MD5: 3fadc54dc0f9a4e6af4b370749973ec3
SHA1: ec409d63f96d069d4e2c71bfe3e385ff7ca776b5
SHA256: 80178975d7083d2c08d89dfd6bb2433c927dfa870413af2a6088b61899683936
SSDeep: 24576:NCPVXLs6O0rex/olgdCbHWO6ACa430A8O:sPVXw6Ox/7obWOCX0PO
Size: 790473 bytes
File type: EXE
Platform: WIN32
Entropy: Packed
PEID: UPolyXv05_v6
Company: no certificate found
Created at: 2009-12-06 00:50:52
Analyzed on: WindowsXP SP3 32-bit

Summary:

Trojan. A program that appears to do one thing but actually does another (a.k.a. Trojan Horse).

Payload

No specific payload has been found.

Process activity

The Dropped creates the following process(es):

taskkill.exe:1724
taskkill.exe:276
tasklist.exe:1096
tasklist.exe:1268
tasklist.exe:1488
tasklist.exe:1480
tasklist.exe:1680
tasklist.exe:1564
tasklist.exe:1308
tasklist.exe:1648
tasklist.exe:1856
tasklist.exe:552
tasklist.exe:1552
tasklist.exe:1492
tasklist.exe:448
tasklist.exe:340
tasklist.exe:1584
tasklist.exe:1908
tasklist.exe:1756
tasklist.exe:1868
tasklist.exe:916
tasklist.exe:1740
logistician.exe:1144
39213.exe:1200
%original file name%.exe:420
6258142.exe:1616
find.exe:1140
find.exe:620
find.exe:1204
find.exe:452
find.exe:316
find.exe:1856
find.exe:404
find.exe:1652
find.exe:916
find.exe:1564
find.exe:936
find.exe:816
find.exe:2012
find.exe:1792
find.exe:228
find.exe:800
find.exe:1180
find.exe:1808
find.exe:1472
find.exe:1388
find.exe:500
find.exe:1668
find.exe:1664

The Dropped injects its code into the following process(es):

clubbing.exe:1300

Mutexes

The following mutexes were created/opened:
No objects were found.

File activity

The process logistician.exe:1144 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsd7.tmp\ExecCmd.dll (4 bytes)

The Dropped deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsg6.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsd7.tmp (0 bytes)

The process clubbing.exe:1300 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[4].xml (687 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\CAQ3CPUN.xml (765 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\page-3[2].htm (232 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\noad[1].xml (73 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\CAHGTYLE.xml (766 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\counter[2].js (1353 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\itd[1].htm (1118 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\CACDMNGP.xml (714 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[1].xml (694 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\CAT80PN2.xml (941 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\CA9T0L9B.xml (812 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[1].txt (173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\page-3[1].htm (18 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\syncnoad[5].xml (634 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sxx (1074 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\syncnoad[1].xml (616 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\lbg[1].png (200 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Cookies\index.dat (5444 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[1].xml (692 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\ivids.net\com.jeroenwijering.sxx (80 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\wau-widget[1].png (1 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[1].txt (556 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\CAZ9IYWO.xml (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\crossdomain[2].xml (130 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivids.net\settings.sxx (190 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\v[1].xml (654 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[6].xml (705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\CANCF8GX.xml (811 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[2].txt (809 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\syncnoad[2].xml (604 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[5].xml (804 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\CAO1QRSL.xml (759 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[3].xml (595 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[3].xml (575 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\collect[1].gif (35 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\player1[1].swf (19173 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\CAC214WV.xml (725 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\crossdomain[3].xml (144 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[2].txt (295 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\page-3[1].htm (833 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\logo[1].png (137 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\counter[1].js (392 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\CAOAGE3Y.xml (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\css1[1].css (25 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[4].xml (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\CA3GOQD6.xml (713 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[6].xml (605 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[1].txt (609 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[1].xml (803 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[2].txt (728 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\logo[1].png (723 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[7].xml (596 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\jwplayer1[1].js (80379 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@amung[1].txt (163 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[3].xml (636 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\analytics[1].js (353 bytes)
%Documents and Settings%\%current user%\Local Settings\History\History.IE5\desktop.ini (159 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[6].xml (708 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\index5[1].htm (1 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\crossdomain[2].xml (82 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\CA2L8FMR.xml (775 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[2].xml (633 bytes)
%Documents and Settings%\%current user%\Cookies\[email protected][1].txt (288 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\CA5S0VDT.gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\CA6D2JEN.xml (760 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\ova-jw[1].swf (37705 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\CAOXERS5.xml (774 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[5].xml (695 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\crossdomain[1].xml (144 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[2].txt (320 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\page-3[1].html (710 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[2].xml (704 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[1].txt (183 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\desktop.ini (67 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\syncnoad[4].xml (693 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\CA8L6H6P.xml (811 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\func[1].js (3 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\syncnoad[2].xml (707 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\syncnoad[5].xml (617 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\CAS1Q9AX.xml (726 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\1[1].gif (49 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\player1[2].swf (16509 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\2DSL6NOV\CANB8VVO.xml (810 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\CAK5N5CV.xml (871 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\syncnoad[4].xml (503 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\count[1].htm (47 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\CVC3SHU3\syncnoad[3].xml (599 bytes)

The Dropped deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\collect[1].gif (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@bruindorsett[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@tremorhub[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\player1[1].swf (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[2].txt (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\counter[1].js (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@statcounter[1].txt (0 bytes)
%Documents and Settings%\%current user%\Cookies\Current_User@ivids[1].txt (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#ivids.net\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\css1[1].css (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\macromedia.com\support\flashplayer\sys\settings.sol (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\OL29SJMR\page-3[1].html (0 bytes)
%Documents and Settings%\%current user%\Application Data\Macromedia\Flash Player\#SharedObjects\QEA5Z3QJ\ivids.net\com.jeroenwijering.sxx (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\YT6VGBWL\1[1].htm (0 bytes)

The process 39213.exe:1200 makes changes in the file system.
The Dropped deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh3.tmp (0 bytes)

The process %original file name%.exe:420 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Application Data\6258142.exe (3092 bytes)
%Program Files%\neolithic\logistician.exe (1024 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\ShellLink.dll (4 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\AccessControl.dll (13 bytes)
%WinDir%\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
%System%\drivers\etc\hosts (123 bytes)
%WinDir%\settings.dll (10071 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\System.dll (11 bytes)
%Program Files%\presenting\Microsoft.Win32.TaskScheduler.dll (8850 bytes)
%Program Files%\presenting\settings.dll (10071 bytes)
%WinDir%\clubbing.exe (4877 bytes)
%Documents and Settings%\%current user%\Local Settings\Application Data\39213.exe (1082 bytes)
%Documents and Settings%\%current user%\Start Menu\Programs\Startup\weta.lnk (497 bytes)
%Program Files%\presenting\clubbing.exe (4877 bytes)

The Dropped deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsy1.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\ShellLink.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\AccessControl.dll (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nso2.tmp\System.dll (0 bytes)

The process 6258142.exe:1616 makes changes in the file system.
The Dropped creates and/or writes to the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp\SimpleFC.dll (5289 bytes)

The Dropped deletes the following file(s):

%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh4.tmp (0 bytes)
%Documents and Settings%\%current user%\Local Settings\Temp\nsh5.tmp\SimpleFC.dll (0 bytes)

Registry activity

The process taskkill.exe:1724 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "34 0A F0 68 D0 06 A6 03 99 7B 8D 97 DC E2 33 C3"

The process taskkill.exe:276 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8A C3 5C 53 AC 7E 80 A3 C6 50 A7 1B A3 4A B1 AB"

The process tasklist.exe:1096 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "88 96 7C 79 B0 32 93 34 71 BE 84 D4 F5 87 0C E9"

The process tasklist.exe:1268 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "30 32 D0 7A 3C 80 E6 3C E6 05 F5 5A E0 55 A2 CE"

The process tasklist.exe:1488 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AB 38 86 54 61 21 92 6A 82 62 36 CF B0 BF D0 9B"

The process tasklist.exe:1480 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C4 5F 8A 6A 5B DB 07 70 31 65 11 05 03 BC 5F 67"

The process tasklist.exe:1680 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 69 AA CA 6D 39 D5 A7 D1 F7 C4 86 30 25 76 E4"

The process tasklist.exe:1564 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "F6 21 BF 23 E3 7A 2F BF A2 B5 E0 9F B0 48 4C F8"

The process tasklist.exe:1308 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "48 38 FF DB 26 BF 10 C9 F5 24 B2 4B A9 EB F7 6B"

The process tasklist.exe:1648 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "9F C6 EE F1 5A 4D F1 81 19 62 E8 BE 0A 33 84 74"

The process tasklist.exe:1856 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C6 4B 3D 90 EA D5 8C 32 8C 69 48 30 E4 5D 56 78"

The process tasklist.exe:552 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "E3 B3 17 B8 4C AF 2B 2E 49 77 6F 6B B6 69 FA E3"

The process tasklist.exe:1552 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "36 69 31 45 7F B9 63 20 2C 98 C0 F3 C5 7F 6C E6"

The process tasklist.exe:1492 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4F FB F3 71 FB 40 B9 5C 5A E6 71 BA 86 45 22 D3"

The process tasklist.exe:448 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC 3F F7 EA 55 EF D5 68 88 61 72 04 A1 DB 30 C5"

The process tasklist.exe:340 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "AC BD A7 1A E0 8E F2 38 AA BF DD 0D 8E 90 6D 53"

The process tasklist.exe:1584 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C7 1F 99 B4 D3 72 62 13 0E 0E 03 40 AC 44 21 08"

The process tasklist.exe:1908 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E A0 86 D7 42 1B 81 78 BD 5C D5 98 A0 68 D9 32"

The process tasklist.exe:1756 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "B5 6F 38 15 F7 FE 1E 91 A2 8B 6C 10 BB E7 8A 3B"

The process tasklist.exe:1868 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "93 32 D5 46 0C 31 8B 0D BD A3 ED 2B 3D 06 BF AD"

The process tasklist.exe:916 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "97 22 59 43 4B CA 9D 50 90 16 CB ED 01 D3 E3 46"

The process tasklist.exe:1740 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "96 8F DE BE 16 3D 83 DF 72 07 D4 2D 79 60 54 E2"

The process logistician.exe:1144 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CC 0D A0 64 E2 1E 12 C2 5C ED 4C 44 0B E4 11 EB"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"logistician" = "%Program Files%\neolithic\logistician.exe"

"modesty" = "%Program Files%\presenting\clubbing.exe"

The process clubbing.exe:1300 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Directory" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path4]
"CacheLimit" = "65452"
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache4"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091520160916]
"CacheRepair" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cookies" = "%Documents and Settings%\%current user%\Cookies"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path2]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache2"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091520160916]
"CachePrefix" = ":2016091520160916:"
"CacheLimit" = "8192"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Cache" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files"

[HKLM\System\CurrentControlSet\Hardware Profiles\0001\Software\Microsoft\windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091520160916]
"CacheOptions" = "11"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\Connections]
"SavedLegacySettings" = "3C 00 00 00 1B 00 00 00 01 00 00 00 00 00 00 00"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "C3 1B E3 D1 C2 AD D2 A8 07 69 5C 44 7C 86 39 CB"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path1]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache1"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CacheLimit" = "65452"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"MigrateProxy" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"History" = "%Documents and Settings%\%current user%\Local Settings\History"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths\path3]
"CachePath" = "%Documents and Settings%\%current user%\Local Settings\Temporary Internet Files\Content.IE5\Cache3"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Cache\Paths]
"Paths" = "4"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012016091520160916]
"CachePath" = "%USERPROFILE%\Local Settings\History\History.IE5\MSHist012016091520160916\"

The Dropped modifies IE settings for security zones to map all local web-nodes with no dots which do not refer to any zone to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"UNCAsIntranet" = "1"

The Dropped modifies IE settings for security zones to map all web-nodes that bypassing the proxy to the Intranet Zone:

"ProxyBypass" = "1"

Proxy settings are disabled:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"ProxyEnable" = "0"

The Dropped modifies IE settings for security zones to map all urls to the Intranet Zone:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap]
"IntranetName" = "1"

The Dropped deletes the following registry key(s):

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012014031720140318]

The Dropped deletes the following value(s) in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings]
"AutoConfigURL"
"ProxyServer"
"ProxyOverride"

The process 39213.exe:1200 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CA CA 5A BE FB F6 59 28 0A 54 5C 32 13 EF 49 B0"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Policies\Microsoft\Windows Defender]
"DisableAntiSpyware" = "1"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process %original file name%.exe:420 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"AppData" = "%Documents and Settings%\%current user%\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Start Menu" = "%Documents and Settings%\All Users\Start Menu"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Personal" = "%Documents and Settings%\%current user%\My Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Local AppData" = "%Documents and Settings%\%current user%\Local Settings\Application Data"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common AppData" = "%Documents and Settings%\All Users\Application Data"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonMusic" = "%Documents and Settings%\All Users\Documents\My Music"
"Common Desktop" = "%Documents and Settings%\All Users\Desktop"

"Common Documents" = "%Documents and Settings%\All Users\Documents"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"My Pictures" = "%Documents and Settings%\%current user%\My Documents\My Pictures"
"Start Menu" = "%Documents and Settings%\%current user%\Start Menu"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"CommonVideo" = "%Documents and Settings%\All Users\Documents\My Videos"
"CommonPictures" = "%Documents and Settings%\All Users\Documents\My Pictures"

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "37 C5 CD 8D 77 90 B3 BD C7 1C A5 6A 3E 80 CB DF"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Programs" = "%Documents and Settings%\All Users\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Desktop" = "%Documents and Settings%\%current user%\Desktop"
"Programs" = "%Documents and Settings%\%current user%\Start Menu\Programs"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

To automatically run itself each time Windows is booted, the Dropped adds the following link to its file to the system registry autorun key:

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"condors" = "%Program Files%\presenting\clubbing.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"holcomb" = "%Program Files%\presenting\clubbing.exe"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Run]
"alcedo" = "%Program Files%\presenting\clubbing.exe"

[HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"edd" = "%Program Files%\presenting\clubbing.exe"

The process 6258142.exe:1616 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "71 29 A1 A2 1A CC 53 C5 E1 CD EC 2B A9 B0 85 AA"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd73-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd72-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{b98117e8-75ca-11e2-81b2-000c293708fb}]
"BaseClass" = "Drive"

[HKCU\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{c155cd75-744b-11e2-8294-806d6172696f}]
"BaseClass" = "Drive"

The process find.exe:1140 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "CF EF 8C 54 53 2A BB BB E6 80 5D DA 2B 25 97 F1"

The process find.exe:620 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "67 D7 8C 9B 1D 02 2D D3 55 3F D7 87 70 2D 77 D8"

The process find.exe:1204 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "28 DE 4A 79 61 84 6A 6B B8 E4 CA 57 AA 55 BF 8C"

The process find.exe:452 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EB 5A 2D 41 E8 21 BF 82 7F 26 BB 15 F4 EF 41 48"

The process find.exe:316 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "BA D9 F8 F3 21 F8 5D 22 6F 13 14 CA 37 FA 66 3C"

The process find.exe:1856 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "80 A2 B6 F5 C7 41 06 6F EB 6A EB 24 14 6F 4F D0"

The process find.exe:404 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "79 70 74 78 5E DE 82 CC B2 09 53 D7 79 27 AB B7"

The process find.exe:1652 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "22 44 63 92 B8 7F 2A 80 9F 88 03 7A 37 07 F8 04"

The process find.exe:916 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "7B 81 19 AC 81 34 12 32 E2 D9 D2 EA 96 C1 88 61"

The process find.exe:1564 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "07 3F D3 B7 5E 3B 99 47 B3 DD 14 87 70 64 52 99"

The process find.exe:936 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "A9 3B 1C 9F E6 9B 67 F7 D8 B8 4B 3A 45 30 7E 0E"

The process find.exe:816 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "4C BC 28 CA 16 31 ED 25 7A 74 08 C9 82 A2 C9 FE"

The process find.exe:2012 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "0D C9 28 69 DD 1C BF B5 B1 A2 42 EE FE 71 3C DF"

The process find.exe:1792 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E D8 6C 64 69 6E E4 FE 8A A5 FD 3A 5D EE 16 B9"

The process find.exe:228 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "6E 4C 38 31 70 6B 80 53 66 FB 89 5E A1 32 D3 F4"

The process find.exe:800 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "53 7F 9E F6 1A DD 97 63 46 24 81 D2 91 12 D3 34"

The process find.exe:1180 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B AC AB 42 CF F1 E6 29 BD DD 30 5D 7D 8D 93 77"

The process find.exe:1808 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "EC 83 27 57 4C 9B C9 0D 4C 27 A8 01 A1 49 3A 28"

The process find.exe:1472 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8E D0 AA 6F 86 EA 35 2C 73 97 A9 F8 50 53 69 0E"

The process find.exe:1388 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "8B 12 1C 2D 77 01 CB 5F 50 B3 9A B3 0B D1 65 A5"

The process find.exe:500 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "44 34 94 37 5A 3C AE 91 8D 4B 71 90 40 22 B5 17"

The process find.exe:1668 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "17 F6 68 DB 4C A0 C8 6F FB 8D 5C CA 46 A0 64 A0"

The process find.exe:1664 makes changes in the system registry.
The Dropped creates and/or sets the following values in system registry:

[HKLM\SOFTWARE\Microsoft\Cryptography\RNG]
"Seed" = "FA 12 4E 7F FC A1 34 FF 63 35 BF 91 F4 04 60 CE"

Dropped PE files

HOSTS file anomalies

The Dropped modifies "%System%\drivers\etc\hosts" file which is used to translate DNS entries to IP addresses.
The modified file is 857 bytes in size. The following strings are added to the hosts file listed below:

Rootkit activity

No anomalies have been detected.

Propagation

VersionInfo

No information is available.

PE Sections

Dropped from:

Downloaded by:

Similar by SSDeep:

Similar by Lavasoft Polymorphic Checker:

Total found: 108
7bcde813c50a0b0e20e5f9f233bc3040
ca004345bdd1cb292744ed711de04d19
2a9af6bcab5eb49d9a62a6ea72cdd286
e4e8ea421895b321bea9afa16d8a6fb5
851b5de8d1e586ba0301b1027800dea8
54c304cd37a8ae6ce5c21d5a5240d80c
f4ae937348a591e02f7ccb79f47cdc1f
c27730e88a7e5003ff846e8f0e578968
023529d5b4f5db6fc3e123bf47ac15d6
8e38be8c510a94c0a96ee39bc32ed333
14055969428fc76bc66b28491ff90d63
2b8b2136bdf153f722ecd721fabcf1aa
9dec231998f0f3d8301aa5c1a6e0119f
0affe53e87c71d2b7f9066427a5d71e5
3f92282b316430f68d847ff93565f264
1f4ab1b0f88d2b1805bcfbdaa2c461f1
2d43a582840285217ab6adaf45ff8c22
4ad98fe1fd6a020f491e31eb4aa16205
562254cc7ac0f92876c4964400fb6cd7
a261aa83665bed04243da16ecade0df0
bea91233ff3a67b260b02a18d7cb54c2
b1a5b5b97ab40559c62f27923a7322c1
830674c88d54f6aa3c6f1bcf72147f75
fb9b2e8e0616dc9aecab4078c571a0f8
f3636d03e448990429c0cd25a2f93345

URLs

URL	IP
hxxp://d3cpqb3ouewn5u.cloudfront.net/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=
hxxp://d3cpqb3ouewn5u.cloudfront.net/func.js?r=5
hxxp://www-google-analytics.l.google.com/analytics.js
hxxp://www.clangburkitt.info/count.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&rand=	162.222.194.132
hxxp://cocomo.tremorhub.com/itd.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&rand=
hxxp://whos.amung.us/cwidget/iebrowser1/000000ffffff.png	67.202.94.93
hxxp://c.statcounter.com/10114910/0/757d7213/1/	216.59.38.123
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j46&a=343530085&t=pageview&_s=1&dl=http://www.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=119218808&cid=568569260.1473914880&tid=UA-74694740-5&_r=1&z=440725160
hxxp://a5f50dedef.site.internapcdn.net/page-3.html?lid=937115
hxxp://widgets.amung.us/draw/?w=colored&n=1307&c=000000ffffff&p=	50.23.131.235
hxxp://109.201.148.40/report1.php?url=/ivids/page-3.html?lid=937115
hxxp://ivids.net/jwplayer1.js	162.222.194.11
hxxp://109.201.148.40/bck.php?1473914882000
hxxp://ivids.net/1.js	162.222.194.11
hxxp://a5f50dedef.site.internapcdn.net/page-3.htm?lid=937115
hxxp://109.201.148.40/report1.php?url=/ivids/page-3.htm?lid=937115
hxxp://109.201.148.40/bck.php?1473914883000
hxxp://g1.panthercdn.com/counter/counter.js
hxxp://ivids.net/player1.swf	162.222.194.11
hxxp://www-google-analytics.l.google.com/r/collect?v=1&_v=j46&a=124075300&t=pageview&_s=1&dl=http://www.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1415410216&cid=1946787307.1473914884&tid=UA-74694740-2&_r=1&z=226281000
hxxp://a5f50dedef.site.internapcdn.net/css1.css
hxxp://a5f50dedef.site.internapcdn.net/img/logo.png
hxxp://a5f50dedef.site.internapcdn.net/img/lbg.png
hxxp://c.statcounter.com/t.php?sc_project=10675947&java=1&security=299981d6&u1=8C79969821694FDE5B69586C499A80AE&sc_random=0.7726309818912744&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=http://www.ivids.net/page-3.html?lid=937115&u=http://www.ivids.net/page-3.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1	216.59.38.123
hxxp://cs28.wpc.thetacdn.net/5/10/logo.png
hxxp://ivids.net/ova-jw.swf	162.222.194.11
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/crossdomain.xml
hxxp://wildcard-ads-1386167347.us-east-1.elb.amazonaws.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hxxp://www.ivids.net/3.html&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=300
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/crossdomain.xml
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,dynadmic,1,_dmp_turbine,centro,adapTV,google,conversant,TubeMogul-GP,appnexus,eyeview,BidTheatre,Videology,rocketfuel,audiencescience,videoamp,SundaySky,thetradedesk,beeswax,TapAd,ignitionone,Bidswitch,dataxu&uid=c593e4200aea45b19fd5cf1c6e968be5&init=true
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://partners-1732315393.us-east-1.elb.amazonaws.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5
hxxp://www.ivids.net/img/lbg.png	69.88.149.136
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.google-analytics.com/analytics.js	173.194.113.194
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/crossdomain.xml	54.236.87.23
hxxp://www.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=	52.85.185.247
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,dynadmic,1,_dmp_turbine,centro,adapTV,google,conversant,TubeMogul-GP,appnexus,eyeview,BidTheatre,Videology,rocketfuel,audiencescience,videoamp,SundaySky,thetradedesk,beeswax,TapAd,ignitionone,Bidswitch,dataxu&uid=c593e4200aea45b19fd5cf1c6e968be5&init=true	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.ivids.net/page-3.htm?lid=937115	69.88.149.136
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.ivids.net/css1.css	69.88.149.136
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.ivids.net/page-3.html?lid=937115	69.88.149.136
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://xlf5t.ads.tremorhub.com/crossdomain.xml	52.201.72.235
hxxp://www.google-analytics.com/r/collect?v=1&_v=j46&a=343530085&t=pageview&_s=1&dl=http://www.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=119218808&cid=568569260.1473914880&tid=UA-74694740-5&_r=1&z=440725160	173.194.113.194
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.bruindorsett.pw/func.js?r=5	52.85.185.247
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.ivids.net/img/logo.png	69.88.149.136
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.statcounter.com/counter/counter.js	151.249.89.221
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://l.longtailvideo.com/5/10/logo.png	93.184.221.48
hxxp://xlf5t.ads.tremorhub.com/ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hxxp://www.ivids.net/3.html&srcPageUrl=hxxp://www.ivids.net/3.html&contentLength=300	52.201.72.235
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://www.google-analytics.com/r/collect?v=1&_v=j46&a=124075300&t=pageview&_s=1&dl=http://www.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1415410216&cid=1946787307.1473914884&tid=UA-74694740-2&_r=1&z=226281000	173.194.113.194
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
hxxp://partners.tremorhub.com/syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5	54.236.87.23
cdn.tremorhub.com

IDS verdicts (Suricata alerts: Emerging Threats ET ruleset)

ET POLICY Outdated Windows Flash Version IE

Traffic

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:44 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Thu, 17 Aug 2017 12:53:44 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%[email protected]../[email protected]..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
<<< skipped >>>

GET /draw/?w=colored&n=1307&c=000000ffffff&p= HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Cookie: uid=CgH9JVfaJ/honWb b6R6Ag==

Connection: Keep-Alive

Host: widgets.amung.us

HTTP/1.1 200 OK

Server: nginx/1.9.6

Date: Thu, 15 Sep 2016 04:47:53 GMT

Content-Type: image/png

Transfer-Encoding: chunked

Connection: keep-alive

Content-Disposition: filename=wau-widget.png

Expires: Sat, 15 Oct 2016 04:47:53 GMT

Cache-Control: max-age=2592000
65e...PNG........IHDR...Q...........p.....PLTE...EEEYYY......???,,,...
AAA...~~~.....................;<=CCC...............abdWXZ..........
........GGG......<<<'((..................uvyEFGzzz......kln..
.NNN>>>.........~~.vwx...hhi.........OPQ......{{{............
.........uvv...opp......UVV...WWW......ooo..................bcc...ijj}
~~......dee......qqq.........QQQ...]^^PPP.........TTTaaaVVV...........
.___......HHHrss.........kllJJJDDDBBBIII.........RRR..................
...LLLNOO.........@@@tttkkkvvv:::|||..................................
.....FFF.........?@@888666ppprrr..................KKK.........uuu.....
.111............000...lll......XYZ(((&&&hhhfff   cdeZ[\788...dddccc...
......nnn.........ZZZXXXVVV[[[mmm^^^\\\]]]```gggxxxjjj...<....tRNS.
@..f...]IDATH....W.P.....'8...E-u.......{....jQ.*.#.pa..JD.Q.Z...QQ./.
*.C|.%.[..s...{..&.s^..&..q..?.....t..n..&..>..V...|.o.t;~..!t.?...
.......*}Q......./..........Ky..-....j..F..o^.l..W/.W/hy.g ...'...<
~.My....Y.33..p7....'..9w.mQL.u..!.A..&*.^...X..U..z.......K./....l..a
.=.. s....p.4..p....#....q../.Z$A.8.K...xu.s. ..It..f....>...^.....
vG......$...u.6.[q.:M..j..-....6R6..y._.q.:.....-kx......vB-....J...I.
9.X.l....E..Y.x.#....G<....."....L.T.F.....T$s..M.6..6e..6I..y..Ie.
........$<..h..f?,....D.x.F.0.......a...C..8..b.d.f .4.dH.<.MB..
Z..#j.G.. [email protected].!.......c...((.R......r.. 
].Q_...i|.X........(.n...u)7v&.iT.A..dQ.<...;...1.'m....v....cP{TnL
%H.......\t....v.......!....i...N.(7U5..F..U...?..F[fl.d.y.%.z.6..
<<< skipped >>>

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xlf5t.ads.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/xml

Date: Thu, 15 Sep 2016 04:48:00 GMT

ETag: W/"144-1446501138000"

Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT

Server: Apache-Coyote/1.1

Content-Length: 144

Connection: keep-alive
<?xml version="1.0" ?>.<cross-domain-policy>.    <!-- V
ery Liberal -->.    <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....


GET /ad/tag?adCode=we1sb-kg4io&playerWidth=645&playerHeight=380&playerPosition=1&mediaTitle=Entertainment videos ivids.net - 3&mediaDesc=Entertainment videos ivids.net - 3&mediaId=2&mediaUrl=hXXp://VVV.ivids.net/3.html&srcPageUrl=hXXp://VVV.ivids.net/3.html&contentLength=300 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: xlf5t.ads.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Cache-Control: no-cache, no-store, must-revalidate

Content-Encoding: gzip

Content-Type: text/xml;charset=ISO-8859-1

Date: Thu, 15 Sep 2016 04:47:59 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Pragma: no-cache

Server: Apache-Coyote/1.1

Set-Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; Domain=.tremorhub.com; Expires=Fri, 15-Sep-2017 10:36:20 GMT; Path=/

Set-Cookie: tvrg_60409="1,1473914880"; Version=1; Domain=.tremorhub.com; Max-Age=60; Expires=Thu, 15-Sep-2016 04:49:00 GMT; Path=/

Vary: Accept-Encoding

x-tremorvideo-status: NO_AD

Content-Length: 551

Connection: keep-alive
...........S...0.}[email protected]%....9..X.......1...T.!.......'...
}...p)"/h....*..y..........:Y.wZ..0Q.....Z5.}......&..o..jvd,....._6..
.......&J.v..l,.qz..-.......&,%...<.?.M.I..]...V`C.?t...I.Xs...t.t0
..Y.m.........m..v.5T.#[...'.,. 9E...a...Jg\.......aD.k.....r$.....JZe
..y......J.8U.!..............9.......t.v[...V...`.e.....R!\V...r..l.V.
...........BT.p..........9rK.wgb..jTnZ.a...V.....`.e=.....G...."8.....
....g....$.F.$..$....2..v.'........?m..g.......E.3......j5G4m......].K
.......D.........='.L5.;......A......._J......:...{......vj.g...HTTP/1
.1 200 OK..Cache-Control: no-cache, no-store, must-revalidate..Content
-Encoding: gzip..Content-Type: text/xml;charset=ISO-8859-1..Date: Thu,
 15 Sep 2016 04:47:59 GMT..P3P: CP='This is not a P3P policy. See http
://tremorvideo.com/en/privacy-policy'..Pragma: no-cache..Server: Apach
e-Coyote/1.1..Set-Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; Domai
n=.tremorhub.com; Expires=Fri, 15-Sep-2017 10:36:20 GMT; Path=/..Set-C
ookie: tvrg_60409="1,1473914880"; Version=1; Domain=.tremorhub.com; Ma
x-Age=60; Expires=Thu, 15-Sep-2016 04:49:00 GMT; Path=/..Vary: Accept-
Encoding..x-tremorvideo-status: NO_AD..Content-Length: 551..Connection
: keep-alive.............S...0.}[email protected]%....9..X.......1...
T.!.......'...}...p)"/h....*..y..........:Y.wZ..0Q.....Z5.}......&..o.
.jvd,....._6.........&J.v..l,.qz..-.......&,%...<.?.M.I..]...V`C.?t
...I.Xs...t.t0..Y.m.........m..v.5T.#[...'.,. 9E...a...Jg\.......aD.k.
....r$.....JZe..y......J.8U.!..............9.......t.v[...V...`.e.
<<< skipped >>>

GET /player1.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1946787307.1473914884; _gat=1

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:44 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 13:46:26 GMT

ETag: "4403c4-1bb61-4fbe0230ad080"

Accept-Ranges: bytes

Content-Length: 113505

Cache-Control: max-age=2592000, public

Expires: Thu, 17 Aug 2017 12:53:44 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..`..x..}.\...x...@).....JCQJ...t.S.:.s..P.M.".."D.=.E."!.G.Q."....
y...~_..|>o.....u?o......."..>...Z}....u......X....^...8\.3..7,V
$.;[Y%%%[email protected]../[email protected]..
...8$.i.p... .Z.X.......<A.C4...s.L...*.B..c.'1...h.C.;.J.....E.d..
...... .........X...%[.x.m2@oK&/../...LtM..P..|.0._..a.c..x17..K.....6
L....z....z...#f. .=..:i...!B.O.s..:..`kmc.-............ xh6).UpWB.6..
..UC.SQ.1^..3.]3x4z.o..>...7F.`s..,.G.K.s.)........ $E..[O..O......
......w.....0.Jw....qCv.........&L..I...0.g...z%...k.s_....B.V....f- .
y>..6.e..v...O..R.4u...J?.q.........o?.........._.8i.........L'._s.
...ug......N..h..[....s/.[X>.G...9....k...O...L;.,X.p......... ....
r&.c..F.>._w.. {.2...b..ri..=.C.N#M..|..(&..8........9..,.S.....KhS
.}.......~..i....W...?....7.S\...eS..*&.S.z.\:....#!cng.}5...I.*I;....
'.M...U..3^s.l....^.7..sp.......Z_..wJ.....O.;0e... ..f\.t..{....5v}..
=..9...1..C..?..4.R.....[G7W..=h|...a..p../s..]......^...K.r..]T..... 
....j..V7.r.9l.........,zf..U.c..$b..n.}...^..B=.-.RP....Y.......aB.f.
...9...Vuzz.M\../b............8n...2..^Y..%u..n,...x.....,.;..s.r..]|8
...v......u.m........=.n..9.&{.B......D_JU.7.<.....>gz.<....O
.4..zQhiWf....aOL.-.bE..2yU.S..)g6Z...m...m..s....ly.....Q.us..ci....[
k?M.7p.e.....yG.'.8...R.....m_/z.>p.......=....B..w..zwQ\P..B...Bn.
2..>K..F....>.xLy..`...%..`.._......'5.9..V../z.....E..;....h)..
_..>...........{^.....p&x.Q....;YH..E.6.<m..8n... a...#U~.5S(wr2
V....h..Y^.'^.....y.8:........Q....^[..nK....hq...5..[...i94$.....
<<< skipped >>>

GET /5/10/logo.png HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/player1.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: l.longtailvideo.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Accept-Ranges: bytes

Cache-Control: max-age=604800

Content-Type: image/png

Date: Thu, 15 Sep 2016 04:47:58 GMT

Etag: "3015243340"

Expires: Thu, 22 Sep 2016 04:47:58 GMT

Last-Modified: Fri, 22 Jun 2012 18:10:31 GMT

Server: ECAcc (arn/46B0)

X-Cache: HIT

Content-Length: 1845
.PNG........IHDR...].........9.".....IDATh..Zo..E...e...*!.......RP...
.0H.|).Y...).4C.#H..2....g{.....GO.....A...(.?H....B..wf.....{.......c
v..9sv...3g....A-.).8j......J..*[email protected] u(.....k.Nt.3..yR....~*]. 
...Y...v..........\.YO....0.....bZ.=...e..ji.g..S..Z.t.9?..N).]`.K !..
...Y..?..<.h.v.<.........%..6.O.......R..g.}.i.?.Vh.....?..[..C{
.h.-%......s.\..:.M.p.K..u.5....c...X.>..........m.........._.%.d9k
L....t..t..N...#...|..VV.2...w.....X.W:^.:.S...n6....E=...$.i......(.j
.}[email protected]./.....U.u.-.U\..../B......;[email protected]....=.'.~Jm0t<c.
]...-....D...~......<...X....&....Ky%..j...[...Nk.6.....7.._.e!h...
........T7(q..q..v.J=c.^..............--.>......=.....n."...("....0
.Z..<... .q!.`.....N...Z....b.....g.,..UjA.j..7{.H...Pa.. /...l(...
S.j.Q0.u`...LcthJ.. .BN..............P....e...BPZ...W.I...........Sc.j
.!..'..d>c.....xV..2.i#.Z...#j >wa.......[.Y.../.6.g.j'.m...y..O
.\..W.....ar.J~..B...0...........~1M....].......;f...>>$...h.{..
....>zpI/...!>........0...f..ez.....b..!.....X....R..H.l|.r9.#'.
...x..1.A.qy.......M......Y&}..I...-} ..X.....(..17(...EJ.l..T..(8;.`.
..8o.{..r@..]..Z.......^n...vy.3S....%^'....)..nDeg..'.1. $....C...x..
t...x.d#.......t...?...N.N.............%`..Kc....#4.x....#.....9.ps.a.
q........G..R..........B... .S.K$......]..2..-..Hn..t'....4UA9P..69Q.'
.......2..d.<b.....{m....).dd...d.(..G.1`*.....<..ql.zs.On......
j..$..Fnf.T.Y........}.z....N.ZS.]........U)..K...xJFf........S....&.b
i..Mv.F..r....Z...`.~_........._ y.......(.b..f..m....R..k......se
<<< skipped >>>

GET /img/logo.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1473914884.8C79969821694FDE5B69586C499A80AE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1946787307.1473914884; _gat=1

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:57 GMT

Content-Type: image/png

Content-Length: 2536

Connection: keep-alive

Last-Modified: Thu, 10 Jul 2014 23:39:15 GMT

ETag: "a1c81-9e8-4fddf55270ec0"

Server: CDCE

X-INAP-Cache-Status: EXPIRED

X-INAP-Server: cdce-ams002-003.ams002.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L.....3.......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...zIDATx..]]S.W..N.......7.NE.........(...H.8S..V.
....H;j.v..%.3...^.`...3...3....7.6......>..r..n...$....a`M.ys.9.y.
.,..U.[..a.a9M..8M .....4.`..8..4...i...:M2MXd.&J..{..K....=.?........
m.....!sX...M!.5.}...){.....].r..l.U..Vv9.afH.......Wr.i[FEX..v...;...
. Y.=."d.bjy..L,.......Ph..$..I.B...]W...}.3*.B.....-..&....!..gT..{.q
.`...hv.........i..8M ....#~z.|]......}a.......5y..!..&...NzV........&
gt;1....wb..A.E.|g..j....J7m./.w].Df.v.N.FN.}.%...#........g.7...G.wW.
.8"............SGe...x...M..%kV.%.B...7........gz.....K.....d.Da......
../........=).....G?. ..<...Q...k0...v.B.....fn4.:._a...|...J7.g.(:
...&..k.1.i......&.;[email protected]..|[....w-....}.......c5....I=..J.
..j...5...."MV..[..8.Qw....w..........Ec}..~J.9m...A..v.?...m...FvU.; 
....~...r...g..x=....... .....>V....9...~.....!.u.J.FZ.iB.L.T..S./L
..*.q1..|..8.2.z1..5{[email protected]|. 
o.2.6.B...6..)m.T..Y........).O..........Q.'`.M.*J..p.tGW.....FO.C.=..
....b...*[email protected]*].h..Z.}.~....*G.....n$...D.....Q..4Y..8L..;...K...
Z..H1...ai.t.*yL...`-)2E..ip..C.d.&$*....p..[{.......4Ez..Gf.V..T.D[..
..g....Rm......u(Y.o@HT.*>?;}..D2ks...6>-\.)}Rb..ky......Pc.....
.-.\..?..s......319....^..D.i.C.....s.z.[..\...GJ...'8...Hi.s......-.S
.#...1...)..._S.V.ocE.\..cB.*Y.Z..B..%..r..73.8..p....P.U..\......2.2u
....S.....iQ.............P.y...{ 7i......v.s..N..-....K]\v.%..Vo$.P..&
lt;....}....Wb..9..7.p..$4=N Mj..0..4gj..Hie..5;-......6...8..m.(.
<<< skipped >>>

GET /report1.php?url=/ivids/page-3.html?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:51:23 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 15 Sep 2016 04:51:23 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......


GET /bck.php?1473914882000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:51:26 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 15 Sep 2016 04:51:26 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8......


GET /report1.php?url=/ivids/page-3.htm?lid=937115 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:51:27 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
....


GET /bck.php?1473914883000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: 109.201.148.40

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:51:27 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.3.3

Content-Length: 0

Keep-Alive: timeout=5

Connection: Keep-Alive

Content-Type: text/html; charset=utf-8
HTTP/1.1 200 OK..Date: Thu, 15 Sep 2016 04:51:27 GMT..Server: Apache/2
.2.15 (CentOS)..X-Powered-By: PHP/5.3.3..Content-Length: 0..Keep-Alive
: timeout=5..Connection: Keep-Alive..Content-Type: text/html; charset=
utf-8..

GET /counter/counter.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.statcounter.com

Connection: Keep-Alive

Cookie: is_unique=sc10114910.1473914872.0; is_visitor_unique=147391487217812864

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:57 GMT

Server: PWS/8.1.41.3

X-Px: ht h0-s1178.p11-fra.cdngp.net

ETag: W/"576924c5-654e"

Cache-Control: max-age=43200

Expires: Thu, 15 Sep 2016 11:11:54 GMT

Age: 20163

Content-Length: 9529

Content-Type: application/x-javascript

Content-Encoding: gzip

Vary: Accept-Encoding

Last-Modified: Tue, 21 Jun 2016 11:28:05 GMT

Connection: keep-alive
...........]{s....*....F.,.-..o..M6....$...eQ$%s,.Z..c-}..u7@..<3{u
[email protected]..............]...K.%.<L....f...U...\..i.
<..g.f.%.q........O.J.CH..v.....N.H.M..zQ-J..`.'f.*~0....sj....C...
.....l....di|..4t..H........-...;.P.f^...EM....4..I.=.~....e..e..W>
.]..Wt...v..I..Wym.;...y....'....W._;.}.f..#...'.4Lj.:...bv.....&Z.p.&
.&.5.n#sN....X'[..........5-h.n.x..G.5....h...mp.....5..[..G.}.~....&.
...d.%i..G..4....b..h......<.q..c... J....{bTZ\M.w.r.1.Bf...y.l....
v.gQ...v.e./O.....Fi..H..;.Z.Y.a{Os-.A..c.b.c.{.a.....bln|{..t.....:|.
....~......R.eEV..-:h.xwS...Zf..*cHC,...K....p..4i.9.k>..P6[.Q.....
.$|...._.;...Em..itPa......P..Gj.. .5.  G..1m.....Ee...F70..ZUU&.&.?.&
gt;..r.Opc.........MQ<....=9(.v..^.Z<.;C....{....v..v:..N..{8.V;
........a.......v'.......w:...y..... ..^v../.8....W..7...o..IBV..%e...
c.Qt...6M.k.".j.o.E[.;..(#.$...#..T*. .......K/M..S..X.;(`..v.Fx||4...
..............#_.y..]./.y...?.....U...... ..][email protected].?.H.ha8.b.*.
.EE.tx,j.....,.H..;.^...Ps....\.D.A...._..M...`.K...$k....^......j5t..
.......J.G,kt..6:}.I....v%..g.).([......Rlh.F.E..P(...h.U...:.@k>D.
..y.($V.P..B.u[n...[.@u2...;r^.E./..u....-k.......u....K....w...`U....
g^.l....*.1N.....8|.b..R.N.N..yq.s......?..m.m~..^...m.<cT. ....g.c
...E.-.?...O.|O. /Z*l...../46..;......h...8..p....m......&..MD.[.f\...
.'..e..C.*.n..#[email protected].,6<,.:..8,.OA...V.`.Pa
[..~v3.Qn...7W..^@[...../ m.t..%.......r$...>-k...{..U .h.r.._...UN
....3../....O..N.............p....5.<....2GM..C3|.q^w.....,....
<<< skipped >>>

GET /index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t= HTTP/1.1

Accept: */*

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.bruindorsett.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: text/html

Content-Length: 904

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Encoding: gzip

Date: Thu, 15 Sep 2016 04:47:52 GMT

Vary: Accept-Encoding

X-Cache: Miss from cloudfront

Via: 1.1 22d1c3da7034c9d974fcbde908eb6a50.cloudfront.net (CloudFront)

X-Amz-Cf-Id: oKyQBKE2chRrU3Xy-xZeN2X0ZJNjYG4b1kJFw4ocY949bzc9WvSHXQ==
...........UKo.8..... x..]Y...&6..m..(.CS..A..4..H.B...I...T...b}...r8
.|...5..rQ./.........2..z....h......b.....'.O..8.U...J"H{...AYA\.Z..r.
..m.k..~uk. ..I......"...t.k..-i`.-....f...^....~a..wO`.%Y.......[...-
...F]2Gi:.CR4\V.^...D..J..KL..;.%...d.7_....V...P.3.Sr.6...Iv8.vw:&...
d;...Q2..kFsJj.U.~.._)]....B....bT*.>.3|...&....."..x.[.o.5.M.t\.,.
.u..{.....5.J..*..T`.....aa..D.v...`.EA.U7t...!.....%C..X.U.c.......(U
5p"y.EQ...k(0.bz....s_.....;..Y.[6..._^EI..:.=...@.=.........l....3...
....w0TQ."..Q.>Z......Yp...].y..V.,. W.j.&...M.`{.....V.B...|..A.R.
q...U..U..`l..c..'.......' .DsWbB*..c.AL........l/..;..Q...I..t..W..0&
lt;.Y..T=RFp...NN.5...J.v*.[...oBB7C.F4&..}...!.;..:|....>h......K.
...\..#..4ke....Jz..V...T.J...5O......NV....3.80........*#.......Rl..m
c.n.. ......,A.V.mE...y}.......:u.'Gi..o.....G.hOy....a..Y:....i...)..
......?_.Y.....9.p.`D2..#.K?..eH...m.Y.Bi02...t.s......5....us...3....
@h:...HTTP/1.1 200 OK..Content-Type: text/html..Content-Length: 904..C
onnection: keep-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..X-Pow
ered-By: PHP/5.3.13..Content-Encoding: gzip..Date: Thu, 15 Sep 2016 04
:47:52 GMT..Vary: Accept-Encoding..X-Cache: Miss from cloudfront..Via:
 1.1 22d1c3da7034c9d974fcbde908eb6a50.cloudfront.net (CloudFront)..X-A
mz-Cf-Id: oKyQBKE2chRrU3Xy-xZeN2X0ZJNjYG4b1kJFw4ocY949bzc9WvSHXQ==....
.........UKo.8..... x..]Y...&6..m..(.CS..A..4..H.B...I...T...b}...r8.|
...5..rQ./.........2..z....h......b.....'.O..8.U...J"H{...AYA\.Z..r...
m.k..~uk. ..I......"...t.k..-i`.-....f...^....~a..wO`.%Y.......[..
<<< skipped >>>

GET /func.js?r=5 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.bruindorsett.pw

Connection: Keep-Alive

HTTP/1.1 200 OK

Content-Type: application/javascript

Content-Length: 597

Connection: keep-alive

Server: Apache/2.2.22 (Win64) PHP/5.3.13

Last-Modified: Mon, 18 Jul 2016 15:25:49 GMT

ETag: "90000001e1520-f7a-537ea953f7333"

Accept-Ranges: bytes

Content-Encoding: gzip

Date: Wed, 14 Sep 2016 17:27:50 GMT

Vary: Accept-Encoding

X-Cache: RefreshHit from cloudfront

Via: 1.1 22d1c3da7034c9d974fcbde908eb6a50.cloudfront.net (CloudFront)

X-Amz-Cf-Id: utmfD7du9X_01js058jpN2B8SvkasO2oyEw-tc5SPOr1p9kRVHRAsg==
[email protected]/vJ.8....U U.R.q.z..N.......DU.{....-.G.>l&l
t;3..wVyd.Dk.b.y..d..T.D...."W.<K.n4,X.$........AU5^..{.]_M..:.]...
..Z P9.p9.F?....'...d.|..o..[e...8E...{.4.U.BrB.<......> .X.9...
...P.B...i.J..L....V ..jr*n... ]v..g@.. .M.u.v&]..~..Bz_."..:.]... o..
.T.B...q....pC..B..qM...J.<J.....c]..s>...V:.......[a=..|..x.z..
...=.9%}.t......T........'..t...g.....L.. *.V2..p...rv.....F..x?W..*..
..........3_.q.q....S.~....7_e.G..P..7w..h..R ..$.w....H.41.W.n...D...
.wZ..x.ZG....6..:a.5!....t:O..:.5MvM...([email protected].\.......SuY....:....
.....>...P..{|:.<.<...I...=........}..=...|.8.......{1z...HTT
P/1.1 200 OK..Content-Type: application/javascript..Content-Length: 59
7..Connection: keep-alive..Server: Apache/2.2.22 (Win64) PHP/5.3.13..L
ast-Modified: Mon, 18 Jul 2016 15:25:49 GMT..ETag: "90000001e1520-f7a-
537ea953f7333"..Accept-Ranges: bytes..Content-Encoding: gzip..Date: We
d, 14 Sep 2016 17:27:50 GMT..Vary: Accept-Encoding..X-Cache: RefreshHi
t from cloudfront..Via: 1.1 22d1c3da7034c9d974fcbde908eb6a50.cloudfron
t.net (CloudFront)..X-Amz-Cf-Id: utmfD7du9X_01js058jpN2B8SvkasO2oyEw-t
[email protected]/vJ.8....U U.R.q.z..N.....
..DU.{....-.G.>l<3..wVyd.Dk.b.y..d..T.D...."W.<K.n4,X.$......
..AU5^..{.]_M..:.].....Z P9.p9.F?....'...d.|..o..[e...8E...{.4.U.BrB.&
lt;......> .X.9......P.B...i.J..L....V ..jr*n... ]v..g@.. .M.u.v&].
.~..Bz_."..:.]... o...T.B...q....pC..B..qM...J.<J.....c]..s>...V
:.......[a=..|..x.z.....=.9%}.t......T........'..t...g.....L.. *.V
<<< skipped >>>

GET /ova-jw.swf HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/player1.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

Cookie: _ga=GA1.2.1946787307.1473914884; _gat=1

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:45 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Sun, 15 Jun 2014 14:00:26 GMT

ETag: "4403b3-39741-4fbe0551c3280"

Accept-Ranges: bytes

Content-Length: 235329

Cache-Control: max-age=2592000, public

Expires: Thu, 17 Aug 2017 12:53:45 GMT

Connection: close

Content-Type: application/x-shockwave-flash
CWS..A..x......U.8.!.o.{.l/[email protected]........!AQD.e.q
. ..(...?""..,2:.u.....t.....`....9w.[..u:q....}..~Uu.s.=..........b..
.k[R..l...;../K.........=...|..!O;.M..........3.m6K..[/....-...m."%...
BY..*Xk.....t W2.e.,..Y.3 .....V..h.X)..I-....).P...n.J..r=.fiJ-.T....
S.....k....Q.....jMn...B..Q..;3.9.......y..].K."PX...S....7....b..*92.
[email protected]..&...J.p...].o.L...e.Y....y.0QQ'......x.1.e}.e.|..-....l.F
..o.w.......Y......u.g......-% .#.[....:..../x.".....i..d...uuK.K.....
.tF.V.9]K.8.....9isZ/...4.KN.,.0...[...U)....i.,...o../S...,..S-]...&.
.......Q..RZ.....nm&.. ....'.ROz.J.0......_.C....~zG..... ....~C...t..
;=`...t^.....B...48.[3..Sd(.J..D4b.H.....U&&`.;..RE.../..i..X.......u@
..).......{..k.....`[email protected]...... i....rI....I]LgL/..z....H.... t...|..Nk
..`...U(..?..u.#w...X"...NK\u...7.\....7.\}...o...wvO....R.d3.&Im..f}V
.....e.T..%c|...:.pQ..j.`...l9=.Zi....q..#...5...0...iw..C..j...|..%.\
)...K..... .............u.`. E2...f.*@.6....NPmJ'......L....(m.c.r.Z.H
W....f.....Y......_...7......p1..a.zx.u...go....O......!.......GNE..J6
a........3.......Mg...........Z.>.*..s.....%..<iX.5ZKlt...0.V..F
.....Ex...Y2.5R...S....J.....q .N2..B.. ..M.Z..O....../..E............
..&`".%[email protected]..&.d....i....~....................&3p4OFb....T.
.O.J....M.....O?...jv..6.........0x.....#..;.....}..i....W....]....&.V
..a.pO...&.f:..V5}.yK.YM.e........4..:.`...].)......2.... ....uD......
p..g./.AC.....bh8.....L..'"...;;/q..-..>:Y2 ........\.D....=.......
...).0..W....69V.H.....O..N.....W.P....."hNdG"cA..........{3.;7.j&
<<< skipped >>>

GET /count.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&rand= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.clangburkitt.info

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:54 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 47

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
......<meta http-equiv="refresh" content="300">HTTP/1.1 200 OK..
Date: Thu, 15 Sep 2016 04:47:54 GMT..Server: Apache/2.2.22 (Win64) PHP
/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 47..Keep-Alive: tim
eout=5, max=100..Connection: Keep-Alive..Content-Type: text/html......
..<meta http-equiv="refresh" content="300">..

GET /page-3.html?lid=937115 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:53 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-ams002-003.ams002.internap.com

Content-Encoding: gzip
f4e.............\kS.H...T.?.hk...l.6..."..P.I.....T.jKmY K...1Y....zX~
`.!.T-..V...o.....m.........R....Qm.f...zS.W ...H.z....#.]qG..WB......
......Vm.0....lk...........u.H.j.....P29.E[..JV...'.........1.=>...
_.........x.d_X.kk...7..~..7......t.?..x<...)=........v[s......d$l7
..........]..~......{C.H...R..W/W ....[.A.{..I...,.^/..`...X....>.\
)......h"......:V..Q[.[O.....8nk.Vcha.#...0.....cgmc.&.........~V..x..
.Um.....l0../z<..\.^..L.ks.^.P.V..k.....Q0..u_.....l....;.'VaF.Z..K
.`..1J.D..........;.z. ..k.*.om{|<q.In..... $..x........E.g.j...u..
s.|....](.......[H.....9..Ia..rk.E!)..=kg8,$}u...mL.In...U......*.J.Tj
.yA..'......7..^...........s=...:'...K....V0....:.!{.....#..=mY./...hm
C......^.dZ....,R.n^}a.H..x..6_..H.dT...1M..T...j.H.C...G..e4.T...bJ..
&r.z.B.#L..I......#.............D.^.S%..nTu....2S=......'.........)...
{.uh=.p.Y.J......... ...TQ.....8.W0...Z.9...b.B.|...........e....4..(.
.<J4..L....%.IX......L......a...U.aO....cpn6. #...M.PbaP...r.......
.i....P....\..[.a..a$..IO....C=".....m...t.J@..;.[[email protected]..}B-...,.u.
.&9...t...RG.tI....... ......-.ca...K.........(.........5.i.i:Zm.....?
s.'......Z......b....b.$......O.......h)4...5..SXJwe#.A.wj.j....NF..].
.#"...p03...........Fvn8..r...YrPk............K..nN.#.`d....x~.....O..
.<?9j...Z.5R?..v..A.V.4.F!wmJ=.|......1..t........._'G...?.|...(.dD
[TE.p.........*...|<{...Sj.S......;..ZC..O.&........k&K.!..nk..NR.f
...V....<l...#..%.6.f_.u6.........)6...s.{....6......:0......:.....
=7...d.!*.O.k...m.].&.f"|!_.}.....i.7....0tDL;..D..D.Mf..T.%l...*o
<<< skipped >>>

GET /page-3.htm?lid=937115 HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:56 GMT

Content-Type: text/html; charset=utf-8

Transfer-Encoding: chunked

Connection: keep-alive

Vary: Accept-Encoding

X-Powered-By: PHP/5.3.3

Server: CDCE

X-INAP-Cache-Status: HIT

X-INAP-Server: cdce-ams002-003.ams002.internap.com

Content-Encoding: gzip
1149.............\kS.J...T.?......#[..6D.HB&..."dN.JQ.,.e.,.=. .......
.F!.7U.R......W..{u._.C....I.(.w.u....." ...j...{A........V.G...}...My
.._;..u.......D.$..mF.MjHl.mk.....*4...X4..&E|../....Js2.6d.#..w.)..."
D..$wV..H.X4...4...v.3.\c....`.t#.=7W.x<.g..5.....y4.LM.x$1W....7..
..$.]?..>.M..Y&.Ob#..Q .#:Jm..x.^i{...j.....:....B.................
x..j.u.M$.z.9e=.../............Do%...z`.P.....h..W......0........... .
.....U [email protected]#.vy.(FS...{.M:..{...
..%E.4......$...lPj....M..V4$.s.~*....!...=t.......]...1{.c.6d.......3
[email protected] C...\......x..D...r....$.='4.j......?hE.$.O/|}......
.N1.....=5......o..B.sm...QPH....n.........8.$]YC.....$.o...5.IE]@.B%.
.......D.:.2.n.]....Z.`.,Uc.o;.e3s...2,.....7..=CtNB..:..j U6..G._...9
...P...I;y..S...p..j/.K$.2.y...$.Fe;[email protected].#...
I....<..6`..~....<}g...k~,[email protected]*..at.T.....{.{UM
5.1.R.Yz...]...z#..*...g<..ZI....4L.....ll...Y......!....3.nH..oR".
.F.....D.x.r3.$..(....L.'.N...i>C.l....4......d.Y....B,..0^39..f...
E?Rh.... }K.%/.......|..t.p........Q.G.....tmK@..;.[...~8D.a.C........
..rR...LA....dtH.h..A..?....u..grm....yi.l.e2.....V..>.H..f..&..F]S
^..:..v.[..F< .O.$.|.^..Ab....~.C.t.CSS.b_.8...........P...........
..C.....fG@:...`n.g..0.........p&.eu.S...6.....9..s3. .....^Gv....>
:9?...........wZ..i.^".......5x...9.u............s.Oo?.:=.t.<......
..'Gkq.RIF.EU$.......~..5(.x.......4F.......;....Y.g...<{....}.e)&l
t;...e.a.I*.L........`.th.ajE.Sc.}}..a...s,k08..1..... oV_...._7..
<<< skipped >>>

GET /css1.css HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1473914884.8C79969821694FDE5B69586C499A80AE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1946787307.1473914884; _gat=1

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:57 GMT

Content-Type: text/css

Content-Length: 1963

Connection: keep-alive

Vary: Accept-Encoding

Last-Modified: Mon, 10 Nov 2014 09:13:53 GMT

ETag: "a1af7-7ab-5077d94d75640"

Server: CDCE

X-INAP-Cache-Status: EXPIRED

X-INAP-Server: cdce-ams002-003.ams002.internap.com

Accept-Ranges: bytes
A..{..COLOR: #000000; ..TEXT-DECORATION: none;..}..A:link ..{..COLOR: 
#000000;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DE
CORATION: none;..FONT-SIZE: 13px;..}..A:visited ..{..COLOR: #000000;..
FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: 
none;..FONT-SIZE: 13px;..}..A:hover ..{..COLOR: #000000;..FONT-FAMILY:
 Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-
SIZE: 13px;..}..table ..{..FONT-SIZE: 10px;..FONT-FAMILY: verdana, Ari
al, Helvetica, sans-serif;..}..td {font-family:Verdana;font-size:8.5pt
}...body {..BACKGROUND-COLOR: #ffffff;..margin-left: 10%;..margin-righ
t: 10%; ..border: 0px solid #979696;..}...topmenu {..BACKGROUND-COLOR:
 #eeeeee;..border-bottom: 1px solid #B5B5B5;..height: 35px;..}...topme
nufont..{..COLOR: #B5B5B5; ..TEXT-DECORATION: none;..}...topmenufont:l
ink ..{..COLOR: #B5B5B5;..FONT-FAMILY: Verdana, Arial, Helvetica, sans
-serif;..TEXT-DECORATION: none;..FONT-SIZE: 12px;..-webkit-font-smooth
ing: antialiased !important;..text-shadow: 1px 1px 1px rgba(0,0,0,0.00
4);..}...topmenufont:visited ..{..COLOR: #B5B5B5;..FONT-FAMILY: Verdan
a, Arial, Helvetica, sans-serif;..TEXT-DECORATION: none;..FONT-SIZE: 1
2px;..-webkit-font-smoothing: antialiased !important;..text-shadow: 1p
x 1px 1px rgba(0,0,0,0.004);..}...topmenufont:hover ..{..COLOR: #B5B5B
5;..FONT-FAMILY: Verdana, Arial, Helvetica, sans-serif;..TEXT-DECORATI
ON: none;..FONT-SIZE: 12px;..-webkit-font-smoothing: antialiased !impo
rtant;..text-shadow: 1px 1px 1px rgba(0,0,0,0.004);..}...logo {..b
<<< skipped >>>

GET /img/lbg.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.ivids.net

Connection: Keep-Alive

Cookie: sc_is_visitor_unique=rx10675947.1473914884.8C79969821694FDE5B69586C499A80AE.1.1.1.1.1.1.1.1.1; _ga=GA1.2.1946787307.1473914884; _gat=1

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:57 GMT

Content-Type: image/png

Content-Length: 200

Connection: keep-alive

Last-Modified: Thu, 21 Nov 2013 20:06:42 GMT

ETag: "a1c85-c8-4ebb56fac1880"

Server: CDCE

X-INAP-Cache-Status: EXPIRED

X-INAP-Server: cdce-ams002-003.ams002.internap.com

Accept-Ranges: bytes
.PNG........IHDR.......L......O......gAMA....7.......tEXtSoftware.Adob
e ImageReadyq.e<...ZIDATx.b.R.b .....tV.....Z&.'B..!.;......qn...h:
[email protected]#......|..-..z...D..g.f.![.....O...........IEND.B`.HTTP/1.
1 200 OK..Date: Thu, 15 Sep 2016 04:47:57 GMT..Content-Type: image/png
..Content-Length: 200..Connection: keep-alive..Last-Modified: Thu, 21 
Nov 2013 20:06:42 GMT..ETag: "a1c85-c8-4ebb56fac1880"..Server: CDCE..X
-INAP-Cache-Status: EXPIRED..X-INAP-Server: cdce-ams002-003.ams002.int
ernap.com..Accept-Ranges: bytes...PNG........IHDR.......L......O......
gAMA....7.......tEXtSoftware.Adobe ImageReadyq.e<...ZIDATx.b.R.b ..
...tV.....Z&.'B..!.;......qn...h:[email protected]#......|..-..z...D..g.f.!
[.....O...........IEND.B`...

GET /itd.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&rand= HTTP/1.1

Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/x-shockwave-flash, application/x-ms-application, application/x-ms-xbap, application/vnd.ms-xpsdocument, application/xaml xml, */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: cocomo.tremorhub.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:54 GMT

Server: Apache/2.2.22 (Win64) PHP/5.3.13

X-Powered-By: PHP/5.3.13

Content-Length: 1118

Keep-Alive: timeout=5, max=100

Connection: Keep-Alive

Content-Type: text/html
<html>..<head>..<title>a</title>..</head>
;..<body>..<script language="JavaScript" type="text/javascrip
t">..<!--..function reeadCookie(name) {..  var nameEQ = name   "
=";..  var ca = document.cookie.split(';');..  for(var i=0;i < ca.l
ength;i  ) {..    var c = ca[i];..    while (c.charAt(0)==' ') c = c.s
ubstring(1,c.length);..    if (c.indexOf(nameEQ) == 0) return c.substr
ing(nameEQ.length,c.length);..  }..  return null;..}..function uapcc()
 {..//var paathname = reeadCookie('tvrg_60409');..//if (paathname.subs
tring(0, 2) == '"4') {..//eraseCookie("tvrg_60409");..var date = new D
ate();..date.setTime(date.getTime()   (60 * 1000));..var times = Math.
floor(Date.now() / 1000);..//document.cookie = "tvrg_60409=1," times "
;domain=.tremorhub.com;path=/;expires=" date.toGMTString() "";..docume
nt.cookie = "tvrg_60409=;domain=.tremorhub.com;path=/;expires=-1";..//
}..}..setInterval(function() {..uapcc();..}, 90);..setInterval(functio
n() {..uapcc();..}, 90);..setInterval(function() {..uapcc();..}, 90);.
.setInterval(function() {..uapcc();..}, 90);..//-->..</script>
;..<meta http-equiv="refresh" content="300">..</html>HTTP/
1.1 200 OK..Date: Thu, 15 Sep 2016 04:47:54 GMT..Server: Apache/2.2.22
 (Win64) PHP/5.3.13..X-Powered-By: PHP/5.3.13..Content-Length: 1118..K
eep-Alive: timeout=5, max=100..Connection: Keep-Alive..Content-Type: t
ext/html..<html>..<head>..<title>a</title>..&l
t;/head>..<body>..<script language="JavaScript" type="
<<< skipped >>>

GET /1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:44 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.5.30

Cache-Control: max-age=0

Expires: Thu, 15 Sep 2016 12:53:44 GMT

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /t.php?sc_project=10675947&java=1&security=299981d6&u1=8C79969821694FDE5B69586C499A80AE&sc_random=0.7726309818912744&jg=new&rr=1.1.1.1.1.1.1.1.1&resolution=1276&h=846&camefrom=http://VVV.ivids.net/page-3.html?lid=937115&u=http://VVV.ivids.net/page-3.htm?lid=937115&t=&sc_snum=1&sess=a181b5&p=0&invisible=1 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.statcounter.com

Connection: Keep-Alive

Cookie: is_unique=sc10114910.1473914872.0; is_visitor_unique=147391487217812864

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:58 GMT

Server: Apache/2.2.3 (CentOS)

P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Set-Cookie: is_unique=sc10114910.1473914872.0-10675947.1473914878.0; expires=Tue, 14-Sep-2021 04:47:58 GMT; path=/; domain=.statcounter.com

Set-Cookie: is_visitor_unique=1473914878133106489; expires=Sat, 15-Sep-2018 04:47:58 GMT; path=/; domain=.statcounter.com

Content-Length: 49

Connection: close

Content-Type: image/gif
GIF89a...................!.......,...........T..;..

GET /crossdomain.xml HTTP/1.1

Accept: */*

Accept-Language: en-US

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Accept-Ranges: bytes

Content-Type: application/xml

Date: Thu, 15 Sep 2016 04:48:00 GMT

ETag: W/"144-1446501138000"

Last-Modified: Mon, 02 Nov 2015 21:52:18 GMT

Server: Apache-Coyote/1.1

Content-Length: 144

Connection: keep-alive
<?xml version="1.0" ?>.<cross-domain-policy>.    <!-- V
ery Liberal -->.    <allow-access-from domain="*" secure="false"
/>.</cross-domain-policy>....


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,dynadmic,1,_dmp_turbine,centro,adapTV,google,conversant,TubeMogul-GP,appnexus,eyeview,BidTheatre,Videology,rocketfuel,audiencescience,videoamp,SundaySky,thetradedesk,beeswax,TapAd,ignitionone,Bidswitch,dataxu&uid=c593e4200aea45b19fd5cf1c6e968be5&init=true HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:00 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
1e8.............R.n.0... \..-..-.!.P....%..........-. ).....'.r.......
f&^..}....%. ....J...U.<....."}........F...].l...0t.ke.M.c....A....
..$..}...i..N..4.5.o..uX.......q..xJ......wi..qy....9...$... o .T..F..
E0...,....?...]..)g.h.."...R......)...td.M._U...>..)*).)W.3#:.A. ..
..../eH.. .Q.U...-:..9.....A......cc=l....e..W...E....Y8.%.7.C..|X.J..
`/[email protected]".g8.:."..^.......^...Bb......8....0...l....6..u..OOi..9.[c..
w.=...3`.B.$...L..h...Y.R.............6q@{.i....1..lG.z{..Yb..?....."|
[>Z........d........Q........0......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=google,conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:00 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 518

Connection: keep-alive
...........R...0.}.W.H.m........V ..j..a...{...m......(.....g.gn..-.M.
..6\.......A%.........[&o.u..7...0P......j..VC#..-}*.......Xb[.{_.....
D).%..M.....3..$?....)...S....z...Do_V.i..\.).......v..I.Rs.....t6..e9
.Lg%......M8....UL.pc.a..Wy[..Y....'4y%......B<.....0b..Ep.....9.Y.
.s.-XM.00;4..=..K...ck.l.G........j...g..-.".Z.H..\Z....N..|[email protected]
.wM.F.q.J...kTa[]r....2..`<.........6AM...(.L^_.(.S.......h.W>.m
Y..9..(D....e%eUC!..Y...Y....y.Wdh.........Fi0n..$Zi.....`.}.q.2sM....
a...d..^..9.-Ep]P\....O........ .*...HTTP/1.1 200 OK..Content-Encoding
: gzip..Content-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:00 GMT..P
3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privac
y-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-L
ength: 518..Connection: keep-alive.............R...0.}.W.H.m........V 
..j..a...{...m......(.....g.gn..-.M...6\.......A%.........[&o.u..7...0
P......j..VC#..-}*.......Xb[.{_.....D).%..M.....3..$?....)...S....z...
Do_V.i..\.).......v..I.Rs.....t6..e9.Lg%......M8....UL.pc.a..Wy[..Y...
.'4y%......B<.....0b..Ep.....9.Y..s.-XM.00;4..=..K...ck.l.G........
j...g..-.".Z.H..\Z....N..|[email protected][]r....2..`<....
.....6AM...(.L^_.(.S.......h.W>.mY..9..(D....e%eUC!..Y...Y....y.Wdh
.........Fi0n..$Zi.....`.}.q.2sM....a...d..^..9.-Ep]P\....O........ .*
.......
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=conversant,TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:01 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 487

Connection: keep-alive
...........R...0.}.W.H....[.%A)..V.e.d..j.&.....l...w....K.,.....9.h~*
...Z'......:...Rm..).x;....h.f...oh.Q......f...Xj.....%s...?s.|.....Uz
.$Q*:I...1h.(...2....,{..k..ME.....I..yq....E........[ .4...".!..|2..E
1..'.....D.u8X.P..8....7.......Bn..4.VHQH...|[email protected].,...^J.z.7u.... P.
.Q.5.$....(<U...../:.^......>H....-..R..l.....QJ~..[.j......D..4
..!..I.. Q...l!..T.......^...."....l.c../8zyI".....j.....oK.N.B{]...s.
...2.U.h<...k..%..........3....-..-...|s.f.^...~ .^..6.2c.S........
......HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml.
.Date: Thu, 15 Sep 2016 04:48:01 GMT..P3P: CP='This is not a P3P polic
y. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyot
e/1.1..Vary: Accept-Encoding..Content-Length: 487..Connection: keep-al
ive.............R...0.}.W.H....[.%A)..V.e.d..j.&.....l...w....K.,.....
9.h~*...Z'......:...Rm..).x;....h.f...oh.Q......f...Xj.....%s...?s.|..
...Uz.$Q*:I...1h.(...2....,{..k..ME.....I..yq....E........[ .4...".!..
|2..E1..'.....D.u8X.P..8....7.......Bn..4.VHQH...|[email protected].,...^J.z.7u..
.. P..Q.5.$....(<U...../:.^......>H....-..R..l.....QJ~..[.j.....
.D..4..!..I.. Q...l!..T.......^...."....l.c../8zyI".....j.....oK.N.B{]
...s....2.U.h<...k..%..........3....-..-...|s.f.^...~ .^..6.2c.S...
...............
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TubeMogul-GP,ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:02 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 518

Connection: keep-alive
...........R...0.}.W.H....;J...JH..6.>.V..'`A..v..}',]z..>X>3
>....f...:.6....u.N.$ ....Y.....,..l.$...........[...X.E..U.aeA.QN.
N...2....6^8Q..V.|.T).....B.....$y.....4.)...WQ..e......NQm%...#o-.,).
i.C.....'.$....8.l.....^/..o.P....T).......J7.8..R!x. ."..........VS..
..M..$...PJ..2...@A.............,,.#N*.i..........Q.=P,.........)...aJ
U....Bmm.3!.]5..&=.......d.$.....a.B...5..../..._Bk.;..P.]u.j\)A......
A..3.\....q.....{\../no..}w..N......-..3.k..2W..`..$Q0...8...(..ZPd...
.......d../.N&.. ....x.)[email protected].. ...HTTP/1.1 200 OK..Content-Encod
ing: gzip..Content-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:02 GMT
..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/pri
vacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Conten
t-Length: 518..Connection: keep-alive.............R...0.}.W.H....;J...
JH..6.>.V..'`A..v..}',]z..>X>3>....f...:.6....u.N.$ ....Y.
....,..l.$...........[...X.E..U.aeA.QN.N...2....6^8Q..V.|.T).....B....
.$y.....4.)...WQ..e......NQm%...#o-.,).i.C.....'.$....8.l.....^/..o.P.
...T).......J7.8..R!x. ."..........VS....M..$...PJ..2...@A............
.,,.#N*.i..........Q.=P,.........)...aJU....Bmm.3!.]5..&=.......d.$...
..a.B...5..../..._Bk.;..P.]u.j\)A......A..3.\....q.....{\../no..}w..N.
.....-..3.k..2W..`..$Q0...8...(..ZPd..........d../.N&.. ....x.).!@....
..5.. .......
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=ignitionone,1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:02 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
1c6.............RMo.0...Wd..[[email protected];.E@KL"$..Iv..?:..}\v.#.D.
=0....S.u..q.v{A.5/...8x...N.y.!Z.Y~..[.}.n..`...1.-..n...K..3A...._.8
..m...I..N...`..6...Q%..o'..G..x....6/..I..uq....e...5-..kn...A...1.a8
..i8-.ao<)........`[email protected].$ ..."p....^J....4m}[email protected])6XK<.
-..x.\. !.Bt....Q{[..,.;H....J.h.].V4....L.....%..;..P..........J(...-
....U;..p....a8*..Z.H).......-....>X[...=.........KF(.9..../kO.....
....aI...N...0..H..3..wtz.5Y...~.. .........E^.S..e...........>....
..0..HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..
Date: Thu, 15 Sep 2016 04:48:02 GMT..P3P: CP='This is not a P3P policy
. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote
/1.1..Vary: Accept-Encoding..transfer-encoding: chunked..Connection: k
eep-alive..1c6.............RMo.0...Wd..[[email protected];.E@KL"$..Iv..?
:..}\v.#.D.=0....S.u..q.v{A.5/...8x...N.y.!Z.Y~..[.}.n..`...1.-..n...K
..3A...._.8..m...I..N...`..6...Q%..o'..G..x....6/..I..uq....e...5-..kn
...A...1.a8..i8-.ao<)........`[email protected].$ ..."p....^J....4m}...@.
nG)6XK<.-..x.\. !.Bt....Q{[..,.;H....J.h.].V4....L.....%..;..P.....
.....J(...-....U;..p....a8*..Z.H).......-....>X[...=.........KF(.9.
.../kO.........aI...N...0..H..3..wtz.5Y...~.. .........E^.S..e........
...>......0......
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=1,adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:03 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
1c0.............RM..0...W.H.V.G`.%A)..V..U.....M<.Xl..v...NX.......
.o.=M.8./..Y.*...^?....*.......i.H.E.4...aK....}...7s!................
..].|..No.$J..D?,.C..e..T&..o'..".V<7M1.....$z...M..............RW.
..0...'r:...".O.........F..a...`........f....3^)....6m}G........:(:2b3
.N.ka...#'..W$io ......r.8.5B..[Yl4`.. %....|)...N....P..9...\ci......
.[.....a.......68f.rB3.M...$...ygme...........-.......ynr../.%...H..eW
[email protected].=.....r...^..,~..o...r......d.. ....ft.#......0..HTTP/1.1
 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Thu, 15
 Sep 2016 04:48:03 GMT..P3P: CP='This is not a P3P policy. See hXXp://
tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: A
ccept-Encoding..transfer-encoding: chunked..Connection: keep-alive..1c
0.............RM..0...W.H.V.G`.%A)..V..U.....M<.Xl..v...NX........o
.=M.8./..Y.*...^?....*.......i.H.E.4...aK....}...7s!..................
].|..No.$J..D?,.C..e..T&..o'..".V<7M1.....$z...M..............RW...
0...'r:...".O.........F..a...`........f....3^)....6m}G........:(:2b3.N
.ka...#'..W$io ......r.8.5B..[Yl4`.. %....|)...N....P..9...\ci.......[
.....a.......68f.rB3.M...$...ygme...........-.......ynr../.%...H..eW.@
.........-.=.....r...^..,~..o...r......d.. ....ft.#......0.....
.
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=adapTV,dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:03 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 479

Connection: keep-alive
...........R...0.}.W.H.......,,......}X......8.......t.E..4g..3g.&._.S
.BmD!C..u..JVp!...IW.&.<..<.Iz....}.ffC.`........Pf. r......X...
.._............P7YR..y.^....k....Cc..~.m..._..8._n..h I....Z2Y..k.C...
.M..i..:.I..x.M8.u..>...9X..no..F.%.,8..b_7..Z..9.#.Xc%.L.v.x)M.K..
54....PZ].x....e..I)9...i.k.<......H.%..9..P...\.LA.....jkK.....Yp8
.......`.u.;>......-.__.....G......m.pP....\o.)...no.0..j..S..t..$.
./..c.U.M.:W.Ms\~.,4.!*4w..O.2.3...t...9l...|..d.......e...~.......,..
....HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..D
ate: Thu, 15 Sep 2016 04:48:03 GMT..P3P: CP='This is not a P3P policy.
 See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/
1.1..Vary: Accept-Encoding..Content-Length: 479..Connection: keep-aliv
e.............R...0.}.W.H.......,,......}X......8.......t.E..4g..3g.&.
_.S.BmD!C..u..JVp!...IW.&.<..<.Iz....}.ffC.`........Pf. r......X
....._............P7YR..y.^....k....Cc..~.m..._..8._n..h I....Z2Y..k.C
....M..i..:.I..x.M8.u..>...9X..no..F.%.,8..b_7..Z..9.#.Xc%.L.v.x)M.
K..54....PZ].x....e..I)9...i.k.<......H.%..9..P...\.LA.....jkK.....
Yp8.......`.u.;>......-.__.....G......m.pP....\o.)...no.0..j..S..t.
.$../..c.U.M.:W.Ms\~.,4.!*4w..O.2.3...t...9l...|..d.......e...~.......
,..........
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dataxu,tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:04 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 485

Connection: keep-alive
...........R...0.}.W.H..1.B.........H.VZ."....8.....NXv...}.|.93s.x..\
.:G.FT2t<[email protected].:;k.........\V....t..Xjk.:.
..d.DA.;Q.][email protected].]r;i.....K..gt.^-....l.d......J......LV..Z..yt8b.
.7).ao4.8.4,..m..f.....l..C..(8T.j. .;..r.`..B.G.'D(][email protected]....
......l.8.%.M.o..FR^[email protected] ...aFU...y.r[.BH...\.d..~.G.....l
..3..LpH........B.J.e.pO..\..(|...(...Mll..._.W]].C.o...r.#.O.q..cy...
.".*nY*..]1..3..`.s.Qp..Pdf..=.^..p.l.........m.p...D?.......UE.....HT
TP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: T
hu, 15 Sep 2016 04:48:04 GMT..P3P: CP='This is not a P3P policy. See h
ttp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..V
ary: Accept-Encoding..Content-Length: 485..Connection: keep-alive.....
........R...0.}.W.H..1.B.........H.VZ."....8.....NXv...}.|.93s.x..\.:G
.FT2t<[email protected].:;k.........\V....t..Xjk.:...d
.DA.;Q.][email protected].]r;i.....K..gt.^-....l.d......J......LV..Z..yt8b..7)
.ao4.8.4,..m..f.....l..C..(8T.j. .;..r.`..B.G.'D(][email protected].......
...l.8.%.M.o..FR^[email protected] ...aFU...y.r[.BH...\.d..~.G.....l..3
..LpH........B.J.e.pO..\..(|...(...Mll..._.W]].C.o...r.#.O.q..cy....".
*nY*..]1..3..`.s.Qp..Pdf..=.^..p.l.........m.p...D?.......UE.....t>....
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=tremornet,Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:04 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 496

Connection: keep-alive
...........R...0.}.W.H.VL.....,..i.V$l.V .... vd;..}',]z..>..}<g
....K~jU..P2p.n.i.d..y..m..4vf...9..;.....4S.8......!W: ..S91.pZvj,...
.._v......B...E.....X......._}.~y..xB...:.?...Q..............IE.L..0..
Fl<q'i:...)g..t.......N.<.....u.?..XM9p0G...J.... .R...\.A`.....
.j..Qps..e..RrZ..&-.%..`o.$..%c...3. .."h^ Lh.q<w</v.....).^....
.^....Sw..C...`.....5....-.V.....^...l...k..Y.#aJ...ha7..l.N6.......u&
....J.[5....=|....n.h...A]........YD..s.n.......zF..h......Gd.M~..;...
..o&n..............$#...HTTP/1.1 200 OK..Content-Encoding: gzip..Conte
nt-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:04 GMT..P3P: CP='This 
is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Se
rver: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 496..C
onnection: keep-alive.............R...0.}.W.H.VL.....,..i.V$l.V .... v
d;..}',]z..>..}<g....K~jU..P2p.n.i.d..y..m..4vf...9..;.....4S.8.
.....!W: ..S91.pZvj,....._v......B...E.....X......._}.~y..xB...:.?...Q
..............IE.L..0..Fl<q'i:...)g..t.......N.<.....u.?..XM9p0G
...J.... .R...\.A`......j..Qps..e..RrZ..&-.%..`o.$..%c...3. .."h^ Lh.q
<w</v.....).^.....^....Sw..C...`.....5....-.V.....^...l...k..Y.#
aJ...ha7..l.N6.......u&....J.[5....=|....n.h...A]........YD..s.n......
.zF..h......Gd.M~..;.....o&n..............$#.......
<<< skipped >>>

GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Videology,thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:05 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 453

Connection: keep-alive
...........R]..0.|...H.[CH ......:..V....Sd....a,..........>......6
...g.CmD#....\.%[email protected].*.....6.h.(..&ne.Z{..X7.j.)oj...:vm,..I.O
.......8i.]3.P...7....{.<..{/..h..{.}.K.........r.i .../.^r.0.h...Y
......2.-W%.wA..~.....D%.B.. .9..o..N...Y.xn..[....>...(.n...`N...p
.J`}~..C/.......2.I......P'..V ..S.P.C......8i..a..`>.1dAX...B.....
0.>>...gJ.Z7....T.V.{....G.........Lu..".0.'....}Q...F3....[M...
....=...Yh...[..%h...z..d../..e...L... ......I.....HTTP/1.1 200 OK..Co
ntent-Encoding: gzip..Content-Type: text/xml..Date: Thu, 15 Sep 2016 0
4:48:05 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvideo
.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encod
ing..Content-Length: 453..Connection: keep-alive.............R]..0.|..
.H.[CH ......:..V....Sd....a,..........>......6...g.CmD#....\.%o@..
.......M.*.....6.h.(..&ne.Z{..X7.j.)oj...:vm,..I.O.......8i.]3.P...7..
..{.<..{/..h..{.}.K.........r.i .../.^r.0.h...Y......2.-W%.wA..~...
..D%.B.. .9..o..N...Y.xn..[....>...(.n...`N...p.J`}~..C/.......2.I.
.....P'..V ..S.P.C......8i..a..`>.1dAX...B.....0.>>...gJ.Z7..
..T.V.{....G.........Lu..".0.'....}Q...F3....[M.......=...Yh...[..%h..
.z..d../..e...L... ......I.........


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=thetradedesk,eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:05 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
1b7.............RM..0... B$z#n.ES%.Bw.VB.H...U.x.....l'm.=.n..q..7....
.I.'.#..:..,..q....H.......e.._......&...j..Yx......Uc.m..F1.L........
?}..7a.....w..A;Te.<..:....K.^6...T|....O_?ln..x...n.&C._........2.
..B,.8...x..A...K..x..".L.=v..o&........ )[email protected].^.......O=a.5
.%.3.: '_T....O.:[email protected]......).&.1G>..q..9...L.=........
....'...b....F....p.....=RlR....!...FC......$w6r..S...&....R..Cw.y....
....4Y......~.. ....{....K..O...d.................0..HTTP/1.1 200 OK..
Content-Encoding: gzip..Content-Type: text/xml..Date: Thu, 15 Sep 2016
 04:48:05 GMT..P3P: CP='This is not a P3P policy. See hXXp://tremorvid
eo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Enc
oding..transfer-encoding: chunked..Connection: keep-alive..1b7........
.....RM..0... B$z#n.ES%.Bw.VB.H...U.x.....l'm.=.n..q..7.....I.'.#..:..
,..q....H.......e.._......&...j..Yx......Uc.m..F1.L........?}..7a.....
w..A;Te.<..:....K.^6...T|....O_?ln..x...n.&C._........2...B,.8...x.
.A...K..x..".L.=v..o&........ )[email protected].^.......O=a.5.%.3.: '_T.
...O.:[email protected]......).&.1G>..q..9...L.=............'...b..
..F....p.....=RlR....!...FC......$w6r..S...&....R..Cw.y........4Y.....
.~.. ....{....K..O...d.................0......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=eyeview,appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:06 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
198............d.Qo. ....)<K..B.8Y.a"/..J.:...PU..K.:0......,K...?.
...w..A..:p^5&...8...F*........x....EY]l...../C..B.KB....][.D...6.....
Z....6.u.h!#F.9n-.aW.>.f.16*......E.Y........X_.U.p*g....Fo..F....S
2..O.b.%Y]......SZ/..&............&k.J.o./....0.5(> ..*....5...s.Z.
.K...K...4......PuJB..EYq[H\7R.Mh]..\...,.B:..9.tV'.V..Q.!Cf.=>2J^7
.........x.A...=..........x...?L.0.v..:....W........n:l.G7.{C.f.O.r./.
...^...d.......z"..h.....0..HTTP/1.1 200 OK..Content-Encoding: gzip..C
ontent-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:06 GMT..P3P: CP='T
his is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'
..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..transfer-encoding:
 chunked..Connection: keep-alive..198............d.Qo. ....)<K..B.8
Y.a"/..J.:...PU..K.:0......,K...?....w..A..:p^5&...8...F*........x....
EY]l...../C..B.KB....][.D...6.....Z....6.u.h!#F.9n-.aW.>.f.16*.....
.E.Y........X_.U.p*g....Fo..F....S2..O.b.%Y]......SZ/..&............&k
.J.o./....0.5(> ..*....5...s.Z..K...K...4......PuJB..EYq[H\7R.Mh]..
\...,.B:..9.tV'.V..Q.!Cf.=>2J^7.........x.A...=..........x...?L.0.v
..:....W........n:l.G7.{C.f.O.r./....^...d.......z"..h.....0...
...


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=appnexus,audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:06 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 427

Connection: keep-alive
...........RMo.0...Wx....8q.8.exi....bv.CQ...$BgY..4..c.....=.Qz$..H.c
.#8.u..i..Ga.Z4R.].../..a.....(/......-|...7.B.........&..0....o]...n.
...\..~...........}mP.w..<.CsY.................^...?s;-t.ef.LE....'
QRU.h6....Ws)..d;.90)o.....>|./.ho....t...=....w.S.Xv..Z._.r..%`R..
g~DtP..^..%7........VJ..=i.&.......O.(..)..3HP(L...%.;pmmc.3BUC.......
c..u...*.yU..-..J..V...NWB.]Z.F..] ._.....r..Wv}@......r!.?Z.....9{.~.
.....3..p....HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: te
xt/xml..Date: Thu, 15 Sep 2016 04:48:06 GMT..P3P: CP='This is not a P3
P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apach
e-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 427..Connection: 
keep-alive.............RMo.0...Wx....8q.8.exi....bv.CQ...$BgY..4..c...
..=.Qz$..H.c.#8.u..i..Ga.Z4R.].../..a.....(/......-|...7.B.........&..
0....o]...n....\..~...........}mP.w..<.CsY.................^...?s;-
t.ef.LE....'QRU.h6....Ws)..d;.90)o.....>|./.ho....t...=....w.S.Xv..
Z._.r..%`R..g~DtP..^..%7........VJ..=i.&.......O.(..)..3HP(L...%.;pmmc
.3BUC.......c..u...*.yU..-..J..V...NWB.]Z.F..] ._.....r..Wv}@......r!.
?Z.....9{.~......3..p........


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=audiencescience,centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:07 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 446

Connection: keep-alive
...........RMo.0...Wx...,.%[email protected];.E KL#t..Iv..?&..u...'.Q||d...
..........\.$.....{[..8s....GY.gZt.a.4s..;k........o|.....:vn,....o..r
..Y.."...R...j4...>.:Uu.....h.k.p.}]d.......N...V. ....d..|...YH.).
.a.4I0.5.]$...m.oc....H........IX.C\....z...QR...L.w@. ^...D.......BXS
Ur<7.U...FH....I.C.....L.0....`SHQ.L.......R.N.......a0L..,...I....
..$.. Z..n.........Z...y......{..G.'..Vi0.E!E.......a.]. ........r.!.d
.?/.L&.}A^6...dX.[.......o.N....HTTP/1.1 200 OK..Content-Encoding: gzi
p..Content-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:07 GMT..P3P: C
P='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-pol
icy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-Length
: 446..Connection: keep-alive.............RMo.0...Wx...,.%[email protected]
;.E KL#t..Iv..?&..u...'.Q||d.............\.$.....{[..8s....GY.gZt.a.4s
..;k........o|.....:vn,....o..r..Y.."...R...j4...>.:Uu.....h.k.p.}]
d.......N...V. ....d..|...YH.)..a.4I0.5.]$...m.oc....H........IX.C\...
.z...QR...L.w@. ^...D.......BXSUr<7.U...FH....I.C.....L.0....`SHQ.L
.......R.N.......a0L..,...I......$.. Z..n.........Z...y......{..G.'..V
i0.E!E.......a.]. ........r.!.d.?/.L&.}A^6...dX.[.......o.N....
....


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=centro,Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:07 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 420

Connection: keep-alive
............O..0.....i.r &.(A.Q.Ri.m."...Z!.....c...o......=.y...<.
..X.D{p^7&... ...Fi.......i<go....W..d....B.oC.3B...q.....&..8.3.Dh
}..._.71.........N....j..w...J.k..-.....[F.>.n.^<^pV.`..._..H..5
wZ.2..DN.$..t0.VJ~H....d.......V.........(.......P..(... .........^ hD
mQra...Z.v.ZWi.....8.A:....t\%.F...'.a70~zb...s.\..M.....:..M..Q...^b.
..ph.......U.......mm...x....q...U2z...:..r..c...<....r5... ....^..
........W..y...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: 
text/xml..Date: Thu, 15 Sep 2016 04:48:07 GMT..P3P: CP='This is not a 
P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apa
che-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 420..Connection
: keep-alive..............O..0.....i.r &.(A.Q.Ri.m."...Z!.....c...o...
...=.y...<...X.D{p^7&... ...Fi.......i<go....W..d....B.oC.3B...q
.....&..8.3.Dh}..._.71.........N....j..w...J.k..-.....[F.>.n.^<^
pV.`..._..H..5wZ.2..DN.$..t0.VJ~H....d.......V.........(.......P..(...
 .........^ hDmQra...Z.v.ZWi.....8.A:....t\%.F...'.a70~zb...s.\..M....
.:..M..Q...^b...ph.......U.......mm...x....q...U2z...:..r..c...<...
.r5... ....^..........W..y.......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=Bidswitch,SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:08 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
186...............o.0....Wd..[c.....e..*U....CU!.8....l......ek_......
..g..5..-8.[S.i2.#0.U.<..]}y6.....YV.I6..0..y(.M.vNHp..n..D.....Q..
.C......<..-U../.....U.......U..J................e]...,w.`C.;..H.r.
pZ.2..T..4.".NgB....).N..1..-..(.WO...R...FK..iUo.cm.....w.m...7....R.
.R.]...m`..M'....p..g...k5AC9..;......_...Z..p......r.......k..x.?...c
...:....F......)d...8*k......-..QM^o.IL.*A.F..;......d...........\....
.0..HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..D
ate: Thu, 15 Sep 2016 04:48:08 GMT..P3P: CP='This is not a P3P policy.
 See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/
1.1..Vary: Accept-Encoding..transfer-encoding: chunked..Connection: ke
ep-alive..186...............o.0....Wd..[c.....e..*U....CU!.8....l.....
.ek_........g..5..-8.[S.i2.#0.U.<..]}y6.....YV.I6..0..y(.M.vNHp..n.
.D.....Q...C......<..-U../.....U.......U..J................e]...,w.
`C.;..H.r.pZ.2..T..4.".NgB....).N..1..-..(.WO...R...FK..iUo.cm.....w.m
...7....R..R.]...m`..M'....p..g...k5AC9..;......_...Z..p......r.......
k..x.?...c...:....F......)d...8*k......-..QM^o.IL.*A.F..;......d......
.....\.....0......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=SundaySky,dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:08 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
179..............AO.0.... ....u.....W.....D....j.....X.....[.....<c
[email protected]|./O'.L....E~...2.Q..K..sz..3T.f..=YW.Z..nj.
......2;...0......l.Eg.U".....;...;h.9<?._...q~.......8.......T5...
......$QR.q.<)P.....*....':.N.V..5...1_..y.)...l|..H5T..9.....J/]c.
R.I....!..~...Q.% .y..S..4zz..}.saLm.q...g......`h......_.v.=.....68&.
.x.eK.X.~.m.W.......%..W...v..O#.!I....x...d.. .......oS.....0..HTTP/1
.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Thu, 
15 Sep 2016 04:48:08 GMT..P3P: CP='This is not a P3P policy. See http:
//tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Vary:
 Accept-Encoding..transfer-encoding: chunked..Connection: keep-alive..
179..............AO.0.... ....u.....W.....D....j.....X.....[.....<c
[email protected]|./O'.L....E~...2.Q..K..sz..3T.f..=YW.Z..nj.
......2;...0......l.Eg.U".....;...;h.9<?._...q~.......8.......T5...
......$QR.q.<)P.....*....':.N.V..5...1_..y.)...l|..H5T..9.....J/]c.
R.I....!..~...Q.% .y..S..4zz..}.saLm.q...g......`h......_.v.=.....68&.
.x.eK.X.~.m.W.......%..W...v..O#.!I....x...d.. .......oS.....0..>....


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=dynadmic,BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:09 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 405

Connection: keep-alive
...........RM..0.....FZn...4A.Q.R...VM.{@.9..D4.5vR..k..~\.....{ofLg..
.....U...C..%ZY.....?.H....?....F'. Tfj3.g...b...w]...!.h..Sc..L.?}...
>....}A.5..V......Z.(.Qr}<.............y...r..U.P...Q..r9.Zf"..D
$i.VU<.$....*[email protected]..;.....0...E}-...va.u.........Z..;......p
....*L.r....R'....Q.w.....kE....yT...&.<.....z.g...,.M..V..l....{&p
.xq.l4.9m.0:G7...s....Z..Y".{.C.=(k........AA. w..L........}H..|...HTT
P/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Date: Th
u, 15 Sep 2016 04:48:09 GMT..P3P: CP='This is not a P3P policy. See ht
tp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1.1..Va
ry: Accept-Encoding..Content-Length: 405..Connection: keep-alive......
.......RM..0.....FZn...4A.Q.R...VM.{@.9..D4.5vR..k..~\.....{ofLg......
.U...C..%ZY.....?.H....?....F'. Tfj3.g...b...w]...!.h..Sc..L.?}...>
....}A.5..V......Z.(.Qr}<.............y...r..U.P...Q..r9.Zf"..D$i.V
U<.$....*[email protected]..;.....0...E}-...va.u.........Z..;......p....
*L.r....R'....Q.w.....kE....yT...&.<.....z.g...,.M..V..l....{&p.xq.
l4.9m.0:G7...s....Z..Y".{.C.=(k........AA. w..L........}H..|...
....


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=BidTheatre,beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:09 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 374

Connection: keep-alive
...........Q[O.0.}.W.%...` #].....5n..!...Xt]....o..^^|...|.........6E
%[email protected]}........xU"c......nL..?,..Op*&l
t;._4U............e....k.T.t5}..|9...<.....V:C./.....b.....F]......
..1.o"..|...m...0..NwW....P.R.1.*..\.R-.F.BBcs ..m.Z.&..uX./E.......:.
9..............*.....v.....|.....Qk.U&..`.%!.....[0...;..:d.).u%.. .qh
....`....Zs..S.........3.e?...HTTP/1.1 200 OK..Content-Encoding: gzip.
.Content-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:09 GMT..P3P: CP=
'This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-polic
y'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-Length: 
374..Connection: keep-alive.............Q[O.0.}.W.%...` #].....5n..!..
.Xt]....o..^^|...|.........6E%[email protected]}..
......xU"c......nL..?,..Op*<._4U............e....k.T.t5}..|9...<
.....V:C./.....b.....F]........1.o"..|...m...0..NwW....P.R.1.*..\.R-.F
.BBcs ..m.Z.&..uX./E.......:.9..............*.....v.....|.....Qk.U&..`
.%!.....[0...;..:d.).u%.. .qh....`....Zs..S.........3.e?.......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=beeswax,videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:10 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 376

Connection: keep-alive
...........Q]O.0.}.W.%...` #].....52......h..i.........So.s.9..<}..
Q.....8Mzq..i........8....X..#...B.r._.....!oAj......9g..O..~....vY^..
.<"..Rc...... I.....;.....%....~N.............`(.......O...Ki6b.<
;..:...5g.Y=.l..V...S4......g.5%...K..;[...]K3....{[email protected]....
.~...V.?.%.l...yR.n....z ...F^N}........:..Kc...!.g.....cI.u...de).../
.P..4..AG0.F.......@>........TqW...HTTP/1.1 200 OK..Content-Encodin
g: gzip..Content-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:10 GMT..
P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/priva
cy-policy'..Server: Apache-Coyote/1.1..Vary: Accept-Encoding..Content-
Length: 376..Connection: keep-alive.............Q]O.0.}.W.%...` #]....
.52......h..i.........So.s.9..<}..Q.....8Mzq..i........8....X..#...
B.r._.....!oAj......9g..O..~....vY^...<"..Rc...... I.....;.....%...
.~N.............`(.......O...Ki6b.<..:...5g.Y=.l..V...S4......g.5%.
..K..;[...]K3....{[email protected].....~...V.?.%.l...yR.n....z ...F^N}.
.......:..Kc...!.g.....cI.u...de).../.P..4..AG0.F.......@>........T
qW.......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=videoamp,TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:10 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
196.............R.n.0... T....^~..h.v..(. ..C....N.V.ARB....;.....r9.3
;..zi.z.h.t...I.{ y'..T..r.i....|O.....0.(......j....v...'.k.1....Xf{S
._.Ut..L.G.w...=....BK.S....b.V<.RQ..........-...N1m..4...Ur.1...(x
..._.q^.Y4[....z!.1N.).P.%ST......l..FB....<.,.".,..q~.S..g..A0}|$.
...F.N.#........$.7N...:/P9.d.Eq........!. ....#W.. ....k...........&.
.....[0...1...y.].4.1.....f....J...'s.R3....f.i.C......o#.[J\".V._...d
.......1.A?......0..HTTP/1.1 200 OK..Content-Encoding: gzip..Content-T
ype: text/xml..Date: Thu, 15 Sep 2016 04:48:10 GMT..P3P: CP='This is n
ot a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..Server
: Apache-Coyote/1.1..Vary: Accept-Encoding..transfer-encoding: chunked
..Connection: keep-alive..196.............R.n.0... T....^~..h.v..(. ..
C....N.V.ARB....;.....r9.3;..zi.z.h.t...I.{ y'..T..r.i....|O.....0.(..
....j....v...'.k.1....Xf{S._.Ut..L.G.w...=....BK.S....b.V<.RQ......
....-...N1m..4...Ur.1...(x..._.q^.Y4[....z!.1N.).P.%ST......l..FB....&
lt;.,.".,..q~.S..g..A0}|$....F.N.#........$.7N...:/P9.d.Eq........!. .
...#W.. ....k...........&......[0...1...y.].4.1.....f....J...'s.R3....
f.i.C......o#.[J\".V._...d.......1.A?......0......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=TapAd,_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:11 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

transfer-encoding: chunked

Connection: keep-alive
199.............R]k.0.}......"....V....e...=.bd..5.e!.!...C.t....t.s.9
[email protected]....].O....7X8.l...../...BFA.......EZK.1.m..u
.~.^...)..N.**%....j.-....v.#E..3).%}...8....II./t.*#..._.......jx...O
.<........l..s..A....dV.VV.Wu#`..=.$.8.}.4..A....gSH...<=....l.T
......06TR~V..A...R..9...BeYC....j...A..1..^...W{....=....6..$^.{a....
.....j]..7.G...l.e...........j.v.v...u.Zd.(.e..>.0.................
.....d.........F.......0..HTTP/1.1 200 OK..Content-Encoding: gzip..Con
tent-Type: text/xml..Date: Thu, 15 Sep 2016 04:48:11 GMT..P3P: CP='Thi
s is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'..
Server: Apache-Coyote/1.1..Vary: Accept-Encoding..transfer-encoding: c
hunked..Connection: keep-alive..199.............R]k.0.}......"....V...
[email protected]....].O....7X
8.l...../...BFA.......EZK.1.m..u.~.^...)..N.**%....j.-....v.#E..3).%}.
..8....II./t.*#..._.......jx...O.<........l..s..A....dV.VV.Wu#`..=.
$.8.}.4..A....gSH...<=....l.T......06TR~V..A...R..9...BeYC....j...A
..1..^...W{....=....6..$^.{a.........j]..7.G...l.e...........j.v.v...u
.Zd.(.e..>.0......................d.........F.......0......


GET /syncnoad?rid=c1a46c8919bb4068bdc74b8dcf13f3ed&p=_dmp_turbine&uid=c593e4200aea45b19fd5cf1c6e968be5 HTTP/1.1

Accept: */*

Accept-Language: en-US

Referer: hXXp://ivids.net/ova-jw.swf

x-flash-version: 11,6,602,168

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: partners.tremorhub.com

Connection: Keep-Alive

Cookie: tvid=c593e4200aea45b19fd5cf1c6e968be5; tvrg_60409="1,1473914880"

HTTP/1.1 200 OK

Content-Encoding: gzip

Content-Type: text/xml

Date: Thu, 15 Sep 2016 04:48:12 GMT

P3P: CP='This is not a P3P policy. See hXXp://tremorvideo.com/en/privacy-policy'

Server: Apache-Coyote/1.1

Vary: Accept-Encoding

Content-Length: 350

Connection: keep-alive
..........d.]o. .... .^x..Om..4...e[....1.P. 4..........s.....8.h...).
.....]..")...]V.w.;A7pU....O...zlr.`L;..(.Hux.="..u.:f..6.:w.....E....
...-S.[...kP..:e................tVT..lG...XZ/N...zv...A.[b..T..$U^#...
..1..'..9.W.6.EI:..x...He.$.".......:.v4!...Y6Lk..z(....Y..u..:%..N...
].h..y.E.*.O.......tL_..>p..% ...~..c.hK..........m.='........A....
...HTTP/1.1 200 OK..Content-Encoding: gzip..Content-Type: text/xml..Da
te: Thu, 15 Sep 2016 04:48:12 GMT..P3P: CP='This is not a P3P policy. 
See hXXp://tremorvideo.com/en/privacy-policy'..Server: Apache-Coyote/1
.1..Vary: Accept-Encoding..Content-Length: 350..Connection: keep-alive
............d.]o. .... .^x..Om..4...e[....1.P. 4..........s.....8.h...
)......]..")...]V.w.;A7pU....O...zlr.`L;..(.Hux.="..u.:f..6.:w.....E..
.....-S.[...kP..:e................tVT..lG...XZ/N...zv...A.[b..T..$U^#.
....1..'..9.W.6.EI:..x...He.$.".......:.v4!...Y6Lk..z(....Y..u..:%..N.
..].h..y.E.*.O.......tL_..>p..% ...~..c.hK..........m.='........A..
.......

GET /10114910/0/757d7213/1/ HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: c.statcounter.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 04:47:52 GMT

Server: Apache/2.2.3 (CentOS)

P3P: policyref="hXXp://VVV.statcounter.com/w3c/p3p.xml", CP="ADMa OUR COM NAV NID DSP NOI COR"

Expires: Mon, 26 Jul 1997 05:00:00 GMT

Set-Cookie: is_unique=sc10114910.1473914872.0; expires=Tue, 14-Sep-2021 04:47:52 GMT; path=/; domain=.statcounter.com

Set-Cookie: is_visitor_unique=147391487217812864; expires=Sat, 15-Sep-2018 04:47:52 GMT; path=/; domain=.statcounter.com

Content-Length: 49

Connection: close

Content-Type: image/gif
GIF89a...................!.......,...........T..;..

GET /cwidget/iebrowser1/000000ffffff.png HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: whos.amung.us

Connection: Keep-Alive

HTTP/1.1 303 See Other

Date: Thu, 15 Sep 2016 04:47:52 GMT

Content-Type: text/html

Transfer-Encoding: chunked

Connection: close

Location: hXXp://widgets.amung.us/draw/?w=colored&n=1307&c=000000ffffff&p=

Set-Cookie: uid=CgH9JVfaJ/honWb b6R6Ag==; expires=Thu, 31-Dec-37 23:55:55 GMT; domain=.amung.us; path=/
0..

GET /analytics.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 02:59:31 GMT

Expires: Thu, 15 Sep 2016 04:59:31 GMT

Last-Modified: Mon, 15 Aug 2016 04:25:11 GMT

X-Content-Type-Options: nosniff

Content-Type: text/javascript

Vary: Accept-Encoding

Content-Encoding: gzip

Server: Golfe2

Content-Length: 11590

Age: 6501

Cache-Control: public, max-age=7200
...........}iw..........tc.m'.a.i|B...F6 ...%.6.F.....o..JR/..{.....s'
V..VK..J.W..Hz...=....S....=$......l.j.......d....?Q...-..K...j(FR..W]
.b._..V.Ea-.6u.......D..gF.....[.<..W...../............`z.....g.l..
~.............>..........GB..N....?...?.I2.....U...o<.....W.;...
x qq......J.......zC.q...?.<.....P.."..[.|.....\P.c...[8.......FB;/
..#..N.........,.:..}.mw.....Bx..?...r=&`..,Q....)j.v..f3.._.y....<
.}..........y.5..l...fk..E.B7].X....%. h...6m...J$O.......!=.P,..$qo..
...]]..8g?....f..Oj......M..b4.$.T$...{...R..^......_.63T-.e..#h7Y.F..
~..}..Q....\..Z.2KKO...on8..%.!.n.."V<Qo.j......0. .o{2..u(uU..M.8.
E..FDs6.y.....7..\..g.....x4.7<.......yg.{f.....>.k/s..V..k....)
....s)..@...$QC.7..\.P*I..uI.E.........U..7.<.]Wy.0.....]..........
..*.2.[.0 @e.1....qXT._... .!8..IO..........L%..}.6.%.u6'"...."*.>.
........[.U]..O.k.p.........C'QwI......*..~([email protected]
..........<[email protected]..=.y.1..M....D...G..P..O..s.v)/[.....
q.......e.s*.aE3"p[..J.[Xj<}.....u...^^.=.....u.....V....sR....Z...
...Uo....P\........M.!,L..v...[....'.hBd.n.....rr....c..@=.o.N..|A....
C..-.D...ju....E.t....s.......p$.7.HT....S...!.4....]./.X.......C.C.[.
X....~..B.d.../.e.4..O.r*q`.....d.....b...t........../^6.jg:B........'
....x4...w;D...J1.._`.@].s...'*U....&.a.KFD....<[email protected].?U..a...P
..J.V..\%...O'].Q...[.7....Fn...0tgA.2S.#-....._..%....q......f..9...z
Z...l==.R [email protected]...."......[.....".".;..YBf....~.....m.$....d42?.9f..K@
........7.Q_..w.<-...;z..|..*..>...D...(?r.....@F.. ..P]...2
<<< skipped >>>

GET /r/collect?v=1&_v=j46&a=343530085&t=pageview&_s=1&dl=http://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=&ul=en-us&de=utf-8&dt=add&sd=32-bit&sr=1276x846&vp=679x408&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=119218808&cid=568569260.1473914880&tid=UA-74694740-5&_r=1&z=440725160 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.bruindorsett.pw/index5.php?id=23A0EkLLUe2yixq8gw7o&date=2016-09-03&p=none&t=

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Thu, 15 Sep 2016 04:47:52 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 15 Sep 2016 04:47:52 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;....


GET /r/collect?v=1&_v=j46&a=124075300&t=pageview&_s=1&dl=http://VVV.ivids.net/page-3.htm?lid=937115&ul=en-us&de=utf-8&sd=32-bit&sr=1276x846&vp=850x480&je=0&fl=11.6 r602&_u=AEAAAEAAI~&jid=1415410216&cid=1946787307.1473914884&tid=UA-74694740-2&_r=1&z=226281000 HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.htm?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: VVV.google-analytics.com

Connection: Keep-Alive

HTTP/1.1 200 OK

Access-Control-Allow-Origin: *

Date: Thu, 15 Sep 2016 04:47:57 GMT

Pragma: no-cache

Expires: Fri, 01 Jan 1990 00:00:00 GMT

Cache-Control: no-cache, no-store, must-revalidate

Last-Modified: Sun, 17 May 1998 03:00:00 GMT

X-Content-Type-Options: nosniff

Content-Type: image/gif

Server: Golfe2

Content-Length: 35
GIF89a.............,...........D..;HTTP/1.1 200 OK..Access-Control-All
ow-Origin: *..Date: Thu, 15 Sep 2016 04:47:57 GMT..Pragma: no-cache..E
xpires: Fri, 01 Jan 1990 00:00:00 GMT..Cache-Control: no-cache, no-sto
re, must-revalidate..Last-Modified: Sun, 17 May 1998 03:00:00 GMT..X-C
ontent-Type-Options: nosniff..Content-Type: image/gif..Server: Golfe2.
.Content-Length: 35..GIF89a.............,...........D..;..

GET /1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:43 GMT

Server: Apache/2.2.15 (CentOS)

X-Powered-By: PHP/5.5.30

Cache-Control: max-age=0

Expires: Thu, 15 Sep 2016 12:53:43 GMT

Content-Length: 0

Connection: close

Content-Type: text/html; charset=UTF-8

GET /jwplayer1.js HTTP/1.1

Accept: */*

Referer: hXXp://VVV.ivids.net/page-3.html?lid=937115

Accept-Language: en-us

Accept-Encoding: gzip, deflate

User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 2.0.50727; .NET CLR 3.0.04506.648; .NET CLR 3.5.21022; .NET4.0C)

Host: ivids.net

Connection: Keep-Alive

HTTP/1.1 200 OK

Date: Thu, 15 Sep 2016 12:53:40 GMT

Server: Apache/2.2.15 (CentOS)

Last-Modified: Thu, 02 Jun 2016 05:31:59 GMT

ETag: "4403af-25d37-53444eccf91c0"

Accept-Ranges: bytes

Content-Length: 154935

Cache-Control: max-age=2592000, public

Expires: Thu, 17 Aug 2017 12:53:40 GMT

Connection: close

Content-Type: text/javascript
var dtn = Date.parse(new Date().toString());..document.write(unescape(
'