[prev in list] [next in list] [prev in thread] [next in thread] 

List:       emerging-sigs
Subject:    Re: [Emerging-Sigs] Weird image ad redirections
From:       Darien Huss <dhuss () emergingthreats ! net>
Date:       2015-04-06 14:19:40
Message-ID: CAKcCgkV=N0xACY1AEd1WnVs03zYpdcYa1vMQ+9a_WprdKTTbNA () mail ! gmail ! com
[Download RAW message or body]

[Attachment #2 (multipart/alternative)]


I don't see anything inherently suspicious about this, domains/URIs related
to this appear to be related to e-mail marketing/advertising campaigns. I
could be wrong, but my vote here is that there's nothing really malicious
going on here.

Regards,
Darien

On Sat, Apr 4, 2015 at 10:46 AM, Rodgers, Anthony (DTMB) <
RodgersA1@michigan.gov> wrote:

> Hi there,
> 
> 
> 
> I've been noticing a few requests lately for random generated .pw domains
> that result in a HTTP/301 redirect to an ad hosted on imgur.com, but
> where the HTML body also contains some javascript like this:
> 
> 
> 
> SRC: GET /pcZbNTyi?bnVyc2VnaW5nZXIyMDAx HTTP/1.1
> 
> SRC: Accept: */*
> 
> SRC: Accept-Language: en-US
> 
> SRC: User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64;
> x64; Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR
> 3.0.30729; Media Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)
> 
> SRC: UA-CPU: AMD64
> 
> SRC: Accept-Encoding: gzip, deflate, peerdist
> 
> SRC: Host: bnvyc2vnaw5nzxiymdax.wsave.pw
> 
> SRC: Connection: Keep-Alive
> 
> SRC: X-P2P-PeerDist: Version=1.0
> 
> SRC:
> 
> SRC:
> 
> DST: HTTP/1.1 301 Moved Permanently
> 
> DST: Date: Thu, 02 Apr 2015 16:41:29 GMT
> 
> DST: Server: Apache/2.2.15 (CentOS)
> 
> DST: X-Powered-By: PHP/5.4.35
> 
> DST: Pragma: no-cache
> 
> DST: Location: http://i.imgur.com/G1Fntb4.jpg
> 
> DST: Connection: close
> 
> DST: Transfer-Encoding: chunked
> 
> DST: Content-Type: text/html; charset=UTF-8
> 
> DST:
> 
> DST: 2a39
> 
> DST: <html><head>
> 
> DST:         <style type='text/css'>
> 
> DST:
> 
> DST:             a {
> 
> DST:                 color: blue;
> 
> DST:                 font-family: Arial;
> 
> DST:                 font-weight: 100;
> 
> DST:                 font-variant: none !important;
> 
> DST:             }
> 
> DST:
> 
> DST:             a:hover {
> 
> DST:                 color: red;
> 
> DST:             }
> 
> DST:
> 
> DST:             .actualContent {
> 
> DST:                 text-align: center;
> 
> DST:             }
> 
> DST:
> 
> DST:             .pageTitle {
> 
> DST:                 #text-shadow: 0 2px 0 #ddd, 0 1px 0 #6699ff, 0 2px 0
> #336699;
> 
> DST:                 color: #0066ff;
> 
> DST:                 font-family: arial;
> 
> DST:                 font-size: 16pt;
> 
> DST:             }
> 
> DST:
> 
> DST:             .mainContainer {
> 
> DST:                 border: 1px groove #777;
> 
> DST:                 background-color: #eee;
> 
> DST:                 margin: 0 !important;
> 
> DST:                 #text-shadow: 0 0px 0 #ccc, 0 1px 0 #ddd, 0 2px 0
> #ccc;
> 
> DST:                 padding: 3px;
> 
> DST:                 margin-left: -200px;
> 
> DST:                 width: 99%;
> 
> DST:                 height: 98%;
> 
> DST:             }
> 
> DST:
> 
> DST:             body {
> 
> DST:                 background-color: #99
> 
> DST: 9;
> 
> DST:                 margin-left: 5px;
> 
> DST:                 padding: 2px;
> 
> DST:                 margin-top: 5px;
> 
> DST:                 margin-bottom: 0px;
> 
> DST:                 width: 97%
> 
> DST:                 height: 97%;
> 
> DST:             }
> 
> DST:
> 
> DST:             thead {
> 
> DST:                 font-weight: 100;
> 
> DST:             }
> 
> DST:         </style>
> 
> DST:
> 
> DST:         <script type='text/javascript'>
> 
> DST:         var
> stIsIE=/*@cc_on!@*/false;sorttable={init:function(){if(arguments.callee.done)return; \
> arguments.callee.done=true;if(_timer)clearInterval(_timer);if(!document.createElemen \
> t||!document.getElementsByTagName)return;sorttable.DATE_RE=/^(\d\d?)[\/\.-](\d\d?)[\ \
> /\.-]((\d\d)?\d\d)$/;forEach(document.getElementsByTagName('table'),function(table){ \
> if(table.className.search(/\bsortable\b/)!=-1){sorttable.makeSortable(table);}});},m \
> akeSortable:function(table){if(table.getElementsByTagName('thead').length==0){the=do \
> cument.createElement('thead');the.appendChild(table.rows[0]);table.insertBefore(the,table.firstChild);}
>  
> DST:
> if(table.tHead==null)table.tHead=table.getElementsByTagName('thead')[0];if(table.tHead.rows.length!=1)return;sortbottomrows=[];for(var
>  i=0;i<table.rows.length;i++){if(table.rows[i].className.search(/\bsortbottom\b/)!=-1){sortbottomrows[sortbottomrows.length]=table.rows[i];}}
>  
> DST:
> if(sortbottomrows){if(table.tFoot==null){tfo=document.createElement('tfoot');table.appendChild(tfo);}
>  
> DST: for(var i=0;i<sortbottomro
> 
> DST: ws.length;i++){tfo.appendChild(sortbottomrows[i]);}
> 
> DST: delete sortbottomrows;}
> 
> DST: headrow=table.tHead.rows[0].cells;for(var
> i=0;i<headrow.length;i++){if(!headrow[i].className.match(/\bsorttable_nosort\b/)){mt \
> ch=headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/);if(mtch){override=mtch[1];}
>  
> DST: if(mtch&&typeof
> sorttable["sort_"+override]=='function'){headrow[i].sorttable_sortfunction=sorttable \
> ["sort_"+override];}else{headrow[i].sorttable_sortfunction=sorttable.guessType(table,i);}
>  
> DST:
> headrow[i].sorttable_columnindex=i;headrow[i].sorttable_tbody=table.tBodies[0];dean_ \
> addEvent(headrow[i],"click",function(e){if(this.className.search(/\bsorttable_sorted \
> \b/)!=-1){sorttable.reverse(this.sorttable_tbody);this.className=this.className.repl \
> ace('sorttable_sorted','sorttable_sorted_reverse');this.removeChild(document.getElementById('sorttable_sortfwdind'));sortrevind=document.createElement('span');
>  sortrevind.id="sorttable_sortrevind";sortrevind.innerHTML=stIsIE?'&nbsp<font
> face="webdings">5</font>':'&nbsp;&#x25B4;';this.appendChild(sortrevind);return;}
> 
> DST:
> if(this.className.search(/\bsorttable_sorted_reverse\b/)!=-1){sorttable.reverse(this \
> .sorttable_tbody);this.className=this.className.replace('sorttable_sorted_reverse',' \
> sorttable_sorted');this.removeChild(document.getElementById('sorttable_sortrevind'));sortfwdind=document.createElement('span');
>  sortfwdind.id="sorttable_sortfwd
> 
> DST: ind";sortfwdind.innerHTML=stIsIE?'&nbsp<font
> face="webdings">6</font>':'&nbsp;&#x25BE;';this.appendChild(sortfwdind);return;}
> 
> DST:
> theadrow=this.parentNode;forEach(theadrow.childNodes,function(cell){if(cell.nodeType \
> ==1){cell.className=cell.className.replace('sorttable_sorted_reverse','');cell.class \
> Name=cell.className.replace('sorttable_sorted','');}});sortfwdind=document.getElemen \
> tById('sorttable_sortfwdind');if(sortfwdind){sortfwdind.parentNode.removeChild(sortfwdind);}
>  
> DST:
> sortrevind=document.getElementById('sorttable_sortrevind');if(sortrevind){sortrevind.parentNode.removeChild(sortrevind);}
>  
> DST: this.className+='
> sorttable_sorted';sortfwdind=document.createElement('span');sortfwdind.id="sorttable_sortfwdind";sortfwdind.innerHTML=stIsIE?'&nbsp<font
>  face="webdings">6</font>':'&nbsp;&#x25BE;';this.appendChild(sortfwdind);//
> 
> DST:
> row_array=[];col=this.sorttable_columnindex;rows=this.sorttable_tbody.rows;for(var
> j=0;j<rows.length;j++){row_array[row_array.length]=[sorttable.getInnerText(rows[j].cells[col]),rows[j]];}
>  
> DST:
> row_array.sort(this.sorttable_sortfunction);tb=this.sorttable_tbody;for(var
> j=0;j<row_array.length;j++){tb.appendChild(row_array[j][1]);}
> 
> DST: delete row_array;});}}},guessType:function(table,column){
> 
> DST: sortfn=sorttable.sort_alpha;for(var
> i=0;i<table.tBodies[0].rows.length;i++){text=sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]);if(text!=''){if(text.
>  
> DST: match(/^-?[..$..]?[\d,.]+%?$/)){return sorttable.sort_numeric;}
> 
> DST: possdate=text.match(sorttable.DATE_RE)
> 
> DST:
> if(possdate){first=parseInt(possdate[1]);second=parseInt(possdate[2]);if(first>12){return
>  sorttable.sort_ddmm;}else if(second>12){return
> sorttable.sort_mmdd;}else{sortfn=sorttable.sort_ddmm;}}}}
> 
> DST: return sortfn;},getInnerText:function(node){if(!node)return
> "";hasInputs=(typeof
> node.getElementsByTagName=='function')&&node.getElementsByTagName('input').length;if(node.getAttribute("sorttable_customkey")!=null){return
>  node.getAttribute("sorttable_customkey");}
> 
> DST: else if(typeof node.textContent!='undefined'&&!hasInputs){return
> node.textContent.replace(/^\s+|\s+$/g,'');}
> 
> DST: else if(typeof node.innerText!='undefined'&&!hasInputs){return
> node.innerText.replace(/^\s+|\s+$/g,'');}
> 
> DST: else if(typeof node.text!='undefined'&&!hasInputs){return
> node.text.replace(/^\s+|\s+$/g,'');}
> 
> DST: else{switch(node.nodeType){case
> 3:if(node.nodeName.toLowerCase()=='input'){return
> node.value.replace(/^\s+|\s+$/g,'');}
> 
> DST: case 4:return node.nodeValue.replace(/^\s+|\s+$/g,'');break;case
> 1:case 11:var innerText='';for(var
> i=0;i<node.childNodes.length;i++){innerText+=sorttable.getInnerText(node.childNodes[i]);}
>  
> DST: return innerText.replace(/^\s+|\s+$/g,'');break;default:return
> '';}}},reverse:function(tbody){newrows=[];for(var
> i=0;i<tbody.rows.length;i++){newrows[newrows.length]=tbody.rows[i];}
> 
> DST: for(var
> 
> DST:  i=newrows.length-1;i>=0;i--){tbody.appendChild(newrows[i]);}
> 
> DST: delete
> newrows;},sort_numeric:function(a,b){aa=parseFloat(a[0].replace(/[^0-9.-]/g,''));if( \
> isNaN(aa))aa=0;bb=parseFloat(b[0].replace(/[^0-9.-]/g,''));if(isNaN(bb))bb=0;return \
> aa-bb;},sort_alpha:function(a,b){if(a[0]==b[0])return \
> 0;if(a[0]<b[0])return-1;return \
> 1;},sort_ddmm:function(a,b){mtch=a[0].match(sorttable.DATE_RE);y=mtch[3];m=mtch[2];d \
> =mtch[1];if(m.length==1)m='0'+m;if(d.length==1)d='0'+d;dt1=y+m+d;mtch=b[0].match(sor \
> ttable.DATE_RE);y=mtch[3];m=mtch[2];d=mtch[1];if(m.length==1)m='0'+m;if(d.length==1)d='0'+d;dt2=y+m+d;if(dt1==dt2)return
>  0;if(dt1<dt2)return-1;return
> 1;},sort_mmdd:function(a,b){mtch=a[0].match(sorttable.DATE_RE);y=mtch[3];d=mtch[2];m \
> =mtch[1];if(m.length==1)m='0'+m;if(d.length==1)d='0'+d;dt1=y+m+d;mtch=b[0].match(sor \
> ttable.DATE_RE);y=mtch[3];d=mtch[2];m=mtch[1];if(m.length==1)m='0'+m;if(d.length==1)d='0'+d;dt2=y+m+d;if(dt1==dt2)return
>  0;if(dt1<dt2)return-1;return 1;},shaker_sort:function(list,comp_func){var
> b=0;var t=list.length-1;var swap=true;while(swap){swap=false;for(var
> i=b;i<t;++i){if(comp_func(list[i],list[i+1])>0){var
> q=list[i];list[i]=list[i+1];list[i+1]=q;swap=true;}}
> 
> DST: t--;if(!swap)break;for(var
> i=t;i>b;--i){if(comp_func(list[i],list[i-1])<0){var
> q=list[i];list[i]=list[i-1];list[i-1]=q;swap=true;}}
> 
> DST: b++;}}}
> 
> DST: if(document.addEventListener){document.addEventListener("DO
> 
> DST: MContentLoaded",sorttable.init,false);}/*@cc_on @*/
> 
> DST: /*@if(@_win32)
> 
> DST: document.write("<script id=__ie_onload defer
> src=javascript:void(0)><\/script>");var
> script=document.getElementById("__ie_onload");script.onreadystatechange=function(){if(this.readyState=="complete"){sorttable.init();}};/*@end
>  @*/
> 
> DST: if(/WebKit/i.test(navigator.userAgent)){var
> _timer=setInterval(function(){if(/loaded|complete/.test(document.readyState)){
> sorttable.init();}},10);}
> 
> DST: window.onload=sorttable.init;function
> dean_addEvent(element,type,handler){if(element.addEventListener){element.addEventLis \
> tener(type,handler,false);}else{if(!handler.$$guid)handler.$$guid=dean_addEvent.guid++;if(!element.events)element.events={};var
>  handlers=element.events[type];if(!handlers){handlers=element.events[type]={};if(element["on"+type]){handlers[0]=element["on"+type];}}
>  
> DST: handlers[handler.$$guid]=handler;element["on"+type]=handleEvent;}};//
> 
> DST: dean_addEvent.guid=1;function
> removeEvent(element,type,handler){if(element.removeEventListener){element.removeEven \
> tListener(type,handler,false);}else{if(element.events&&element.events[type]){delete \
> element.events[type][handler.$$guid];}}};function handleEvent(event){var \
> returnValue=true;event=event||fixEvent(((this.ownerDocument||this.document||this).parentWindow||window).event);var
>  handlers=this.events[event.type];for(var i in
> handlers){this.$$handleEvent=handlers[i];
> 
> DST: if(this.$$handleEvent(event)===false){returnValue=false;}}
> 
> DST: return returnValue;};function
> fixEvent(event){event.preventDefault=fixEvent.preventDefault;event.stopPropagation=fixEvent.stopPropagation;return
>  event;};fixEvent.preventDefault=function(){this.returnValue=false;};fixEvent.stopPropagation=function(){this.cancelBubble=true;}
>  
> DST:
> if(!Array.forEach){Array.forEach=function(array,block,context){for(var
> i=0;i<array.length;i++){block.call(context,array[i],i,array);}};}
> 
> DST: Function.prototype.forEach=function(object,block,context){for(var key
> in object){if(typeof
> this.prototype[key]=="undefined"){block.call(context,object[key],key,object);}}};Str \
> ing.forEach=function(string,block,context){Array.forEach(string.split(""),function(chr,index){block.call(context,chr,index,string);});};var
>  forEach=function(object,block,context){if(object){var
> resolve=Object;if(object instanceof Function){resolve=Function;}else
> if(object.forEach instanceof
> Function){object.forEach(block,context);return;}else if(typeof
> object=="string"){resolve=String;}else if(typeof
> object.length=="number"){resolve=Array;}
> 
> DST: resolve.forEach(object,block,context);}};
> 
> DST:         </script>
> 
> DST:
> 
> DST:         <!--<script src='//
> ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js'
> type='text/javascript'></script> -->
> 
> DST:
> 
> DST:         <title>ShortURL &raquo; NONE</title></head><body><div
> class='mainContainer'><d
> 
> DST: iv class='actualContent'></div></div></body></html>
> 
> DST:
> 
> DST: 0
> 
> DST:
> 
> DST:
> 
> 
> 
> Anyone else seeing these and can shed some light as to what is going on
> with the javascript content? The lack of a Referrer header makes me wonder
> how the traffic was generated, too…
> 
> 
> 
> If the consensus is that these are worth a sig, I can throw one together.
> 
> 
> 
> --
> 
> Anthony Rodgers
> 
> Security Analyst
> 
> Michigan Security Operations Center (MiSOC)
> 
> DTMB, Michigan Cyber Security
> 
> _______________________________________________
> Emerging-sigs mailing list
> Emerging-sigs@lists.emergingthreats.net
> https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs
> 
> Support Emerging Threats! Subscribe to Emerging Threats Pro
> http://www.emergingthreats.net
> 
> 
> 


[Attachment #5 (text/html)]

<div dir="ltr"><div><div>I don&#39;t see anything inherently suspicious about this, \
domains/URIs related to this appear to be related to e-mail marketing/advertising \
campaigns. I could be wrong, but my vote here is that there&#39;s nothing really \
malicious going on here.<br><br></div>Regards,<br></div>Darien<br></div><div \
class="gmail_extra"><br><div class="gmail_quote">On Sat, Apr 4, 2015 at 10:46 AM, \
Rodgers, Anthony (DTMB) <span dir="ltr">&lt;<a href="mailto:RodgersA1@michigan.gov" \
target="_blank">RodgersA1@michigan.gov</a>&gt;</span> wrote:<br><blockquote \
class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc \
solid;padding-left:1ex">





<div link="blue" vlink="purple" lang="EN-US">
<div>
<p class="MsoNormal"><span style="color:#1f497d">Hi there,<u></u><u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d"><u></u>  <u></u></span></p>
<p class="MsoNormal"><span style="color:#1f497d">I've been noticing a few requests \
lately for random generated .pw domains that result in a HTTP/301 redirect to an ad \
hosted on <a href="http://imgur.com" target="_blank">imgur.com</a>, but where the \
HTML body also contains some javascript like this:<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="color:#1f497d"><u></u>  <u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">SRC: GET /pcZbNTyi?bnVyc2VnaW5nZXIyMDAx \
HTTP/1.1<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
Accept: */*<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
Accept-Language: en-US<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; Win64; x64; \
Trident/4.0; .NET CLR 2.0.50727; SLCC2; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media \
Center PC 6.0; .NET4.0C; .NET4.0E; InfoPath.3)<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">SRC: UA-CPU: AMD64<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">SRC: Accept-Encoding: gzip, deflate, \
peerdist<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
Host: <a href="http://bnvyc2vnaw5nzxiymdax.wsave.pw" \
target="_blank">bnvyc2vnaw5nzxiymdax.wsave.pw</a><u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">SRC: Connection: Keep-Alive<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">SRC: X-P2P-PeerDist: \
Version=1.0<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">SRC: \
<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
HTTP/1.1 301 Moved Permanently<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
Date: Thu, 02 Apr 2015 16:41:29 GMT<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: Server: Apache/2.2.15 \
(CentOS)<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
X-Powered-By: PHP/5.4.35<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
Pragma: no-cache<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
Location: <a href="http://i.imgur.com/G1Fntb4.jpg" \
target="_blank">http://i.imgur.com/G1Fntb4.jpg</a><u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: Connection: close<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: Transfer-Encoding: chunked<u></u><u></u></span></p> \
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: Content-Type: text/html; \
charset=UTF-8<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
2a39<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
&lt;html&gt;&lt;head&gt;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
&lt;style type=&#39;text/css&#39;&gt;<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         a \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
color: blue;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-family: Arial;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-weight: 100;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-variant: none !important;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         a:hover \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
color: red;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         .actualContent \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
text-align: center;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         .pageTitle \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
#text-shadow: 0 2px 0 #ddd, 0 1px 0 #6699ff, 0 2px 0 \
#336699;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
color: #0066ff;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-family: arial;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-size: 16pt;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         .mainContainer \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
border: 1px groove #777;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
background-color: #eee;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
margin: 0 !important;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
#text-shadow: 0 0px 0 #ccc, 0 1px 0 #ddd, 0 2px 0 #ccc;<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                                 padding: \
3px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
margin-left: -200px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
width: 99%;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
height: 98%;                                                               \
<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         body \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
background-color: #99<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
9;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
margin-left: 5px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
padding: 2px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
margin-top: 5px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
margin-bottom: 0px;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
width: 97%<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
height: 97%;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                         thead \
{<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
font-weight: 100;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
&lt;/style&gt;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 &lt;script \
type=&#39;text/javascript&#39;&gt;<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 var \
stIsIE=/*@cc_on!@*/false;sorttable={init:function(){if(arguments.callee.done)return;ar \
guments.callee.done=true;if(_timer)clearInterval(_timer);if(!document.createElement||! \
document.getElementsByTagName)return;sorttable.DATE_RE=/^(\d\d?)[\/\.-](\d\d?)[\/\.-]( \
(\d\d)?\d\d)$/;forEach(document.getElementsByTagName(&#39;table&#39;),function(table){ \
if(table.className.search(/\bsortable\b/)!=-1){sorttable.makeSortable(table);}});},mak \
eSortable:function(table){if(table.getElementsByTagName(&#39;thead&#39;).length==0){th \
e=document.createElement(&#39;thead&#39;);the.appendChild(table.rows[0]);table.insertBefore(the,table.firstChild);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(table.tHead==null)table.tHead=table.getElementsByTagName(&#39;thead&#39;)[0];if(table.tHead.rows.length!=1)return;sortbottomrows=[];for(var \
i=0;i&lt;table.rows.length;i++){if(table.rows[i].className.search(/\bsortbottom\b/)!=- \
1){sortbottomrows[sortbottomrows.length]=table.rows[i];}}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(sortbottomrows){if(table.tFoot==null){tfo=document.createElement(&#39;tfoot&#39;);table.appendChild(tfo);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: for(var \
i=0;i&lt;sortbottomro<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
ws.length;i++){tfo.appendChild(sortbottomrows[i]);}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: delete sortbottomrows;}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: headrow=table.tHead.rows[0].cells;for(var \
i=0;i&lt;headrow.length;i++){if(!headrow[i].className.match(/\bsorttable_nosort\b/)){m \
tch=headrow[i].className.match(/\bsorttable_([a-z0-9]+)\b/);if(mtch){override=mtch[1];}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: if(mtch&amp;&amp;typeof \
sorttable[&quot;sort_&quot;+override]==&#39;function&#39;){headrow[i].sorttable_sortfu \
nction=sorttable[&quot;sort_&quot;+override];}else{headrow[i].sorttable_sortfunction=sorttable.guessType(table,i);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
headrow[i].sorttable_columnindex=i;headrow[i].sorttable_tbody=table.tBodies[0];dean_ad \
dEvent(headrow[i],&quot;click&quot;,function(e){if(this.className.search(/\bsorttable_ \
sorted\b/)!=-1){sorttable.reverse(this.sorttable_tbody);this.className=this.className. \
replace(&#39;sorttable_sorted&#39;,&#39;sorttable_sorted_reverse&#39;);this.removeChil \
d(document.getElementById(&#39;sorttable_sortfwdind&#39;));sortrevind=document.createElement(&#39;span&#39;);<a \
href="http://sortrevind.id" \
target="_blank">sortrevind.id</a>=&quot;sorttable_sortrevind&quot;;sortrevind.innerHTML=stIsIE?&#39;&amp;nbsp&lt;font
  face=&quot;webdings&quot;&gt;5&lt;/font&gt;&#39;:&#39;&amp;nbsp;&amp;#x25B4;&#39;;this.appendChild(sortrevind);return;}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(this.className.search(/\bsorttable_sorted_reverse\b/)!=-1){sorttable.reverse(this.s \
orttable_tbody);this.className=this.className.replace(&#39;sorttable_sorted_reverse&#3 \
9;,&#39;sorttable_sorted&#39;);this.removeChild(document.getElementById(&#39;sorttable_sortrevind&#39;));sortfwdind=document.createElement(&#39;span&#39;);<a \
href="http://sortfwdind.id" \
target="_blank">sortfwdind.id</a>=&quot;sorttable_sortfwd<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
ind&quot;;sortfwdind.innerHTML=stIsIE?&#39;&amp;nbsp&lt;font \
face=&quot;webdings&quot;&gt;6&lt;/font&gt;&#39;:&#39;&amp;nbsp;&amp;#x25BE;&#39;;this.appendChild(sortfwdind);return;}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
theadrow=this.parentNode;forEach(theadrow.childNodes,function(cell){if(cell.nodeType== \
1){cell.className=cell.className.replace(&#39;sorttable_sorted_reverse&#39;,&#39;&#39; \
);cell.className=cell.className.replace(&#39;sorttable_sorted&#39;,&#39;&#39;);}});sor \
tfwdind=document.getElementById(&#39;sorttable_sortfwdind&#39;);if(sortfwdind){sortfwdind.parentNode.removeChild(sortfwdind);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
sortrevind=document.getElementById(&#39;sorttable_sortrevind&#39;);if(sortrevind){sortrevind.parentNode.removeChild(sortrevind);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: this.className+=&#39; \
sorttable_sorted&#39;;sortfwdind=document.createElement(&#39;span&#39;);<a \
href="http://sortfwdind.id" \
target="_blank">sortfwdind.id</a>=&quot;sorttable_sortfwdind&quot;;sortfwdind.innerHTML=stIsIE?&#39;&amp;nbsp&lt;font \
face=&quot;webdings&quot;&gt;6&lt;/font&gt;&#39;:&#39;&amp;nbsp;&amp;#x25BE;&#39;;this.appendChild(sortfwdind);//<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
row_array=[];col=this.sorttable_columnindex;rows=this.sorttable_tbody.rows;for(var \
j=0;j&lt;rows.length;j++){row_array[row_array.length]=[sorttable.getInnerText(rows[j].cells[col]),rows[j]];}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
row_array.sort(this.sorttable_sortfunction);tb=this.sorttable_tbody;for(var \
j=0;j&lt;row_array.length;j++){tb.appendChild(row_array[j][1]);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: delete \
row_array;});}}},guessType:function(table,column){<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: sortfn=sorttable.sort_alpha;for(var \
i=0;i&lt;table.tBodies[0].rows.length;i++){text=sorttable.getInnerText(table.tBodies[0].rows[i].cells[column]);if(text!=&#39;&#39;){if(text.<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: match(/^-?[..$..]?[\d,.]+%?$/)){return \
sorttable.sort_numeric;}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
possdate=text.match(sorttable.DATE_RE)<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(possdate){first=parseInt(possdate[1]);second=parseInt(possdate[2]);if(first&gt;12){return \
sorttable.sort_ddmm;}else if(second&gt;12){return \
sorttable.sort_mmdd;}else{sortfn=sorttable.sort_ddmm;}}}}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: return \
sortfn;},getInnerText:function(node){if(!node)return &quot;&quot;;hasInputs=(typeof \
node.getElementsByTagName==&#39;function&#39;)&amp;&amp;node.getElementsByTagName(&#39 \
;input&#39;).length;if(node.getAttribute(&quot;sorttable_customkey&quot;)!=null){return
  node.getAttribute(&quot;sorttable_customkey&quot;);}<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: else if(typeof \
node.textContent!=&#39;undefined&#39;&amp;&amp;!hasInputs){return \
node.textContent.replace(/^\s+|\s+$/g,&#39;&#39;);}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: else if(typeof \
node.innerText!=&#39;undefined&#39;&amp;&amp;!hasInputs){return \
node.innerText.replace(/^\s+|\s+$/g,&#39;&#39;);}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: else if(typeof \
node.text!=&#39;undefined&#39;&amp;&amp;!hasInputs){return \
node.text.replace(/^\s+|\s+$/g,&#39;&#39;);}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: else{switch(node.nodeType){case \
3:if(node.nodeName.toLowerCase()==&#39;input&#39;){return \
node.value.replace(/^\s+|\s+$/g,&#39;&#39;);}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: case 4:return \
node.nodeValue.replace(/^\s+|\s+$/g,&#39;&#39;);break;case 1:case 11:var \
innerText=&#39;&#39;;for(var \
i=0;i&lt;node.childNodes.length;i++){innerText+=sorttable.getInnerText(node.childNodes[i]);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: return \
innerText.replace(/^\s+|\s+$/g,&#39;&#39;);break;default:return \
&#39;&#39;;}}},reverse:function(tbody){newrows=[];for(var \
i=0;i&lt;tbody.rows.length;i++){newrows[newrows.length]=tbody.rows[i];}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: for(var<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:   \
i=newrows.length-1;i&gt;=0;i--){tbody.appendChild(newrows[i]);}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: delete \
newrows;},sort_numeric:function(a,b){aa=parseFloat(a[0].replace(/[^0-9.-]/g,&#39;&#39; \
));if(isNaN(aa))aa=0;bb=parseFloat(b[0].replace(/[^0-9.-]/g,&#39;&#39;));if(isNaN(bb))bb=0;return
  aa-bb;},sort_alpha:function(a,b){if(a[0]==b[0])return \
0;if(a[0]&lt;b[0])return-1;return \
1;},sort_ddmm:function(a,b){mtch=a[0].match(sorttable.DATE_RE);y=mtch[3];m=mtch[2];d=m \
tch[1];if(m.length==1)m=&#39;0&#39;+m;if(d.length==1)d=&#39;0&#39;+d;dt1=y+m+d;mtch=b[ \
0].match(sorttable.DATE_RE);y=mtch[3];m=mtch[2];d=mtch[1];if(m.length==1)m=&#39;0&#39;+m;if(d.length==1)d=&#39;0&#39;+d;dt2=y+m+d;if(dt1==dt2)return
  0;if(dt1&lt;dt2)return-1;return \
1;},sort_mmdd:function(a,b){mtch=a[0].match(sorttable.DATE_RE);y=mtch[3];d=mtch[2];m=m \
tch[1];if(m.length==1)m=&#39;0&#39;+m;if(d.length==1)d=&#39;0&#39;+d;dt1=y+m+d;mtch=b[ \
0].match(sorttable.DATE_RE);y=mtch[3];d=mtch[2];m=mtch[1];if(m.length==1)m=&#39;0&#39;+m;if(d.length==1)d=&#39;0&#39;+d;dt2=y+m+d;if(dt1==dt2)return
  0;if(dt1&lt;dt2)return-1;return 1;},shaker_sort:function(list,comp_func){var \
b=0;var t=list.length-1;var swap=true;while(swap){swap=false;for(var \
i=b;i&lt;t;++i){if(comp_func(list[i],list[i+1])&gt;0){var \
q=list[i];list[i]=list[i+1];list[i+1]=q;swap=true;}}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: t--;if(!swap)break;for(var \
i=t;i&gt;b;--i){if(comp_func(list[i],list[i-1])&lt;0){var \
q=list[i];list[i]=list[i-1];list[i-1]=q;swap=true;}}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: b++;}}}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(document.addEventListener){document.addEventListener(&quot;DO<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
MContentLoaded&quot;,sorttable.init,false);}/*@cc_on @*/<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: /*@if(@_win32)<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: document.write(&quot;&lt;script id=__ie_onload \
defer src=javascript:void(0)&gt;&lt;\/script&gt;&quot;);var \
script=document.getElementById(&quot;__ie_onload&quot;);script.onreadystatechange=function(){if(this.readyState==&quot;complete&quot;){sorttable.init();}};/*@end
  @*/<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: if(/WebKit/i.test(navigator.userAgent)){var \
_timer=setInterval(function(){if(/loaded|complete/.test(document.readyState)){ \
sorttable.init();}},10);}<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST: \
window.onload=sorttable.init;function \
dean_addEvent(element,type,handler){if(element.addEventListener){element.addEventListe \
ner(type,handler,false);}else{if(!handler.$$guid)handler.$$guid=dean_addEvent.guid++;if(!element.events)element.events={};var
  handlers=element.events[type];if(!handlers){handlers=element.events[type]={};if(elem \
ent[&quot;on&quot;+type]){handlers[0]=element[&quot;on&quot;+type];}}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
handlers[handler.$$guid]=handler;element[&quot;on&quot;+type]=handleEvent;}};//<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: dean_addEvent.guid=1;function \
removeEvent(element,type,handler){if(element.removeEventListener){element.removeEventL \
istener(type,handler,false);}else{if(element.events&amp;&amp;element.events[type]){delete
  element.events[type][handler.$$guid];}}};function handleEvent(event){var \
returnValue=true;event=event||fixEvent(((this.ownerDocument||this.document||this).parentWindow||window).event);var \
handlers=this.events[event.type];for(var i in \
handlers){this.$$handleEvent=handlers[i];<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(this.$$handleEvent(event)===false){returnValue=false;}}<u></u><u></u></span></p> \
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: return returnValue;};function \
fixEvent(event){event.preventDefault=fixEvent.preventDefault;event.stopPropagation=fixEvent.stopPropagation;return \
event;};fixEvent.preventDefault=function(){this.returnValue=false;};fixEvent.stopPropagation=function(){this.cancelBubble=true;}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
if(!Array.forEach){Array.forEach=function(array,block,context){for(var \
i=0;i&lt;array.length;i++){block.call(context,array[i],i,array);}};}<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
Function.prototype.forEach=function(object,block,context){for(var key in \
object){if(typeof this.prototype[key]==&quot;undefined&quot;){block.call(context,objec \
t[key],key,object);}}};String.forEach=function(string,block,context){Array.forEach(str \
ing.split(&quot;&quot;),function(chr,index){block.call(context,chr,index,string);});};var
  forEach=function(object,block,context){if(object){var resolve=Object;if(object \
instanceof Function){resolve=Function;}else if(object.forEach instanceof \
Function){object.forEach(block,context);return;}else if(typeof \
object==&quot;string&quot;){resolve=String;}else if(typeof  \
object.length==&quot;number&quot;){resolve=Array;}<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: \
resolve.forEach(object,block,context);}};<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 \
&lt;/script&gt;<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="font-size:10.0pt;font-family:&quot;Lucida Console&quot;;color:#1f497d">DST:    \
 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 &lt;!--&lt;script src=&#39;//<a \
href="http://ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js" \
target="_blank">ajax.googleapis.com/ajax/libs/jquery/1.8.0/jquery.min.js</a>&#39; \
type=&#39;text/javascript&#39;&gt;&lt;/script&gt; --&gt;<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:                 &lt;title&gt;ShortURL &amp;raquo; \
NONE&lt;/title&gt;&lt;/head&gt;&lt;body&gt;&lt;div \
class=&#39;mainContainer&#39;&gt;&lt;d<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: iv \
class=&#39;actualContent&#39;&gt;&lt;/div&gt;&lt;/div&gt;&lt;/body&gt;&lt;/html&gt;<u></u><u></u></span></p>
 <p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: 0<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST: <u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;font-family:&quot;Lucida \
Console&quot;;color:#1f497d">DST:</span><span \
style="color:#1f497d"><u></u><u></u></span></p> <p class="MsoNormal"><span \
style="color:#1f497d"><u></u>  <u></u></span></p> <p class="MsoNormal"><span \
style="color:#1f497d">Anyone else seeing these and can shed some light as to what is \
going on with the javascript content? The lack of a Referrer header makes me wonder \
how the traffic was generated, too…<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="color:#1f497d"><u></u>  <u></u></span></p> <p \
class="MsoNormal"><span style="color:#1f497d">If the consensus is that these are \
worth a sig, I can throw one together.<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="color:#1f497d"><u></u>  <u></u></span></p> <p \
class="MsoNormal"><span style="color:#2f5597">--<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="color:#2f5597">Anthony \
Rodgers<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="color:#2f5597">Security Analyst<u></u><u></u></span></p> <p \
class="MsoNormal"><span style="color:#2f5597">Michigan Security Operations Center \
(MiSOC)<u></u><u></u></span></p> <p class="MsoNormal"><span \
style="color:#2f5597">DTMB, Michigan Cyber Security<u></u><u></u></span></p> </div>
</div>

<br>_______________________________________________<br>
Emerging-sigs mailing list<br>
<a href="mailto:Emerging-sigs@lists.emergingthreats.net">Emerging-sigs@lists.emergingthreats.net</a><br>
 <a href="https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs" \
target="_blank">https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs</a><br>
 <br>
Support Emerging Threats! Subscribe to Emerging Threats Pro <a \
href="http://www.emergingthreats.net" \
target="_blank">http://www.emergingthreats.net</a><br> <br>
<br></blockquote></div><br></div>



_______________________________________________
Emerging-sigs mailing list
Emerging-sigs@lists.emergingthreats.net
https://lists.emergingthreats.net/mailman/listinfo/emerging-sigs

Support Emerging Threats! Subscribe to Emerging Threats Pro http://www.emergingthreats.net



[prev in list] [next in list] [prev in thread] [next in thread]

Configure | About | News | Add a list | Sponsored by KoreLogic