j;x-cookie=p8v2rp999wt1s&o=3&f=4b | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=mPrayog4VL5aC01gpskqW2x9d7Soa85-pyfxTM7JYxV8N0-uLkdfd7U_eLP1K_YGzT8Hgx0f7oZOarq-plMGsCpnZi-7HNSrwlheFw_nXHQSvS67clxERVC1J3lldd1py2ftlmRXRW-i-W_ah0RjxGRgi3J75NXiVPNAVBtKToqQPTWhZe3w26lmEJrx82Zkxn4gsi8WJe_28nZdGGDMF7cNJeKTF0Wb_FenoMpc8Z_aLsKNommHIznmsL3wxquG0PvGAchYqaath45k28lfqLXFaCh4DizAp0_v5I_ZQRY=&l=qaHfBGVDEV3dyqo6zJSr2br2d6tyTnV3WDJ33WIOVmeM-6fqW485DKAsJDEeyispRZUytPJ6KdCtf2FbsrkHf4uOjj0_x-RlyQ-NbkbZ0EIlD-qGB4ltuhsL7Wkzo6o3wCmBctvNATrVXl9JLzOjhzGUqfgApPbILZiJzHCoXLWnhYBs-uUTlrzJLf3KNh-he-PfFkedMjG-3xzorPTvPvfOGbQH4ZxUZGBwymMDHfl7l14RxPT8ji2F9V1J6aHg7_pc-7u-4YczZbJe0dlImQFvEfgpb7YyiPdX_TKPHuRr6QkH88z7-ZslLpz5ilqOpDhxuK83f1RWV0a6kqWCIQ== | |
| hxxp://79545.15139.0.alienspotting.com/rw/ABABiFHgqflAZa1VmIUxwMlK3Slk0WgdLpafQG75P6CPq7Lb4mOz8dXKhFkSNFB4pOKy4pqdATXqEJ_A4l4aNZZyH48lm64BAshd_uxuDuSq9P_Rd9ZIfX2Q__8U4VADuNykhmmq4zAX_DMU0lyHn_xm8fHu3D3_05tzQG-p9VCwOO_koD16qwHV1pNHdIe9-d7Ntt5E9rlU9aCmfBR86q94VT4XpJySZul4my16faHRv6_Ul2_YHP38LPVeF8uxVPivHaQHp8x17b-T69sgxMXtbthhAP2wupl5hCZt2BodhMtVKVUbNbPvhdFNRYOaneYURCxxVkTy46QAmuBPIKa6raR8_NIfVUUDiJRnvX1rZNsVE8FzDaqsJud5PSoWLcqcDGuJWd04k8pJC8_U203vVSE3Dm77imK4a5SCUTQa1VZT_GH8Bhx07yvq7K4xxUZBV3ny-AJh2id_K4g6TrLiglCR4BkfWNh7ECQJhCTukyeOrdxEhqF9GztLITop9zaw_0ifYfk0BHMskf9HKrxheGMp7E33G-AppdCNiMeh2FrA | |
| hxxp://dart.l.doubleclick.net/N4916/adj/tc.redux/507746;lineitemid=61602203;sz=728x90;click=hxxp://nym1.mobile.adnxs.com/click?GTkLe9oRHEAZOQt72hEcQAAAAAAAAPA_GTkLe9oRHEAZOQt72hEcQN2f_n6J2Z8XoN5DbVXXaSgvwJlSAAAAAMFfHABGAQAARgEAAAIAAAAxW4QApaoEAAAAAQBVU0QAVVNEANgCWgCRLgAA4q8AAgQCAQIAAIoAoh5R4gAAAAA./cnd=!JgbeOAjg8HkQsbaRBBil1RIgBA../referrer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501/clickenc=;ord=1385807919? | |
| hxxp://a1961.g.akamai.net/ANX_async_usersync.js | |
| hxxp://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://delivery.swid.switchads.com/adserver/info.php?action=retrieve&callback=http://delivery.tmnpartners.com/adserver/info.php |  |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/iframe3?Ak1oCVZcNwCKQFABAAAAANnLZQAAAAAAAgAAAAYAAAAAAP8AAAAHBtDvYwAAAAAA05ZVAAAAAACJt34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfYxQAAAAAAAIAAwAAgD8A33GKjuTyjz.fcYqO5PKPPzq0yHa-n5o.OrTIdr6fmj97FK5H4XqkP3sUrkfheqQ.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr6TiDi3n94ZTpMtdHfi.ti5kAE3JI5j3AAAAAA==,,http://diyfashion.com/scoopstips/todays-obsession-hms-conscious-exclusive-collection-43477?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501,B=10&H=http%3A%2F%2Fdiyfashion.com%2Fscoopstips%2Ftodays-obsession-hms-conscious-exclusive-collection-43477%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501&M=4&Z=728x90&_cbv=337586566&_msd=1&_salt=0&_xcf=0&anmember=324&anprice=&r=1&rmxbkn=0&s=3628118,932623f2-59ab-11e3-86a4-b7194b0f1d78,1385807919427 | |
| hxxp://dh31mamiqa6c5.cloudfront.net/themes/movieroomreviews/mrr_new_logo.png | |
| hxxp://cs107.wac.edgecastcdn.net/widgets.js | |
| hxxp://m.xp1.ru4.com/meta?_o=179638&_t=cmcont&ssv_ptnr=pm | |
| hxxp://www.blastro.com/r2.php?id=314788295&filename=guinevereranformylife&keywords=12076&rolloverAudio=true&startMuted=true&useLargeMute=true&utm_source=2109&utm_content=$(clickid)&utm_campaign=451276&utm_term=credit debt management services&subid=79545-15139&clickid=3D5BC107-B1A0-4873-BD84-6EFDA03281D8&refurl=hxxp://papaleo.info/?q=credit debt management services | |
| hxxp://pagead.l.doubleclick.net/pagead/js/lidar.js | |
| hxxp://pagead.l.doubleclick.net/simgad/4308618086844485973 | |
| hxxp://dh31mamiqa6c5.cloudfront.net/sites/movieroomreviews.com/files/imagecache/100x145_movie_pictures/profile_images/the-perks-of-being-a-wallflower-movie-image.jpg | |
| hxxp://ln-image4.pubmatic.com/AdServer/SPug?partnerID=37855 | |
| hxxp://delivery.tmnpartners.com/adserver/info.php?action=store_local&info= | |
| hxxp://dh31mamiqa6c5.cloudfront.net/themes/movieroomreviews/images/sprites_1py_v1.png | |
| hxxp://dh31mamiqa6c5.cloudfront.net/themes/movieroomreviews/images/sprites_y_v1.png | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=70&charset=UTF-8&cb=37554386259&charset=UTF-8&loc=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://delivery.tmnpartners.com/adserver/dsy.php?from=http://delivery.tmnpartners.com/adserver&oaid=62d034382c01fafd208c9dbf6a0f179d&store=1&status=1 | |
| hxxp://ib.anycast.adnxs.com/ttj?id=1859511&cb=[CACHEBUSTER] | |
| hxxp://ib.anycast.adnxs.com/setuid?entity=11&code=NC-00000007829963148 | |
| hxxp://r.openx.net.akadns.net/set?pid=c4b194ba-c3f6-46d9-cc9e-de385e960a3a&rtb=NC-00000007829963148 | |
| hxxp://image2.pubmatic.com/AdServer/Pug?vcode=bz0yJnR5cGU9MSZjb2RlPTQ0NSZ0bD0xMjk2MDA=&piggybackCookie=NC-00000007829963148 | |
| hxxp://star.c10r.facebook.com/fr/u.php?p=429837887066539&m=NC-00000007829963148 |  |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/cms/v1?esig=1~2d97df699a7e7052e00c7ee2bae6d00adbed961b&nwid=10000357068&sigv=1 | |
| hxxp://s.twitter.com/i/adsct?p_user_id=NC-00000007829963148&p_id=39232 | |
| hxxp://p-aws-oregon-tag-01-1110002569.us-west-2.elb.amazonaws.com/e/XPlusOne_sync.xgi?na_exid=NC-00000007829963148 | |
| hxxp://96.31.89.133/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/8 | |
| hxxp://www.blastro.com/r2.php?q=http://www.blastro.com/player/djkhaledimsohood.html#mediaplayer&t=2&id=314788295&c=f | |
| hxxp://tags.wdc.bluekai.com/site/2751?id=NC-00000007829963148 | |
| hxxp://adadvisor.net/adscores/g.pixel?sid=9297587126&xid=NC-00000007829963148 | |
| hxxp://idsync-ext.rlcdn.com/85332.gif?partner_uid=NC-00000007829963148 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/lg.php?bannerid=186&campaignid=101&zoneid=70&loc=1&referer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&cb=954fdb74d3&tc=1385807920.7215 | |
| hxxp://ib.anycast.adnxs.com/getuid?http://delivery.tmnpartners.com/adserver/dsy.php?idx=880bdf2&ret=$UID&override=0&store=1&status=1&from=http://delivery.tmnpartners.com/adserver&swid=62d034382c01fafd208c9dbf6a0f179d | |
| hxxp://a957.g.akamai.net/wrapper/aceUAC.js | |
| hxxp://p-aws-oregon-tag-01-1110002569.us-west-2.elb.amazonaws.com/e/xrefid.xgi?na_exid=NC-00000007829963148&na_pid=2105 | |
| hxxp://idsync-ext.rlcdn.com/85332.gif?redirect=1&rl=72b6c94279fc986323a3eefcc2f9b2772e77b84e8575d5118030fcb71ca2a23f815e976a1799d4dd | |
| hxxp://m.xp1.ru4.com/meta?_o=65121&_t=tg&ssv_tg_1=&ssv_tg_2=&ssv_tg_3=000&ssv_tg_4=&ssv_duid=&ssv_tg_5=0&ssv_tg_6=0&ssv_tg_7=0&ssv_tg_8=k23-0,k24-0,k25-0,k26-0,k28-0,k29-0,k30-0,k31-0,k32-0,k33-0,k34-0,k35-0,k36-0,k37-0,k38-0,k39-0,k40-0,k41-0,k42-0 | |
| hxxp://m.xp1.ru4.com/cx?_o=197240&look=xid&xid=VRpJaq5NRkcxqhGG55HvXvuA | |
| hxxp://m.xp1.ru4.com/activity?_o=62795&_t=cm_ox_pre | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=4_Wsm-QnJpECu6cKyhyRCXCSfgdulkNnQZEXWacaiMi-giottCy77abp7sz7vLh02iJIoK9TSFMIPV9RqVoWbBnHXNlAayHXY3ggr9JO9fhJF7JpMJKgmvP4uukim74Niw6cmBcWMQJn3MqAEK8IeIRhien1WKhTbvHMQRPRctXco7cMoXevBtT4WMp987x9UGFymZn0CQNOaVSzXmoSCj7a3XCfzBlAWLPDdv_L7kvozfCSzUZAr0G7WusxH3sA3HkyWMo2pKTbZkWXKRvSJQJhjvIDgLE6-f_8glk6pMM=&l=7ke6iQOgBUvnfJWTXegU6uR9L6B_fXG2BcKiUJdhkVjiwV6BHxOSdaluWjU6ME4HtZgv1Ze1LQZ_QUEjt-32_SsczSi6KWqwG1MzjqwgZ1Kj0q-NShOPrptDnLV0thHBXQztZaovZHJBkuhlinXaDLStb5vvTU_117-JJ9joMHB_1RgDmginO_Ug-KuR21vGTCdzFDUSOpKcpoXF1_E5-Yv4qO7X9BgLrWVcWMWtw5go1uPK3J0Uil1aRcY7kGOmg9c1pHK8_WOZc0rFcVREFE5iyxW8uKmpUGvppcV9kfprCGwpIXYzFkhUggRicvr5CaoAMEgMsjxpfgkiHN9GbQ== | |
| hxxp://stats.l.doubleclick.net/__utm.gif?utmwv=5.4.6dc&utms=2&utmn=798433618&utmhn=diyfashion.com&utmcs=utf-8&utmsr=1024x768&utmvp=1024x721&utmsc=32-bit&utmul=en-us&utmje=0&utmfl=11.6 r602&utmdt=Sole Society Debuts Handbags, Readies Jewelry Launch | www.diyfashion.com&utmhid=2137833953&utmr=http://26501.t.c.adlinker.net/&utmp=/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&utmht=1385791201044&utmac=UA-9186630-3&utmcc=__utma=260063768.345204654.1385791198.1385791198.1385791198.1;+__utmz=260063768.1385791198.1.1.utmcsr=26501|utmccn=clickpayz_26501|utmcmd=cpc;&utmu=q~ | |
| hxxp://delivery.tmnpartners.com/adserver/dsy.php?idx=880bdf2&ret=2912095395977092768&override=0&store=1&status=1&from=hxxp://delivery.tmnpartners.com/adserver&swid=62d034382c01fafd208c9dbf6a0f179d | |
| hxxp://www.blastro.com/r2.php?q=http://www.blastro.com/player/djkhaledimsohood.html#mediaplayer&t=3&id=314788295&c=f | |
| hxxp://r.openx.net.akadns.net/set?pid=c4b194ba-c3f6-46d9-cc9e-de385e960a3a&rtb=NC-00000007829963148&r=http://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=ox&ssv_u=NC-00000007829963148 | |
| hxxp://tc1-nj.map.dynectmedia6degrees.com/orbserv/hbpix?pixId=4845 | |
| hxxp://dart.l.doubleclick.net/N4916/adj/tc.redux/507746;lineitemid=65276454;sz=300x250;click=hxxp://nym1.mobile.adnxs.com/click?OfJAZJGmA0A58kBkkaYDQAAAAAAAAPA_OfJAZJGmA0A58kBkkaYDQIk5-1y4Xx8loN5DbVXXaSgxwJlSAAAAALdfHABGAQAARgEAAAIAAACyxaIApaoEAAAAAQBVU0QAVVNEACwB-gBtMgAAIawAAgQCAQIAAIoAviFPdQAAAAA./cnd=!bAV6MQiGoJcBELKLiwUYpdUSIAQ./referrer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501/clickenc=;ord=1385807921? | |
| hxxp://cdn.xplusone.com.c.footprint.net/images/pixel.gif | |
| hxxp://w27.b.cap-mii.net/ping_match.gif?ei=OPENX&rurl=http://r.openx.net/set?pid=6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed&rtb=_wfivefivec_ | |
| hxxp://a1294.w20.akamai.net/b?c1=2&c2=8210620&c3=&c4=&ns__t=1385791201747&ns_c=windows-1252&c8=Sole Society Debuts Handbags, Readies Jewelry Launch | www.diyfashion.com&c7=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&c9=http://26501.t.c.adlinker.net/ | |
| hxxp://adnproxy.bluefinmediasites.com/www/delivery/ajs.php?zoneid=10&target=_top&cb=37459013186&charset=utf-8&loc=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://ewr-ad-lb1.rfihub.com/cm?in=1&pub=25 | |
| hxxp://sjc03-usadmm.dotomi.com/dmm/openx2/match | |
| hxxp://m.xp1.ru4.com/meta?_o=179638&_t=dm&ssv_p=ox&ssv_u=NC-00000007829963148 | |
| hxxp://r.openx.net.akadns.net/set?pid=6f983c5f-b90f-c87c-2ba9-c74bb1f0f9ed&rtb=a39e95cf-964e-47d6-9590-1a0e7955665f | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=77&charset=UTF-8&cb=57993878077&charset=UTF-8&loc=http://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://nw-ads.gslb.ace.advertising.com.adcom.akadns.net/site=825414/size=728090/u=2/bnum=15105670/wkhr=152/hr=8/hl=1/scres=4/swh=1024x768/tile=1/f=2/r=1/optn=1/kvismob=2/fv=11/aolexp=0/dref=http%3A%2F%2Fdiyfashion.com%2Fscoopstips%2Ftodays-obsession-hms-conscious-exclusive-collection-43477%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501 | |
| hxxp://tc1-nj.map.dynectmedia6degrees.com/orbserv/hbpix?pixId=4845&cckz=true | |
| hxxp://96.31.89.133/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/7 | |
| hxxp://diyfashion.com/2013/03/15/matthew-mcconaughey-back-in-shape-for-detective-show/?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://voken.eyereturn.com/?663667&click=hxxp://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAV9-MsCZUqTABs7HwQHimIHwA-28_5sEAAAQASAAUNTp1hBg_eiigfADggEXY2EtcHViLTkyMTcyMDI0NjQ1OTMxNzbIAQmpApf-DBnJna8-4AIAqAMBqgSnAU_QA2OE8ORV69mXcUiui4rOiBz6_CaTZLArrcqvVYwIXrg_fpjETgVjzT9bP7GQudvOpFEfibQOOOGszoZVeEnERa_Ml-lJu5iVYxRdYY7jN9D0icdquf-YpZBtLP38PdJ9WOURc_0xh4sRbKYev365UqknTXkZfFDckw87jRrB7kdQNIHOrO7Qv3FMSfJB4dgy19dExW0yNGTlw86W9a2UbldCqq3u4AQBoAYW%26num%3D0%26sig%3DAOD64_0mizF9YkKNGpMpJjWdZkQpe8P_cw%26client%3Dca-pub-9217202464593176%26adurl%3Dhxxp://nym1.mobile.adnxs.com/click%253FOfJAZJGmA0A58kBkkaYDQAAAAAAAAPA_OfJAZJGmA0A58kBkkaYDQIk5-1y4Xx8loN5DbVXXaSgxwJlSAAAAALdfHABGAQAARgEAAAIAAACyxaIApaoEAAAAAQBVU0QAVVNEACwB-gBtMgAAIawAAgQCAQIAAIoAviFPdQAAAAA./cnd%253D%252521bAV6MQiGoJcBELKLiwUYpdUSIAQ./referrer%253Dhttp%25253A%25252F%25252Fmovieroomreviews.com%25252Femma-watson%25252Femma-watsons-hermione-concerns-106492%25253Futm_source%25253D26501%252526utm_medium%25253Dcpc%252526utm_campaign%25253Dclickpayz_26501/clickenc%253D¶ms=97017676 | |
| hxxp://s3-1-w.amazonaws.com/pixel.gif | |
| hxxp://a1015.g.akamai.net/AdServer/usersync/usersync.html?predirect=http://delivery.tmnpartners.com/adserver/dsy.php?idx=c7c54bb&ret=[PUBUSERID]&override=0&store=1&status=1&from=http://delivery.tmnpartners.com/adserver&swid=62d034382c01fafd208c9dbf6a0f179d&userIdMacro=[PUBUSERID] | |
| hxxp://nw-ads.gslb.ace.advertising.com.adcom.akadns.net/ctst=1/site=825414/size=728090/u=2/bnum=15105670/wkhr=152/hr=8/hl=1/scres=4/swh=1024x768/tile=1/f=2/r=1/optn=1/kvismob=2/fv=11/aolexp=0/dref=http%3A%2F%2Fdiyfashion.com%2Fscoopstips%2Ftodays-obsession-hms-conscious-exclusive-collection-43477%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501 | |
| hxxp://voken.eyereturn.com/pb/get?663667&click=hxxp://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCAV9-MsCZUqTABs7HwQHimIHwA-28_5sEAAAQASAAUNTp1hBg_eiigfADggEXY2EtcHViLTkyMTcyMDI0NjQ1OTMxNzbIAQmpApf-DBnJna8-4AIAqAMBqgSnAU_QA2OE8ORV69mXcUiui4rOiBz6_CaTZLArrcqvVYwIXrg_fpjETgVjzT9bP7GQudvOpFEfibQOOOGszoZVeEnERa_Ml-lJu5iVYxRdYY7jN9D0icdquf-YpZBtLP38PdJ9WOURc_0xh4sRbKYev365UqknTXkZfFDckw87jRrB7kdQNIHOrO7Qv3FMSfJB4dgy19dExW0yNGTlw86W9a2UbldCqq3u4AQBoAYW%26num%3D0%26sig%3DAOD64_0mizF9YkKNGpMpJjWdZkQpe8P_cw%26client%3Dca-pub-9217202464593176%26adurl%3Dhxxp://nym1.mobile.adnxs.com/click%253FOfJAZJGmA0A58kBkkaYDQAAAAAAAAPA_OfJAZJGmA0A58kBkkaYDQIk5-1y4Xx8loN5DbVXXaSgxwJlSAAAAALdfHABGAQAARgEAAAIAAACyxaIApaoEAAAAAQBVU0QAVVNEACwB-gBtMgAAIawAAgQCAQIAAIoAviFPdQAAAAA./cnd%253D%252521bAV6MQiGoJcBELKLiwUYpdUSIAQ./referrer%253Dhttp%25253A%25252F%25252Fmovieroomreviews.com%25252Femma-watson%25252Femma-watsons-hermione-concerns-106492%25253Futm_source%25253D26501%252526utm_medium%25253Dcpc%252526utm_campaign%25253Dclickpayz_26501/clickenc%253D¶ms=97017676 | |
| hxxp://r.openx.net.akadns.net/set?pid=2076250f-92c2-4ecd-9043-cc63ee6c4577&rtb=981503243995286812 | |
| hxxp://r.openx.net.akadns.net/set?pid=1c6323e9-0811-5464-3af4-c00f47248395&rtb=dhk0glvyif3w | |
| hxxp://ym.adnxs.com/st?ad_type=ad&ad_size=728x90§ion=3628114&pub_url=${PUB_URL} | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/ri?df=c&ts=1fHNpZD05NDA1fHJhaWQ9NDU2MTRjNWMtMWViNS00OGU3LTkyYmYtMDUzN2U5ZTM1OGQwfGF1aWQ9MTEyODc1fGx3PTE0NDF8dXI9Rzh0d1FJVE5HZHxhcz03Mjh4OTB8cGlkPTEyMzM2fGFpZD02MzI3NDh8cHViPTQxMjV8bGlkPTM2NDYyM3xhdW09RE1JRC5XRUJ8dD00fHJpZD01Y2I5OTE2NS04MTI1LTRmMjEtYTc2My0xYjA2ZjM0NzU1ZmN8b2lkPTEwMzk1MHxibT1CVVlJTkcuTk9OR1VBUkFOVEVFRHxwPTIwMHxwYz1VU0R8YWM9VVNEfHBtPVBSSUNJTkcuQ1BNfHNzaWQ9MTAxMjl8bGM9MnxydD0xMzg1ODA3OTE5fHByPTIwMHxhZHY9MjI4Njc | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=L-g-02VyqFJl_1ALO3rEw_MKaOg4dW0H07HjNqj9DeX_4et5u-huYIgOgVYjy-2tJ8ooMsXaYrmu1VuXBaLFEd2RvnBfFboSBvaSAsA1hNmUoYhqiXYEu4VcdlXpgPqEnMJ-r7m0M6bqzCqgLk0D9p56W16bmuGbYHftKw1BpnmQqC-NxD7eJTCztfl4cVC4hIWbMK3OJbZNtVKB-hZ32LXiigIata8dRR1pwwnR3F-MVrOQimP35CmNnPHQa8kaYsklU8eczaOIpBYdCiHz3HVPWa2bfPF7RiAXf6cMH5Q=&l=fFyYpT01GbcvbqFMW6QGlhaBpZ_W2USE3XuU40WcdoHwDDQ7yKQEXwjKEAGV2LI7loqyb6CV8r1gmUshdIuLclRag5RU5WJtqL5M9WPru08ERF7YjGvmBn0P22vbtyEusYh6tTlv9xN6AjcZ6VUuc75w9E9ksVQigH2uOhY5h4ffD0NKtTFg1PeWH42L7_3IAMFh-XOkTPDtzstv3Xr76PguOeaU3DALCW8XjOiZiP15ucaoLXLEODuxo0dAzxMRh_Myn2Dfl7kLaj7OsJ_a6CBwGe93VqTMrBso5JC2e8Q0Sh6MdPzwCeVTJabdZxzRm2jqbu8iRRjYLWO52pEkkw== | |
| hxxp://diyfashion.com/2013/03/15/matthew-mcconaughey-back-in-shape-for-detective-show/ | |
| hxxp://sjc03-usadmm.dotomi.com/dmm/openx2/match?fpc=2436&pnid=15900&trid=174302072230925141&fpctok=1 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=76&charset=UTF-8&cb=44330820524&charset=UTF-8&loc=http://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://ib.anycast.adnxs.com/ttj?id=1344459&cb=[CACHEBUSTER] | |
| hxxp://ib.anycast.adnxs.com/ptj?member=324&size=728x90&inv_code=3628114&referrer=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&redir=http://ad.yieldmanager.com/st?anmember=324&anprice={PRICEBUCKET}&ad_type=ad&ad_size=728x90§ion=3628114&pub_url=${PUB_URL} | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/st?anmember=324&anprice=&ad_type=ad&ad_size=728x90§ion=3628114&pub_url=${PUB_URL} | |
| hxxp://delivery.tmnpartners.com/adserver/dsy.php?idx=c7c54bb&ret=00CA931A-AD93-4C27-BBDF-D3011447D0B2&override=0&store=1&status=1&from=hxxp://delivery.tmnpartners.com/adserver&swid=62d034382c01fafd208c9dbf6a0f179d | |
| hxxp://diyfashion.com/swimwear/surfs-dvf-x-roxy-here-42968?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://pagead.l.doubleclick.net/pixel?google_nid=eyereturn&g=0A36111B-33C9-A8BB-EDEC-272A4588997C&google_cm | |
| hxxp://96.31.89.133/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/6 | |
| hxxp://e8419.g.akamaiedge.net/14379/static_container_300x250_v1.swf | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/st?anmember=324&anprice=&ad_type=ad&ad_size=728x90§ion=3628114&pub_url=${PUB_URL}&_msd=1&_xcf=1&_exv=MqeEij5hx8XA7wRLPC5WVqOTkBwIzeywvUIEMCUF7DO4&_msig=10s5skeec&rmxbkn=0&_cbv=227951106 | |
| hxxp://diyfashion.com/wp-content/plugins/youtube-embed/css/main.min.css?ver=3.6.1 | |
| hxxp://a1961.g.akamai.net/p/1c/5d/08/93/1c5d089331f69ac3b906bc529a697766.swf | |
| hxxp://voken.eyereturn.com/pix?660445 | |
| hxxp://diyfashion.com/wp-content/themes/ecomag/userstyle.php?ver=3.6.1 | |
| hxxp://cm.eyedemand.com/ggl/?id=&g=0A36111B-33C9-A8BB-EDEC-272A4588997C&google_gid=CAESEAB1zd1Q-UiKyHcdY_iPneA&google_cver=1 | |
| hxxp://a1961.g.akamai.net/p/1c/5d/08/93/1c5d089331f69ac3b906bc529a697766.swf?clickTag=http://nym1.mobile.adnxs.com/click?SRbjr3xJxj-LbOf7qfHCP4ts5_up8cI_F-JH614d0T-yvoHJjSLUPwGt96Wgk5B5oN5DbVXXaSgywJlSAAAAAMuDFABGAQAATQIAAAIAAABjC6MAdmsCAAAAAQBVU0QAVVNEANgCWgC5XQAA75UAAgUCAQIAAIYASysoTwAAAAA./cnd=%21QgbtOQiS6JcBEOOWjAUY9tYJIAA./referrer=http%3A%2F%2Fads.yahoo.com%2Fiframe3%3FAk1oCVZcNwCKQFABAAAAANnLZQAAAAAAAgAAAAYAAAAAAP8AAAAHBtDvYwAAAAAA05ZVAAAAAACJt34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfYxQAAAAAAAIAAwAAgD8A33GKjuTyjz.fcYqO5PKPPzq0yHa-n5o.OrTIdr6fmj97FK5H4XqkP3sUrkfheqQ.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAr6TiDi3n94ZTpMtdHfi.ti5kAE3JI5j3AAAAAA%3D%3D%2C%2Chttp%253A%252F%252Fdiyfashion.com%252Fscoopstips%252Ftodays-obsession-hms-conscious-exclusive-collection-43477%253Futm_source%253D26501%2526utm_medium%253Dcpc%2526utm_campaign%253Dclickpayz_26501%2CB%253D10%2526H%253Dhttp%25253A%25252F%25252Fdiyfashion.com%25252Fscoopstips%25252Ftodays-obsession-hms-conscious-exclusive-collection-43477%25253Futm_source%25253D26501%252526utm_medium%25253Dcpc%252526utm_campaign%25253Dclickpayz_26501%2526M%253D4%2526Z%253D728x90%2526_cbv%253D337586566%2526_msd%253D1%2526_salt%253D0%2526_xcf%253D0%2526anmember%253D324%2526anprice%253D%2526r%253D1%2526rmxbkn%253D0%2526s%253D3628118%2C932623f2-59ab-11e3-86a4-b | |
| hxxp://googleapis.l.google.com/ajax/libs/jquery/1.10.2/jquery.min.js | |
| hxxp://ib.anycast.adnxs.com/getuid?hxxp://cm.eyedemand.com/appnxs/?adnxs_uid=$UID&g=0A36111B-33C9-A8BB-EDEC-272A4588997C | |
| hxxp://diyfashion.com/wp-content/themes/ecomag/style.css | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=BsAqQ0FeaYz7sSGvc_0UxVx3U8SsAa07bRnFSmU9QpQ9sncgsdCcHQSO2YsmiBpewn4xlckCzVmLVs36zlkVh-kPeWYw4hotnkCZil7HHYaDVpUWn1wHRqLPsin0N_zN7jko1BFiVf9B9oIH5G9ujaKgBv7CoLRl_QhFOqvRqYulQqIO6wtPPZYUE5ZXvWOoGCdwNEia1MFWvYs0I4HR3nub3JdiAMjYB-XwlBSJkS7EGFsmZM418Viukl90ITa1PRpUtWAjLvttTsGFC2teqt4gUF4p0Swn1Win-6SdJfo=&l=qU7MI3i7MnSn2W_Jw4eRQBV-4mC5JJPv_Mi3SRko0EkoEZ3DnibFHzqisUWqRKjfQ8VVTDKWuh6-jcYqL9WrxLBnO3Ha6Fp2G2HQFgl620NdoS0OWhq-KMKyA2fxklP_x6sJL65X0uppe7dRBJeS9xMgM1dLGIvK09MArT4n8pww92jCWh4bsOTO9SmN2xneDhPG9zk4nqvqDUT9_AuBlzQGwpXS3QfgnjpP3RJt1acF2ddLYjU3n8Dn0yqdp8lMdRvVIdtdSeM0Xel5AAqo6k_S0SOIpQxmjcc9WRKOGqtQzailJOyzxMJXmMMCnewMby4vFQJKJ685qF__tXo6ug== | |
| hxxp://diyfashion.com/wp-includes/css/editor.min.css?ver=3.6.1 | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=67&charset=UTF-8&cb=98914191533&charset=UTF-8&loc=http://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://www.blastro.com/player/djkhaledimsohood.html | |
| hxxp://diyfashion.com/scoopstips/10-dresses-make-you-look-10-pounds-lighter-without-counting-calories-41248?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://cm.eyedemand.com/appnxs/?adnxs_uid=2912095395977092768&g=0A36111B-33C9-A8BB-EDEC-272A4588997C | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/imp?_cbv=227951106&_exv=MqeEij5hx8XA7wRLPC5WVqOTkBwIzeywvUIEMCUF7DO4&_msd=1&_msig=10s5skeec&_xcf=1&Z=728x90&anmember=324&anprice=&rmxbkn=0&s=3628114&_salt=0&B=10&H=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&u=http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&M=4&r=1 | |
| hxxp://e8419.g.akamaiedge.net/14379/a13h12-blackfriday-300x250-en_v1.jpg | |
| hxxp://www.blastro.com/detector/djkhaledimsohood.html | |
| hxxp://ums-sb-ec.adtechus.com/mapuser?providerid=1026;userid=0A36111B-33C9-A8BB-EDEC-272A4588997C | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/ajs.php?zoneid=72&charset=UTF-8&cb=13382554098&charset=UTF-8&loc=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&tzo=-120&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/lg.php?bannerid=187&campaignid=101&zoneid=67&loc=1&referer=http://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&cb=aca1dfca5c&tc=1385807923.4196 | |
| hxxp://ums-sb-ec.adtechus.com/mapuser?providerid=1026;userid=0A36111B-33C9-A8BB-EDEC-272A4588997C&cfp | |
| hxxp://diyfashion.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 | |
| hxxp://ds-any-world.ngd.ysm.yahoodns.net/iframe3?Ak1oCVJcNwCKQFABAAAAANnLZQAAAAAAAAAAAAYAAAAAAAAAAQAHBtDvYwAAAAAA5pYzAAAAAACJt34AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABfYxQAAAAAAAIAAwAAgD8Akst.SL99jT-Sy39Iv32NP.p-arx0k5g.-n5qvHSTmD97FK5H4XqkP3sUrkfheqQ.AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAs6TiDiUVqCMxMMVMYbA67b0i9btLlBKRAAAAAA==,,http://diyfashion.com/handbags/sole-society-debuts-handbags-readies-jewelry-launch-43356?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501,B=10&H=http%3A%2F%2Fdiyfashion.com%2Fhandbags%2Fsole-society-debuts-handbags-readies-jewelry-launch-43356%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501&M=4&Z=728x90&_cbv=227951106&_exv=MqeEij5hx8XA7wRLPC5WVqOTkBwIzeywvUIEMCUF7DO4&_msd=1&_msig=10s5skeec&_salt=0&_xcf=1&anmember=324&anprice=&r=1&rmxbkn=0&s=3628114,95ccfbd0-59ab-11e3-b354-336f8458d630,1385807923876 | |
| hxxp://diyfashion.com/wp-content/themes/ecomag/eco.js?ver=3.6.1 | |
| hxxp://96-31-89-133.static.hvvc.us/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/4 | |
| hxxp://dart.l.doubleclick.net/N4916/adj/tc.redux/507746;lineitemid=65276454;sz=728x90;click=hxxp://nym1.mobile.adnxs.com/click?gzEiUWhZ7z-DMSJRaFnvPwAAAAAAAPA_gzEiUWhZ7z-DMSJRaFnvP7EQUp4d7csQoN5DbVXXaSgzwJlSAAAAAMFfHABGAQAARgEAAAIAAADKxaIApaoEAAAAAQBVU0QAVVNEANgCWgCRLgAAi6UAAgQCAQIAAIoAyCEPMQAAAAA./cnd=!hAVqMgiGoJcBEMqLiwUYpdUSIAQ./referrer=http://movieroomreviews.com/colin-firth/colin-firth-wants-kings-speech-sequel-106269?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501/clickenc=;ord=1385807923? | |
| hxxp://ib.anycast.adnxs.com/ttj?id=1859510&cb=[CACHEBUSTER] | |
| hxxp://delivery.tmnpartners.com/adserver/dsy.php?from=http://delivery.tmnpartners.com/adserver&oaid=62d034382c01fafd208c9dbf6a0f179d&swid=62d034382c01fafd208c9dbf6a0f179d&store=1&status=1 | |
| hxxp://www.google.com/jsapi | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=niSAowcjSAg7ZKH2TNPSMl_qcjl89CLtCodIMzdC59AJA9oRk44kNaonYkvvboWoF0IaBxmw9UA4JDHUbXH-pepql7qFur-tBBB_q3JcENW-3gxwcekFWti9DaUhQSwGvUxFpD9t-S5knCqBz57LMe0sN2vXyLVGthGx24YuGNRePguDzFnLig4ywHICbQIxkScTiYJJP60-7g_m8MuuYpai6TINgorIPyaZKJEjmBscT-nOGQY5VFsapMXpFnOsSj30IdYFKgWj-KeRSdTWhT3suy69jlt1Q4ocfOskXwc=&l=EJ-X9hon7ZQWyvtifOgmQxymIS7o2TZ_8ctqo8sL78bAE1l7WMX0o9-FoPjXZKIxcIhTeQc8qxz03hunzOTdM1CTbg00dI7XU6CILPIOm4dmRTlk9lm0vA66Kt91c3Y1Fixxw74Z39iwRsD6ovbuFkzdBzt23c2sdtKhTTbpsE5g-NOKcGmlS7HP482Tgmy_EaiLNeU2D_aK1UrHM3n6fjH6vRef3LW8ZCnVCRyWOfMmcKSoF2r635uaO1OJ7IF15IW-o3xoK_UuGJx6g3Jn6dQBer5QDJ-z2NoXTrcafv7vwS2azCM5tP9e6eUcoCl9j_31NrRluU9zkEtJVuOZvg== | |
| hxxp://delivery.tmnpartners.com/adserver/www/delivery/lg.php?bannerid=185&campaignid=101&zoneid=72&loc=1&referer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&cb=787d8ca774&tc=1385807924.1239 | |
| hxxp://ib.anycast.adnxs.com/ttj?id=801748&cb=1385807923&pubclick=hxxp://ads.yahoo.com/clk?3,eJydjV1vgjAUhn8Nd3ShFFBCdlFkZDohIdGZemNKKdLJ12wZg18.nHPuem.OxXue8.FC5EHmMJTxPHUtmOUG9KBl0rnrsDSf64bneWjmGjPDdV2k4xNsFq8rFveLlyTEPr4ortf7BP8RudsEP.sq-CD9tbVbMl7dYqWQhf8vPyeft9AlxtP.YzDHbfS-e39a-r9rwQkSM65IlfTrzdYmu6WKNmEZDVBE49ZYb6JxmlpxsLX2ARmje8CjrhdKtRrCmhlOlYkhp7IQTf3AmmoCBa2zlB7lZGVTciAbJrgaQMbTTklwG4Mzp5ngErzxnpfnAZS0q1kBLIRsR0Nhp6qDbLoz4xoKTMc2oGY6F1jxTHTVBFnLfhCjVUvFsb7AUrBTS4fx8H3zBXB3i0w=, | |
| hxxp://googleapis.l.google.com/ajax/libs/swfobject/2.2/swfobject.js | |
| hxxp://voken.eyereturn.com/?663661&click=hxxp://adclick.g.doubleclick.net/aclk%3Fsa%3DL%26ai%3DCxDmWNMCZUuDWHszgwQGX3YGIAu28_5sEAAAQASAAUM7_pDZg_eiigfADggEXY2EtcHViLTkyMTcyMDI0NjQ1OTMxNzbIAQmpApf-DBnJna8-4AIAqAMBqgSuAU_Q1pwfVwtZCB60CBnhEkHK7GH_0tSv1x6ES0zPSloYpIlMAtCP51fKnjjK8A54RJ3YGjHVYYd7JqEaRoLNDvutjzLyGT5T7ZhXw5RaAi2TMLh525IBkIxiLxagpmu_f4HjkrOEirtj7L0KawoHt3ipT7tz-hsEXQkcsRv_6wyKjaiUXOtntxggHYiVMhW75SmgzetKgkbi3Rs5IwJLk1h9oyOK9mWQMGuXgTULL-AEAaAGFg%26num%3D0%26sig%3DAOD64_2DZGk15zVNWJspW3vd1Vabq8eO0w%26client%3Dca-pub-9217202464593176%26adurl%3Dhxxp://nym1.mobile.adnxs.com/click%253FgzEiUWhZ7z-DMSJRaFnvPwAAAAAAAPA_gzEiUWhZ7z-DMSJRaFnvP7EQUp4d7csQoN5DbVXXaSgzwJlSAAAAAMFfHABGAQAARgEAAAIAAADKxaIApaoEAAAAAQBVU0QAVVNEANgCWgCRLgAAi6UAAgQCAQIAAIoAyCEPMQAAAAA./cnd%253D%252521hAVqMgiGoJcBEMqLiwUYpdUSIAQ./referrer%253Dhttp%25253A%25252F%25252Fmovieroomreviews.com%25252Fcolin-firth%25252Fcolin-firth-wants-kings-speech-sequel-106269%25253Futm_source%25253D26501%252526utm_medium%25253Dcpc%252526utm_campaign%25253Dclickpayz_26501/clickenc%253D¶ms=943471037 | |
| hxxp://movieroomreviews.com/ed-helms/hangover-iii-be-shot-las-vegas-97700?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://a335.b.akamai.net/button/buttons.js | |
| hxxp://dart.l.doubleclick.net/adj/N5463.151757.EXCHANGELAB/B7954269.10;sz=160x600;pc=[TPAS_ID];ord=1385807924;click=hxxp://nym1.mobile.adnxs.com/click?lbTiGwof4z-mbvzDdRDdPwAAAAAAAPA_pm78w3UQ3T-WtOIbCh_jP_BPpvRJM1USoN5DbVXXaSg0wJlSAAAAALZfHABGAQAAZgcAAAIAAAC7waIApaoEAAAAAQBVU0QAVVNEAKAAWAJpMgAAsrYAAgUCAQIAAIoAhSXU3AAAAAA./cnd=!ngWjNAi0rpABELuDiwUYpdUSIAA./referrer=http://movieroomreviews.com/emma-watson/emma-watsons-hermione-concerns-106492?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501/clickenc=;? | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?o=6620519141&callback=OX_6620519141&ju=http://diyfashion.com/swimwear/surfs-dvf-x-roxy-here-42968?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://96-31-89-133.static.hvvc.us/d/9f9hqqy2/cfdcbae5850a518955a2465d08994caf/AA/3 | |
| hxxp://ne1.wac.v2cdn.net/blastro/images/blastro_activity.gif | |
| hxxp://prod30-brandtech-d.d.xx.openx.com.akadns.net/w/1.0/acj?o=951235900&callback=OX_951235900&ju=http://diyfashion.com/scoopstips/10-dresses-make-you-look-10-pounds-lighter-without-counting-calories-41248?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501&jr=http://26501.t.c.adlinker.net/&df=c&pgid=12336&c.area=fashion&res=1024x768x32&plg=&ch=utf-8&tz=-120 | |
| hxxp://c.t.c.adlinker.net/click/?s=0.0&a=tQ89EBW0Pa11xPLrzgyH1CtdPgTlsYYWoc-t1T5pZZoYpmo3gQ5vUNKn1dPyDXZZYWm7KyX_b2dieF2Y4MB_diZiABbY8su7rnMinOTd_CqPVGyC1FguxiQEdeWfDcoOrBVxde9BGnLFcT2oGYg8I6QIf4wNoY_thsaKzsnWRsdfnQ-pT4yxMZy3_f7WT8k9eLDWLAf1ir013woWoYxvy7AN-uZoM9ccFICypZmY4ri65d3l3H7FI5prtDyrc8z3lSq-MFNE9sOdtzbq-y3O5Tw370HAVZal-n79VtPiQE8=&l=2qHgZoUzVmMfD1Iz7xmzD6tUhK-MsCyX9WtPqMJAqTnSEGvDrndW-nj4MNDKUNVmKL_Piixcc6eTIEDN2--a6P3-nNj35NohJDtmfldPdiIRryfffJ0Rr3Ql1mP6QkPyPCJUWQyiiqd-yjjNldU-r7Kb4Qb3Dolvy5BbcC1e0X3XwWQD1o_VuPpPWeEhZAfLcY8gga6W8VUgNub_qyK8tEIlv_nA8wcMoPLGtjXpFR1LC2wX4Umh4IN6U3lE3jZ-wiELxgjruJaEO5Cjbs6WeigJGEAUQQqTWUnWoFh-npY4NB5xUub_Gd1DBKlfQ5KvwsYDsGMeyH4-533_5EbO-A== | |
| hxxp://dart.l.doubleclick.net/879366/flashwrite_1_2.js | |
| hxxp://ne1.wac.v2cdn.net/images/flashplayer/detect.swf | |
| hxxp://diyfashion.com/images/header_bg.jpg | |
| hxxp://nw-ads.gslb.ace.advertising.com.adcom.akadns.net/site=825414/size=728090/u=2/bnum=45229789/wkhr=152/hr=8/hl=1/scres=4/swh=1024x768/tile=1/f=2/r=1/optn=1/kvismob=2/fv=11/aolexp=0/dref=http%3A%2F%2Fdiyfashion.com%2Fhandbags%2Fsole-society-debuts-handbags-readies-jewelry-launch-43356%3Futm_source%3D26501%26utm_medium%3Dcpc%26utm_campaign%3Dclickpayz_26501 | |
| hxxp://diyfashion.com/images/logo.png | |
| hxxp://diyfashion.com/scoopstips/all-single-ladies-10-post-break-dresses-mean-sweet-revenge-43884?utm_source=26501&utm_medium=cpc&utm_campaign=clickpayz_26501 | |
| hxxp://plus.l.google.com/ga.js | |
| hxxp://dart.l.doubleclick.net/1924791/en_160x600_walmart_holiday_c07.swf | |
| hxxp://adnproxy.bluefinmediasites.com/www/delivery/ajs.php?zoneid=6&target=_top&cb=44742623977&charset=utf-8&loc=http://www.therisinghollywood.com/2013/03/15/matthew-mcconaughey-back-in-shape-for-detective-show/&referer=http://26501.t.c.adlinker.net/ | |
| hxxp://e8419.g.akamaiedge.net/14379/static_container_728x90_v1.swf | |
| hxxp://ne1.wac.v2cdn.net/images/bandwidth.jpg?ck=1385791205732 | |
| hxxp://newyear2014x.com/c/1094/5051/1385807904630_58595546707761/ | |
HOSTS file anomalies
No changes have been detected.
Rootkit activity
Using the driver "UNKNOWN" the Backdoor controls loading executable images into a memory by installing the Load image notifier.
The Backdoor intercepts DriverStartIO in a miniport driver of a hard drive controller (ATAPI) to handle request to its own files:
StartIo
Propagation
Remove it with Ad-Aware
- Click (here) to download and install Ad-Aware Free Antivirus.
- Update the definition files.
- Run a full scan of your computer.
Manual removal*
- Scan a system with an anti-rootkit tool.
- Terminate malicious process(es) (How to End a Process With the Task Manager):
wuauclt.exe:344
%original file name%.exe:2004 - Delete the original Backdoor file.
- Delete or disinfect the following files created/modified by the Backdoor:
%WinDir%\Temp\2.tmp (30 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.chk (100 bytes)
%WinDir%\SoftwareDistribution\DataStore\Logs\edb.log (3576 bytes)
%WinDir%\SoftwareDistribution\DataStore\DataStore.edb (100 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\jusched.log (347 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\1.tmp (673 bytes) - Clean the Temporary Internet Files folder, which may contain infected files (How to clean Temporary Internet Files folder).
- Reboot the computer.
*Manual removal may cause unexpected system behaviour and should be performed at your own risk.
