Detections

Suricata:

Bedep

Analysis

Category Package Started Completed Duration Log
PCAP 2020-10-03 13:07:39 2020-10-03 13:07:39 0 seconds Show Log

    


Signatures

CAPE detected the Bedep malware family
Created network traffic indicative of malicious activity
signature: ET DROP Dshield Block Listed Source group 1
signature: ET MALWARE Bedep Connectivity Check M2
signature: ET MALWARE Bedep HTTP POST CnC Beacon 2
signature: ET MALWARE Possible Bedep Connectivity Check
signature: ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz
signature: ET MALWARE Bedep HTTP POST CnC Beacon

Hosts

Direct IP Country Name
N 95.211.205.230 [VT] Netherlands
N 89.163.240.119 [VT] Germany
N 89.163.240.118 [VT] Germany
N 85.25.79.160 [VT] Germany
N 69.172.216.161 [VT] United States
N 69.172.216.111 [VT] United States
N 64.237.32.155 [VT] United States
N 5.189.216.103 [VT] Russian Federation
N 216.28.245.214 [VT] United States
N 208.100.26.234 [VT] United States
N 195.22.28.222 [VT] Portugal
N 195.22.28.199 [VT] Portugal
N 195.22.28.198 [VT] Portugal
N 185.82.216.241 [VT] Bulgaria
N 185.82.216.240 [VT] Bulgaria
N 185.49.70.57 [VT] United Kingdom
N 185.49.69.25 [VT] United Kingdom
N 104.72.211.249 [VT] United States
N 104.193.252.234 [VT] United States

DNS

Name Response Post-Analysis Lookup
coolrilla.com [VT] A 216.28.245.214 [VT] 216.28.245.214 [VT]
nic.artededirigir.com.br [VT] A 5.189.216.103 [VT]
omondi-liczyli.jwsjustdothemath.com [VT] A 185.49.69.25 [VT]
www.ecb.europa.eu [VT] CNAME www.ecb.europa.eu.edgekey.net [VT]
CNAME e7443.ksd.akamaiedge.net [VT]
A 104.72.211.249 [VT]
185.5.82.138 [VT]
chvqpoodmfynq27.com [VT] NXDOMAIN
uzirbziibtsta.com [VT]
rswuklysaivhg.com [VT]
ozwstuvacpuj.com [VT]
yrzrjubvxa78.com [VT]
ohyovhwnwpopyoab.com [VT]
xcjkkushps0t.com [VT]
cvbknhkbhoi9.com [VT]
clowfiwvjlpqklyuo.com [VT]
aodncqkbqddauoyqk.com [VT] A 195.22.28.197 [VT]
A 195.22.28.196 [VT]
A 195.22.28.198 [VT]
A 195.22.28.199 [VT]
sso.anbtr.com [VT] A 195.22.28.222 [VT] 195.22.28.222 [VT]
xsso.aodncqkbqddauoyqk.com [VT]
letvnhhitrdk.com [VT] A 208.100.26.234 [VT]
qufsvzeigvlxdbw.com [VT] A 95.211.205.230 [VT]
reannewscomm.com [VT] A 85.25.79.160 [VT]
gerausports.com [VT] A 89.163.240.119 [VT]
kjnoa9sdi3mrlsdnfi.com [VT] A 89.163.240.118 [VT]
allhobbyworldsnet.com [VT] A 185.82.216.240 [VT]
lollytooneymoney.com [VT] A 185.82.216.241 [VT]
lampubuntuadv.com [VT] A 104.193.252.234 [VT]
wpad.localdomain [VT]
c.feed-xml.com [VT] A 64.237.32.155 [VT]
A 64.237.56.12 [VT]
score.feed-xml.com [VT]
8304.bapi.adsafeprotected.com [VT] A 69.172.216.161 [VT]
CNAME anycast.bapi.adsafeprotected.com [VT]
3.227.62.15 [VT]
dt.adsafeprotected.com [VT] CNAME anycast.dt.adsafeprotected.com [VT]
A 69.172.216.111 [VT]
104.244.37.20 [VT]
scoring33.com [VT] A 185.49.70.57 [VT]

Sorry! No behavior.

Hosts

Direct IP Country Name
N 95.211.205.230 [VT] Netherlands
N 89.163.240.119 [VT] Germany
N 89.163.240.118 [VT] Germany
N 85.25.79.160 [VT] Germany
N 69.172.216.161 [VT] United States
N 69.172.216.111 [VT] United States
N 64.237.32.155 [VT] United States
N 5.189.216.103 [VT] Russian Federation
N 216.28.245.214 [VT] United States
N 208.100.26.234 [VT] United States
N 195.22.28.222 [VT] Portugal
N 195.22.28.199 [VT] Portugal
N 195.22.28.198 [VT] Portugal
N 185.82.216.241 [VT] Bulgaria
N 185.82.216.240 [VT] Bulgaria
N 185.49.70.57 [VT] United Kingdom
N 185.49.69.25 [VT] United Kingdom
N 104.72.211.249 [VT] United States
N 104.193.252.234 [VT] United States

TCP

Source Source Port Destination Destination Port
192.168.120.129 49504 104.193.252.234 lampubuntuadv.com 80
192.168.120.129 49510 104.193.252.234 lampubuntuadv.com 80
192.168.120.129 49492 104.72.211.249 www.ecb.europa.eu 80
192.168.120.129 49454 185.49.69.25 omondi-liczyli.jwsjustdothemath.com 80
192.168.120.129 49455 185.49.69.25 omondi-liczyli.jwsjustdothemath.com 80
192.168.120.129 49491 185.49.69.25 omondi-liczyli.jwsjustdothemath.com 80
192.168.120.129 49523 185.49.70.57 scoring33.com 80
192.168.120.129 49531 185.49.70.57 scoring33.com 80
192.168.120.129 49543 185.49.70.57 scoring33.com 80
192.168.120.129 49548 185.49.70.57 scoring33.com 80
192.168.120.129 49506 185.82.216.240 allhobbyworldsnet.com 80
192.168.120.129 49522 185.82.216.240 allhobbyworldsnet.com 80
192.168.120.129 49503 185.82.216.241 lollytooneymoney.com 80
192.168.120.129 49511 185.82.216.241 lollytooneymoney.com 80
192.168.120.129 49526 185.82.216.241 lollytooneymoney.com 80
192.168.120.129 49495 195.22.28.198 aodncqkbqddauoyqk.com 80
192.168.120.129 49493 195.22.28.199 aodncqkbqddauoyqk.com 80
192.168.120.129 49494 195.22.28.222 sso.anbtr.com 80
192.168.120.129 49496 208.100.26.234 letvnhhitrdk.com 80
192.168.120.129 49415 216.28.245.214 coolrilla.com 80
192.168.120.129 49427 5.189.216.103 nic.artededirigir.com.br 80
192.168.120.129 49514 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49515 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49521 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49525 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49533 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49534 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49535 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49536 64.237.32.155 c.feed-xml.com 80
192.168.120.129 49519 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49520 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49524 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49529 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49530 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49532 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49540 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49541 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49544 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49545 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49546 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49547 69.172.216.111 dt.adsafeprotected.com 80
192.168.120.129 49517 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49518 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49527 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49528 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49537 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49538 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49539 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49542 69.172.216.161 8304.bapi.adsafeprotected.com 80
192.168.120.129 49505 85.25.79.160 reannewscomm.com 80
192.168.120.129 49508 85.25.79.160 reannewscomm.com 80
192.168.120.129 49513 85.25.79.160 reannewscomm.com 80
192.168.120.129 49507 89.163.240.118 kjnoa9sdi3mrlsdnfi.com 80
192.168.120.129 49509 89.163.240.118 kjnoa9sdi3mrlsdnfi.com 80
192.168.120.129 49549 89.163.240.118 kjnoa9sdi3mrlsdnfi.com 80
192.168.120.129 49502 89.163.240.119 gerausports.com 80
192.168.120.129 49512 89.163.240.119 gerausports.com 80
192.168.120.129 49516 89.163.240.119 gerausports.com 80
192.168.120.129 49497 95.211.205.230 qufsvzeigvlxdbw.com 80
192.168.120.129 49498 95.211.205.230 qufsvzeigvlxdbw.com 80
192.168.120.129 49499 95.211.205.230 qufsvzeigvlxdbw.com 80

UDP

Source Source Port Destination Destination Port
192.168.120.129 49240 192.168.120.2 53
192.168.120.129 49888 192.168.120.2 53
192.168.120.129 50132 192.168.120.2 53
192.168.120.129 50269 192.168.120.2 53
192.168.120.129 50279 192.168.120.2 53
192.168.120.129 50374 192.168.120.2 53
192.168.120.129 50388 192.168.120.2 53
192.168.120.129 50389 192.168.120.2 53
192.168.120.129 51416 192.168.120.2 53
192.168.120.129 51569 192.168.120.2 53
192.168.120.129 51895 192.168.120.2 53
192.168.120.129 52902 192.168.120.2 53
192.168.120.129 53685 192.168.120.2 53
192.168.120.129 54152 192.168.120.2 53
192.168.120.129 54217 192.168.120.2 53
192.168.120.129 54288 192.168.120.2 53
192.168.120.129 54432 192.168.120.2 53
192.168.120.129 54526 192.168.120.2 53
192.168.120.129 54849 192.168.120.2 53
192.168.120.129 54983 192.168.120.2 53
192.168.120.129 55011 192.168.120.2 53
192.168.120.129 55296 192.168.120.2 53
192.168.120.129 55913 192.168.120.2 53
192.168.120.129 55969 192.168.120.2 53
192.168.120.129 56011 192.168.120.2 53
192.168.120.129 57091 192.168.120.2 53
192.168.120.129 57691 192.168.120.2 53
192.168.120.129 57863 192.168.120.2 53
192.168.120.129 58105 192.168.120.2 53
192.168.120.129 58610 192.168.120.2 53
192.168.120.129 58714 192.168.120.2 53
192.168.120.129 59625 192.168.120.2 53
192.168.120.129 59851 192.168.120.2 53
192.168.120.129 59909 192.168.120.2 53
192.168.120.129 60152 192.168.120.2 53
192.168.120.129 61255 192.168.120.2 53
192.168.120.129 61350 192.168.120.2 53
192.168.120.129 61937 192.168.120.2 53
192.168.120.129 62358 192.168.120.2 53
192.168.120.129 62592 192.168.120.2 53
192.168.120.129 62931 192.168.120.2 53
192.168.120.129 64658 192.168.120.2 53
192.168.120.129 65257 192.168.120.2 53

DNS

Name Response Post-Analysis Lookup
coolrilla.com [VT] A 216.28.245.214 [VT] 216.28.245.214 [VT]
nic.artededirigir.com.br [VT] A 5.189.216.103 [VT]
omondi-liczyli.jwsjustdothemath.com [VT] A 185.49.69.25 [VT]
www.ecb.europa.eu [VT] CNAME www.ecb.europa.eu.edgekey.net [VT]
CNAME e7443.ksd.akamaiedge.net [VT]
A 104.72.211.249 [VT]
185.5.82.138 [VT]
chvqpoodmfynq27.com [VT] NXDOMAIN
uzirbziibtsta.com [VT]
rswuklysaivhg.com [VT]
ozwstuvacpuj.com [VT]
yrzrjubvxa78.com [VT]
ohyovhwnwpopyoab.com [VT]
xcjkkushps0t.com [VT]
cvbknhkbhoi9.com [VT]
clowfiwvjlpqklyuo.com [VT]
aodncqkbqddauoyqk.com [VT] A 195.22.28.197 [VT]
A 195.22.28.196 [VT]
A 195.22.28.198 [VT]
A 195.22.28.199 [VT]
sso.anbtr.com [VT] A 195.22.28.222 [VT] 195.22.28.222 [VT]
xsso.aodncqkbqddauoyqk.com [VT]
letvnhhitrdk.com [VT] A 208.100.26.234 [VT]
qufsvzeigvlxdbw.com [VT] A 95.211.205.230 [VT]
reannewscomm.com [VT] A 85.25.79.160 [VT]
gerausports.com [VT] A 89.163.240.119 [VT]
kjnoa9sdi3mrlsdnfi.com [VT] A 89.163.240.118 [VT]
allhobbyworldsnet.com [VT] A 185.82.216.240 [VT]
lollytooneymoney.com [VT] A 185.82.216.241 [VT]
lampubuntuadv.com [VT] A 104.193.252.234 [VT]
wpad.localdomain [VT]
c.feed-xml.com [VT] A 64.237.32.155 [VT]
A 64.237.56.12 [VT]
score.feed-xml.com [VT]
8304.bapi.adsafeprotected.com [VT] A 69.172.216.161 [VT]
CNAME anycast.bapi.adsafeprotected.com [VT]
3.227.62.15 [VT]
dt.adsafeprotected.com [VT] CNAME anycast.dt.adsafeprotected.com [VT]
A 69.172.216.111 [VT]
104.244.37.20 [VT]
scoring33.com [VT] A 185.49.70.57 [VT]

HTTP Requests

URI Data
http://coolrilla.com/
GET / HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjf6ZjZrLTKAhVM5WMKHW-sCQsQFggcMAA&url=http%3A%2F%2Fcoolrilla.com%2F&usg=AFQjCNHWOUMTORgEkxQxH5BU70QZxvIR6A&bvm=bv.112064104,d.cGc
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: coolrilla.com
DNT: 1
Connection: Keep-Alive

http://nic.artededirigir.com.br/js/script.js
GET /js/script.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Referer: http://coolrilla.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: nic.artededirigir.com.br
DNT: 1
Connection: Keep-Alive

http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9
GET /forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9 HTTP/1.1
Accept: text/html, application/xhtml+xml, */*
Referer: http://coolrilla.com/
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: omondi-liczyli.jwsjustdothemath.com
DNT: 1
Connection: Keep-Alive

http://omondi-liczyli.jwsjustdothemath.com/forums/reach.epibrw?single=THsZ&next=liB&allow=xHDselI&also=dStDEaLRoT&relationship=&different=FvE0pR1s3&south=mEjN&necessary=n5rgGm241t&agency=8
POST /forums/reach.epibrw?single=THsZ&next=liB&allow=xHDselI&also=dStDEaLRoT&relationship=&different=FvE0pR1s3&south=mEjN&necessary=n5rgGm241t&agency=8 HTTP/1.1
Accept: */*
Content-Type: text/html; charset=utf-8
Referer: http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9
Accept-Language: en-US
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: omondi-liczyli.jwsjustdothemath.com
Content-Length: 188
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache

http://omondi-liczyli.jwsjustdothemath.com/catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc
GET /catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc HTTP/1.1
Accept: */*
Referer: http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: omondi-liczyli.jwsjustdothemath.com
DNT: 1
Connection: Keep-Alive

http://omondi-liczyli.jwsjustdothemath.com/catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc
GET /catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9
x-flash-version: 19,0,0,207
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: omondi-liczyli.jwsjustdothemath.com
DNT: 1
Connection: Keep-Alive
Cookie: PHPSESSID=145c3560435b21c1dbd959f25211d2bc

http://omondi-liczyli.jwsjustdothemath.com/gas.dap?prepare=&ship=G4BweBf&project=jZtqZt&building=&finish=AM4qYoPVYlEL-pClKrkqwUcB8fC3MWPTXp2
POST /gas.dap?prepare=&ship=G4BweBf&project=jZtqZt&building=&finish=AM4qYoPVYlEL-pClKrkqwUcB8fC3MWPTXp2 HTTP/1.1
Accept: */*
Accept-Language: en-US
Referer: http://omondi-liczyli.jwsjustdothemath.com/catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&
x-flash-version: 19,0,0,207
Content-Type: application/x-www-form-urlencoded
Content-Length: 196
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: omondi-liczyli.jwsjustdothemath.com
DNT: 1
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: PHPSESSID=1ff7e4b88c8fab06a8c0d5797916663e

ZtcmLIEArfEVVqIbtAUJv4zmK809eqHU3N2EtahW+EZK2zpi9x1v9Dh0yMvZeFWlvIMZ9s+FfxmIOorxgjtZrhVr9asGf+lzdE6hr2WRIzMs5HTgiIw8I2pPf3IX4ywR93sBguybv3ICWS8sCzDEKwWMn/borvFnHwgOw0GNPNGWqff77QEKMTksMCwwLDIwNw==
http://omondi-liczyli.jwsjustdothemath.com/institution.jvs?know=1abZ9ACCC&likely=LtHLB&care=lm57Q&division=&march=gS_&unit=Dvc&from=kVFWpys&start=3uVQB5f5&body=&present=Hb02PlwQ
GET /institution.jvs?know=1abZ9ACCC&likely=LtHLB&care=lm57Q&division=&march=gS_&unit=Dvc&from=kVFWpys&start=3uVQB5f5&body=&present=Hb02PlwQ HTTP/1.1
Connection: Keep-Alive
Accept: */*
Accept-Encoding: gzip, deflate
Accept-Language: en-US
Referer: http://coolrilla.com/
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko
Host: omondi-liczyli.jwsjustdothemath.com

http://www.ecb.europa.eu/stats/eurofxref/eurofxref-hist-90d.xml?e9b8c42aea3b59e24b98684b0da54f4f
GET /stats/eurofxref/eurofxref-hist-90d.xml?e9b8c42aea3b59e24b98684b0da54f4f HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Referer: http://www.ecb.europa.eu/stats/exchange/eurofxref/html/index.en.html
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: www.ecb.europa.eu

http://aodncqkbqddauoyqk.com/forum.php?YkE=Ec
POST /forum.php?YkE=Ec HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 274
Host: aodncqkbqddauoyqk.com

http://sso.anbtr.com/domain/aodncqkbqddauoyqk.com
GET /domain/aodncqkbqddauoyqk.com HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: sso.anbtr.com

http://xsso.aodncqkbqddauoyqk.com/a3df5abf6ca0809d821368e1c1725b92
GET /a3df5abf6ca0809d821368e1c1725b92 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: xsso.aodncqkbqddauoyqk.com
Cookie: snkz=66.187.66.32; btst=57f149496faca138ff5532b2766a4160|66.187.66.32|1453154151|1453154151|0|1|0

http://letvnhhitrdk.com/groupsubscription.php?Kg4=sQWiUk
POST /groupsubscription.php?Kg4=sQWiUk HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Referer: http://aodncqkbqddauoyqk.com/forum.php?YkE=Ec
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 269
Host: letvnhhitrdk.com

http://qufsvzeigvlxdbw.com/include/class_bootstrap_framework.php?QcUs=kAkEgY
POST /include/class_bootstrap_framework.php?QcUs=kAkEgY HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 271
Host: qufsvzeigvlxdbw.com

http://qufsvzeigvlxdbw.com/album.php?co=IUgQ
POST /album.php?co=IUgQ HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 207
Host: qufsvzeigvlxdbw.com

http://qufsvzeigvlxdbw.com/css.php?go=E6CiS8
POST /css.php?go=E6CiS8 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 678
Host: qufsvzeigvlxdbw.com
Cookie: vermicellis=4569; biofeedbacks=6279; vainly=5574; woodlots=9400; somberness=441; scurries=6282; wapitis=2036; PHPSESSID=7db8a314402bae84b1676c9d187798bc

http://qufsvzeigvlxdbw.com/announcement.php?wMkY=ss
POST /announcement.php?wMkY=ss HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Referer: http://letvnhhitrdk.com/groupsubscription.php?Kg4=sQWiUk
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 294
Host: qufsvzeigvlxdbw.com

http://qufsvzeigvlxdbw.com/content.php?uw=M6qU
POST /content.php?uw=M6qU HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
Referer: http://qufsvzeigvlxdbw.com/announcement.php?wMkY=ss
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Content-Length: 524
Host: qufsvzeigvlxdbw.com
Cookie: yawner=2861; sappinesses=9934; slims=3360; reschedule=4148; bijoux=1089; reimbursing=5217; biggish=6707; PHPSESSID=f6fb3d6b00294f894b860655db5372eb

http://gerausports.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: gerausports.com

http://lampubuntuadv.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: lampubuntuadv.com

http://reannewscomm.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: reannewscomm.com

http://kjnoa9sdi3mrlsdnfi.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: kjnoa9sdi3mrlsdnfi.com

http://lollytooneymoney.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: lollytooneymoney.com

http://allhobbyworldsnet.com/ads.php?sid=1948
GET /ads.php?sid=1948 HTTP/1.1
Connection: Keep-Alive
Accept: text/html, application/xhtml+xml, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Host: allhobbyworldsnet.com

http://reannewscomm.com/r.php?s=1fe0fe806b687f9e9fb80e5dccac383a
GET /r.php?s=1fe0fe806b687f9e9fb80e5dccac383a HTTP/1.1
Accept: */*
Referer: http://wincepromotional.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: reannewscomm.com
Connection: Keep-Alive

http://c.feed-xml.com/d/cvc0cccx8a3qaau9357ad486c234e2b991698ea86f04b2be08x
GET /d/cvc0cccx8a3qaau9357ad486c234e2b991698ea86f04b2be08x HTTP/1.1
Accept: */*
Referer: http://wincepromotional.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c.feed-xml.com
Connection: Keep-Alive

http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
GET /ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x HTTP/1.1
Accept: */*
Referer: http://wincepromotional.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: score.feed-xml.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925
GET /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://gerausports.com/r.php?s=fef047edf01a6dfc2fb88005b8de34fb
GET /r.php?s=fef047edf01a6dfc2fb88005b8de34fb HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: gerausports.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/dbapi?ias_callback=__IntegralAS_ab2a7e8bbe2e11e5883400259086c3b0_188&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12139%26sid%3D1948%26kw%3Ddedicated%2Bweb%2Bhosting%2Bservices%2Bpc%2Btime%2Bclocks%26ip%3D66.187.66.32%26uid%3D569d600ceacca935239925%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZk9,sl:inView,em:false,fr:true,pt:1-5-15,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab2a7e8b-be2e-11e5-8834-00259086c3b0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:10,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:63,uid:3e442777111be59b135844137c075a,v:1.23.0,sp:0,ct:na,dtm:i,mn:app22dal,gtpl:0,wr:1240.584,sr:1280.720,mf:1592877239,ov:0
GET /dbapi?ias_callback=__IntegralAS_ab2a7e8bbe2e11e5883400259086c3b0_188&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12139%26sid%3D1948%26kw%3Ddedicated%2Bweb%2Bhosting%2Bservices%2Bpc%2Btime%2Bclocks%26ip%3D66.187.66.32%26uid%3D569d600ceacca935239925%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZk9,sl:inView,em:false,fr:true,pt:1-5-15,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab2a7e8b-be2e-11e5-8834-00259086c3b0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:10,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:63,uid:3e442777111be59b135844137c075a,v:1.23.0,sp:0,ct:na,dtm:i,mn:app22dal,gtpl:0,wr:1240.584,sr:1280.720,mf:1592877239,ov:0 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlE,pingTime:-5,time:154,type:b}&bkp=a
GET /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlE,pingTime:-5,time:154,type:b}&bkp=a HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZkz,pingTime:-2,time:87,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:87,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:87,fi:0,fo:0,fn:87},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[80~100],as:[80~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:22,readyFired:true}&br=i
GET /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZkz,pingTime:-2,time:87,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:87,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:87,fi:0,fo:0,fn:87},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[80~100],as:[80~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:22,readyFired:true}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://c.feed-xml.com/9/cvc0cccx8a3qaau9fe987ae2ad0cb58782d4e7672dfbbcf508x
GET /9/cvc0cccx8a3qaau9fe987ae2ad0cb58782d4e7672dfbbcf508x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c.feed-xml.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlF,pingTime:-1,time:155,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:155,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:155,fi:0,fo:0,fn:155},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[149~100],as:[149~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,lt:10}&br=i
GET /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlF,pingTime:-1,time:155,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:155,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:155,fi:0,fo:0,fn:155},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[149~100],as:[149~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,lt:10}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://scoring33.com/17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x%3Fsource%3Dias%26score%3D0
GET /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x%3Fsource%3Dias%26score%3D0 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scoring33.com
Connection: Keep-Alive

http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
GET /ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: score.feed-xml.com
Connection: Keep-Alive

http://allhobbyworldsnet.com/r.php?s=cd3a13436e7a3106b19b2b1dcf16d427
GET /r.php?s=cd3a13436e7a3106b19b2b1dcf16d427 HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: allhobbyworldsnet.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578
GET /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://lollytooneymoney.com/r.php?s=1d1249ef8bb30f814a2f7e9ff2a0412e
GET /r.php?s=1d1249ef8bb30f814a2f7e9ff2a0412e HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: lollytooneymoney.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/dbapi?ias_callback=__IntegralAS_ab983458be2e11e5ba94382c4ac7fecb_1155&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Ddisadvantages%2Bof%2Bcloud%2Bcomputing%26ip%3D66.187.66.32%26uid%3D569d600e07e58269243578%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZvB,sl:inView,em:false,fr:true,pt:1-5-15,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab983458-be2e-11e5-ba94-382c4ac7fecb,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:73,uid:2680cf1fd55d5f9abf333512c4a12f,v:1.23.0,sp:0,ct:na,dtm:i,mn:app39dal,gtpl:0,wr:1244.588,sr:1280.720,mf:886293145,ov:0
GET /dbapi?ias_callback=__IntegralAS_ab983458be2e11e5ba94382c4ac7fecb_1155&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Ddisadvantages%2Bof%2Bcloud%2Bcomputing%26ip%3D66.187.66.32%26uid%3D569d600e07e58269243578%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZvB,sl:inView,em:false,fr:true,pt:1-5-15,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab983458-be2e-11e5-ba94-382c4ac7fecb,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:73,uid:2680cf1fd55d5f9abf333512c4a12f,v:1.23.0,sp:0,ct:na,dtm:i,mn:app39dal,gtpl:0,wr:1244.588,sr:1280.720,mf:886293145,ov:0 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZw2,pingTime:-2,time:96,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:96,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:96,fi:0,fo:0,fn:96},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[89~100],as:[89~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:22,readyFired:true}&br=i
GET /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZw2,pingTime:-2,time:96,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:96,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:96,fi:0,fo:0,fn:96},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[89~100],as:[89~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:22,readyFired:true}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx6,pingTime:-5,time:162,type:b}&bkp=a
GET /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx6,pingTime:-5,time:162,type:b}&bkp=a HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx8,pingTime:-1,time:164,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:164,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:164,fi:0,fo:0,fn:164},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[157~100],as:[157~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,lt:12}&br=i
GET /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx8,pingTime:-1,time:164,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:164,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:164,fi:0,fo:0,fn:164},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[157~100],as:[157~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,lt:12}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://c.feed-xml.com/9/cvc0cccx8a3qaau9d7dab6679fa98c771101ed934bafb26e08x
GET /9/cvc0cccx8a3qaau9d7dab6679fa98c771101ed934bafb26e08x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c.feed-xml.com
Connection: Keep-Alive

http://scoring33.com/17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x%3Fsource%3Dias%26score%3D0
GET /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x%3Fsource%3Dias%26score%3D0 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scoring33.com
Connection: Keep-Alive

http://c.feed-xml.com/e/cvc0cccx8a3qaau92ab4a1d7028755ca9cd7f149bfbd55fb08x
GET /e/cvc0cccx8a3qaau92ab4a1d7028755ca9cd7f149bfbd55fb08x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: c.feed-xml.com
Connection: Keep-Alive

http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
GET /ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: score.feed-xml.com
Connection: Keep-Alive

http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
GET /ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: score.feed-xml.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764
GET /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467
GET /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/dbapi?ias_callback=__IntegralAS_ac0ca16bbe2e11e59bba0025904e9b70_2345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Dbuy%2Bserver%26ip%3D66.187.66.32%26uid%3D569d600d474a0605533764%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZI3,sl:inView,em:false,fr:true,pt:1-5-15,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac0ca16b-be2e-11e5-9bba-0025904e9b70,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:79,uid:767b59ab87d93ae95b7850be5b9c51,v:1.23.0,sp:0,ct:na,dtm:i,mn:app10dal,gtpl:0,wr:1254.598,sr:1280.720,mf:-535806032,ov:0
GET /dbapi?ias_callback=__IntegralAS_ac0ca16bbe2e11e59bba0025904e9b70_2345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Dbuy%2Bserver%26ip%3D66.187.66.32%26uid%3D569d600d474a0605533764%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZI3,sl:inView,em:false,fr:true,pt:1-5-15,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac0ca16b-be2e-11e5-9bba-0025904e9b70,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:79,uid:767b59ab87d93ae95b7850be5b9c51,v:1.23.0,sp:0,ct:na,dtm:i,mn:app10dal,gtpl:0,wr:1254.598,sr:1280.720,mf:-535806032,ov:0 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJ5,pingTime:-2,time:140,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:140,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:140,fi:0,fo:0,fn:140},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[130~100],as:[130~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:58,readyFired:true}&br=i
GET /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJ5,pingTime:-2,time:140,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:140,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:140,fi:0,fo:0,fn:140},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[130~100],as:[130~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:58,readyFired:true}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJA,pingTime:-5,time:171,type:b}&bkp=a
GET /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJA,pingTime:-5,time:171,type:b}&bkp=a HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://8304.bapi.adsafeprotected.com/dbapi?ias_callback=__IntegralAS_ac110e25be2e11e58f4b0025904ea17a_4345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12046%26sid%3D1918%26kw%3Dresale%2Bweb%2Bhosting%2Bweb%2Bconference%2Bmeetings%26ip%3D66.187.66.32%26uid%3D569d600d1eb47305950467%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZJy,sl:inView,em:false,fr:true,pt:1-5-15,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac110e25-be2e-11e5-8f4b-0025904ea17a,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:11,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:92,uid:7cdae00aa10ce639595b1d71a335c7,v:1.23.0,sp:0,ct:na,dtm:i,mn:app02dal,gtpl:0,wr:1236.580,sr:1280.720,mf:1669048445,ov:0
GET /dbapi?ias_callback=__IntegralAS_ac110e25be2e11e58f4b0025904ea17a_4345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12046%26sid%3D1918%26kw%3Dresale%2Bweb%2Bhosting%2Bweb%2Bconference%2Bmeetings%26ip%3D66.187.66.32%26uid%3D569d600d1eb47305950467%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZJy,sl:inView,em:false,fr:true,pt:1-5-15,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac110e25-be2e-11e5-8f4b-0025904ea17a,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:11,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:92,uid:7cdae00aa10ce639595b1d71a335c7,v:1.23.0,sp:0,ct:na,dtm:i,mn:app02dal,gtpl:0,wr:1236.580,sr:1280.720,mf:1669048445,ov:0 HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: 8304.bapi.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZJX,pingTime:-2,time:101,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:101,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:101,fi:0,fo:0,fn:101},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[94~100],as:[94~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:8,readyFired:true}&br=i
GET /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZJX,pingTime:-2,time:101,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:101,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:101,fi:0,fo:0,fn:101},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[94~100],as:[94~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:8,readyFired:true}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJE,pingTime:-1,time:175,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:175,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:175,fi:0,fo:0,fn:175},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[165~100],as:[165~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,lt:12}&br=i
GET /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJE,pingTime:-1,time:175,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:175,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:175,fi:0,fo:0,fn:175},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[165~100],as:[165~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,lt:12}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLk,pingTime:-1,time:186,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:187,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:187,fi:0,fo:0,fn:187},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[179~100],as:[179~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,lt:11}&br=i
GET /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLk,pingTime:-1,time:186,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:187,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:187,fi:0,fo:0,fn:187},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[179~100],as:[179~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,lt:11}&br=i HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://dt.adsafeprotected.com/dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLi,pingTime:-5,time:184,type:b}&bkp=a
GET /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLi,pingTime:-5,time:184,type:b}&bkp=a HTTP/1.1
Accept: */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: dt.adsafeprotected.com
Connection: Keep-Alive

http://scoring33.com/17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x%3Fsource%3Dias%26score%3D0
GET /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x%3Fsource%3Dias%26score%3D0 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scoring33.com
Connection: Keep-Alive

http://scoring33.com/17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x%3Fsource%3Dias%26score%3D0
GET /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x%3Fsource%3Dias%26score%3D0 HTTP/1.1
Accept: image/jpeg, application/x-ms-application, image/gif, application/xaml+xml, image/pjpeg, application/x-ms-xbap, application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, */*
Referer: http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: scoring33.com
Connection: Keep-Alive

http://kjnoa9sdi3mrlsdnfi.com/r.php?s=9283cddc6629656ca4373e26ec74497d
GET /r.php?s=9283cddc6629656ca4373e26ec74497d HTTP/1.1
Accept: */*
Referer: http://lotsportsmoments.com/search.php
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: kjnoa9sdi3mrlsdnfi.com
Connection: Keep-Alive

SMTP traffic

No SMTP traffic performed.

IRC traffic

No IRC requests performed.

ICMP traffic

No ICMP traffic performed.

CIF Results

No CIF Results

Suricata Alerts

Timestamp Source IP Source Port Destination IP Destination Port Protocol GID SID REV Signature Category Severity
2016-01-18 21:55:16.877 192.168.120.129 [VT] 49455 185.49.69.25 [VT] 80 TCP 1 2014726 126 ET POLICY Outdated Flash Version M1 Potential Corporate Privacy Violation 1
2016-01-18 21:55:50.869 192.168.120.129 [VT] 49492 104.72.211.249 [VT] 80 TCP 1 2019400 6 ET MALWARE Possible Bedep Connectivity Check A Network Trojan was detected 1
2016-01-18 21:55:50.869 192.168.120.129 [VT] 49492 104.72.211.249 [VT] 80 TCP 1 2022467 3 ET MALWARE Bedep Connectivity Check M2 A Network Trojan was detected 1
2016-01-18 21:55:52.658 192.168.120.129 [VT] 49493 195.22.28.199 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:55:52.658 195.22.28.199 [VT] 80 192.168.120.129 [VT] 49493 TCP 1 2018141 5 ET MALWARE Possible Compromised Host AnubisNetworks Sinkhole Cookie Value Snkz A Network Trojan was detected 1
2016-01-18 21:55:53.732 208.100.26.234 [VT] 80 192.168.120.129 [VT] 49496 TCP 1 2402000 5686 ET DROP Dshield Block Listed Source group 1 Misc Attack 2
2016-01-18 21:55:53.944 192.168.120.129 [VT] 49496 208.100.26.234 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:55:54.487 192.168.120.129 [VT] 49497 95.211.205.230 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:55:55.066 192.168.120.129 [VT] 49498 95.211.205.230 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:56:12.769 192.168.120.129 [VT] 49498 95.211.205.230 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:56:12.769 192.168.120.129 [VT] 49498 95.211.205.230 [VT] 80 TCP 1 2021718 5 ET MALWARE Bedep HTTP POST CnC Beacon 2 Malware Command and Control Activity Detected 1
2016-01-18 21:57:31.393 192.168.120.129 [VT] 49499 95.211.205.230 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:57:33.841 192.168.120.129 [VT] 49499 95.211.205.230 [VT] 80 TCP 1 2021418 12 ET MALWARE Bedep HTTP POST CnC Beacon Malware Command and Control Activity Detected 1
2016-01-18 21:57:33.841 192.168.120.129 [VT] 49499 95.211.205.230 [VT] 80 TCP 1 2021718 5 ET MALWARE Bedep HTTP POST CnC Beacon 2 Malware Command and Control Activity Detected 1

Suricata TLS

No Suricata TLS

Suricata HTTP

Timestamp Source IP Source Port Destination IP Destination Port Method Status Hostname URI Content Type User Agent Referrer Length
2016-01-18 21:54:39.926 192.168.120.129 [VT] 49427 5.189.216.103 [VT] 80 200 nic.artededirigir.com.br [VT] /js/script.js text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://coolrilla.com/ 195
2016-01-18 21:54:41.573 192.168.120.129 [VT] 49415 216.28.245.214 [VT] 80 200 coolrilla.com [VT] / text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://www.google.com/url?sa=t&rct=j&q=&esrc=s&source=web&cd=1&ved=0ahUKEwjf6ZjZrLTKAhVM5WMKHW-sCQsQFggcMAA&url=http%3A%2F%2Fcoolrilla.com%2F&usg=AFQjCNHWOUMTORgEkxQxH5BU70QZxvIR6A&bvm=bv.112064104,d.cGc 29435
2016-01-18 21:54:54.149 192.168.120.129 [VT] 49454 185.49.69.25 [VT] 80 200 omondi-liczyli.jwsjustdothemath.com [VT] /forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://coolrilla.com/ 215502
2016-01-18 21:55:06.385 192.168.120.129 [VT] 49455 185.49.69.25 [VT] 80 404 omondi-liczyli.jwsjustdothemath.com [VT] /catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9 3
2016-01-18 21:55:06.385 192.168.120.129 [VT] 49454 185.49.69.25 [VT] 80 200 omondi-liczyli.jwsjustdothemath.com [VT] /forums/reach.epibrw?single=THsZ&next=liB&allow=xHDselI&also=dStDEaLRoT&relationship=&different=FvE0pR1s3&south=mEjN&necessary=n5rgGm241t&agency=8 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9 2768
2016-01-18 21:55:17.441 192.168.120.129 [VT] 49455 185.49.69.25 [VT] 80 200 omondi-liczyli.jwsjustdothemath.com [VT] /catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=&analysis=2KWqcKK&maybe=oNrWc application/x-shockwave-flash Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://omondi-liczyli.jwsjustdothemath.com/forums/viewforum.php?f=04187&sid=m76802yo10.561670d4m9 130075
2016-01-18 21:55:31.303 192.168.120.129 [VT] 49455 185.49.69.25 [VT] 80 200 omondi-liczyli.jwsjustdothemath.com [VT] /gas.dap?prepare=&ship=G4BweBf&project=jZtqZt&building=&finish=AM4qYoPVYlEL-pClKrkqwUcB8fC3MWPTXp2 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://omondi-liczyli.jwsjustdothemath.com/catch.wsdl?aid=cqhAYLuR&night=HwUPHFM&leader=&England=tQkD8&note=oTayrJDA&road=3iaOxqtn&subject=& 5528
2016-01-18 21:55:46.379 192.168.120.129 [VT] 49491 185.49.69.25 [VT] 80 200 omondi-liczyli.jwsjustdothemath.com [VT] /institution.jvs?know=1abZ9ACCC&likely=LtHLB&care=lm57Q&division=&march=gS_&unit=Dvc&from=kVFWpys&start=3uVQB5f5&body=&present=Hb02PlwQ application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; rv:11.0) like Gecko http://coolrilla.com/ 309692
2016-01-18 21:55:51.006 192.168.120.129 [VT] 49492 104.72.211.249 [VT] 80 200 www.ecb.europa.eu [VT] /stats/eurofxref/eurofxref-hist-90d.xml?e9b8c42aea3b59e24b98684b0da54f4f text/xml Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://www.ecb.europa.eu/stats/exchange/eurofxref/html/index.en.html 71595
2016-01-18 21:55:52.658 192.168.120.129 [VT] 49493 195.22.28.199 [VT] 80 302 aodncqkbqddauoyqk.com [VT] /forum.php?YkE=Ec text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 3
2016-01-18 21:55:53.043 192.168.120.129 [VT] 49494 195.22.28.222 [VT] 80 302 sso.anbtr.com [VT] /domain/aodncqkbqddauoyqk.com text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 78
2016-01-18 21:55:53.541 192.168.120.129 [VT] 49495 195.22.28.198 [VT] 80 200 xsso.aodncqkbqddauoyqk.com [VT] /a3df5abf6ca0809d821368e1c1725b92 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 41
2016-01-18 21:55:53.944 192.168.120.129 [VT] 49496 208.100.26.234 [VT] 80 404 letvnhhitrdk.com [VT] /groupsubscription.php?Kg4=sQWiUk text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://aodncqkbqddauoyqk.com/forum.php?YkE=Ec 177
2016-01-18 21:55:54.487 192.168.120.129 [VT] 49497 95.211.205.230 [VT] 80 200 qufsvzeigvlxdbw.com [VT] /include/class_bootstrap_framework.php?QcUs=kAkEgY application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 568
2016-01-18 21:55:55.066 192.168.120.129 [VT] 49498 95.211.205.230 [VT] 80 200 qufsvzeigvlxdbw.com [VT] /album.php?co=IUgQ application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 156
2016-01-18 21:56:12.769 192.168.120.129 [VT] 49498 95.211.205.230 [VT] 80 200 qufsvzeigvlxdbw.com [VT] /css.php?go=E6CiS8 application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 152
2016-01-18 21:57:32.733 192.168.120.129 [VT] 49499 95.211.205.230 [VT] 80 200 qufsvzeigvlxdbw.com [VT] /announcement.php?wMkY=ss application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://letvnhhitrdk.com/groupsubscription.php?Kg4=sQWiUk 769436
2016-01-18 21:57:33.841 192.168.120.129 [VT] 49499 95.211.205.230 [VT] 80 200 qufsvzeigvlxdbw.com [VT] /content.php?uw=M6qU application/octet-stream Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://qufsvzeigvlxdbw.com/announcement.php?wMkY=ss 106
2016-01-18 21:58:38.632 192.168.120.129 [VT] 49505 85.25.79.160 [VT] 80 200 reannewscomm.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 177
2016-01-18 21:58:39.244 192.168.120.129 [VT] 49506 185.82.216.240 [VT] 80 200 allhobbyworldsnet.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 182
2016-01-18 21:58:39.245 192.168.120.129 [VT] 49503 185.82.216.241 [VT] 80 200 lollytooneymoney.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 181
2016-01-18 21:58:39.260 192.168.120.129 [VT] 49502 89.163.240.119 [VT] 80 200 gerausports.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 176
2016-01-18 21:58:41.084 192.168.120.129 [VT] 49504 104.193.252.234 [VT] 80 200 lampubuntuadv.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 178
2016-01-18 21:58:42.307 192.168.120.129 [VT] 49507 89.163.240.118 [VT] 80 200 kjnoa9sdi3mrlsdnfi.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 183
2016-01-18 21:58:52.840 192.168.120.129 [VT] 49508 85.25.79.160 [VT] 80 200 reannewscomm.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 175
2016-01-18 21:58:54.797 192.168.120.129 [VT] 49513 85.25.79.160 [VT] 80 302 reannewscomm.com [VT] /r.php?s=1fe0fe806b687f9e9fb80e5dccac383a text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://wincepromotional.com/search.php 0
2016-01-18 21:58:54.832 192.168.120.129 [VT] 49510 104.193.252.234 [VT] 80 200 lampubuntuadv.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 178
2016-01-18 21:58:55.117 192.168.120.129 [VT] 49514 64.237.32.155 [VT] 80 301 c.feed-xml.com [VT] /d/cvc0cccx8a3qaau9357ad486c234e2b991698ea86f04b2be08x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://wincepromotional.com/search.php 3
2016-01-18 21:58:55.391 192.168.120.129 [VT] 49515 64.237.32.155 [VT] 80 200 score.feed-xml.com [VT] /ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://wincepromotional.com/search.php 3784
2016-01-18 21:58:55.643 192.168.120.129 [VT] 49517 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 29933
2016-01-18 21:58:55.796 192.168.120.129 [VT] 49518 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /dbapi?ias_callback=__IntegralAS_ab2a7e8bbe2e11e5883400259086c3b0_188&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12139&chanId=1948&placementId=569d600ceacca935239925&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12139%26sid%3D1948%26kw%3Ddedicated%2Bweb%2Bhosting%2Bservices%2Bpc%2Btime%2Bclocks%26ip%3D66.187.66.32%26uid%3D569d600ceacca935239925%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZk9,sl:inView,em:false,fr:true,pt:1-5-15,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab2a7e8b-be2e-11e5-8834-00259086c3b0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:10,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:63,uid:3e442777111be59b135844137c075a,v:1.23.0,sp:0,ct:na,dtm:i,mn:app22dal,gtpl:0,wr:1240.584,sr:1280.720,mf:1592877239,ov:0 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 173
2016-01-18 21:58:55.806 192.168.120.129 [VT] 49516 89.163.240.119 [VT] 80 302 gerausports.com [VT] /r.php?s=fef047edf01a6dfc2fb88005b8de34fb text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 0
2016-01-18 21:58:55.856 192.168.120.129 [VT] 49511 185.82.216.241 [VT] 80 200 lollytooneymoney.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 178
2016-01-18 21:58:55.902 192.168.120.129 [VT] 49520 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlE,pingTime:-5,time:154,type:b}&bkp=a image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 43
2016-01-18 21:58:55.902 192.168.120.129 [VT] 49519 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZkz,pingTime:-2,time:87,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:87,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:87,fi:0,fo:0,fn:87},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[80~100],as:[80~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:22,readyFired:true}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 43
2016-01-18 21:58:56.027 192.168.120.129 [VT] 49521 64.237.32.155 [VT] 80 301 c.feed-xml.com [VT] /9/cvc0cccx8a3qaau9fe987ae2ad0cb58782d4e7672dfbbcf508x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3
2016-01-18 21:58:56.042 192.168.120.129 [VT] 49524 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab2a7e8b-be2e-11e5-8834-00259086c3b0&tv={c:1GKZlF,pingTime:-1,time:155,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:155,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:155,fi:0,fo:0,fn:155},slEvents:[{sl:i,fsl:fn,gsl:gn,t:60,wc:12.12.1240.584,ac:12.12.1.1,am:s,cc:12.12.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[149~100],as:[149~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvCM+1*.8304,idMap:1*,lt:10}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 43
2016-01-18 21:58:56.208 192.168.120.129 [VT] 49525 64.237.32.155 [VT] 80 200 score.feed-xml.com [VT] /ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3784
2016-01-18 21:58:56.251 192.168.120.129 [VT] 49523 185.49.70.57 [VT] 80 200 scoring33.com [VT] /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fd%2Fcvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x%3Fsource%3Dias%26score%3D0 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12139&sid=1948&kw=dedicated+web+hosting+services+pc+time+clocks&ip=66.187.66.32&uid=569d600ceacca935239925&url=http://c.feed-xml.com/d/cvc0cccx8a3qaau99e377a94b5cb20ed94907b9950109a5f08x 1243
2016-01-18 21:58:56.348 192.168.120.129 [VT] 49527 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 29915
2016-01-18 21:58:56.513 192.168.120.129 [VT] 49528 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /dbapi?ias_callback=__IntegralAS_ab983458be2e11e5ba94382c4ac7fecb_1155&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600e07e58269243578&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Ddisadvantages%2Bof%2Bcloud%2Bcomputing%26ip%3D66.187.66.32%26uid%3D569d600e07e58269243578%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZvB,sl:inView,em:false,fr:true,pt:1-5-15,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ab983458-be2e-11e5-ba94-382c4ac7fecb,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:73,uid:2680cf1fd55d5f9abf333512c4a12f,v:1.23.0,sp:0,ct:na,dtm:i,mn:app39dal,gtpl:0,wr:1244.588,sr:1280.720,mf:886293145,ov:0 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 173
2016-01-18 21:58:56.528 192.168.120.129 [VT] 49529 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZw2,pingTime:-2,time:96,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:96,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:96,fi:0,fo:0,fn:96},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[89~100],as:[89~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:22,readyFired:true}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 43
2016-01-18 21:58:56.560 192.168.120.129 [VT] 49522 185.82.216.240 [VT] 80 302 allhobbyworldsnet.com [VT] /r.php?s=cd3a13436e7a3106b19b2b1dcf16d427 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 0
2016-01-18 21:58:56.606 192.168.120.129 [VT] 49530 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx6,pingTime:-5,time:162,type:b}&bkp=a image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 43
2016-01-18 21:58:56.624 192.168.120.129 [VT] 49532 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ab983458-be2e-11e5-ba94-382c4ac7fecb&tv={c:1GKZx8,pingTime:-1,time:164,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:164,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:164,fi:0,fo:0,fn:164},slEvents:[{sl:i,fsl:fn,gsl:gn,t:68,wc:10.10.1244.588,ac:10.10.1.1,am:s,cc:10.10.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[157~100],as:[157~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblvO6+1*.8304,idMap:1*,lt:12}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 43
2016-01-18 21:58:56.629 192.168.120.129 [VT] 49526 185.82.216.241 [VT] 80 302 lollytooneymoney.com [VT] /r.php?s=1d1249ef8bb30f814a2f7e9ff2a0412e text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 0
2016-01-18 21:58:56.645 192.168.120.129 [VT] 49509 89.163.240.118 [VT] 80 200 kjnoa9sdi3mrlsdnfi.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 182
2016-01-18 21:58:56.730 192.168.120.129 [VT] 49533 64.237.32.155 [VT] 80 301 c.feed-xml.com [VT] /9/cvc0cccx8a3qaau9d7dab6679fa98c771101ed934bafb26e08x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3
2016-01-18 21:58:56.785 192.168.120.129 [VT] 49534 64.237.32.155 [VT] 80 301 c.feed-xml.com [VT] /e/cvc0cccx8a3qaau92ab4a1d7028755ca9cd7f149bfbd55fb08x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3
2016-01-18 21:58:56.844 192.168.120.129 [VT] 49531 185.49.70.57 [VT] 80 200 scoring33.com [VT] /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x%3Fsource%3Dias%26score%3D0 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=disadvantages+of+cloud+computing&ip=66.187.66.32&uid=569d600e07e58269243578&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau9b475333f5579d43ce43b1b7667dcc7d908x 1243
2016-01-18 21:58:56.915 192.168.120.129 [VT] 49535 64.237.32.155 [VT] 80 200 score.feed-xml.com [VT] /ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3784
2016-01-18 21:58:56.943 192.168.120.129 [VT] 49536 64.237.32.155 [VT] 80 200 score.feed-xml.com [VT] /ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 3784
2016-01-18 21:58:57.106 192.168.120.129 [VT] 49537 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 29895
2016-01-18 21:58:57.149 192.168.120.129 [VT] 49538 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /bapi?anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 29923
2016-01-18 21:58:57.262 192.168.120.129 [VT] 49539 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /dbapi?ias_callback=__IntegralAS_ac0ca16bbe2e11e59bba0025904e9b70_2345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=13540&chanId=1948&placementId=569d600d474a0605533764&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D13540%26sid%3D1948%26kw%3Dbuy%2Bserver%26ip%3D66.187.66.32%26uid%3D569d600d474a0605533764%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZI3,sl:inView,em:false,fr:true,pt:1-5-15,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac0ca16b-be2e-11e5-9bba-0025904e9b70,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,rpx:0,lt:12,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:79,uid:767b59ab87d93ae95b7850be5b9c51,v:1.23.0,sp:0,ct:na,dtm:i,mn:app10dal,gtpl:0,wr:1254.598,sr:1280.720,mf:-535806032,ov:0 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 173
2016-01-18 21:58:57.364 192.168.120.129 [VT] 49540 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJ5,pingTime:-2,time:140,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:140,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:140,fi:0,fo:0,fn:140},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[130~100],as:[130~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:vlMe.Flash32_19_0_0_207.ocx,sinceFw:58,readyFired:true}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 43
2016-01-18 21:58:57.378 192.168.120.129 [VT] 49541 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJA,pingTime:-5,time:171,type:b}&bkp=a image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 43
2016-01-18 21:58:57.389 192.168.120.129 [VT] 49542 69.172.216.161 [VT] 80 200 8304.bapi.adsafeprotected.com [VT] /dbapi?ias_callback=__IntegralAS_ac110e25be2e11e58f4b0025904ea17a_4345&anId=8304&advId=VIDEE&campId=VIDEETV&pubId=12046&chanId=1918&placementId=569d600d1eb47305950467&adsafe_url=http%3A%2F%2Fscore.feed-xml.com%2Fias.html%3Faid%3D12046%26sid%3D1918%26kw%3Dresale%2Bweb%2Bhosting%2Bweb%2Bconference%2Bmeetings%26ip%3D66.187.66.32%26uid%3D569d600d1eb47305950467%26url%3Dhttp%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x&adsafe_type=abdfq&adsafe_jsinfo=,c:1GKZJy,sl:inView,em:false,fr:true,pt:1-5-15,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,br:i,fv:19.0.0.207,bv:11,dm:11,abv:11,an:n,id:ac110e25-be2e-11e5-8f4b-0025904ea17a,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,rpx:0,lt:11,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,uf:0,tt:bapi,et:92,uid:7cdae00aa10ce639595b1d71a335c7,v:1.23.0,sp:0,ct:na,dtm:i,mn:app02dal,gtpl:0,wr:1236.580,sr:1280.720,mf:1669048445,ov:0 text/javascript Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 173
2016-01-18 21:58:57.393 192.168.120.129 [VT] 49544 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZJX,pingTime:-2,time:101,type:a,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:101,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:101,fi:0,fo:0,fn:101},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[94~100],as:[94~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,pl:vlMe.RKkB,pd:RKkB.npctrl.dll,sinceFw:8,readyFired:true}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 43
2016-01-18 21:58:57.422 192.168.120.129 [VT] 49545 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac0ca16b-be2e-11e5-9bba-0025904e9b70&tv={c:1GKZJE,pingTime:-1,time:175,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:175,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:175,fi:0,fo:0,fn:175},slEvents:[{sl:i,fsl:fn,gsl:gn,t:74,wc:5.5.1254.598,ac:5.5.1.1,am:s,cc:5.5.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[165~100],as:[165~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw0r+1*.8304,idMap:1*,lt:12}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 43
2016-01-18 21:58:57.467 192.168.120.129 [VT] 49546 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLi,pingTime:-5,time:184,type:b}&bkp=a image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 43
2016-01-18 21:58:57.467 192.168.120.129 [VT] 49547 69.172.216.111 [VT] 80 200 dt.adsafeprotected.com [VT] /dt?asId=ac110e25-be2e-11e5-8f4b-0025904ea17a&tv={c:1GKZLk,pingTime:-1,time:186,type:u,ndt:0,fc:0,rt:1,cb:0,np:1,th:0,es:0,gm:0,fif:0,slTimes:{i:187,o:0,n:0,pp:0,pm:0,gpp:0,gpm:0,gi:0,go:0,gn:187,fi:0,fo:0,fn:187},slEvents:[{sl:i,fsl:fn,gsl:gn,t:75,wc:14.14.1236.580,ac:14.14.1.1,am:s,cc:14.14.0.0,piv:100,obst:0,th:0,reas:,cmps:1,bkn:{piv:[179~100],as:[179~1.1]}}],slEventCount:1,em:false,fr:true,uf:0,e:,tt:bapi,dtt:0,fm:pAblw1W+1*.8304,idMap:1*,lt:11}&br=i image/gif Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 43
2016-01-18 21:58:57.496 192.168.120.129 [VT] 49512 89.163.240.119 [VT] 80 200 gerausports.com [VT] /ads.php?sid=1948 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko None 175
2016-01-18 21:58:57.603 192.168.120.129 [VT] 49543 185.49.70.57 [VT] 80 200 scoring33.com [VT] /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2F9%2Fcvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x%3Fsource%3Dias%26score%3D0 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=13540&sid=1948&kw=buy+server&ip=66.187.66.32&uid=569d600d474a0605533764&url=http://c.feed-xml.com/9/cvc0cccx8a3qaau93e3e7fd1dfce8324cd30d58c49482a2508x 1243
2016-01-18 21:58:57.737 192.168.120.129 [VT] 49548 185.49.70.57 [VT] 80 200 scoring33.com [VT] /17.html?success_url=http%3A%2F%2Fc.feed-xml.com%2Fe%2Fcvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x%3Fsource%3Dias%26score%3D0 text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://score.feed-xml.com/ias.html?aid=12046&sid=1918&kw=resale+web+hosting+web+conference+meetings&ip=66.187.66.32&uid=569d600d1eb47305950467&url=http://c.feed-xml.com/e/cvc0cccx8a3qaau9ba1df2287edb9bdcddcef728050c635008x 1243
2016-01-18 21:58:58.831 192.168.120.129 [VT] 49549 89.163.240.118 [VT] 80 302 kjnoa9sdi3mrlsdnfi.com [VT] /r.php?s=9283cddc6629656ca4373e26ec74497d text/html Mozilla/5.0 (Windows NT 6.1; Trident/7.0; rv:11.0) like Gecko http://lotsportsmoments.com/search.php 0
Sorry! No dropped Suricata Extracted files.

JA3

No JA3 hashes found.

Sorry! No dropped files.
Sorry! No CAPE files.
Sorry! No process dumps.

Processing ( 14.442 seconds )

  • 7.504 NetworkAnalysis
  • 5.272 Suricata
  • 1.584 CAPE
  • 0.076 AnalysisInfo
  • 0.005 Debug
  • 0.001 BehaviorAnalysis

Signatures ( 0.08000000000000002 seconds )

  • 0.011 ransomware_files
  • 0.008 ransomware_extensions
  • 0.008 recon_checkip
  • 0.006 antiav_detectreg
  • 0.006 network_torgateway
  • 0.004 antiav_detectfile
  • 0.004 network_dns_opennic
  • 0.003 persistence_autorun
  • 0.003 antianalysis_detectfile
  • 0.003 infostealer_bitcoin
  • 0.003 infostealer_ftp
  • 0.003 territorial_disputes_sigs
  • 0.002 infostealer_im
  • 0.002 network_dns_doh_tls
  • 0.001 kibex_behavior
  • 0.001 tinba_behavior
  • 0.001 antianalysis_detectreg
  • 0.001 antivm_vbox_files
  • 0.001 geodo_banking_trojan
  • 0.001 banker_zeus_url
  • 0.001 browser_security
  • 0.001 disables_backups
  • 0.001 disables_browser_warn
  • 0.001 azorult_mutexes
  • 0.001 infostealer_mail
  • 0.001 masquerade_process_name
  • 0.001 network_dns_blockchain
  • 0.001 revil_mutexes

Reporting ( 0.183 seconds )

  • 0.183 PCAP2CERT