Analysis - Joe Sandbox
-
Upload
khangminh22 -
Category
Documents
-
view
1 -
download
0
Transcript of Analysis - Joe Sandbox
2444555667777888
889999999
1010111111111111111111111111111212414141424444454545454547484849
Table of Contents
Table of ContentsAnalysis Report http://www.joinfproxy.com
OverviewGeneral InformationDetectionConfidenceClassificationAnalysis AdviceMitre Att&ck MatrixSignature Overview
AV Detection:Phishing:Networking:System Summary:Malware Analysis System Evasion:HIPS / PFW / Operating System Protection Evasion:
Behavior GraphSimulations
Behavior and APIsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Sigma OverviewJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
Static File InfoNo static file info
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency Graph
Copyright Joe Security LLC 2019 Page 2 of 86
49778484848585858585
85858586
86
HTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 1132 Parent PID: 700GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 2672 Parent PID: 1132GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2019 Page 3 of 86
Analysis Report http://www.joinfproxy.com
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli
Analysis ID: 190651
Start date: 19.11.2019
Start time: 11:48:30
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 8m 25s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: www.joinfproxy.com
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 7
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: EGA enabledAMSI enabled
Analysis stop reason: Timeout
Detection: MAL
Classification: mal60.phis.win@3/157@16/7
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: http://www.joinfproxy.com/#Browsing link: http://agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tLw==Browsing link: http://agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL3JlY292ZXIvaW5pdGlhdGU/bHd2PTExMCZhcnM9cm95YWxfYmx1ZV9iYXI=Browsing link: http://www.joinfproxy.com/legal/terms/updateBrowsing link: http://www.joinfproxy.com/about/privacy/updateBrowsing link: http://www.joinfproxy.com/policies/cookies/Browsing link: https://de-de.facebook.com/Browsing link: https://fr-fr.facebook.com/Browsing link: https://it-it.facebook.com/Browsing link: https://pt-pt.facebook.com/Browsing link: https://sq-al.facebook.com/
Copyright Joe Security LLC 2019 Page 4 of 86
Warnings:
Detection
Strategy Score Range Reporting Whitelisted Detection
Threshold 60 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 5 0 - 5 false
Exclude process from analysis (whitelisted): dllhost.exe, ielowutil.exe, wermgr.exe, conhost.exe, CompatTelRunner.exeHTTP Packets have been reducedTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 2.19.153.179, 152.199.19.161, 172.217.23.228, 216.58.201.99, 40.90.22.186, 40.90.22.188, 40.90.22.185, 93.184.220.29, 51.143.111.7Excluded domains from analysis (whitelisted): gstaticadssl.l.google.com, umwatson.trafficmanager.net, cs9.wac.phicdn.net, lgin.msa.trafficmanager.net, ie9comview.vo.msecnd.net, fonts.gstatic.com, login.msa.msidentity.com, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, ocsp.digicert.com, login.live.com, go.microsoft.com.edgekey.net, www.google.com, www.gstatic.com, watson.telemetry.microsoft.com, cs9.wpc.v0cdn.netReport size exceeded maximum capacity and may have missing behavior information.Report size getting too big, too many NtCreateFile calls found.Report size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Classification
Copyright Joe Security LLC 2019 Page 5 of 86
Analysis Advice
Sample may offer command line options, please run it with the 'Execute binary with arguments' cookbook (it's possible that the command line switches require additionalcharacters like: "-", "/", "--")
Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Command andControl
Valid Accounts WindowsRemoteManagement
WinlogonHelper DLL
ProcessInjection 1
Web Service 1 CredentialDumping
ProcessDiscovery 1
Remote FileCopy 3
Data from LocalSystem
DataEncrypted 1
Web Service 1
ReplicationThroughRemovableMedia
ServiceExecution
Port Monitors AccessibilityFeatures
ProcessInjection 1
NetworkSniffing
SecuritySoftwareDiscovery 1
RemoteServices
Data fromRemovableMedia
Exfiltration OverOther NetworkMedium
StandardCryptographicProtocol 2
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2019 Page 6 of 86
Drive-byCompromise
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Rootkit Input Capture File andDirectoryDiscovery 1
WindowsRemoteManagement
Data fromNetwork SharedDrive
AutomatedExfiltration
Standard Non-ApplicationLayerProtocol 5
Exploit Public-FacingApplication
Scheduled Task SystemFirmware
DLL SearchOrder Hijacking
ObfuscatedFiles orInformation
Credentialsin Files
System NetworkConfigurationDiscovery
Logon Scripts Input Capture Data Encrypted StandardApplicationLayerProtocol 5
SpearphishingLink
Command-LineInterface
ShortcutModification
File SystemPermissionsWeakness
Masquerading AccountManipulation
Remote SystemDiscovery
Shared Webroot Data Staged ScheduledTransfer
Remote FileCopy 3
Initial Access Execution PersistencePrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Command andControl
Signature Overview
• AV Detection
• Phishing
• Networking
• System Summary
• Malware Analysis System Evasion
• HIPS / PFW / Operating System Protection Evasion
Click to jump to signature section
AV Detection:
Antivirus detection for URL or domain
Multi AV Scanner detection for domain / URL
Phishing:
Phishing site detected (based on logo template match)
Form action URLs do not match main URL
Found iframes
HTML title does not match URL
Invalid T&C link found
None HTTPS page querying sensitive user data (password, username or email)
META author tag missing
META copyright tag missing
Networking:
Social media urls found in memory data
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Posts data to webserver
Tries to download or post to a non-existing http route (HTTP/1.1 404 Not Found / 503 Service Unavailable)
Urls found in memory or binary data
Uses HTTPS
Copyright Joe Security LLC 2019 Page 7 of 86
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Sample might require command line arguments
Spawns processes
Found GUI installer (many successful clicks)
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Malware Analysis System Evasion:
May try to detect the virtual machine to hinder analysis (VM artifact strings found in memory)
HIPS / PFW / Operating System Protection Evasion:
May try to detect the Windows Explorer process (often used for injection)
Behavior GraphID: 190651
URL: http://www.joinfproxy.com
Startdate: 19/11/2019
Architecture: WINDOWS
Score: 60
agent.joinf.cn
Multi AV Scanner detectionfor domain / URL
Antivirus detectionfor URL or domain
Phishing site detected(based on logo template
match)
iexplore.exe
6 87
started
iexplore.exe
7 353
started
agent.joinf.cn
47.91.149.178, 443, 49714, 49715
unknown
United States
scontent-hkg3-2.xx.fbcdn.net
157.240.15.22, 443, 49724, 49725
unknown
United States
18 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
Behavior Graph
Simulations
Copyright Joe Security LLC 2019 Page 8 of 86
No simulations
No Antivirus matches
No Antivirus matches
No Antivirus matches
Source Detection Scanner Label Link
www.joinfproxy.com 3% Virustotal Browse
agent.joinf.cn 10% Virustotal Browse
Source Detection Scanner Label Link
https://sq-al.faceb 0% Avira URL Cloud safe
www.mercadolivre.com.br/ 0% Virustotal Browse
www.mercadolivre.com.br/ 0% Avira URL Cloud safe
www.merlin.com.pl/favicon.ico 0% Virustotal Browse
www.merlin.com.pl/favicon.ico 0% URL Reputation safe
www.joinfproxy.com/?sk=inbox7http://www.joinfproxy.com/images/icons/app/messages.ico 100% Avira URL Cloud phishing
www.dailymail.co.uk/ 0% Virustotal Browse
www.dailymail.co.uk/ 0% URL Reputation safe
agent.joinf.cn/static/rsrc.php/v3/yN/r/YSGcJgI3134.js?_nc_x=Ij3Wp8lg5Kz 100% Avira URL Cloud phishing
www.joinfproxy.com/?sk=nf3http://www.joinfproxy.com/images/icons/ 100% Avira URL Cloud phishing
https://sq-al.facebook 0% Avira URL Cloud safe
agent.joinf.cn/images/icons/app/events.ico 100% Avira URL Cloud phishing
https://pt-pt.face 0% Avira URL Cloud safe
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lJL2wvMCxjcm9zcy95TGc2MkZpRGpURC5jc3M/X25jX3g9SWozV3A4bGc1S3o=
100% Google Safe Browsing
phishing
www.joinfproxy.com/images/marketing/cookies/www/tools_active.png 100% Avira URL Cloud phishing
https://agent.joinf.cn/login/identify/?ctx=recover&ars=royal_blue_barJlY292ZXIvaW5pdGlhdGU/bHd2PTExM
100% Avira URL Cloud phishing
busca.igbusca.com.br//app/static/images/favicon.ico 0% Virustotal Browse
busca.igbusca.com.br//app/static/images/favicon.ico 0% URL Reputation safe
agent.joinf.cn/?sk=nf/http://agent.joinf.cn/images/icons/app/ 100% Avira URL Cloud phishing
https://it-it.facebook 0% Avira URL Cloud safe
agent.joinf.cn/static/rsrc.php/v3ivK94/yW/l/en_US/-fNtMGApV03.js?_nc_x=Ij3Wp8lg5Kz 100% Avira URL Cloud phishing
www.etmall.com.tw/favicon.ico 0% Virustotal Browse
www.etmall.com.tw/favicon.ico 0% URL Reputation safe
it.search.dada.net/favicon.ico 0% Virustotal Browse
it.search.dada.net/favicon.ico 0% URL Reputation safe
agent.joinf.cn/facebook/policies/cookies/ 100% Avira URL Cloud phishing
search.hanafos.com/favicon.ico 0% Virustotal Browse
search.hanafos.com/favicon.ico 0% URL Reputation safe
agent.joinf.cn/rsrc.php/v3/yj/r/AE-e0Vw8Uhd.png 100% Avira URL Cloud phishing
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3l5L2wvMCxjcm9zcy9vQWx1M09BVjF2US5jc3M/X25jX3g9SWozV3A4bGc1S3o=
100% Google Safe Browsing
phishing
cgi.search.biglobe.ne.jp/favicon.ico 0% Virustotal Browse
cgi.search.biglobe.ne.jp/favicon.ico 0% Avira URL Cloud safe
Behavior and APIs
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Domains
URLs
Copyright Joe Security LLC 2019 Page 9 of 86
ocsp.pki.goog/gts1o10 0% Virustotal Browse
ocsp.pki.goog/gts1o10 0% URL Reputation safe
www.joinfproxy.com/ 3% Virustotal Browse
www.joinfproxy.com/ 100% Avira URL Cloud phishing
search.msn.co.jp/results.aspx?q= 0% Virustotal Browse
search.msn.co.jp/results.aspx?q= 0% URL Reputation safe
buscar.ozu.es/ 0% Virustotal Browse
buscar.ozu.es/ 0% Avira URL Cloud safe
ocsp.pki.goog/gsr202 0% Virustotal Browse
ocsp.pki.goog/gsr202 0% URL Reputation safe
https://pki.goog/repository/0 0% Virustotal Browse
https://pki.goog/repository/0 0% URL Reputation safe
www.joinfproxy.com/about/privacy/updateRoot 100% Avira URL Cloud phishing
https://agent.joinf.cn/policies/cookies/ 100% Avira URL Cloud phishing
search.auction.co.kr/ 0% Virustotal Browse
search.auction.co.kr/ 0% URL Reputation safe
agent.joinf.cn/static/rsrc.php/v3iqES4/yN/l/en_US/lIJrOY0twaO.js?_nc_x=Ij3Wp8lg5Kz 100% Avira URL Cloud phishing
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL2wvMCxjcm9zcy9HN1h6Y2FTMVFtTS5jc3M/X25jX3g9SWozV3A4bGc1S3o=
100% Google Safe Browsing
phishing
www.joinfproxy.com/policies/cookies/ 100% Avira URL Cloud phishing
www.pchome.com.tw/favicon.ico 0% Virustotal Browse
www.pchome.com.tw/favicon.ico 0% Avira URL Cloud safe
browse.guardian.co.uk/favicon.ico 0% Virustotal Browse
browse.guardian.co.uk/favicon.ico 0% URL Reputation safe
crl.pki.goog/gsr2/gsr2.crl0? 0% Virustotal Browse
crl.pki.goog/gsr2/gsr2.crl0? 0% URL Reputation safe
google.pchome.com.tw/ 0% Virustotal Browse
google.pchome.com.tw/ 0% Avira URL Cloud safe
www.garagefonts.comhttp://www.joshuadarden.comhttps://www.garagefonts.comFreightSans 0% Avira URL Cloud safe
www.ozu.es/favicon.ico 0% Virustotal Browse
www.ozu.es/favicon.ico 0% Avira URL Cloud safe
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3ltL3Ivb180bk5kYlppczkucG5n
100% Google Safe Browsing
phishing
search.yahoo.co.jp/favicon.ico 0% Virustotal Browse
search.yahoo.co.jp/favicon.ico 0% URL Reputation safe
www.gmarket.co.kr/ 0% Virustotal Browse
www.gmarket.co.kr/ 0% URL Reputation safe
www.joinfproxy.com/legal/terms/updateover&ars=royal_blue_barJlY292ZXIvaW5pdGlhdGU/bHd2PTExMCZ
100% Avira URL Cloud phishing
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvMTk1MjI3OTIxMjUyNDAw
100% Avira URL Cloud phishing
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvaW50ZWxsZWN0dWFsX3By
100% Avira URL Cloud phishing
agent.joinf.cn/static/rsrc.php/v3/yQ/r/SgyPmYUaN1c.js?_nc_x=Ij3Wp8lg5Kz 100% Avira URL Cloud phishing
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvY29udGFjdC8yNTk1MTg3MTQ3
100% Avira URL Cloud phishing
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29t 100% Avira URL Cloud phishing
search.orange.co.uk/favicon.ico 0% Virustotal Browse
search.orange.co.uk/favicon.ico 0% Avira URL Cloud safe
www.iask.com/ 0% Virustotal Browse
www.iask.com/ 0% Avira URL Cloud safe
service2.bfast.com/ 0% Virustotal Browse
service2.bfast.com/ 0% URL Reputation safe
www.news.com.au/favicon.ico 0% Virustotal Browse
www.news.com.au/favicon.ico 0% Avira URL Cloud safe
Source Detection Scanner Label Link
No yara matches
Yara Overview
Initial Sample
Copyright Joe Security LLC 2019 Page 10 of 86
Sigma Overview
No Sigma rule has matched
No yara matches
No yara matches
No yara matches
No yara matches
No context
No context
No context
No context
No context
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Screenshots
Copyright Joe Security LLC 2019 Page 11 of 86
System is w10x64
iexplore.exe (PID: 1132 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 2672 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1132 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\de-de.facebook[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 215
Entropy (8bit): 4.768867360717767
Startup
Created / dropped Files
Copyright Joe Security LLC 2019 Page 12 of 86
Encrypted: false
MD5: E7E2F2203F5EDCBB91A319E4057C6DCD
SHA1: 1A1EA84D8678A294DF128B300F5A8A7F7FEDF4C9
SHA-256: 7347A660D53B3859DE31F0B960F642322DFD6978ABD160E7332430734448BBCD
SHA-512: 3EA114703E5D21103B789362C7A44199CAE327B4366ADA2403A5E085493A06038016D53C997878A78C5A2207181A6BC3D502AD4DDF903DEE279BA2A9A70EE1AE
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="mrviwa:1574193096717" ltime="2931614624" htime="30777106" /></root><root><item name="Session" value="mrviwa:1574193096850" ltime="2933024624" htime="30777106" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\de-de.facebook[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1FBVMPHM\sq-al.facebook[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 914
Entropy (8bit): 4.882471955141429
Encrypted: false
MD5: FA2AA79BABF4627CED3FA1A55F0E9A82
SHA1: 0A92F9697737819E862A1CB77FE672243D681D6E
SHA-256: 4094E8E5E49D88BAA77833B1DD55CA695C908BB73DF06A169531B747D9A4B092
SHA-512: B041D347AB7413FA335FAF15D1D0E832FDA44065298CA89134ECABECEC515A5BCA17BD89B90FD8B8CEFB1772CE26DA71888395C0308D99C6D88E06374E260821
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="wc4pvh:1574193118553" ltime="3159624624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193121098" ltime="3175484624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193121108" ltime="3175564624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193121108" ltime="3175564624" htime="30777106" /><item name="mutex_banzai" value="6itqq8:1574193101221" ltime="3176684624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193121108" ltime="3175564624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193122055" ltime="3185004624" htime="30777106" /></root><root><item name="Session" value="wc4pvh:1574193123247" ltime="3198994624" htime="30777106" /></root><root><item name="Session" value="e5i85p:1574193157682" ltime="3541204624" htime="30777106" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\agent.joinf[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 17550
Entropy (8bit): 5.319178887915541
Encrypted: false
MD5: CF42F0F367288524CB5FC8473AE0FC37
SHA1: DB26C5D4800B3E5B3C03BB8D4EF94AD0344D1D6F
SHA-256: CC29C0DE704CE636E069E73FAA2A10A79B84AB9BDEBAFC9374BABBC0F98CA33C
SHA-512: C07CE0FAE4B2AB3E5B4D2C390956BE19E42B46FC07E825C2FD432F743093F77BF858D100BDA29B6A299041B8066DE9A082B259C32D97F60864C46B292740C2A9
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="qi1v7y:1574193062799" ltime="2608534624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067468" ltime="2639194624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067482" ltime="2639384624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067482" ltime="2639384624" htime="30777106" /><item name="check_quota" value="check_quota" ltime="2639674624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067482" ltime="2639384624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067482" ltime="2639384624" htime="30777106" /><item name="mutex_banzai" value="w33k8c:1574193047521" ltime="2639754624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193067482" ltime="2639384624" htime="30777106" /></root><root><item name="Session" value="qi1v7y:1574193070145" ltime="2665964624" htime="30777106" /><item name
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\pt-pt.facebook[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 9807
Entropy (8bit): 5.163056287323746
Encrypted: false
MD5: 1CA95982F840691CC6FABCDAD0F06244
SHA1: 520DBED337F457B1111CB08E6FEE024238F5F96C
SHA-256: 168D48C151A68DB135CED2A1EAB95D53932805F936425B4162B9AB0F58682210
SHA-512: 69504D9CB2A1685AA1230746B6D3DD0705DCEA17EC946BFFCDCAA1B8B4EB9A8B40C1DFE7B85DC2CE2447D7B100D2822C48C44BDD4EAF2155B3D96A4C1C2C5BC9
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 13 of 86
Preview:<root></root><root><item name="Session" value="7vlw18:1574193112762" ltime="3108234624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193115680" ltime="3121294624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193115687" ltime="3121384624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193115687" ltime="3121384624" htime="30777106" /><item name="check_quota" value="check_quota" ltime="3122144624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193115687" ltime="3121384624" htime="30777106" /><item name="mutex_banzai" value="5fxaxj:1574193095767" ltime="3122144624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193115687" ltime="3121384624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193117765" ltime="3142144624" htime="30777106" /></root><root><item name="Session" value="7vlw18:1574193118802" ltime="3152494624" htime="30777106" /></root><ro
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\pt-pt.facebook[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\C16CYV4I\fr-fr.facebook[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 9814
Entropy (8bit): 5.112847308549422
Encrypted: false
MD5: 559BCFE1FD0AD028EB0B3C195F9AA54F
SHA1: ED93A5293094FEFAF26D401749247C3239F4A503
SHA-256: 26A3258426BD8E2683D23A3FFC1375D2E34492FDED4052480D89515E22B255E4
SHA-512: 61082688C41B25DBFF344A872CA7FA18AB77B3C8744B65E57DCEA21282CECEF2AE45BA859BC9AC373E2FC19B25D35BC0B63E679F18ED56C9657E48D0D3499724
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="o9iuq8:1574193096355" ltime="2937324624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193098805" ltime="2952634624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193098814" ltime="2952674624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193098814" ltime="2952674624" htime="30777106" /><item name="check_quota" value="check_quota" ltime="2953874624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193098814" ltime="2952674624" htime="30777106" /><item name="mutex_banzai" value="ohbsj7:1574193078948" ltime="2953994624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193099076" ltime="2955284624" htime="30777106" /><item name="mutex_banzai" value="ohbsj7:1574193078948" ltime="2953994624" htime="30777106" /></root><root><item name="Session" value="o9iuq8:1574193099076" ltime="2955284624" htime="30777106" /></root><root><item
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\it-it.facebook[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2966
Entropy (8bit): 5.229291535723517
Encrypted: false
MD5: 097A08F1894E9167630B64852E123365
SHA1: FBB967A6E41E5F398250804598A0958E2A45C23A
SHA-256: F35144373AFBD2572004417A29EB2A4042863CC7FB9B76F54E5E6178257EFC02
SHA-512: 9A21020F4A1DEBDEDA1A0FAC0FF2A62800B830A9BA08E801905C4C199137A9F6AB43A182EC3A273C8ED9CBF1188C6883C5E7077D35B084E7B85DAE22360CF190
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="qq5f8e:1574193103808" ltime="3040924624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193109200" ltime="3056514624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193109209" ltime="3056594624" htime="30777106" /><item name="mutex_banzai" value="5r3vmq:1574193089222" ltime="3056734624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193109209" ltime="3056594624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193111516" ltime="3079764624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193113284" ltime="3097304624" htime="30777106" /></root><root><item name="Session" value="qq5f8e:1574193113284" ltime="3097304624" htime="30777106" /><item name="bz:qq5f8e:i5lyep:5r3vmq.1574193083295.8645" value="[["categorized_ods",{"2979":{"banzai":{"blue_total_messages_received":[26]}}},1574193083281
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.joinfproxy[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 301790
Entropy (8bit): 5.10470843874641
Encrypted: false
MD5: 00E2BC70D89B22446C3BF7FA0D737A86
SHA1: 5E2A60F239397FA734BC570383AE32EC2C2742E6
SHA-256: 1A66F8905D7A2A35FF7A8B672C009B5A04197AFFA819DD5A9B23008DF6FBAEA0
SHA-512: 4DA1DCFFDF368095FD5352289BD8845F92DD760124348C79F4E56F6A407FA5E577004B50169FCA4D32C48C621B2FE3A41660FA31ECECF3A8D41E3B2D41E4C240
Malicious: false
Reputation: low
Preview:<root></root><root><item name="Session" value="82q1th:1574193006622" ltime="2088554624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193021282" ltime="2177274624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193021282" ltime="2177274624" htime="30777106" /><item name="check_quota" value="check_quota" ltime="2186064624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193021282" ltime="2177274624" htime="30777106" /><item name="mutex_banzai" value="mbog0n:1574193002154" ltime="2186104624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193022218" ltime="2186804624" htime="30777106" /><item name="mutex_banzai" value="mbog0n:1574193002154" ltime="2186104624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193022218" ltime="2186804624" htime="30777106" /></root><root><item name="Session" value="82q1th:1574193024532" ltime="2209934624" htime="30777106" /></root><root><item
Copyright Joe Security LLC 2019 Page 14 of 86
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{B4DC9C63-0B05-11EA-AADB-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 30296
Entropy (8bit): 1.851235316157272
Encrypted: false
MD5: 825F199CADB008E5AAEEE1A1E3BA0121
SHA1: A68A85AF6ACA24D1D711468C874F2436F2ECBA6E
SHA-256: 28888E627ED3E62345179CD7C251956EF5CB7F2A0EFB3B0C0323A996D1A2F14E
SHA-512: 1DC5F3F22562B19DEE1166DD034F93DB55AEEB476AEF8B371772722505C7A56C22248CD57F2DA9F1E0A1189722FA5B3E9B6834608978F78E9FE6DF76FF126DC7
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{B4DC9C65-0B05-11EA-AADB-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 345706
Entropy (8bit): 3.0817276407321508
Encrypted: false
MD5: 8FA85361248B4A96621733ED2B172B1A
SHA1: AD1ED16FECFBD1CF64646E34390D12D31287BD63
SHA-256: 601FEDE7AD1471F7D0BA9617B07F687510DB004274B242C56B030A2AF38CFD1B
SHA-512: 52FFE05CB5CD02EC11BB994A18273F908D3D0A2A1EF1B5D100A5342C003005F979580593C62460BD8B91F14034064C951703200A1A5342C7F6768836AAC9A0E7
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{BEAB6195-0B05-11EA-AADB-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.5660810766324997
Encrypted: false
MD5: B6958904871BADBF481068B3C8FD1717
SHA1: B798867864D6C5132BCA58AF744040E258FE62B1
SHA-256: 0E0313225435B4E2DC1611734C66885B98B4C83026AE3265BC0FE53EA9C61C10
SHA-512: FA9A8C76624916313EA19FBA7AB72501BED918768DDBD4DBC0BCDB1D4AD1F533CCC7A22845F18D460349E7FD11FDD1FC079CD9B9220EDE4ADE41A9E55CB25144
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.146187713591611
Encrypted: false
MD5: 3F288593ABCBB3CF3A83334E6879E5E7
SHA1: 7D309D5CE4AE5A9F0EB43EE93DAE92BDC2F4D704
SHA-256: A8404C4CD6AD872AF0F2B79B0A64A2A5570FFB3949ACF31BA2722702737F984A
SHA-512: C5BAFCD88820D19EE07890CA2FBDBBF97C762AAB2411964A6AF8922C2AE436E30E924878D68C9E32212B9DB2762A678EDD21B9CBB562A13ED9C9E79CD21F89E1
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 15 of 86
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x94718976,0x01d59f12</date><accdate>0x94718976,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x94718976,0x01d59f12</date><accdate>0x947411b1,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.184580338906425
Encrypted: false
MD5: 575BC2370996895BE95F8C5264BB9DB3
SHA1: 5976D37D8FF4F12A6FA476BD16A1AC6160046168
SHA-256: D40C08DD38C75276421436D6C81AB4E89F9ECE474F6C382190A0B0868ACFE60F
SHA-512: C1F3A679BE6664BF52F6D6A1EEAB2C283628FECBC97779C723C080902BE590FC9FF0EA48DD0AA5B6D01F1E367B1B1E25E508009AF9281443E47A01F8307A7E12
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x94447568,0x01d59f12</date><accdate>0x94447568,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x94447568,0x01d59f12</date><accdate>0x945ffd61,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 662
Entropy (8bit): 5.136256124090803
Encrypted: false
MD5: 86C68940B6D3F2EF12AAA9AF4CB5355A
SHA1: 7E5EEA171D7628E264AC7567C60DC367C508E768
SHA-256: 8C393E2BAF9231F8694C6CC34D871B6CDD27055F95E73CC409384A29CD6ECD92
SHA-512: 0A1ED487D0DE1F774A8C98A51F024A554A035B29ADE48A87BCAB751D42265E9404690FCD79333AFCFDE55715183A4F25E1F978D259A7DC21CFBB2668D6BBF34C
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x947411b1,0x01d59f12</date><accdate>0x947411b1,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x947411b1,0x01d59f12</date><accdate>0x947411b1,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.142477170172917
Encrypted: false
MD5: 0FC35020FBD51E949F697B164B950F02
SHA1: F803FD41BEB2AC09908FF15D83BE9949E00B6321
SHA-256: 9F8C35995E5AB51CA3C02FF672AE259E55D1EFBF8C226CF8DC57D57FA88783C5
SHA-512: 7BB7E5351165F2B3E0B44E2A2C55466769C29298E28D67AC5DF417D8CDE37B7891FBA7E5A1BF5C0E545965981D574395C07468D2ECE6351AB139B79FC55813AB
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x946c8d09,0x01d59f12</date><accdate>0x946c8d09,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x946c8d09,0x01d59f12</date><accdate>0x946c8d09,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.187487861420848
Copyright Joe Security LLC 2019 Page 16 of 86
Encrypted: false
MD5: F2FBC80AFBFFBB32E8F8EE7F386E51B2
SHA1: A6802ED45E1F8549DD02FB650B3B1B935AC4E46E
SHA-256: 14DD5ECE1BC9205E9EF9018F393C11CCA34A8A73C86FD1E49933F98CD8BDF6AF
SHA-512: 7D175C06D2B2695613CA577C8D6BCB060A833FED2F1B165989090313C66A87EA4EA2525AFDB489A1362C12782029530F5F05E909F463C2A3407E98C249BF1151
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x947687bb,0x01d59f12</date><accdate>0x947687bb,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x947687bb,0x01d59f12</date><accdate>0x947687bb,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.1467530184173
Encrypted: false
MD5: 7B2BD6BB763492AC95558EEDF5C5AEAE
SHA1: 13842660F78C9125C2CB703840E600C6CBFF8409
SHA-256: 74DE0179149D61B8F987F76A08565ABA3EE4F438C86FBE67614D9B51B5AA9E4F
SHA-512: 67AB8AA9758E1E25DE0AA6EE51F71D757B3EBD2FDF55CC1638AD23BEE5B035F0C9A82235451C3DE4CDD5A239ABA37D244B0827D609253D94585CFB7E3E54DF1F
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x946f272e,0x01d59f12</date><accdate>0x946f272e,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x946f272e,0x01d59f12</date><accdate>0x94718976,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.175801897778691
Encrypted: false
MD5: 9F4E637BB91B4C78CCF8DDDF3F077BFC
SHA1: AE51CC51202B158D8296607189F7A19B0C1A9D60
SHA-256: 4D0A8B9E53127D361BDA5683EA2728CE8BD850395105CF1E079733EA71241DE8
SHA-512: 6F2ECCDC69971EA31C800E90C85EC8E09AE6FD71D0A6C69CF514A624AF6889BA26F95E56B9DE576AA0E63DE9B55F396A759047F9A0E31BEF7C7B5D8BEB405E92
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x946f272e,0x01d59f12</date><accdate>0x946f272e,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x946f272e,0x01d59f12</date><accdate>0x946f272e,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.149512399821964
Encrypted: false
MD5: 26F4DCD09369E142D503BEAF44C81B87
SHA1: 390C7F6B21B616469618F07A794879AE2DCC87EC
SHA-256: 394BE8248348E4A76FC5129E2ABD64CBADDEFBA325A55FCE37B6760A9914F9A5
SHA-512: F348A8D9C180447621570A9F71DC90EFE1DF5F3F24072E5457E7D26375AFB94C7A69B75376C70B9A7D656A6E215ED982ABAB755EFE204EC5B380665065798844
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 17 of 86
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x946504eb,0x01d59f12</date><accdate>0x946504eb,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x946504eb,0x01d59f12</date><accdate>0x946504eb,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.141337698088038
Encrypted: false
MD5: E4AC6CEE77C4884AC0F0CEF401354CDB
SHA1: EA9898D216536ADFAE81794FF8B0D970F995ED37
SHA-256: 61DE5039F5817746A0BF1D8F979C02ED50D9FCF48D71100B335DBA66456BE605
SHA-512: B904B8B11A239E16BFA3764008485CA112FECA873A88C8FF2D7CAAEE38DCF570FE0B7DADB4C31968A7D84A7E6FAADB5EA5C74DC464BD8B90F7AF3A15D4C72669
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x94678ff7,0x01d59f12</date><accdate>0x94678ff7,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x94678ff7,0x01d59f12</date><accdate>0x946c8d09,0x01d59f12</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 5740
Entropy (8bit): 2.7256437085303538
Encrypted: false
MD5: 34577AFFF2D723F8973D821E6C983567
SHA1: F94C33C703D3D119C9A0FADDEED2BA1818D93E98
SHA-256: 03449FAEE6D61F053AEB1ACA647013564913336DB6C06585FB1CA99DE527F163
SHA-512: D82838F45114C557EBA52C56A4CE62B5FAD93314E0C98A4DE978860E55909698D7347EB94D64AD13CC067F77B04F4794E3BE7FE9D15430017ABEAAEF660D82BF
Malicious: false
Reputation: low
Preview:9.h.t.t.p.s.:././.s.t.a.t.i.c...x.x...f.b.c.d.n...n.e.t./.r.s.r.c...p.h.p./.y.o./.r./.i.R.m.z.9.l.C.M.B.D.2...i.c.o.~............... .h.......(....... ..... ..........................hB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..hB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........................p..gB..gB..gB..gB..gB..gB..gB..gB..gB.............................gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB.............hC..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB....................gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..pN..........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\0R0NR6WD.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 129786
Entropy (8bit): 5.703909212922824
Encrypted: false
MD5: 6A8E2A4AD3631BEE2FEF5D0523A5B78A
SHA1: 50877D9B7E6FC2B4F661724E9D039B7957CBFCD1
SHA-256: 5F25E197EAB227002139DD502934A89EF4FF3A46021A507B71DC565A801EF899
SHA-512: 4584B84E5C3ECC51FF2F27CAED84249D3C247404932EB57A2F6F8403C9BD9859C27CF80A19D9BC2968DF669732E194311FBC38630821CFF885B4B7F86008830B
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="pt" id="facebook" class="no_js">.<head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7569MWEP.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Copyright Joe Security LLC 2019 Page 18 of 86
Size (bytes): 131605
Entropy (8bit): 5.713905056069737
Encrypted: false
MD5: 120112B3BFFB43EE7409E20CADD9B875
SHA1: AF5DA257222268A410570B3495B89DBB78FD4668
SHA-256: 27235A0C31522A229602F014311905B68921101C3D5DE64CD4E37756CBBC73C8
SHA-512: DF09F1160C452B183AA92A32AFC3D2F008272E27CA7009D517BA0B731B41EA2F0073740EB96EF4C709B807E270A45CD223A75AFC7F688C4999A03F1CB99CD682
Malicious: false
Reputation: low
Preview:<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_token":"AQ75ExhV2hnaK
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7569MWEP.htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7W_zzge2D8D[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 2100500
Entropy (8bit): 5.536832022878986
Encrypted: false
MD5: D4D9F81FE8D90B0EFB1E76DA7BD0D54A
SHA1: D6DCE8745C2A3EBDD6A2F46F4261CCF9B3D32E76
SHA-256: 57EA96FFC1BD8FC245FE2D9A81E33B609201366A9C16BF3497B3AB9F25ED74B6
SHA-512: 2744D9DB1B65F9A3EFB2AD78F0903711E9C513FDF062BB278401DE0FA3983FC96579257CAD3190EAB313230CA369637E42E952B48BAA7F06736D9AA7059FD576
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["iJOX7"]); }..__d("UFI2ViewOption",["qex"],(function(a,b,c,d,e,f){"use strict";a={isChronologicalOrder:function(a){var c=b("qex");if(a==="FRIENDS_COMMENTS"&&!c._("1080217"))return!1;switch(a){case"RECENT_ACTIVITY":case"RANKED_THREADED":case"RANKED_UNFILTERED":case"LIVE_STREAMING":case"RANKED_SUB_REPLIES":case"RANKED_REPLIES":return!1}return!0}};e.exports=a}),null);.__d("UFI2CommentsListState",["invariant","ErrorUtils","FBLogger","UFI2ViewOption","gkx"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();function h(a){var b=a.count,c=a.direction,d=a.error,e=a.hasMore,f=a.isLoading,g=a.pageSize;a=a.totalCount;if(a!=null&&a===0)return null;if(b===0)return null;return!e?null:{__type:"PAGER",count:Math.min(b,g),direction:c,status:{error:d,pending:f}}}function i(a){var b=a.count,c=a.expanded;a=a.minCountToShowCollapser;if(!c)return null;if(a==null)return null;return b<=a?null:{__type:"REPLIES_COLLAPSER",count:b}}function j(a){var b=a.error,c=a.e
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\7W_zzge2D8D[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1127601
Entropy (8bit): 5.6077344218742935
Encrypted: false
MD5: A947996A94E5B1C05B55B685AC6E5F9A
SHA1: A3AFFF18B6280E3380C008B1FE9333A516A06E3F
SHA-256: CAD7626955E7A11F96B1DE270A48797B9EE8AFE462AB7DE170A48509AEB0BD3A
SHA-512: 53FEDB4E519C7A6609D8D54CE29BDD84FCAA9D92C4C4B87E30821001B9DD0AE9E2687D7A601C8FAD748573E80972419EBC9D39548C36F979A00F4F05B3DD6FCE
Malicious: false
Reputation: low
Preview:WithGuard(c,null,[a],null,"UFI2ActiveLayerMonitor")}i=!1}function n(a){j!==a&&(j=a,m(a))}a={getLastActiveLayer:function(){return j},subscribe:function(a){__p&&__p();h.push(a);i&&k.push(a);l==null&&(l=new(b("SubscriptionsHandler"))(),l.addSubscriptions(b("UserActivity").subscribe(function(a,c){a=c.event;n(b("Parent").byClass(a.target,"uiLayer")||b("getDocumentScrollElement")())})));var c=!1;return{remove:function(){__p&&__p();if(c)return;var b=h.indexOf(a);b!==-1&&h.splice(b,1);if(i){b=k.indexOf(a);b!==-1&&k.splice(b,1)}h.length===0&&(l&&(l.release(),l=null));c=!0}}}};e.exports=a}),null);.__d("UFI2BluePrimerDialog.react",["React"],(function(a,b,c,d,e,f){"use strict";e.exports=function(a){var c=a.Component;a=a.props;return b("React").jsx(c,babelHelpers["extends"]({},a))}}),null);.__d("UFI2LocalUserAction",["EventEmitter"],(function(a,b,c,d,e,f){"use strict";e.exports=new(b("EventEmitter"))()}),null);.__d("UFI2PrimerDialogWrapper.react",["requireCond","cr:828359"],(function(a,b,c,d,e,f){"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 2168
Entropy (8bit): 5.207912016937144
Encrypted: false
MD5: F4FE1CB77E758E1BA56B8A8EC20417C5
SHA1: F4EDA06901EDB98633A686B11D02F4925F827BF0
SHA-256: 8D018639281B33DA8EB3CE0B21D11E1D414E59024C3689F92BE8904EB5779B5F
SHA-512: 62514AB345B6648C5442200A8E9530DFB88A0355E262069E0A694289C39A4A1C06C6143E5961074BFAC219949102A416C09733F24E8468984B96843DC222B436
Copyright Joe Security LLC 2019 Page 19 of 86
Malicious: false
Reputation: low
Preview:.body..{...font-family: "Segoe UI", "verdana", "arial";...background-image: url(background_gradient.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;...color: #575757;..}....body.securityError..{...font-family: "Segoe UI", "verdana" , "Arial";...background-image: url(background_gradient_red.jpg);...background-repeat: repeat-x;...background-color: #E8EAEF;...margin-top: 20px;...margin-left: 20px;..}....body.tabInfo..{...background-image: none;...background-color: #F4F4F4;..}.. ..a..{...color: rgb(19,112,171);.font-size: 1em;...font-weight: normal;...text-decoration: none;...margin-left: 0px;...vertical-align: top;..}....a:link, a:visited..{...color: rgb(19,112,171);...text-decoration: none;...vertical-align: top;..}....a:hover..{...color: rgb(7,74,229);...text-decoration: underline;..}....p..{...font-size: 0.9em;..}.....h1 /* used for Title */..{...color: #4465A2;...font-size: 1.1em;...font-weight: normal;...vertical-align
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\ErrorPageTemplate[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\GsNJNwuI-UM[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 16 x 11
Size (bytes): 522
Entropy (8bit): 6.529006523416013
Encrypted: false
MD5: 707DB34C054F1D55F0FDA41F0E14BF06
SHA1: A44B5ADBBC6D1CABED018132378884E3A4982336
SHA-256: 7F4FBB61E5A1226B421109D4BFEB68B371B240BB6A0131C54581B777CB649908
SHA-512: 2DE1940B52E8AA3B0E4077F5A74CAF44EB322F3ED32D81005ABBD80B146FF6228773FAE938B0F06DB1F2395FDEDE4978F9D99E8328BD87B976E9B70568B2E1AC
Malicious: false
Reputation: low
Preview:GIF89a...........p...................Ro...................!..NETSCAPE2.0.....!.......,..........+..I...e...)."-..%..g..i..tio..~..0.......!.......,...........P.$.......wIT..!.......,..........2..)R.s.s.L..d.A.......".)...Y.lF.....y.M.(.U....!.......,..........>..I.HIT...R. .P..t....I1....H...Y....`.a....}L....&6..u..d".!.......,..........=..I...`.2.P..t..(."..P....,........w.......OhTJ.........!.......,..........3..I...e...P...(.d.R1..2r...\3...=.....>..24.`..J..!.......,............%......T..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmEU9fBBc9[1].ttfProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: TrueType Font data, 18 tables, 1st "GDEF", 44544 names, language 0x800, type 9984 string
Size (bytes): 99175
Entropy (8bit): 6.474555991078843
Encrypted: false
MD5: 69ED9D86D75EC898DFFC095DA225781F
SHA1: 69BD3462993C946D0553F0F86682C51C6B8F208E
SHA-256: FCDAB7DDD9B9C65D09F1EFD560DDE49665C4F6F43C1E40091CDFA87B404DD818
SHA-512: 411EA72B578A0F1B92A4DFEB79690F2C508751F9190E032E4F0093BA8B1A0DF50C557FBFDF73E4EC2BA06F8791A25AD5E9488143553D91EF9FDC68FF8FC22475
Malicious: false
Reputation: low
Preview:........... GDEF......{....dGPOS......|<....GSUB7b.....8....OS/2t.#...r....`cmap......st...Lcvt 1..K..y....\fpgm..$...v.....gasp......{.....glyf.'.....,..j.hdmx......r|[email protected]\[email protected](....maxp......l.... name..:...z,....post.m.d..{.... prep...)..x|...S...d...(.............o......9........................EX../... >Y..EX../....>Y......9......9......9......9........9......9......01!!.!.......!.5.!.(.<..6......................}.w...x.^.^..^...............<......9.........EX../... >Y..EX../....>Y.....+X!...Y..../01.#.!.462...."&.~......J.JH.H......9KK97JJ....e...@.......%...EX../...">Y..../..../......./01..#.3..#.3..#...-#...w.}....}.....`...............EX../... >Y..EX../... >Y..EX../....>Y..EX../....>Y......9../.....+X!...Y............../.....+X!...Y...............................01.#.#.#5!.#5!.3.3.3.3.#.3.#.#.3.#...L.L...:...N.N.N.N..:..L.v.:....f....9....`...`....f.8.9...d.-.&...,...*-...9...EX../... >Y..EX../... >Y..EX.#/.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\KFOlCnqEu92Fr1MmYUtfBBc9[1].ttfProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: QuArk archive data
Size (bytes): 7029
Entropy (8bit): 4.884455729801584
Encrypted: false
MD5: 58E196BA0E9AEF6C5428725610BB4877
SHA1: BCCD6B7ABB74D07823471007B9B02E961EFDACB1
SHA-256: 00895A426DE586C9FB7FCA40F2400E8CC89B7F94A4FE5FB9FDD8706419ECA64C
SHA-512: F3A2AC4CDC82F7F1A5FD56EF45725E136F9D352E7DD7FF593F6FFF87DFA0DD45801D9F99D31FB88F13E3DDA3FEC36F9324563B8050A633C70D1C9560AF0B4960
Malicious: false
Reputation: low
Preview:7...W.3.\.)...`.a.3.p...a...X.~.4...a...4...a...#.......Y."...........%.....B...(.......)...^.g.{...b...g.u.E.T.....w...^..._.H.U.......A.d.}.H.U.)...-.}.N.T...3...)...Z.!.....R.....9.V.......u...M...q...Y...U...I.....;.5...Q...t.2.....=...@...;...4.|._.H.{...\.5.K...a...v...p.......V...l...B.,.S.k.s.q.P.l.S.....3.....l.l.L.......6...U.`.....................3.......C...)...6...;...?.../...C...A...C...6...;...?.../...C...A.........J...s...s...s...s...s...s...@.E.z.n.z.n.z.n.z.n.j...j...j...j.....n...E...E...E...E...E.Q.i.Q.i.Q.i.Q.i.....?.-.?.-.?.-.?.-.?.-.?.-.(.4.[.=.[.=.[.=.[.=.H...H.{.H...H.....X.~.4.~.4.~.4.~.4.~.4...Y...Y...Y...Y.%...........l.......<.).................................3.......3.....f.................'...C........GOOG.@.."......f.... ........:... . .............................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\N-He0del83q[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 16570
Copyright Joe Security LLC 2019 Page 20 of 86
Entropy (8bit): 5.3613411385368
Encrypted: false
MD5: 29FD90FFD198EE4F651C4E670E7AEED4
SHA1: BC7B08E4AE46562AA60C49D329DBD9475B1C5E4C
SHA-256: A01D3D57ED571DEFDAC75E8C3FCE1CDC854408270B877BBF5477AD98D964CFC8
SHA-512: 7CCD57D1E3B71C11701C5C5AA1A412AFD7F82BECCE268771FCAA9BF9123C0E25B135DCE436900B585BCA6377CCCA964A7C0D3BC7182A036E349E73230E508C5E
Malicious: false
Reputation: low
Preview:iif (self.CavalryLogger) { CavalryLogger.start_js(["BXuJY"]); }..__d("IdentityBadgeUtils",["cx","gkx"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();var h=function(a){switch(a){case"tipper":case"birthday_week_tipper":return b("gkx")("709988");case"sharer":return b("gkx")("709989");case"follower":return b("gkx")("833805"f (self.CavalryLogger) { CavalryLogger.start_js(["iydXG"]); }..__d("MercuryBootloadOnInteraction.react",["React","createCancelableFunction","promiseDone"],(function(a,b,c,d,e,f){"use strict";__p&&__p();a=function(a){__p&&__p();babelHelpers.inheritsLoose(c,a);function c(){__p&&__p();var c,d;for(var e=arguments.length,f=new Array(e),g=0;g<e;g++)f[g]=arguments[g];return(c=d=a.call.apply(a,[this].concat(f))||this,d.state={Component:null},d.$2=function(a){a=d.state.interactionType==="click"?"click":a.type;d.setState({interactionType:a},function(){b("promiseDone")(d.props.loader.load(),function(a){d.props.takeOverRender?d.props.takeOverRender(function(){return d.$1(a)}):d.$
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\N-He0del83q[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\Nmb_F6p7z4a[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 972657
Entropy (8bit): 5.431502624666816
Encrypted: false
MD5: 82CCE89D30DDB92D2BA56743DA82A4D2
SHA1: 149AE2951734112269072A85E572AE91E07D8040
SHA-256: E69C1F56D59D1EBF1EF8629AC1D0A53600F8AC0C39D01A7374248AD7EEA04A41
SHA-512: 11B052EBF8AE7FDB49CC5FDEBBCCF8D8EDFAFB99C1A35BA725A0CAFE26104472C7BEE742B14767CB48BF16071B2A12ABFC644707B266A88F098ABC8CED0419DB
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["WZ2P0"]); }..__d("warning",["requireCond","cr:888908","cr:1105154"],(function(a,b,c,d,e,f){a=b("cr:888908");e.exports=a}),null);.__d("cometTestID",["testID"],(function(a,b,c,d,e,f){"use strict";e.exports=b("testID")}),null);.__d("CometSorryReaction",[],(function(a,b,c,d,e,f){"use strict";e.exports="data:image/svg+xml,%3csvg xmlns='http://www.w3.org/2000/svg' xmlns:xlink='http://www.w3.org/1999/xlink' viewBox='0 0 16 16'%3e%3cdefs%3e%3clinearGradient id='a' x1='50%25' x2='50%25' y1='10.25%25' y2='100%25'%3e%3cstop offset='0%25' stop-color='%23FEEA70'/%3e%3cstop offset='100%25' stop-color='%23F69B30'/%3e%3c/linearGradient%3e%3clinearGradient id='d' x1='50%25' x2='50%25' y1='0%25' y2='100%25'%3e%3cstop offset='0%25' stop-color='%23472315'/%3e%3cstop offset='100%25' stop-color='%238B3A0E'/%3e%3c/linearGradient%3e%3clinearGradient id='e' x1='50%25' x2='50%25' y1='0%25' y2='100%25'%3e%3cstop offset='0%25' stop-color='%23191A33'/%3e%3cstop of
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\NxAfI9A4Tnd[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 28561
Entropy (8bit): 5.297943349052214
Encrypted: false
MD5: 7795C1DD936B9B25CD5DA7BD46AA143A
SHA1: 9A5C20D2CED2D0E93276424A26602BAA31B33A13
SHA-256: 9B0EB048787AD108D23A0B1818B891112F165FD535CD7A354554276960B07DC7
SHA-512: 5B8CB0955E33B9739A826B53658C57471B8721A794ED1652173070127E3825A45CBEE913E41B6BF12CB47CC95646EDD88CAC2F1E4C1BC87733437F41816FFAB8
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["69HNu"]); }..__d("ResetScrollOnUnload",["Run"],(function(a,b,c,d,e,f){a={disableScrollRestoration:function(){b("Run").onUnload(function(){window.history.scrollRestoration="manual"})},init:function(a){b("Run").onUnload(function(){window.history.scrollRestoration="manual",a.style.opacity="0",window.scrollTo(0,0)})}};e.exports=a}),null);.__d("NavigationMenubarInteractionsTypedLogger",["Banzai","GeneratedLoggerUtils","nullthrows"],(function(a,b,c,d,e,f){"use strict";__p&&__p();a=function(){__p&&__p();function a(){this.$1={}}var c=a.prototype;c.log=function(){b("GeneratedLoggerUtils").log("logger:NavigationMenubarInteractionsLoggerConfig",this.$1,b("Banzai").BASIC)};c.logVital=function(){b("GeneratedLoggerUtils").log("logger:NavigationMenubarInteractionsLoggerConfig",this.$1,b("Banzai").VITAL)};c.logImmediately=function(){b("GeneratedLoggerUtils").log("logger:NavigationMenubarInteractionsLoggerConfig",this.$1,{signal:!0})};c.clear=function(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\TOPRBCQQ.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 112072
Entropy (8bit): 5.715775486275064
Encrypted: false
MD5: C738E2F9F11311D6FFC3EB7E602E66F1
SHA1: 0720831643AD3456871F97069CD8850EF53B0BC2
SHA-256: C44EA02B5900E5D213CE5C30AE40B3D404BC9940CA35665BE2A57D87E6BDD55E
SHA-512: 9D221BE8D0FFE26D4F43372BA28C82C820D9C0D6BCB52AA8E3402FF284035C0D963843B5D3A72FEB7AFDBA0F37291D7EE582BA94CB06DCFE3C8A34D09462413C
Copyright Joe Security LLC 2019 Page 21 of 86
Malicious: false
Reputation: low
Preview:artillery_navigation_timing_level_2":false,"artillery_profiler_on":false,"artillery_merge_max_distance_sec":1,"artillery_merge_max_duration_sec":1,"user_timing":false},1237],["EventConfig",[],{"sampling":{"bandwidth":0,"play":0,"playing":0,"progress":0,"pause":0,"ended":0,"seeked":0,"seeking":0,"waiting":0,"loadedmetadata":0,"canplay":0,"selectionchange":0,"change":0,"timeupdate":2000000,"adaptation":0,"focus":0,"blur":0,"load":0,"error":0,"message":0,"abort":0,"storage":0,"scroll":200000,"mousemove":20000,"mouseover":10000,"mouseout":10000,"mousewheel":1,"MSPointerMove":10000,"keydown":0.1,"click":0.02,"mouseup":0.02,"__100ms":0.001,"__default":5000,"__min":100,"__interactionDefault":200,"__eventDefault":100000},"page_sampling_boost":1,"interaction_regexes":{"BlueBarAccountChevronMenu":" _5lxs(?: .*)?$","BlueBarHomeButton":" _bluebarLinkHome__interaction-root(?: .*)?$","BlueBarProfileLink":" _1k67(?: .*)?$","ReactComposerSproutMedia":" _1pnt(?: .*)?$","ReactComposerSproutAlbum":" _1pn
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\TOPRBCQQ.htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\W26AGHB0.gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 42
Entropy (8bit): 3.0241026136709444
Encrypted: false
MD5: B4682377DDFBE4E7DABFDDB2E543E842
SHA1: 328E472721A93345801ED5533240EAC2D1F8498C
SHA-256: 6D8BA81D1B60A18707722A1F2B62DAD48A6ACCED95A1933F49A68B5016620B93
SHA-512: 202612457D9042FE853DAAB3DDCC1F0F960C5FFDBE8462FA435713E4D1D85FF0C3F197DAF8DBA15BDA9F5266D7E1F9ECAEEE045CBC156A4892D2F931FE6FA1BB
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........2.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\a0_D8GQCNT9[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 6288
Entropy (8bit): 5.311246685620681
Encrypted: false
MD5: 46A5FC5D734BE71841D41414D89B62DC
SHA1: 6B58CE4148A2C3A4C07F05DC3F3343CFB8516D90
SHA-256: 182D51634A832C01172213F0CD1E9602E65855234061C4B596FF83613CC790EB
SHA-512: 7A63642486AA1DDE325F0EFA0ECE4111C400BE01E5D5BC0B98EC02831DEC910B3899BCA4CC931E163BC99964F6205317EF84692EA9D31EC1F7D036F094805904
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["oGIPB"]); }..__d("DUPLeftNavSublist.react",["cx","Animation","CSS","Ease","React","ReactDOM","Style"],(function(a,b,c,d,e,f,g){__p&&__p();a=b("React").PropTypes;var h=160,i=35,j=b("Ease").makeElasticOut(1,1.6);c=function(a){"use strict";__p&&__p();babelHelpers.inheritsLoose(c,a);function c(){return a.apply(this,arguments)||this}var d=c.prototype;d.UNSAFE_componentWillReceiveProps=function(a){b("React").Children.count(a.children)>0&&(a.expanded&&!this.props.expanded?new(b("Animation"))(b("ReactDOM").findDOMNode(this)).from("height",0).to("height","auto").ease(j).show().duration(h+i*a.children.length).go():!a.expanded&&this.props.expanded&&b("Style").set(b("ReactDOM").findDOMNode(this),"height",0))};d.componentDidMount=function(){b("CSS").hide(b("ReactDOM").findDOMNode(this))};d.render=function(){return b("React").jsx("div",{className:"_b_3",id:this.props.id,children:this.props.children})};return c}(b("React").Component);c.propTypes={exp
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\anchor[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 12168
Entropy (8bit): 5.929696677715641
Encrypted: false
MD5: 6900011AC0D171928D37CEDB2A5C1E6B
SHA1: D26759B1F2A800B5F67DC443CD22C8B5383B8ED6
SHA-256: 7EF4A3895E09D252CE39D5E3665A00EC7A8B68C65A2D47AD8EC067698B5FB09F
SHA-512: 91540EEAA5A226096B6FF601325231D5D2268E974B16AE0307C5C10F8E36DADA92DBBB307C00DEB9064AD038F19FABB9C99AC69492262BD4FA03256932AE9129
Malicious: false
Reputation: low
Preview:<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<style type="text/css">.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: local('Roboto Medium'), local('Roboto-Medium'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 900;. src: local('Roboto Black'), local('Roboto-Black'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf) format('truetype');.}..</style>.<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/styles__ltr.css"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Copyright Joe Security LLC 2019 Page 22 of 86
Size (bytes): 729
Entropy (8bit): 5.307100676703662
Encrypted: false
MD5: 8E559D3F7B47CE093BFF7944209EE7FF
SHA1: 9579F3461B3BC631EED79E5CF6D7C9DDBDDA0F12
SHA-256: 3211CD82CE26FEC042B2543617D3138A366D470FA74ED56788C3B0956C9F9FFB
SHA-512: 832F28065A2BEE6AF74970D238D6A7569050C903D4B7BC718777E9E26AC1F0431F1D7051F154781CA0A5DA7F77163DB565C5E8C0DD6FF3709CAE649BC26E007A
Malicious: false
Reputation: low
Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};(cfg['enterprise']=cfg['enterprise']||[]).push(false);(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s); })();
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\api[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Size (bytes): 453
Entropy (8bit): 5.019973044227213
Encrypted: false
MD5: 20F0110ED5E4E0D5384A496E4880139B
SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious: false
Reputation: low
Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... [email protected].%...m..D.25...T...F.........p......A..........BP..qD.([email protected]?..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\bframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 20249
Entropy (8bit): 5.613044805453472
Encrypted: false
MD5: 449DABCD4D86C99B441FFACB4D03D827
SHA1: 62A13AC058C56C65C6FCE4D1DF189E56A9B9B6BB
SHA-256: 5949F1F93EDE5C10992CC024D6FDEFC7C7D5E0E6E1B72965E2A3051D6737D854
SHA-512: 1303D49A9D86A350FA8053AC0E1EF76E6A54829B49C1E2AF290E7CAA7F8F272969C0A72A7731DDDC4BECB19DCC66C9BFC5800C3E1EB73896862DF5E20AC3B5F1
Malicious: false
Reputation: low
Preview:<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">..<title>reCAPTCHA</title>.<style type="text/css">.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: local('Roboto Medium'), local('Roboto-Medium'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 900;. src: local('Roboto Black'), local('Roboto-Black'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf) format('truetype');.}..</style>.<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 18880
Entropy (8bit): 5.164796203267696
Encrypted: false
MD5: 336CC54EB5B8B017FF58FE451B00E9E9
SHA1: C011825AEBDDC219E740FEDC09ED3B5607BAF2D0
SHA-256: 3C1C6295B4F22D9B2E6BED404914BD6AA83C3E8FF33011D13C3F72BD4B1DF7B6
SHA-512: D1E60FC2DBBD4ECFC77960FFAF5BF6A5107390C2CB6A4F8F7E8D9A8149D0B2CFF2047AAD9848622B146B2798B3B76C245836C012C8F5656741CCF3FD530830BB
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 23 of 86
Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\errorPageStrings[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\facebook[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines, with no line terminators
Size (bytes): 1041
Entropy (8bit): 5.383783156664559
Encrypted: false
MD5: 15E02851AAD36F8C987B1F8D48CDD70E
SHA1: D8276458C6B3E6C5C1D327EA4A9E0F38D79864F7
SHA-256: EA53B12A1CD7B4AA814E3FD5FF3D978564AE68A12AE922843CDC4CFBB2B8902B
SHA-512: 59A20ABC7F15149472F3FCFF8E6B5C2DC328237223443BD73E8B4D85B154000A639610E34119F118DCFC15B1A049955E0AA0489BDC1E131221C936DE1137FB7F
Malicious: false
Reputation: low
Preview:<html><head><title>Redirecting...</title><script type="text/javascript">/*<![CDATA[*/(function(){function si_cj(m){setTimeout(function(){new Image().src="https:\/\/error.facebook.com\/common\/scribe_endpoint.php?c=si_clickjacking&t=1532"+"&m="+m;},5000);}if(top!=self){try{if(parent!=top){throw 1;}var si_cj_d=["apps.facebook.com","apps.beta.facebook.com"];var href=top.location.href.toLowerCase();for(var i=0;i<si_cj_d.length;i++){if (href.indexOf(si_cj_d[i])>=0){throw 1;}}si_cj("3 ");}catch(e){si_cj("1 \t");window.document.write("\u003Cstyle>body * {display:none !important;}\u003C\/style>\u003Ca href=\"#\" onclick=\"top.location.href=window.location.href\" style=\"display:block !important;padding:10px\">Go to Facebook.com\u003C\/a>");/*LONLYbJP*/}}}())/* */</script><script>window.location.replace("https:\/\/agent.joinf.cn\/login\/identify\/?ctx=recover&ars=royal_blue_bar");</script><meta http-equiv="refresh" content="0;url=https://www.facebook.com/login/identify/?ctx=recover&ars=ro
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\forbidframing[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 5764
Entropy (8bit): 4.101264567053427
Encrypted: false
MD5: 9E572A1EA30034178D90F727A7E6FF07
SHA1: 898D9C224D9AC4D481BCEFE00AED7C1CC6EEDBFF
SHA-256: 266E62F256CC201FBF00A7FCCFB00541C4B80A15E7BE497BA6C0C3408378CF90
SHA-512: 76787486E5EC337B6D86F9F0B6BE6F032D78F75DDF822FF5DE0654D01310C821BA46BA32A11E347E424C2055B8EFAA04E3CFDEBF0B874DE97B8E856797A2034E
Malicious: false
Reputation: low
Preview:.<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">....<html dir="LTR">.... <head>.. <link rel="stylesheet" type="text/css" href="ErrorPageTemplate.css" >.... <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.... <title>Framing Forbidden</title>.... <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onload="initUnframeContent();">.... <table width="450" cellpadding="0" cellspacing="0" border="0">.... Error title -->.. <tr>.. <td id="infoIconAlign" width="60" align="left" valign="top" rowspan="2">.. <img src="red_x.png" id="infoIcon" alt="Info icon">.. </td>.. <td id="unableDisplayAlign" valign="middle" align=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hsts-pixel[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 129
Entropy (8bit): 2.7374910194847146
Encrypted: false
MD5: DE658DFAC8CD9A064973E5F2B15CC2BB
SHA1: BBADA5C0D3C5419AE0E2151762581DE7DC584217
SHA-256: 06D9D619915BC999F01FBD1B283A9DB8F1BC5CE9B216FF335CC1B349EB239517
SHA-512: 89E05A260B8A382E0B7713805DE8EFD057C1CCE52A845F5DFD89DCFD4CE3A30DA6141E6B4B733234BCB54371B2300BA8993AE21DD1C83CF0F6340866FC88CBA6
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hsts-pixel[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 2.7374910194847146
Copyright Joe Security LLC 2019 Page 24 of 86
Encrypted: false
MD5: DF3E567D6F16D040326C7A0EA29A4F41
SHA1: EA7DF583983133B62712B5E73BFFBCD45CC53736
SHA-256: 548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
SHA-512: B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\hsts-pixel[2].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 48420
Entropy (8bit): 5.451485481468043
Encrypted: false
MD5: D7963BFBD51BED910372E9D252C30CA2
SHA1: 6AB5A3E9B78874E7600B3D9DB1035DF60E333860
SHA-256: 182B0112F6FADB33E7E77D31CA0685D690ED03875108591E391AFCC56E70D799
SHA-512: 301BB249FF524CD914B91F7611B479635AB1F947A170E9F713FD457EFFA0EF3919EF8D4E21F6458A065453BDD9585700ABE98242ABBC7A5F9A8A6E82FF90D51D
Malicious: false
Reputation: low
Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\iRmz9lCMBD2[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 2 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel
Size (bytes): 5430
Entropy (8bit): 2.469721072067586
Encrypted: false
MD5: D2850D31B1CDEC91CB6ED249D992F740
SHA1: 4890F422BC6D645479F1689DD7DB859D69AFFBFA
SHA-256: 4A464D3F412ADDA640EF04B79E9E70B8AA446BDFFFFA0E8554FB91A13F97010D
SHA-512: F5EB7B89681F999B3E29894D144D6A288071ED059A95B1B7ECED9F38BE436486757919CD6E8D68B6ABC982A1A22C0859F959FF044FF7C55415D26D4031043DF3
Malicious: false
Reputation: low
Preview:............ .h...&... .... .........(....... ..... ..........................hB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..hB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........................p..gB..gB..gB..gB..gB..gB..gB..gB..gB.............................gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..........gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB.............hC..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB....................gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..pN................gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..gB..g
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\iframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 25716
Entropy (8bit): 5.5950326113206925
Encrypted: false
MD5: 23E9D96D893B6FAF8B126007CACB440D
SHA1: 1CA5247A9A69264DE24ED0EFB7CBB2167F53B28A
SHA-256: 5898FF559AC13E27FFDECF17F721C89F65C86DF239CB9686E3760E905D4811C0
SHA-512: 9C004BFD90B729D4C27E4E8466DA2614E411BF5AEAA789A9A9EF70E6B4083388820E05C10D13510D44074F2206352DC0CBCE64558812B6B35E9850AE95877183
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 25 of 86
Preview:<!DOCTYPE html><html class=""><head><meta charset="utf-8" /><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"defer_cookies":true});</script><title>Facebook</title><script src="https://www.google.com/recaptcha/api.js"></script><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/53WuK3r6-Bj.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="/6wss" />.<link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yI/l/0,cross/yLg62FiDjTD.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="KebV6" />.<link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/MNdyihBa-5e.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="cvPzX" />.<script src="https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/ByFjTuPCeTM.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="q66WY"></script>.<script>require("TimeSliceI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\iframe[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\invalidcert[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 2747
Entropy (8bit): 4.6225918717514975
Encrypted: false
MD5: B57B31E5FF628B5C319C902C1388164D
SHA1: 33E30D7CC1BC64D8C966B65F8701A3473CBF9A40
SHA-256: 5F6258FE7C308635635E500903D767572372A0AEA4947C1A4BD61B4687F14036
SHA-512: 077B400E107BD83A18AE46416658AD36561B2FEB87D967A957D8E67DDCB34AF83D198C5C1C422EC80803CC8B3DD70A788DD983F275B78B937FF3ECF89919C378
Malicious: false
Reputation: low
Preview:.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="newErrorPageTemplate.css">.. <meta http-equiv="x-ua-compatible" content="IE=edge">.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>This site isn’t secure</title>.... <script src="invalidcert.js" language="javascript" type="text/javascript">.. </script>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.. <body onLoad="BodyLoad(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="invalidcert_mainTitle" class="title" style="color: #a90000;">This site is not secure</div>.. <div id="invalidcert_subError" class="BodyTextBlockStyle">.. This might mean that someon
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\red_x[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size (bytes): 5139
Entropy (8bit): 7.927219122489655
Encrypted: false
MD5: 5A37A6D25E0B9CB542C80097210E49AB
SHA1: B07F05BB9E942E898E64934DD23706902D562B35
SHA-256: E161E38AFD5F01A372D22A205D0824A6A95FAD33F214149D17F62291F741AB6C
SHA-512: A6E594409F191A1E0B6F4F208616687214C6BE5D9C70959344C1F63B2FFBA28371274E90F953385393B7EBA52B7B4467ED87025CC3F769BA6F2B97BC30BFA7B3
Malicious: false
Reputation: low
Preview:.PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.*G..d;c..8.`........3.....2"[email protected]{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.*(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$*..I..0. m).8'..P..h..k@...]..C..{.*[email protected]/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\red_x[2]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Size (bytes): 5139
Entropy (8bit): 7.927219122489655
Encrypted: false
MD5: 5A37A6D25E0B9CB542C80097210E49AB
SHA1: B07F05BB9E942E898E64934DD23706902D562B35
SHA-256: E161E38AFD5F01A372D22A205D0824A6A95FAD33F214149D17F62291F741AB6C
SHA-512: A6E594409F191A1E0B6F4F208616687214C6BE5D9C70959344C1F63B2FFBA28371274E90F953385393B7EBA52B7B4467ED87025CC3F769BA6F2B97BC30BFA7B3
Malicious: false
Reputation: low
Preview:.PNG........IHDR...0...0.....W.......IDATx^.Y.tTe....RK......D..6.......(.*G..d;c..8.`........3.....2"[email protected]{.en..?.N<8.8...%.{......+....^.j<...$..('.......F..'.....7...7._A:.......6...0X^^.V2jTV^^......+L<.w...Q]]]...G....}kk......N..V........4.......3gfO.<.P..Xw7.g."x.4.jk...G..........UQ...1p.8%/.:`.9r......kok...x..........I~:.o.Y\.....V..4....o.....P.f..m..T.....c."-;...6t...O=...c...h.M.,((.w..._q..'..G..._.....7.>u..h{......8z.i..H.6.zO...].}.0.!X..L].....=`.0M..3.D.Q._s.*(.U\lVWW7n.=..D....r..$....,]Z........UUp....4D...z{;.....7T..Z0M.2.q....t)..a.....{....g?./..o...s..)b... .U...../Y2...._z....G.B.....B..$i..L..#..,..+ s...A.bX.`@7.)"@.'M.G.EzQ..u....kj..>"l.#?a.E./..b..7m.UWB!.?..........$*..I..0. m).8'..P..h..k@...]..C..{.*[email protected]/^<..Q.~=..N....;..D4ZD%i...B....0O.f.....ua1a5(.........~..>. .#.i.&.|.(....H~.'...pE..Ekx.Yd^r.b'O"~..RHDe..P...n... ....%lA.....a.b..F.i.X..a.....i,....f.q...7=.`[..l.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\referer_frame[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with no line terminators
Size (bytes): 156
Copyright Joe Security LLC 2019 Page 26 of 86
Entropy (8bit): 4.792098860976927
Encrypted: false
MD5: F05C9FA3A77F12F7CCDFD74DC99F7DF3
SHA1: 771AB81725E4D7AFC28A3C209CE8AEB9ECB70DF6
SHA-256: 54A3283B7C16D7876F3EA151F5AAEF808007B0C7FCC31C67A9C25E016754B1F3
SHA-512: 8F5E2A2CF2ED03662144ABD459E805DFC4986B16ACB547FE04964A1874D91ABBF2EFB01CEB520FF4A0B6B04746AAB2C29B533622D02CA05C03C8B9D4A422D246
Malicious: false
Reputation: low
Preview:<!DOCTYPE html><html><script>document.domain = 'facebook.com';</script></html><!DOCTYPE html><html><script>document.domain = 'facebook.com';</script></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\referer_frame[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\shieldcheck[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 4 icons, 48x48, 32 bits/pixel, 32x32, 32 bits/pixel
Size (bytes): 18290
Entropy (8bit): 5.251158595044684
Encrypted: false
MD5: B79F47673FAC7FFB2A3685461F9C9236
SHA1: D1D86CE3067725920A326AC07B080748D0CA2BDD
SHA-256: 207917F7072627786A13EF0B4641F7522D1BEFA4032A144638675D7BF29E6759
SHA-512: 9C0CD4D87D1B3B90645BC1729E9A3EF8023D43923EFC40C608986B4B114CE38D1ADA74C1902F50A22D083A26C84955AA9F9AE4BE0D922F00363F3F78145D156E
Malicious: false
Reputation: low
Preview:......00.... ..%..F... .... ......%........ ......6........ .h....@..(...0...`..... ................................................................................................................................................................................................................................................................................................................'...+...,...,...)...!...............................................................................................................................................................&OOO.XXX.\\\.[[[.[[[.WWW.LLL....c...0...&................................................................................................................................................YYY.nnn.............................XXX.TTT. S...-....................................................................................................................................;;;4ddd...........................................XXX.@@@...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: assembler source, ASCII text, with very long lines
Size (bytes): 277366
Entropy (8bit): 5.3731456845152605
Encrypted: false
MD5: A3AD6D7DAD77F233DBB890AE6A11F11D
SHA1: 68625D41BAD635E72FFB6DD9051634BCFD395B91
SHA-256: DE5197B7F0451B152B20D977EA610452FF3CC65B777A30764C985855F5A299C7
SHA-512: 671CF33E97044AEFA4C5D9A9C06DDB3D509AB3CA1F005C62C0A48D611DCDB496C34ED943335C67950A0F9DD0B73855E0270ED7BE84B2CD4132A5E4C1D6716648
Malicious: false
Reputation: low
Preview:._3_s0._3_s0{border:0;display:flex;height:44px;min-width:600px;position:relative;text-align:left;top:0;transition:top .3s, height .3s;z-index:301}.hideBanner ._3_s0,.fixedBody ._3_s0{display:none}._3_s0._1tof{position:absolute;width:100%;z-index:400}._3_s0._1toe{height:0;overflow:hidden}._3_s0 ._608m{align-self:flex-end;margin:0 auto;max-width:981px;min-width:100px;padding:0 12px;width:100%}.sidebarMode ._3_s0 ._608m{padding-right:214px}._3_s0 ._tb6{align-items:center;height:44px}._3_s0 ._608n{display:flex}._3_s0 ._3bcp{overflow:visible}._3bcs{flex:1 0 0px}._3bct{position:relative}._3bct::before{content:'';display:block;height:18px;left:-1px;position:absolute;top:4px;width:1px}._3_s0 ._3bcv{font:Helvetica, Arial, sans-serif;font-size:12px;font-weight:bold;line-height:24px}._3_s0 ._3bcy{line-height:24px}._3_s0 ._3bcz{border-radius:4px;padding:1px 4px}._1toc._1toc{border-radius:2px;box-shadow:0 0 0 2px #3578E5, 0 0 0 4px #91b4fd;overflow:hidden}._2yq ._3_s0 ._608m,._2xk0 ._3_s0 ._608m{ma
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[1].png
Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 674 x 411, 8-bit/color RGBA, non-interlaced
Size (bytes): 128434
Entropy (8bit): 7.994608835983053
Encrypted: true
MD5: 32CE7AECC990F6246618E226D36EFCF7
SHA1: C46700C2DF59E9E2BAEBF2A7C602ED7D65004901
SHA-256: 7A435FCD8D870876DA6F6AF66CEC6FE1EC4B300B3F7F381B1784D9E2F6EA2001
SHA-512: 3138D59AEB59C1E1B2818A09A31BDEA01C045016FA9E489BAEB2314E0AFE753BFB97B87F3C054522642ABB3F9FEFF43362BE72897B4B099FBBF973F901CB128B
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 27 of 86
Preview:.PNG........IHDR.....................tEXtSoftware.Adobe ImageReadyq.e<....IDATx....$.Y.....&..9hw..Y.$[.lcl0..\l.`...0.....p...&=26......GY.%[Z.Z..v..<.fvr.....=.....=.vv...Z.]U]u.Tu....'..H$..D".Xb.Q'........D".H$.....D.qE....D"]M.E.D".H$..D J".H$..D".%.H$..D"..DI$..D".H..$..D".H$..(.D".H$......H$..D"......$..D".H$.Q..D".H$..(.D".H$..D J".H$..D".%.H$...bQ.0.D J".H.$$..T.z.q.b..'.%.H$..D....>.Q..D".H.W.o.].}..FS.DI$..D"U.El......D J".H$.5.j..-...+..q:.$.Q.~.$.H..z}d....6.zH$..k...b@"..A.D".....Q..D.......#.H..q}a..$.i./N.:[email protected]"X$.H$......DIt.Y.u..|...$.]wh..\ .%.V....ol...p.t.!.H.}[email protected]./t.%......f.A.Q.N.........+...&H#...6..D".6..V...Wx.Z..'ta%..O.[........i.&.Ht]].m8..W..D.....+.. u-C.].I$.F|.]....(......V.s..-..D.k....(..([email protected]_.V.b.Z.N...H.k...D"...El...S..H$..D"...Z.+h.`.D".o.D".....s....-I;.....A..D..S. ...L".H$..D.. [email protected]".".H..$..D".#.H..t.^j.t# .Ht}$.H....E...$.i#.....O".H..D../.t.$.H.@I".H.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 100957
Entropy (8bit): 5.418460840621537
Encrypted: false
MD5: 65EE94CD9934138D80C7EC5D74BB0636
SHA1: C7E7210E31174D7E814956DE59C25E04366B3CE1
SHA-256: 4D2400795C0F731C5C71EC4948B9DC729F6C403C643D3C5A68429B65CEC599A8
SHA-512: C5704A8DBA2AA3F4F1B356FF8F6E0811512EE5A09BC9735DEDEF8ED9F2DA160D9135AD58455B1FB5374BBD03C47270697738B06DBEC218DF6110DE2DF35DF990
Malicious: false
Reputation: low
Preview:4-hy ._3ixn{background-color:rgba(0, 0, 0, .4)}.._10{height:0;left:0;position:fixed;right:0;top:0;z-index:202}.platform_dialog ._10{position:absolute}._1yv{box-shadow:0 2px 26px rgba(0, 0, 0, .3), 0 0 0 1px rgba(0, 0, 0, .1);margin:0 auto 40px;position:relative}._t{background-color:#fff;position:relative}._1yw{background-color:#6d84b4;border:1px solid #365899;border-bottom:0;color:#fff;font-size:14px;font-weight:bold}._13,._14{border-color:#555;border-style:solid;border-width:0 1px}._13:first-child{border-top-width:1px}._13:last-child{border-bottom-width:1px}._14{border-bottom-width:1px}..uiLayer{outline:none}.._57-x{padding:36px 0;text-align:center}.._53ip ._53iv{padding:15px}._53ip ._53ij{border:1px solid #8c8c8c;border:1px solid rgba(0, 0, 0, .45);border-bottom:1px solid #666;box-shadow:0 3px 8px rgba(0, 0, 0, .3)}._53ip ._572u{padding:6px 7px 6px 8px}._53ip ._5v-0{padding-bottom:10px}._53ip ._53il{padding-top:10px}._53ip ._53im{padding-right:10px}._53ip ._53ik{padding-bottom:10px}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[3].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 22189
Entropy (8bit): 5.377945656405696
Encrypted: false
MD5: F2EEE3233F2244AE328D22A9D2DB11CC
SHA1: 3D5D55A790771E29F4D6962DFE6CD75DA26EBB70
SHA-256: 7951CF164D48C096E23398E6E55603AEB8371FBA4E2FD76F5C1F94FD834A4323
SHA-512: 3545F32AC8AFC0DB6CD7F0BF46C901358E29FED96D01E656D4706C3C64A8BED6AB1E9A7348567275691D0987AD3A1921974BBE34C7A942A4E5747791A7B5CBD0
Malicious: false
Reputation: low
Preview:n:0 -61px;float:left;height:17px;margin-top:5px;width:12px}#captcha_response{padding:3px}.._5633{font-size:13px;max-width:300px;padding:13px}._2zot{max-width:300px;padding:16px}._2zou{color:#1d2129;font-size:14px;font-weight:bold;line-height:17px;margin-bottom:12px}._2zow{color:#5b5c5e;font-size:13px}._2acm{margin-bottom:-10px}._2acn{font-size:12px;line-height:14px;padding-top:6px}._2acn ._2aco{color:#1c1e21;font-size:12px;line-height:14px}._2acn ._2acp{color:#fa3e3e}._2acn ._2acq{color:#42b72a}._2acn ._2act{color:#616770;font-size:12px;line-height:14px;min-height:30px;padding-top:2px}._2acn._1pd1{background:none;color:#fa3e3e}._1pd0{color:red;font-size:14px;font-weight:bold;line-height:17px;max-width:400px;padding:6px 6px 6px 0}._1pd0 a{color:red;text-decoration:underline}._1ixn ._1pd0{margin-top:-10px}._1ixn ._1pc_{display:none;margin-top:-10px}._1ixn._5634 ._1pc_{display:block}._1pc- ._1iy_ ._5633{display:none}._5633._5634{color:#fff}._1pc_ ._5633._5634{background:none;color:red;fon
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[4].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 91617
Entropy (8bit): 5.468755545840658
Encrypted: false
MD5: 7E8C5B4484AFCFEF475A99EA9B8C7375
SHA1: 7AA3C6343DAA99A9030FB917BD2B368A959575BB
SHA-256: 06F46617CAE3AC135BC2183D66ED2DA83A41729C1360E429665005FE97639EF8
SHA-512: 50ECD4CAAE24FF50E443307D4B261B686C4BB9ABBE55301E36C7493BFC0955287DE911BDF24711C8471A8E9940B893145AE64B8D8DC5E94980E61BF0F1DD5BFD
Malicious: false
Reputation: low
Preview:(/rsrc.php/v3/y_/r/Ll6wlsOT5Z4.png);background-repeat:no-repeat;background-size:auto;background-position:0 -42px}._50-1._50z-:active,._50-1._42fs{background-image:url(/rsrc.php/v3/y_/r/Ll6wlsOT5Z4.png);background-repeat:no-repeat;background-size:auto;background-position:0 -42px}._50-1._50z_{background-image:url(/rsrc.php/v3/y_/r/Ll6wlsOT5Z4.png);background-repeat:no-repeat;background-size:auto;background-position:0 -21px}._50-1._50z_:hover{background-image:url(/rsrc.php/v3/y_/r/Ll6wlsOT5Z4.png);background-repeat:no-repeat;background-size:auto;background-position:0 -63px}._8k_v._50zy._50-1{background-image:url(/rsrc.php/v3/yh/r/ekiMN2iZ1gH.png);background-position:unset;background-size:24px 24px;height:24px;width:24px}.._5upp{background-color:transparent;border:0 none;cursor:pointer;font-size:0 !important;overflow:hidden;padding:0;vertical-align:middle}.highContrast ._5upp{font-size:11px !important;height:auto;width:auto}.._50f3{font-size:12px;line-height:16px}._50f4{font-size:14px;line
Copyright Joe Security LLC 2019 Page 28 of 86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[5].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 1203
Entropy (8bit): 4.7154524487898835
Encrypted: false
MD5: 71544915E02101F099D6A5832AF826ED
SHA1: E673CDA57EF224171DCD45EC1F4F73EEE0DF2BD7
SHA-256: 6DD597854BA9D25EED437789ED122AE165F9FA014410EDB86B4D28085CE98FE5
SHA-512: 3A1C34CD9EB4341A0F5EF3F6E74B98D5C8E5AED756EAA02824592352AC4D1375F50A1EE6ECDF8085D072B06759F8DD3ED0D5A0129FA2AA8B7575252BDA63D272
Malicious: false
Reputation: low
Preview::#365899;border-color:#29487d}.uiButtonConfirm:active,.uiButtonConfirm.uiButtonDepressed{background-color:#29487d;border-color:#29487d}form.async_saving .uiButton.uiButtonConfirm,.uiButtonConfirm.uiButtonDisabled,.uiButtonConfirm.uiButtonDisabled:active,.uiButtonConfirm.uiButtonDisabled:focus,.uiButtonConfirm.uiButtonDisabled:hover{background-color:#9cb4d8;border-color:#9cb4d8}form.async_saving .uiButton.uiButtonSpecial .uiButtonText,form.async_saving .uiButton.uiButtonSpecial input,form.async_saving .uiButton.uiButtonConfirm .uiButtonText,form.async_saving .uiButton.uiButtonConfirm input,.uiButtonSpecial .uiButtonText,.uiButtonSpecial input,.uiButtonSpecial.uiButtonDisabled .uiButtonText,.uiButtonSpecial.uiButtonDisabled input,.uiButtonConfirm .uiButtonText,.uiButtonConfirm input,.uiButtonConfirm.uiButtonDisabled .uiButtonText,.uiButtonConfirm.uiButtonDisabled input{color:#fff}form.async_saving .uiButton,.uiButtonDisabled,.uiButtonDisabled:active,.uiButtonDisabled:focus,.uiButtonDisab
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\static[6].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 3946
Entropy (8bit): 5.2775628282150056
Encrypted: false
MD5: 45583C4239A75D4D92921F177E7098FF
SHA1: BF8E7D7903020A681CEA20E2C81748F4183A093E
SHA-256: 16C5243D7F35C074CA2AEBA1E0FD3844CB72E2081854DA675F8C642C92072D11
SHA-512: 456F93F8A497F81434BAA16271BF2364A5B287FE8E4A14E6A16A72CF5ED79CCA4A3A74C42747D253051152950C34B9C7856C9F74A4E2B0860B9C7B2772B0A1A8
Malicious: false
Reputation: low
Preview:.fbForBusinessWrapper{margin:0 auto;width:980px}.fbForBusinessContent{border-bottom:1px solid #f2f2f2;position:relative}.fbForBusinessNoBorder{border-bottom:none}.fbForBusinessRightCol img{background-color:#ccc;border:5px solid #fafafa;float:right;padding:1px}.fbBusinessHomeVideo{background-color:#fff;border:1px solid #ccc}.fbForBusinessContent img,.fbForBusinessFloatedLeft{display:block;float:left}.fbForBusinessPageHeader{margin-top:40px}.fbForBusinessHomePageHeaderText{margin-top:50px}.fbMarketingMenu{list-style:none;margin:0 0 20px 0;padding:0}.fbMarketingMenu a{border-top:1px solid #e5e5e5;display:block;font-size:13px}.fbForBusinessMenuLast a{border-bottom:1px solid #e5e5e5}.fbMarketingMenu a.currentPage,.fbMarketingMenu a:hover{background:#F5F6F7 url(/rsrc.php/v3/yE/r/JQgQHls27pw.png) no-repeat center right;text-decoration:none}.fbForBusinessHelpfulLinks ul{list-style:none;margin-left:0;padding-left:0}.fbForBusinessHelpfulLinks ul li{font-size:11px;line-height:1.5}.fbForBusinessHe
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\update[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 150236
Entropy (8bit): 5.6790833518844455
Encrypted: false
MD5: BB68326AB949321C0D2CAED37CABDB82
SHA1: 59A93D359C6C2D55EEE8ED3D725713093DDB39D5
SHA-256: C26613C33BE6F0EB9E4DBB6D7CE2476EF5404192A766ED16201C7FEEE4C02099
SHA-512: 711C35806487E940CA2E4C5DBA15237F48862BDC0179AF227084AC8833F79EFC4CFAE0853A3AD33994045877E3E5053F3EB6CA936B88E126B055670B6908D9B9
Malicious: false
Reputation: low
Preview:<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_token":"AQ75ExhV2hnaK
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\webworker[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 102
Entropy (8bit): 4.880013455878573
Encrypted: false
MD5: A862AD4909E8489D94DF3C57232CF8B0
SHA1: 7DF90F39B5E23BF52C5A507B8F0B69FFA49DFBCC
Copyright Joe Security LLC 2019 Page 29 of 86
SHA-256: CB3C497139AE397DE30A289E13E912F29069193AB6D5B44E3AE5212D3BDA8DA8
SHA-512: 45A8E5E120BEB84AC68B68E90241B99645FAEE7441E94670E27ABBC2707EEA07DF88E4259A50E0D4CBB97E2FD773B1736EFE6904DF0FD8E7D3D3EA37FEE13FE9
Malicious: false
Reputation: low
Preview:importScripts('https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js');
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\webworker[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\webworker[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 102
Entropy (8bit): 4.880013455878573
Encrypted: false
MD5: A862AD4909E8489D94DF3C57232CF8B0
SHA1: 7DF90F39B5E23BF52C5A507B8F0B69FFA49DFBCC
SHA-256: CB3C497139AE397DE30A289E13E912F29069193AB6D5B44E3AE5212D3BDA8DA8
SHA-512: 45A8E5E120BEB84AC68B68E90241B99645FAEE7441E94670E27ABBC2707EEA07DF88E4259A50E0D4CBB97E2FD773B1736EFE6904DF0FD8E7D3D3EA37FEE13FE9
Malicious: false
Reputation: low
Preview:importScripts('https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js');
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\2WTNpTnlfW7[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 73617
Entropy (8bit): 5.518741319973243
Encrypted: false
MD5: B346638146C98EE0C1038B7375FB64B3
SHA1: 04CA9FB1579E9917A04BF05CCC0427BFCAECBF31
SHA-256: 84B02E6894E4A95B3D9EE7A1C06F663A4D0E87950865BDF4DB35568819F40148
SHA-512: 99A4946B200B311AB7F87C7ACEEDE18AAA20A08B856F1F5818FFDE347F3AC60173A2BB5BB47A7A285B5D526F005851A053C12A80BE37542F59E41D5D1CD04381
Malicious: false
Reputation: low
Preview:;height:1px;margin-left:8px;width:189px}._4ejc{background-color:#e9ebee}._3tf{padding-left:12px;padding-top:2px}._2xo._3tj,._2xo._3tk{display:none}._1cgn{display:inline-block}._1cgo{background:#3b5998;border-radius:3px;display:block;height:6px;opacity:.5;width:6px}._2xp ._1cgo{opacity:1}._3sy:hover ._53qx{background-image:url(/rsrc.php/v3/yV/r/nYN5Om6ilwl.png);background-repeat:no-repeat;background-size:auto;background-position:-15px -149px}._3sy:hover ._53qy{background-image:url(/rsrc.php/v3/yV/r/nYN5Om6ilwl.png);background-repeat:no-repeat;background-size:auto;background-position:-18px -379px}._gu1{margin-left:-6px;margin-right:-6px}._3tj,._3tk{display:inline;height:12px;position:absolute;top:20px;width:8px;z-index:4}._53qy{background-image:url(/rsrc.php/v3/yV/r/nYN5Om6ilwl.png);background-repeat:no-repeat;background-size:auto;background-position:-17px -397px}._53qx{background-image:url(/rsrc.php/v3/yV/r/nYN5Om6ilwl.png);background-repeat:no-repeat;background-size:auto;background-pos
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\32213527_1720875981299142_7601737152052854784_n[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 56 x 56, 8-bit/color RGBA, non-interlaced
Size (bytes): 5644
Entropy (8bit): 7.404002460860178
Encrypted: false
MD5: 7945FAB65F43CC4095AF537FDE0AE8EC
SHA1: 35B2D0A19F68928891D7461D22CDE51B5F60DB56
SHA-256: C267CF85D83DAC40D205245F3644F432F918455AC4F882BB8691A4F86ADECE38
SHA-512: 49AFA11ADCD62394574F3390D8F198AA8BA42405D050E9286BC956E1BE06A06FDCCE5DFA15B71D1C50F6D534B2A32D8D8324E7FC8F64B108A1B1204C477D59FF
Malicious: false
Reputation: low
Preview:.PNG........IHDR...8...8.......;.....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.6-c138 79.159824, 2016/09/14-01:09:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CC 2017 (Macintosh)" xmpMM:InstanceID="xmp.iid:370E241A4A5511E89148E8D8B1CAB690" xmpMM:DocumentID="xmp.did:370E241B4A5511E89148E8D8B1CAB690"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:370E24184A5511E89148E8D8B1CAB690" stRef:documentID="xmp.did:370E24194A5511E89148E8D8B1CAB690"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>[email protected].,.n...].\.......\!.\{..z...|$M..}y..H..$....x[nD...A.V.:...
Copyright Joe Security LLC 2019 Page 30 of 86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\46twG_p7jIg[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 13441
Entropy (8bit): 5.338512459703956
Encrypted: false
MD5: 4FAF998117ED5BA4107F4493E3F8D06E
SHA1: F432C640E89F390BE9E5F84A08E1E7A26DCDAD23
SHA-256: 0E00D38E5A3CBFB9D4AB7516BBF80909480ACF33B61C522600CEA1950FEF8568
SHA-512: 9440F28EEE8D4D6136B2E35C2256A168D706509176F54E030E694FB1E01E5B2A3A3B14492E7F35945A893A35E742DC0D2EB02BC06458C2A26601D4A33F81785A
Malicious: false
Reputation: low
Preview:f(i===!0||i===b("PageTransitionsRegistrar").DELAY_HISTORY){var j={sender:this,uri:c,id:e};try{b("Arbiter").inform("page_transition",j)}catch(a){}return i}else g.splice(h,1)}}return!1},disableTransitions:function(){z=!0},disableScrollAnimation:function(){A=!0},_hasBootloadErrors:function(){return b("Bootloader").getErrorUrls().size>0},unifyURI:function(){this._init(),s=u=w,x=v},transitionComplete:function(a){a===void 0&&(a=!1);this._init();y=!1;B._executeCompletionCallbacks();B.unifyURI();a||s&&B.restoreScrollPosition(s);try{document.activeElement&&document.activeElement.nodeName==="A"&&document.activeElement.blur()}catch(a){}},_executeCompletionCallbacks:function(){var a=b("PageTransitionsRegistrar")._getCompletionCallbacks();a.length>0&&(b("PageTransitionsRegistrar")._resetCompletionCallbacks(),a.forEach(function(a){return a()}))},registerCompletionCallback:b("PageTransitionsRegistrar").registerCompletionCallback,rewriteCurrentURI:function(a,c){__p&&__p();this._init();var d=b("PageTra
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\53WuK3r6-Bj[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 92
Entropy (8bit): 4.897225989287647
Encrypted: false
MD5: D5B608FC45625AB55CE9A7545E8D513F
SHA1: C1C62D289C0AA2398E2A19880193F398CEA65796
SHA-256: 34E6BFF36C5A68EF538B704734507D0F4FFBAD1E23F58275E5821EF494E9C617
SHA-512: 1D2B1A330617E284395444B09C1D23CECA773DE430F54D1FD71547EE1A627E56074D024820C9E48DC373D381C5919B8ABEB15369611329845C3ADE1E0547D650
Malicious: false
Reputation: low
Preview:._7t5v{margin:0}..#bootloader__6wss{height:42px;}.bootloader__6wss{display:block!important;}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\7W_zzge2D8D[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1470239
Entropy (8bit): 5.512966585182578
Encrypted: false
MD5: 70D015A25782B3C9A586F20CAC0B4115
SHA1: 200FF689AF99734837F428BF8DAB00B0237F41DA
SHA-256: 84A945E432E7761F1AEAAB57673E01B3021C4E1DE03D68C79A2A7ED462AA23FE
SHA-512: 211DAEE72EE261214083155167E45AA196F0A07C625D90CD87A84DE8F5BC665AEE691143F641FD6319EE3AF5E4F08A8FE18EBC5E7041F1506D1972194F2A26F7
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["iJOX7"]); }..__d("UFI2ViewOption",["qex"],(function(a,b,c,d,e,f){"use strict";a={isChronologicalOrder:function(a){var c=b("qex");if(a==="FRIENDS_COMMENTS"&&!c._("1080217"))return!1;switch(a){case"RECENT_ACTIVITY":case"RANKED_THREADED":case"RANKED_UNFILTERED":case"LIVE_STREAMING":case"RANKED_SUB_REPLIES":case"RANKED_REPLIES":return!1}return!0}};e.exports=a}),null);.__d("UFI2CommentsListState",["invariant","ErrorUtils","FBLogger","UFI2ViewOption","gkx"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();function h(a){var b=a.count,c=a.direction,d=a.error,e=a.hasMore,f=a.isLoading,g=a.pageSize;a=a.totalCount;if(a!=null&&a===0)return null;if(b===0)return null;return!e?null:{__type:"PAGER",count:Math.min(b,g),direction:c,status:{error:d,pending:f}}}function i(a){var b=a.count,c=a.expanded;a=a.minCountToShowCollapser;if(!c)return null;if(a==null)return null;return b<=a?null:{__type:"REPLIES_COLLAPSER",count:b}}function j(a){var b=a.error,c=a.e
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\9VJ3J79N.gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 42
Entropy (8bit): 3.0241026136709444
Encrypted: false
MD5: B4682377DDFBE4E7DABFDDB2E543E842
SHA1: 328E472721A93345801ED5533240EAC2D1F8498C
SHA-256: 6D8BA81D1B60A18707722A1F2B62DAD48A6ACCED95A1933F49A68B5016620B93
SHA-512: 202612457D9042FE853DAAB3DDCC1F0F960C5FFDBE8462FA435713E4D1D85FF0C3F197DAF8DBA15BDA9F5266D7E1F9ECAEEE045CBC156A4892D2F931FE6FA1BB
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 31 of 86
Preview:GIF89a.............!.......,...........2.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\9VJ3J79N.gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\EIBLZYAZ.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 128884
Entropy (8bit): 5.697944420738502
Encrypted: false
MD5: A7F8C6F06296E8A7E68FB6D5CC0B1748
SHA1: 7478F1A8D704AC0D57B32E85831C3916F7F5562D
SHA-256: 7CABA592CA659A912BC88A23AE90FF733B8AD363ED1BB931403FA10B51A2B3C6
SHA-512: D8D65F4FF1E9308D5095F5A2D62FB93A579905D8FE14AE99E6E7EEC4E4B755F90CF138DD586320EB6CF2977C06307BBEEB134FC93DCAE9D91037638831A73BB5
Malicious: false
Reputation: low
Preview:<!DOCTYPE html>.<html lang="fr" id="facebook" class="no_js">.<head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\G7XzcaS1QmM[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: assembler source, ASCII text, with very long lines
Size (bytes): 40559
Entropy (8bit): 5.299128697378859
Encrypted: false
MD5: E7DAEE3856CAC034345985CABF8A5E44
SHA1: 97DC3E314618D7CAB303C2F0139EB0B125C93A13
SHA-256: D913361E0F24CB09735DD026A37A8E6F991438574C226705DEF782158988C642
SHA-512: D9C7F6EA8DB1C969095D6E85DC763EFD0F41983F3E4CC9B6B6E488B076EA97AD762E310E5C38D5457E3137AA390AAE12B68F0605F7ABE0DC89BFF7FB9C0A9FB0
Malicious: false
Reputation: low
Preview:._3_s0._3_s0{border:0;display:flex;height:44px;min-width:600px;position:relative;text-align:left;top:0;transition:top .3s, height .3s;z-index:301}.hideBanner ._3_s0,.fixedBody ._3_s0{display:none}._3_s0._1tof{position:absolute;width:100%;z-index:400}._3_s0._1toe{height:0;overflow:hidden}._3_s0 ._608m{align-self:flex-end;margin:0 auto;max-width:981px;min-width:100px;padding:0 12px;width:100%}.sidebarMode ._3_s0 ._608m{padding-right:214px}._3_s0 ._tb6{align-items:center;height:44px}._3_s0 ._608n{display:flex}._3_s0 ._3bcp{overflow:visible}._3bcs{flex:1 0 0px}._3bct{position:relative}._3bct::before{content:'';display:block;height:18px;left:-1px;position:absolute;top:4px;width:1px}._3_s0 ._3bcv{font:Helvetica, Arial, sans-serif;font-size:12px;font-weight:bold;line-height:24px}._3_s0 ._3bcy{line-height:24px}._3_s0 ._3bcz{border-radius:4px;padding:1px 4px}._1toc._1toc{border-radius:2px;box-shadow:0 0 0 2px #3578E5, 0 0 0 4px #91b4fd;overflow:hidden}._2yq ._3_s0 ._608m,._2xk0 ._3_s0 ._608m{ma
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\RCJbNX5Ogbs[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 30644
Entropy (8bit): 5.271329427653729
Encrypted: false
MD5: DECC2D9EBA27F0A81AF9A3839CBED25D
SHA1: 51AC49493DFE1D0DF0C58103F4CB9C1CA21B8B62
SHA-256: 85B12676A1C40FCC2122E0E9E818C5CBA56FD6E436632C75809301FE2B4A56E5
SHA-512: 679B4EA60B098D954CBB33B1A64DD5384AC08189ED552CC80A0F65B6F3347A49DEE1C03AC6B44D583236F25900201CCAC5B9B37F8F0184A32FAB5359973373E6
Malicious: false
Reputation: low
Preview:Nb(b,c,d,a){var e=Object.create(P);e.size=b;e._root=c;e.__ownerID=d;e.__hash=a;e.__altered=!1;return e}var Ob;function Pb(){return Ob||(Ob=Nb(0))}function Qb(a,b,c){var d,e;if(!a._root){if(c===g)return a;e=1;d=new Fb(a.__ownerID,[[b,c]])}else{var f=j(h),k=j(i);d=Rb(a._root,a.__ownerID,0,void 0,b,c,f,k);if(!k.value)return a;e=a.size+(f.value?c===g?-1:1:0)}if(a.__ownerID){a.size=e;a._root=d;a.__hash=void 0;a.__altered=!0;return a}return d?Nb(e,d):Pb()}function Rb(a,b,c,d,e,f,h,i){if(!a){if(f===g)return a;k(i);k(h);return new Jb(b,d,[e,f])}return a.update(b,c,d,e,f,h,i)}function Sb(a){return a.constructor===Jb||a.constructor===Ib}function Tb(a,b,c,e,g){if(a.keyHash===e)return new Ib(b,e,[a.entry,g]);var h=(c===0?a.keyHash:a.keyHash>>>c)&f,i=(c===0?e:e>>>c)&f;e=h===i?[Tb(a,b,c+d,e,g)]:(c=new Jb(b,e,g),h<i?[a,c]:[c,a]);return new Gb(b,1<<h|1<<i,e)}function Ub(a,b,c,d){a||(a=new l());c=new Jb(a,K(c),[c,d]);for(var d=0;d<b.length;d++){var e=b[d];c=c.update(a,0,void 0,e[0],e[1])}return c}funct
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\anchor[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 24023
Copyright Joe Security LLC 2019 Page 32 of 86
Entropy (8bit): 5.934309042036346
Encrypted: false
MD5: 9226A2B31E2D1285C8B910B459BCB7B7
SHA1: 8039CE323F01D128255F32FF875891CD2D91D54F
SHA-256: 1C21F67A5A11BA4E4E439D5C6C96E9EAE14F0D2E003C9DA95758B69357B51044
SHA-512: FF464DD9A7A26FA244EC73CEA15AA0802533A76C52DD035AF83E0CD97DBD2B2E66D86D442DDAAF7FD4B3CF8C9A86FFA8D8F811D0DE9D2D5283303621212C967D
Malicious: false
Reputation: low
Preview:<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<style type="text/css">.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: local('Roboto Medium'), local('Roboto-Medium'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 900;. src: local('Roboto Black'), local('Roboto-Black'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf) format('truetype');.}..</style>.<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/styles__ltr.css"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\anchor[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 729
Entropy (8bit): 5.307100676703662
Encrypted: false
MD5: 8E559D3F7B47CE093BFF7944209EE7FF
SHA1: 9579F3461B3BC631EED79E5CF6D7C9DDBDDA0F12
SHA-256: 3211CD82CE26FEC042B2543617D3138A366D470FA74ED56788C3B0956C9F9FFB
SHA-512: 832F28065A2BEE6AF74970D238D6A7569050C903D4B7BC718777E9E26AC1F0431F1D7051F154781CA0A5DA7F77163DB565C5E8C0DD6FF3709CAE649BC26E007A
Malicious: false
Reputation: low
Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};(cfg['enterprise']=cfg['enterprise']||[]).push(false);(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s); })();
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\b6E9gAus05g[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 143812
Entropy (8bit): 5.441344883596137
Encrypted: false
MD5: 434A94F8678D5ED84ECA8BC372EF3933
SHA1: 37C99E1585108243DB8FBB91227E78D8CCF15926
SHA-256: 001214D50A3B6B30053D0D9A9C1A5475CA8DB8C16B3EC1D5FF49B245D734CB11
SHA-512: F471092B410C68EC1CC003919D08C646CB71285B2B12A7FDD8B136E15CB9511B84D6B4A468D43C0ED99E70A8E3C27BACC9B75DD84785D030709E77BF7464FB46
Malicious: false
Reputation: low
Preview:tils","nullthrows"],(function(a,b,c,d,e,f){"use strict";__p&&__p();a=function(){__p&&__p();function a(){this.$1={}}var c=a.prototype;c.log=function(){b("GeneratedLoggerUtils").log("vpsp_proxy:VideoPlayerShakaPerformanceLoggerConfig",this.$1,b("Banzai").BASIC)};c.logVital=function(){b("GeneratedLoggerUtils").log("vpsp_proxy:VideoPlayerShakaPerformanceLoggerConfig",this.$1,b("Banzai").VITAL)};c.logImmediately=function(){b("GeneratedLoggerUtils").log("vpsp_proxy:VideoPlayerShakaPerformanceLoggerConfig",this.$1,{signal:!0})};c.clear=function(){this.$1={};return this};c.getData=function(){return babelHelpers["extends"]({},this.$1)};c.updateData=function(a){this.$1=babelHelpers["extends"]({},this.$1,a);return this};c.setAccessToken=function(a){this.$1.access_token=a;return this};c.setAdditionalBufferedRanges=function(a){this.$1.additional_buffered_ranges=a;return this};c.setAppendedBufferMs=function(a){this.$1.appended_buffer_ms=a;return this};c.setBandwidthEstimate=function(a){this.$1.bandw
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\background_gradient[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 100x100, segment length 16, baseline, precision 8, 1x800, frames 3
Size (bytes): 453
Entropy (8bit): 5.019973044227213
Encrypted: false
MD5: 20F0110ED5E4E0D5384A496E4880139B
SHA1: 51F5FC61D8BF19100DF0F8AADAA57FCD9C086255
SHA-256: 1471693BE91E53C2640FE7BAEECBC624530B088444222D93F2815DFCE1865D5B
SHA-512: 5F52C117E346111D99D3B642926139178A80B9EC03147C00E27F07AAB47FE38E9319FE983444F3E0E36DEF1E86DD7C56C25E44B14EFDC3F13B45EDEDA064DB5A
Malicious: false
Copyright Joe Security LLC 2019 Page 33 of 86
Reputation: low
Preview:......JFIF.....d.d......Ducky.......P......Adobe.d................................................................................................................................................. ...............W..............................................................Qa.................................?......%.....x......s...Z.......j.T.wz.6...X.@... [email protected].%...m..D.25...T...F.........p......A..........BP..qD.([email protected]?..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\background_gradient[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\eQUWlompwsJ[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: C source, ASCII text, with very long lines
Size (bytes): 134189
Entropy (8bit): 5.388270430821032
Encrypted: false
MD5: DC55EA77ECD7AE6860D02A32552E803A
SHA1: 7924DA04807CFDA0565070B827BB2196CC3E2E33
SHA-256: C56BC3F2BC5017D7366DFC6684A06BCF0BA8BD02179C8EBB65AE0C16D19189B2
SHA-512: 8CFC5EC2A2866A1AF784F572F63978F709D2A2CC3773DDDB1BF940B7B5F24CB888035DC0ABB766BF65A7F897639C1AE95CCA9ABB2FE1B3900676C19BA88CBEF5
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["vpZab"]); }..__d("PixelRatioConst",[],(function(a,b,c,d,e,f){e.exports={cookieName:"dpr"}}),null);.__d("TimezoneAutoset",["AsyncRequest","DateConsts","FBLogger","emptyFunction","killswitch"],(function(a,b,c,d,e,f){__p&&__p();var g=(c=b("DateConsts")).HOUR_PER_DAY,h=c.MIN_PER_HOUR,i=c.MS_PER_SEC,j=c.SEC_PER_MIN,k=!1;function l(a){var c=h*g,d=new Date(),e=d.getTimezoneOffset();d=d.getTime()/i;var f=15;a=a-d;d=Math.round(a/(f*j))*f;d!=0&&b("FBLogger")("TimezoneAutoset").warn("Adjusting timezone offset for clock skew. Browser offset: %s. Raw skew %s. Rounded skew %s",e,a,d);f=Math.round(e+d)%c;f>12*h?f-=c:f<-14*h&&(f+=c);return f}function a(a,b,c){m({serverTimestamp:a,serverTimezone:null,serverGmtOffset:b,forceUpdate:c})}function m(a){__p&&__p();var c=a.serverTimestamp,d=a.serverTimezone,e=a.serverGmtOffset;a=a.forceUpdate;if(!c||e==null)return;if(k)return;k=!0;c=-l(c);var f=b("killswitch")("TIMEZONE_SET_IANA_ZONE_NAME")?null:n();if(a||c!=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\facebook[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 130689
Entropy (8bit): 5.710361225153427
Encrypted: false
MD5: A05E1880E0D3D317BD2610595AC3DA10
SHA1: E02DBF9A31BEBCA97B1AC1E8044EAF1D1B7BCA47
SHA-256: 97E76EED0D588A94DD824F38C272525944101D1149E33FABEE38F69AFCBCC994
SHA-512: 155C4DB103339595D20AA4CA22E9BCC199EE174DEC00C1CBE233B8E0EC666F945F45DFB30E10F948955182FBD6CE1816E291A7F918524E6BF74B2831A92A7D43
Malicious: false
Reputation: low
Preview:<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_token":"AQ75ExhV2hnaK
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\hsts-pixel[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 86
Entropy (8bit): 2.7374910194847146
Encrypted: false
MD5: 1A6177096ABF1F34E0368C14CBE5ABB4
SHA1: B2FD9CEB38886E882C536AAAC271D66010BE3F94
SHA-256: AF1F7333005242BDE96A22450229B5EBE670CB46EF8C3DEF185638AEA555AB4C
SHA-512: D2E710278A3A91612F655E85BA3407AEF607ED6CFBBAAF48CF3C0FC282270A14196CCE8F315CF1C6D903A8BBBC71729332520AB4F79F113DB149958D2F2192C5
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\iframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 25716
Entropy (8bit): 5.587503946243955
Encrypted: false
MD5: 42CC5412A02AFBA7CD1F6B61BE52D940
Copyright Joe Security LLC 2019 Page 34 of 86
SHA1: 43BBBEAB628AF5F4936376BDBD2513FD5C87E349
SHA-256: 4F69057D0D04537D3698BE7E69403DD5B55C4700245A6E9C880FEB4C36C555A6
SHA-512: DB5E17F2295650FD8B46B67D2383152494204FFAD3ACEEB4FA4055C5FAE4BD0E7B311BA895C7CC4E73E8BBB5C8F01D99088BDA21BACF70D0DE79B8765F7E403C
Malicious: false
Reputation: low
Preview:<!DOCTYPE html><html class=""><head><meta charset="utf-8" /><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"defer_cookies":true});</script><title>Facebook</title><script src="https://www.google.com/recaptcha/api.js"></script><link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0,cross/53WuK3r6-Bj.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="/6wss" />.<link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/yI/l/0,cross/yLg62FiDjTD.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="KebV6" />.<link type="text/css" rel="stylesheet" href="https://static.xx.fbcdn.net/rsrc.php/v3/y5/l/0,cross/MNdyihBa-5e.css?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="cvPzX" />.<script src="https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/ByFjTuPCeTM.js?_nc_x=Ij3Wp8lg5Kz" data-bootloader-hash="q66WY"></script>.<script>require("TimeSliceI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\iframe[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\invalidcert[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Size (bytes): 19690
Entropy (8bit): 5.4554138039640305
Encrypted: false
MD5: 605CD6F5424CACBAFEA622F1C706350F
SHA1: C27D0EC6C1CEB9B688B9A28D9E728E62637D2E40
SHA-256: 782ACB868EB3552668197C2CD706639D869D12B8AA38EAF6AC81587FF3B2B7BD
SHA-512: D4A7E00BA1FB4C3BECD52C1AEBA34C52C08A78EFBAE4CAB01C88A61ADCA32428B9C003B609023511605E72B9C802FC6B9305733F92ED5802BDACFDCD6199BE8C
Malicious: false
Reputation: low
Preview:...function CertError()..{..error = '0';..DocQuery=document.location.search;..BeginError = DocQuery.indexOf("SSLError=");..if (BeginError > 0)..{..BeginError += 9;..EndError = DocQuery.indexOf("&", BeginError);..if (EndError > 0)..{..error = DocQuery.substring(BeginError,EndError);..}..else..{..error = DocQuery.substring(BeginError);..}..}..return error;..}..function PreventIgnoreCertErrors()..{..Policy = '0';..DocQuery=document.location.search;..BeginPolicy = DocQuery.indexOf("PreventIgnoreCertErrors=")+24;..if (BeginPolicy > 0)..{..EndPolicy = DocQuery.indexOf("&", BeginPolicy);..if (EndPolicy > 0)..{..Policy = DocQuery.substring(BeginPolicy,EndPolicy);..}..else..{..Policy = DocQuery.substring(BeginPolicy);..}..}..return Policy;..}..function closePage() {..window.close();..}..function BodyLoad()..{..var iError = CertError();..var iPolicy = PreventIgnoreCertErrors();..var sRealPageUrl = RealPageURL();..var iCertUnknownCA = 16777216;..var iCertExpired = 67108864;..var iCertCNMismatch
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\lZ86cv9aR90[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 115567
Entropy (8bit): 5.787756542652454
Encrypted: false
MD5: 0523AEAC81811CFDA231FD8ECC59E4B7
SHA1: 10DFF54A6A8ECEB8E308E2BFDC4CC439F8803E4B
SHA-256: AFBB75EB37C47616458084B752A34EAEFB7CC25BBE612ED1787D80BD0AAA636F
SHA-512: 95FDF4FD0B8BBF14E23A2304C4A1340A884272AB40D14C53AACE365F1AE5D57E7E50DD4BBF9B0DEFAE15FCE7676371E28B31E8C0E7C4853AEB07C42E593073CE
Malicious: false
Reputation: low
Preview:B2c6IeXPt8BRO/ZmpoeGYbR1/D2B8Oast2+Dt3Ae7zFXag6mOrG6rtsqGhH6KiseurGqpj7HagHqF1LLNqG2ssY3V1H3V1YixrGmq0LqFyHg77B/dWrQoB4fddNAr7wvtadvpydwH3nfmXFVQG+5/+cgXBBg778vhedvekdwGslwoO+1j4Xnb3pHcS91eXCvsSFvc994VJqgUTwPsf+6QFDvcwfcdjdvkjxxKs0HzR94DOE7ThtRVqrr10yxvr3c3ryx8TbPcU+zfOnvsw91X3OfdxBToG+wn7TFjHUL5YpBnerMLF1xrjRdb7AfsKPzM2Q7hW0mceE7Qra0FLKxpYnV2uaB7z+CgVE6x1oYCorhrDt7/Wz7xbT0heYENsHmiabp51oAg8+9MVE7SFm4icnBrZzL7asB7Ocs5WzTwINE9GVkIbSVyvuHcfDvsx9/l2+Ah3AfdF+IkVjoqq+zjOoEH3KY+P9zN0BdIH+zN0h47X9yhHoWz7NoeK+wv3CmFR9yU8BYYH+yc9t1AFDvvYfbAKjhVMCg772PsrpAq+FXQK+9h99wT3gbAK9/QVTAr78QRMCg772Psrdveod/eQ9wQSu/cCWtAT8Mr39RVMCnX7whUT6HQK+4d99wT4/HevCvc492AVn/iSBTkGovySBXX7XRWAlpiFnBsT4KuhpaqodaVrnwr7h2yf+Oj3BK8K9xH4cxV0/JIF3QZ3+JIFTvddFRPggYCGfXwabqJxrKuhpaiqdaVren6FgIAeDvsmffcE+K3KEt7CbPcCzcMT6Pdg92AVZKhwqK4ar6ybwKIexKPFqOka5D3l+xFoc4aGdx5MB5Cio5CoG+vBU05VYXdYdR9Qc1tuTBpZtWW2cB5d+1AVgJaYhZwbE9iqoqWqqHSlbJ8K+yZ9yvit9wQStsPN9wJswhPo90b4dBWybqZuaBpnantWdB5Sc1FuLRoy2TH3Ea6jkJCfHsoHhnRzhm4bK1XDyMG1n76hH8
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\referer_frame[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with no line terminators
Size (bytes): 156
Entropy (8bit): 4.792098860976927
Encrypted: false
MD5: F05C9FA3A77F12F7CCDFD74DC99F7DF3
SHA1: 771AB81725E4D7AFC28A3C209CE8AEB9ECB70DF6
SHA-256: 54A3283B7C16D7876F3EA151F5AAEF808007B0C7FCC31C67A9C25E016754B1F3
SHA-512: 8F5E2A2CF2ED03662144ABD459E805DFC4986B16ACB547FE04964A1874D91ABBF2EFB01CEB520FF4A0B6B04746AAB2C29B533622D02CA05C03C8B9D4A422D246
Malicious: false
Copyright Joe Security LLC 2019 Page 35 of 86
Reputation: low
Preview:<!DOCTYPE html><html><script>document.domain = 'facebook.com';</script></html><!DOCTYPE html><html><script>document.domain = 'facebook.com';</script></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\referer_frame[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\static[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 19510
Entropy (8bit): 5.295198951648273
Encrypted: false
MD5: D4B3958B4E088D79B3A59C276A9EEC1C
SHA1: 29ABE3D222ABFE176A81094BBD59827A2B57FD1B
SHA-256: 11819581E0AD0B6D0065858C924D051BCEEB97C01BBA5EDAA68A32DA77D021BE
SHA-512: C64D0B6D989F8F031CFC98758F072C0E5C4F92646DB01BFBE5D9306FFE60E18AB66E2BB7756D1349B248D143E5F8AEFB67730D3B94CE68B70B744D069ADF0C21
Malicious: false
Reputation: low
Preview:.._5tkn{background-color:#fff}._5tkn a{color:inherit;text-decoration:underline}._5tkn a:hover{text-decoration:none}._28_g{margin:0 auto;width:1000px}._28_h{background:#000}._5tko,._5tkp{display:inline-block;vertical-align:top}._5tko{top:48px;width:324px}._5tkp{border-left:1px solid #dde1e8;width:674px}._3x93{padding:0 0 100px 48px}._3x94{margin-bottom:24px}._xpp{margin:30px 0}._xpq{display:inline-block;height:56px;margin-left:18px;width:5px}._xpr{display:inline-block;margin:-3px 0 0;padding-left:18px;vertical-align:top;width:512px}._1tvy{padding:14px}body[dir=rtl] ._1tvy.img,body[dir=rtl] ._3h8s i,body[dir=rtl] ._575i i{transform:scaleX(-1)}._q4w{padding-right:34px}._5-x{display:none}._b_1:hover ._5-x{display:inline-block}._5-2{display:inline-block}._b_1:hover ._5-2{display:none}._1tvz{color:#4b4f56;cursor:pointer;font-family:Lucida Grande, Tahoma, Verdana, Arial, sans-serif;margin:auto 0;overflow:hidden;padding-left:12px;position:relative;width:312px}._b_1{border-bottom:1px solid #c7c
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\static[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1288
Entropy (8bit): 5.389528309340463
Encrypted: false
MD5: E19FBE2B5DB731FE6D838536355A3429
SHA1: 5C7304E20568F122425A46394B5982D5F9993EF8
SHA-256: 8088DAF4BB071141F2B0C4A06A37ED00088EA981D4D370AF189B4FCF1719EC54
SHA-512: 9B6280D0DBE7C7C3386C0FA4BF07233CB343668FC8C95B04F025842C2FE27AF77F0A35A3EFF1BFFEF094E90799AB3586BA2E2731A38EA7170EFAA359254FE3A7
Malicious: false
Reputation: low
Preview:ckground-color:#fcd872}._1-r8 ._t3o:hover ._t3q{color:#e1a43b}._1-r8 ._t3o:hover ._17la{background-color:#e1a43b}._1-r8 ._t3q{color:#fcd872}._1-r8 .__35:hover{background-color:#e1a43b}._1-r8 ._83p{color:#fcd872}._1-r8 ._83p:hover{background-color:#fcd872;color:#fff}..sp_ytT7zHccmZQ{background-image:url(/rsrc.php/v3/y8/r/W7ScNkQaJC6.png);background-size:auto;background-repeat:no-repeat;display:inline-block;height:41px;width:41px}.sp_ytT7zHccmZQ.sx_2df7e7{background-position:0 0}.sp_ytT7zHccmZQ.sx_305fc6{background-position:0 -42px}.sp_ytT7zHccmZQ.sx_5f52ed{width:7px;height:11px;background-position:-29px -420px}.sp_ytT7zHccmZQ.sx_e38f88{width:28px;height:28px;background-position:0 -420px}.sp_ytT7zHccmZQ.sx_2af63d{width:28px;height:28px;background-position:0 -449px}.sp_ytT7zHccmZQ.sx_9c3933{background-position:0 -84px}.sp_ytT7zHccmZQ.sx_fd2e69{background-position:0 -126px}.sp_ytT7zHccmZQ.sx_58412b{background-position:0 -168px}.sp_ytT7zHccmZQ.sx_bdc914{background-position:0 -210px}.sp_ytT7
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\static[3].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 13831
Entropy (8bit): 5.419071803298527
Encrypted: false
MD5: 9A63D518D925C663485275812DA1E9AE
SHA1: 17E497E872142E6AD177F4961A245F07653E10ED
SHA-256: F1AD11572B156C67F813E4A9E461F0DF0A7B5F16FA0DAF8DCCEC91A22A38157E
SHA-512: 3888D846585B9B368B4B4E5A821567F2817DA33735DFC95766D23D7C98D7FCD798136B53980C4286CC59BD66E8F40D0BDF1A63E14DC2154A6619D09C2A7EF529
Malicious: false
Reputation: low
Preview:div._2as{height:57px;padding:0}._5fd9{display:none;text-align:center}._5fd9,._2ay{padding:16px 0}._2ay,._2ay:hover{display:block;padding-left:28px;text-decoration:none}.async_saving ._5fd9{display:block}.async_saving ._2ay{display:none}.._pu-{background-color:#f5f6f7;border-bottom:1px solid #dddfe2;border-top:1px solid #dddfe2}._pu_:hover{background-color:#f5f6f7}._pv0{vertical-align:middle}._pu- ._pv0{height:50px}._pu_ ._pv0{height:60px}._pu_ ._pv1{text-align:center}._62_k{border-bottom:solid #fff;border-width:1px 0;color:#ccc;font-size:22px;font-weight:bold;padding:60px 0;text-align:center}.._275p{font-size:12px;line-height:16px;margin-top:8px}._275q{color:#4b4f56;font-size:11px;font-weight:bold;line-height:15px;margin-bottom:4px}._4w02{max-height:365px;overflow-x:hidden;overflow-y:auto}..groupAddMemberTypeaheadBox .plusIcon{left:8px;position:absolute;top:7px;z-index:2}.groupAddMemberTypeaheadBox{margin-top:10px;padding-right:4px;padding-top:0;position:relative}.groupAddMemberTypeahe
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\styles__ltr[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 36 of 86
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 139838
Entropy (8bit): 6.080690295781074
Encrypted: false
MD5: 9DDC9BCA973CBEBDE3F58D5A44338877
SHA1: 8EED61EFDE8FC465379F09529D60B777C74DE302
SHA-256: DEC9ADBC5FB4C035613375864CC8A7A179223D6351A2EC3AE29E0D5BB5FD0CED
SHA-512: 74422748383350D78899F4865CDC2D2917A0E7CCDB4BDC669FB26456DE646A63AEDC2838BD022AD1A5032BC75B694557A67B8F96B751C3645660C8FB711A0798
Malicious: false
Reputation: low
Preview:.goog-inline-block{position:relative;display:-moz-inline-box;display:inline-block}* html .goog-inline-block{display:inline}*:first-child+html .goog-inline-block{display:inline}.jfk-radiobutton{display:inline-block;outline:none;padding:5px 7px;position:relative}.jfk-radiobutton-radio{-webkit-border-radius:50%;-moz-border-radius:50%;border-radius:50%;-webkit-box-sizing:border-box;-moz-box-sizing:border-box;box-sizing:border-box;background:url(//ssl.gstatic.com/ui/v1/radiobutton/unchecked.png) -3px -3px;background:rgba(255,255,255,0);border:1px solid rgba(198,198,198,1);height:15px;left:7px;margin:0;outline:none;position:absolute;text-align:left;top:6px;width:15px}.jfk-radiobutton:active .jfk-radiobutton-radio{background:rgba(235,235,235,1);border-color:rgba(182,182,182,1)}.jfk-radiobutton:hover .jfk-radiobutton-radio{-webkit-box-shadow:inset 0 1px 1px rgba(0,0,0,.1);-moz-box-shadow:inset 0 1px 1px rgba(0,0,0,.1);box-shadow:inset 0 1px 1px rgba(0,0,0,.1);border-color:rgba(182,182,182,1)}.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\styles__ltr[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\update[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 130931
Entropy (8bit): 5.635919763529904
Encrypted: false
MD5: 8929EF79E47BB143B2F503C6E53D780D
SHA1: 53B3B41F77A88E11AB627D25B97E013CC898D19B
SHA-256: CD37693B53F1853496BA1DF9C39A7BD22AE6FF6678F300675A0074BBFDC5533A
SHA-512: 6145781FAE2BDCE7C06956378550DD013009706AFC94E7C9E5FE62A936D7BF548B9C76351423B511F4381BD66FF9103352BC5720D85EFF50C84EF63CF179B4A5
Malicious: false
Reputation: low
Preview:<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":false,"compat_iframe_token":"AQ75ExhV2hnaK
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\webworker[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 102
Entropy (8bit): 4.880013455878573
Encrypted: false
MD5: A862AD4909E8489D94DF3C57232CF8B0
SHA1: 7DF90F39B5E23BF52C5A507B8F0B69FFA49DFBCC
SHA-256: CB3C497139AE397DE30A289E13E912F29069193AB6D5B44E3AE5212D3BDA8DA8
SHA-512: 45A8E5E120BEB84AC68B68E90241B99645FAEE7441E94670E27ABBC2707EEA07DF88E4259A50E0D4CBB97E2FD773B1736EFE6904DF0FD8E7D3D3EA37FEE13FE9
Malicious: false
Reputation: low
Preview:importScripts('https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js');
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\yLg62FiDjTD[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 423673
Entropy (8bit): 5.48815027864896
Encrypted: false
MD5: 1EC6D78082BEBD210BA938879F6A0C10
SHA1: 5E95284DE7B26B15C04EFC301835F297EB8E5198
SHA-256: C56CE71EC1C0B6BF991C1032F5E5996F5D0D3CF5AACBF41E51CEE64EC04F6584
SHA-512: 8A9F0FB5650A1CCC67B7CF512A8E971C1C4AA695DE2BEBE537C8CC8059BDA343D031230FECCD377EDCC64793C45D7D17CD16EA2025FB092E832C8C0E0FFC4F13
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 37 of 86
Preview:.fbPageBanner{position:relative;z-index:301}.hideBanner .fbPageBanner,.fixedBody .fbPageBanner{display:none}@media (min-width: 480px){.fbPageBannerInner{margin:auto;max-width:950px;min-width:920px}}.sidebarMode .fbPageBannerInner{left:-102px;position:relative}.._2_qm{position:relative}._2_qm::after{border:1px solid rgba(0, 0, 0, .1);bottom:0;content:'';left:0;pointer-events:none;position:absolute;right:-2px;top:0}html ._2_qn:hover{text-decoration:none}html ._35ph{pointer-events:none;position:absolute}._2_qo{padding:44px 0;position:relative;text-align:center}._19wj{padding:24px 0;position:relative;text-align:center}html ._2_qp:only-child{display:inline-block}._2_qp{border:4px solid #fff;border-radius:4px;box-shadow:0 4px 6px rgba(0, 0, 0, .1);height:364px;margin:0 auto;width:364px}._4nos{border:4px solid #fff;border-radius:50%;box-shadow:0 4px 6px rgba(0, 0, 0, .1);height:400px;margin:0 auto;width:400px}.._1tt._1tt._1tt{background:#f5f6f7;overflow:hidden;position:relative}._1tt::after{a
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\yLg62FiDjTD[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\0lUsxssk6yc[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 168944
Entropy (8bit): 5.61254395698402
Encrypted: false
MD5: A9425708211692AD62CF3F2A7B12D7F9
SHA1: 56FD9ABAFD8C8207AAC13D63B95CA47C92D8412F
SHA-256: 6388D11870FCEFDE98941A78AFFA71DF2B5A6C5A845FA3C096C636D5037D7DA9
SHA-512: 508E38FC6EC46BC91AD1B084F395274B380E2E1E137091757D4C464953271A9844355A97D79760F06B0E2BC4D47DEE4544DF4EA6F668EE8B845D4BD2FA46B00D
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["jxPJX"]); }..__d("FBRTCMessageType",[],(function(a,b,c,d,e,f){e.exports={JOIN:0,SERVER_MEDIA_UPDATE:1,HANGUP:2,ICE_CANDIDATE:3,RING:4,DISMISS:5,CONFERENCE_STATE:6,ADD_PARTICIPANTS:7,SUBSCRIPTION:8,CLIENT_MEDIA_UPDATE:9,DATA_MESSAGE:10,REMOVE_PARTICIPANTS:11,PING:18,P2P_if (self.CavalryLogger) { CavalryLogger.start_js(["igtiN"]); }..__d("XUICardSection.react",["cx","React","XUIBlock","joinClasses"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();a=function(a){__p&&__p();babelHelpers.inheritsLoose(c,a);function c(){return a.apply(this,arguments)||this}var d=c.prototype;d.render=functionif (self.CavalryLogger) { CavalryLogger.start_js(["FT3j9"]); }..__d("MessagingTag",[],(function(a,b,c,d,e,f){e.exports={GROUPS:"groups",UNREAD:"unread",FLAGGED:"flagged",ACTION_ARCHIVED:"action:archived",INBOX:"inbox",MARKETPLACE_FOLDER:"marketplace_folder",OTHER:"other",PENDING:"pending",MONTAGE:"montage",PAGES:"pages"PROTOCOL:19,UPDATE:20,NOTIFY:21,CONN
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\1U-D-BJnUfo[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 104241
Entropy (8bit): 5.686924929966148
Encrypted: false
MD5: 533D39110E0AF330A375AA1D97EEDD2C
SHA1: 6232033F09954247355F671E5F450EAFD263B009
SHA-256: 8DA4C7D3CCC04BB234ADF5CAC09D86A9059DC40C6B3110A006AFAA9817D08603
SHA-512: 5F7B821125553FA6BF86CB845FC78773275FAFF212D19D027C263539266BD4D9563669816134B3D23D62B89B996EE241DA1C37CEBF707ABFE762EDEA823C329E
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["D3rkb"]); }..__d("UsernameFormatToken",[],(function(a,b,c,d,e,f){e.exports={FIRST:"{first}",MIDDLE:"{middle}",LAST:"{last}"}}),null);.__d("XReCaptchaLogActionsController",["XController"],(function(a,b,c,d,e,f){e.exports=b("XController").create("/captcha/recaptcha_log_actions/",{})}),null);.__d("Recaptcha",["fbt","AsyncRequest","Bootloader","CaptchaClientConfig","CSS","CurrentLocale","DOM","Event","Keys","XReCaptchaLogActionsController","ge"],(function(a,b,c,d,e,f,g){__p&&__p();var h,i={tabindex:0,callback:null},j={en_US:"en",en_GB:"en",en_PI:"en",nl_NL:"nl",nl_BE:"nl",fr_FR:"fr",fr_CA:"fr",de_DE:"de",es_LA:"es",es_ES:"es",es_CL:"es",es_CO:"es",es_MX:"es",es_VE:"es",ru_RU:"ru",tr_TR:"tr"},k=!1,l={widget:null,timer_id:-1,fail_timer_id:-1,type:"image",ajax_verify_cb:null,audio_only:!1,$:function(a){if(typeof a==="string")return document.getElementById(a);else return a},setFocusOnLoad:function(a){k=a},create:function(a,c){l.destroy(),a&&(l
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\3POIJHDF.gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 42
Entropy (8bit): 3.0241026136709444
Encrypted: false
MD5: B4682377DDFBE4E7DABFDDB2E543E842
SHA1: 328E472721A93345801ED5533240EAC2D1F8498C
SHA-256: 6D8BA81D1B60A18707722A1F2B62DAD48A6ACCED95A1933F49A68B5016620B93
SHA-512: 202612457D9042FE853DAAB3DDCC1F0F960C5FFDBE8462FA435713E4D1D85FF0C3F197DAF8DBA15BDA9F5266D7E1F9ECAEEE045CBC156A4892D2F931FE6FA1BB
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........2.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\7W_zzge2D8D[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 2100021
Entropy (8bit): 5.536859509702373
Copyright Joe Security LLC 2019 Page 38 of 86
Encrypted: false
MD5: FE36B9175622FAB4741EF3CF5A2E0075
SHA1: 33F6AD90934F879F768E1D90DAD0C351F9B18FD6
SHA-256: AA37F2058D8EEB8F208007B4540535AC54E9DF8CE56651B45DC5CD7E799BD7F6
SHA-512: 6BBE023B00BF7FDC815E4F85FDE691CAAC262042D3AB7187C1043F5E3429C014954247DAF0014D1037DC233C46A4424C8F6AFC7FCDF9E411BF115819692A96B9
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["iJOX7"]); }..__d("UFI2ViewOption",["qex"],(function(a,b,c,d,e,f){"use strict";a={isChronologicalOrder:function(a){var c=b("qex");if(a==="FRIENDS_COMMENTS"&&!c._("1080217"))return!1;switch(a){case"RECENT_ACTIVITY":case"RANKED_THREADED":case"RANKED_UNFILTERED":case"LIVE_STREAMING":case"RANKED_SUB_REPLIES":case"RANKED_REPLIES":return!1}return!0}};e.exports=a}),null);.__d("UFI2CommentsListState",["invariant","ErrorUtils","FBLogger","UFI2ViewOption","gkx"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();function h(a){var b=a.count,c=a.direction,d=a.error,e=a.hasMore,f=a.isLoading,g=a.pageSize;a=a.totalCount;if(a!=null&&a===0)return null;if(b===0)return null;return!e?null:{__type:"PAGER",count:Math.min(b,g),direction:c,status:{error:d,pending:f}}}function i(a){var b=a.count,c=a.expanded;a=a.minCountToShowCollapser;if(!c)return null;if(a==null)return null;return b<=a?null:{__type:"REPLIES_COLLAPSER",count:b}}function j(a){var b=a.error,c=a.e
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\7W_zzge2D8D[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ByFjTuPCeTM[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 337335
Entropy (8bit): 5.408884034277675
Encrypted: false
MD5: 5EF53892E2DCE25E1B1A62C75DCF0F66
SHA1: 610AD7DC614E71BDBCF8910023985401A1E7177B
SHA-256: DC1E21A231F6F4D318DB2C2447035B1B54C6EA77BA115A650913CF67A230A67A
SHA-512: 031F11ED4C8C66FC263DD016605D879119A357E5CBE66F8A38E96A93702DD81EF9D69B172E80886438597290BFACCD63737F7A735B02A3E0C94CE7F57A0644A9
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["q66WY"]); }..self.__DEV__=self.__DEV__||0,self.emptyFunction=function(){};."use strict";.Array.from||(Array.from=function(a){if(a==null)throw new TypeError("Object is null or undefined");var b=arguments[1],c=arguments[2],d=this,e=Object(a),f=typeof Symbol==="function"?typeof Symbol==="function"?Symbol.iterator:"@@iterator":"@@iterator",g=typeof b==="function",h=typeof e[f]==="function",i=0,j,k;if(h){j=typeof d==="function"?new d():[];var l=e[f](),m;while(!(m=l.next()).done)k=m.value,g&&(k=b.call(c,k,i)),j[i]=k,i+=1;j.length=i;return j}var n=e.length;(isNaN(n)||n<0)&&(n=0);j=typeof d==="function"?new d(n):new Array(n);while(i<n)k=e[i],g&&(k=b.call(c,k,i)),j[i]=k,i+=1;j.length=i;return j});.Array.isArray||(Array.isArray=function(a){return Object.prototype.toString.call(a)=="[object Array]"});."use strict";(function(a){function b(a,b){if(this==null)throw new TypeError("Array.prototype.findIndex called on null or undefined");if(typeof a!==
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\DzWAqG4WWLL[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 157429
Entropy (8bit): 5.441039265594268
Encrypted: false
MD5: 5977DA53721AAE1897E71E0252A37A69
SHA1: 3594C74FE8AF33B65628591625F64D04761DA75E
SHA-256: DFB52E686B1FAE13945A7BDE986E89A4D6C8B5659C4575FBC68E50A410566A09
SHA-512: 07959D65E678EB08FEC4C7A58C95756323B880C1E0920184392694EF28CAE137F3423AA70D23EE49345171B409BD125BC0E31979E7F50466FC6D0BF566B0FDBE
Malicious: false
Reputation: low
Preview:if (self.CavalryLogger) { CavalryLogger.start_js(["FT3j9"]); }..__d("MessagingTag",[],(function(a,b,c,d,e,f){e.exports={GROUPS:"groups",UNREAD:"unread",FLAGGED:"flagged",ACTION_ARCHIVED:"action:archived",INBOX:"inbox",MARKETPLACE_FOLDER:"marketplace_folder",OTHER:"other",PENDING:"pending",MONTAGE:"montage",PAGES:"pages",PAGE_BACKGROUND:"page_background",ACTION_COPIED_MESSAGE:"action:copy_message",ACTION_COPIED_SELF_MESSAGE:"copy_self_message",ACTION_COPIED_ATTACHMENT:"action:copy_attachment",ACTION_COPIED_SELF_ATTACHMENT:"copy_self_attachment",EVENT:"event",SENT:"sent",SPAM:"spam",UPDATES:"broadcasts_inbox",BCC:"header:bcc",FILTERED_CONTENT:"filtered_content",FILTERED_CONTENT_BH:"filtered_content_bh",FILTERED_CONTENT_ACCOUNT:"filtered_content_account",FILTERED_CONTENT_QUASAR:"filtered_content_quasar",FILTERED_CONTENT_INVALID_APP:"filtered_content_invalid_app",ONE_WAY_MESSAGE:"one_way_message",UNAVAILABLE_ATTACHMENT:"unavailable_attachment",ARCHIVED:"archived",EMAIL:"email",VOICEMAIL:"v
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\N929ROG9.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines
Size (bytes): 130276
Entropy (8bit): 5.69987131888833
Encrypted: false
MD5: A33A3782E96C53171B467F7A918AD85E
SHA1: 32A8E63973143AC0B7D3672CAD7005DC875F085D
SHA-256: 89109845323CC9FD82D551905D2E9173C9927A0B3B738E00888C746F3A6C8763
SHA-512: 3DAB12A847C9A2ECF1109316271CD33414E6529F2F4A89E437B60A908E973D1E799C7EECC61E68D24575CDFF132BD24DBF6923FFB33214CF259684678F6F65DB
Malicious: false
Reputation: low
Copyright Joe Security LLC 2019 Page 39 of 86
Preview:<!DOCTYPE html>.<html lang="de" id="facebook" class="no_js">.<head><meta charset="utf-8" /><meta name="referrer" content="default" id="meta_referrer" /><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.Env))}envFlush({"defer_cookies":true,"ajaxpipe_token":"AXgb0AVThAlwv3dL","timeslice_heartbeat_config":{"pollIntervalMs":33,"idleGapThresholdMs":60,"ignoredTimesliceNames":{"requestAnimationFrame":true,"Event listenHandler mousemove":true,"Event listenHandler mouseover":true,"Event listenHandler mouseout":true,"Event listenHandler scroll":true},"isHeartbeatEnabled":true,"isArtilleryOn":false},"shouldLogCounters":true,"timeslice_categories":{"react_render":true,"reflow":true},"sample_continuation_stacktraces":true,"dom_mutation_flag":true,"stack_trace_limit":30,"deferred_stack_trace_rate":1000,"timesliceBufferSize":5000,"show_invariant_decoder":
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\N929ROG9.htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\SgyPmYUaN1c[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 123985
Entropy (8bit): 5.376325430349131
Encrypted: false
MD5: 0FDBF1F0FA9443271165DC0DBEA2439C
SHA1: 9A2A5623E8AA34793339E3A48B6D0459971A48A5
SHA-256: F9E887E3C857AD2BA3A8352045D0EE7F86D2539A00E1CA2F61F1589BCDD06686
SHA-512: 0395165CB71137D6264D7A312A32A04AC0175FF912FC7E472DC2C9F7AB060FFF0267DEBCE658D49ACA771D35A14E7C13F7B495FFF3C4EBFA0500D321FB33A48D
Malicious: false
Reputation: low
Preview:ar e=B.fiber;null!==c;){if(c===e||c.alternate===e)return!0;a:{var f=c.tag;if((5===f||21===f)&&(f=c.dependencies,null!==f&&(f=f.responders,null!==f&&f.has(d)))){f=!0;break a}f=!1}if(f)break;c=c["return"]}}return!1},isTargetWithinNode:function(c,d){__p&&__p();Xb();var e=A(c),f=A(d);if(null!=e&&null!=f){for(c=f.alternate;null!==e;){if(e===f||e===c)return!0;e=e["return"]}return!1}return d.contains(c)},addRootEventTypes:function(c){Xb();Ob(c,Rb);for(var d=0;d<c.length;d++)Zb(c[d],B)},removeRootEventTypes:function(c){Xb();for(var d=0;d<c.length;d++){var e=c[d],f=Pb.get(e),g=B.rootEventTypes;null!==g&&g["delete"](e);void 0!==f&&f["delete"](B)}},getActiveDocument:c,objectAssign:Object.assign,getTimeStamp:function(){Xb();return Qb},isTargetWithinHostComponent:function(c,d){Xb();for(c=A(c);null!==c;){if(5===c.tag&&c.type===d)return!0;c=c["return"]}return!1},continuePropagation:function(){Sb=1},enqueueStateRestore:yb,getResponderNode:function(){Xb();var c=B.fiber;return 21===c.tag?null:c.stateNod
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\W7ScNkQaJC6[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 42 x 478, 8-bit/color RGBA, non-interlaced
Size (bytes): 7640
Entropy (8bit): 7.939332071293501
Encrypted: false
MD5: 804065959FF8F08920443F12993EA550
SHA1: 4929D19811BBBB8EC4F7E1195FC0EEAE1F0BA5FD
SHA-256: 4EF2364A004404434E22AA89D10FBBD5E19DCBF0C92BDB44F28529D113B278F7
SHA-512: 5ED3BBA503F5F9E75D77A429249E733BA0FCF839F8A11BD36557BFF95959BAB851608E0076F1788673E34251C58A49DE88C7D2E1C81956A0DBC27D16039F7988
Malicious: false
Reputation: low
Preview:.PNG........IHDR...*...............IDATx^.]....=U.=...."..a.-.(...M...5....."Q4.h4....L$A$.....%H4/..BPpA.......a...}.VU....uoU...W........O.u...{j....z.iu$V...O.f...h.M..C.....p..k...RM...&@..}....Hh.e0...ch.G0..ZH{i.....S...v*..5......Vf.k.>.0ik.7dcH....x,...\..\.P.`%.......Z.f....0....xM..6oX......>...{[email protected]...._..r.u..3Uv.)g........2..........0a[....f%:l.p...``|r`.....i..]N.H-.._.fL.....k..S.[.-ZD... .e..qQ.....c*+.lT%.j_^.{.........[...#K.z.JE&.Hj...u9.....q.C..a.c......G..h......T...r.}^...Sy..a.,.y.Km..v=...zc..~..[7...+.v.N]..1..F,kZ,...'....z...5rmi^...&..f=.RQ.a....$v=O......W...Xq.A[........&.....$i.`.7i..dU.......,j.y....6f..a..`.y.u..u..%.r...d..i.ix...K..xy.a`~.Jy..T.wZyy.N^H.q./m....;....yZ.....kwj.....Y..0f..qK.~.g..KG..[......|...hr.V..`Tn...0D.0..n.&H.].D...q....1....z..=...Z...]./..T.l*I.a<....<l~..o.6RKK...+V-tC6.I......a.k..1Nb%..mT.")..$..?]..l.g..Y..I..BR.L~..>...+YO$EF..-`..9.M".|`e.).]..>C.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\Y9JKDI5U.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 114587
Entropy (8bit): 5.683974087518189
Encrypted: false
MD5: 512C3938362721B5A958313A6730DF7B
SHA1: 6B7443C2507BA2A7F3178BF4775B31EBBAFA0F83
SHA-256: 0740AFB46A0DEDAF9F99FFA11F6E8528DBC7379939933AB27100AB6983BD67C8
SHA-512: B6119519683731CB7DE1CA775E56451F629931041AF31EBC8AB287A3E9A11E024252C43225B284C2A8AFBAE930F98F17326975AC317CCEA168C244609D3CB2AD
Malicious: false
Reputation: low
Preview:I5_ynGDUBFCCD6SwkItggSJVaDA"]},-1],["URLFragmentPreludeConfig",[],{"hashtagRedirect":true,"fragBlacklist":["nonce","access_token","oauth_token","xs","checkpoint_data","code"]},137],["BigPipeExperiments",[],{"link_images_to_pagelets":false,"enable_bigpipe_plugins":false},907],["BootloaderConfig",[],{"jsRetries":null,"jsRetryAbortNum":2,"jsRetryAbortTime":5,"payloadEndpointURI":"https:\/\/it-it.facebook.com\/ajax\/bootloader-endpoint\/","preloadBE":false,"assumeNotNonblocking":false,"trackUnpredictedBEResources":true,"shouldCoalesceModuleRequestsMadeInSameTick":true,"staggerJsDownloads":false,"preloader_num_preloads":0,"preloader_preload_after_dd":false,"preloader_num_loads":1,"preloader_enabled":false,"retryQueuedBootloads":false,"silentDups":false,"asyncPreloadBoost":true},329],["CSSLoaderConfig",[],{"timeout":5000,"modulePrefix":"BLCSS:"},619],["CookieCoreConfig",[],{"a11y":{},"act":{},"c_user":{},"dpr":{"t":604800},"js_ver":{"t":604800},"locale":{"t":604800},"m_pixel_ratio":{"t":6048
Copyright Joe Security LLC 2019 Page 40 of 86
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\anchor[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 12008
Entropy (8bit): 5.9388364967885945
Encrypted: false
MD5: 83EDC7ADEF725052BBE2BD343B974EBD
SHA1: D22EDF8A982CF0F967492E7AA419971A74B7D06C
SHA-256: 2C43AB4235791A6E4F5574E533432D67194000F201E8676CB1E92A018686F699
SHA-512: A603259757C37C29E9F6BC7BE40915C54CBD89A285AF4E47C5EDC796D87BCAD296241F11C1E1F1DFF189223255DB1AEE420B58CDB3207F8C7D6E1E98FD6EDCD0
Malicious: false
Reputation: low
Preview:<!DOCTYPE HTML><html dir="ltr" lang="en"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.<meta http-equiv="X-UA-Compatible" content="IE=edge">.<style type="text/css">.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 400;. src: local('Roboto Regular'), local('Roboto-Regular'), url(//fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxP.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 500;. src: local('Roboto Medium'), local('Roboto-Medium'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc9.ttf) format('truetype');.}.@font-face {. font-family: 'Roboto';. font-style: normal;. font-weight: 900;. src: local('Roboto Black'), local('Roboto-Black'), url(//fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmYUtfBBc9.ttf) format('truetype');.}..</style>.<link rel="stylesheet" type="text/css" href="https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/styles__ltr.css"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\api[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 729
Entropy (8bit): 5.307100676703662
Encrypted: false
MD5: 8E559D3F7B47CE093BFF7944209EE7FF
SHA1: 9579F3461B3BC631EED79E5CF6D7C9DDBDDA0F12
SHA-256: 3211CD82CE26FEC042B2543617D3138A366D470FA74ED56788C3B0956C9F9FFB
SHA-512: 832F28065A2BEE6AF74970D238D6A7569050C903D4B7BC718777E9E26AC1F0431F1D7051F154781CA0A5DA7F77163DB565C5E8C0DD6FF3709CAE649BC26E007A
Malicious: false
Reputation: low
Preview:/* PLEASE DO NOT COPY AND PASTE THIS CODE. */(function(){var w=window,C='___grecaptcha_cfg',cfg=w[C]=w[C]||{},N='grecaptcha';var gr=w[N]=w[N]||{};gr.ready=gr.ready||function(f){(cfg['fns']=cfg['fns']||[]).push(f);};(cfg['enterprise']=cfg['enterprise']||[]).push(false);(cfg['render']=cfg['render']||[]).push('onload');w['__google_recaptcha_client']=true;var d=document,po=d.createElement('script');po.type='text/javascript';po.async=true;po.src='https://www.gstatic.com/recaptcha/releases/75nbHAdFrusJCwoMVGTXoHoM/recaptcha__en.js';var e=d.querySelector('script[nonce]'),n=e&&(e['nonce']||e.getAttribute('nonce'));if(n){po.setAttribute('nonce',n);}var s=d.getElementsByTagName('script')[0];s.parentNode.insertBefore(po, s); })();
Name IP Active Malicious Antivirus Detection Reputation
fbsbx.com 185.60.216.35 true false high
star.c10r.facebook.com 185.60.216.15 true false high
scontent.xx.fbcdn.net 185.60.216.19 true false high
scontent-hkg3-2.xx.fbcdn.net 157.240.15.22 true false high
www.joinfproxy.com 47.91.149.178 true false 3%, Virustotal, Browse unknown
facebook.com 185.60.216.35 true false high
fbcdn.net 185.60.216.35 true false high
z-m.c10r.facebook.com 185.60.216.36 true false high
atlas.c10r.facebook.com 185.60.216.6 true false high
agent.joinf.cn 47.91.149.178 true true 10%, Virustotal, Browse unknown
pt-pt.facebook.com unknown unknown false high
cx.atdmt.com unknown unknown false high
sq-al.facebook.com unknown unknown false high
it-it.facebook.com unknown unknown false high
connect.facebook.net unknown unknown false high
pixel.facebook.com unknown unknown false high
static.xx.fbcdn.net unknown unknown false high
de-de.facebook.com unknown unknown false high
fr-fr.facebook.com unknown unknown false high
Domains and IPs
Contacted Domains
Contacted URLsCopyright Joe Security LLC 2019 Page 41 of 86
Name Malicious Antivirus Detection Reputation
agent.joinf.cn/static/rsrc.php/v3/yN/r/YSGcJgI3134.js?_nc_x=Ij3Wp8lg5Kz true Avira URL Cloud: phishing unknown
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lJL2wvMCxjcm9zcy95TGc2MkZpRGpURC5jc3M/X25jX3g9SWozV3A4bGc1S3o=
true Google Safe Browsing: phishing unknown
www.joinfproxy.com/images/marketing/cookies/www/tools_active.png false Avira URL Cloud: phishing unknown
agent.joinf.cn/static/rsrc.php/v3ivK94/yW/l/en_US/-fNtMGApV03.js?_nc_x=Ij3Wp8lg5Kz true Avira URL Cloud: phishing unknown
agent.joinf.cn/rsrc.php/v3/yj/r/AE-e0Vw8Uhd.png true Avira URL Cloud: phishing unknown
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3l5L2wvMCxjcm9zcy9vQWx1M09BVjF2US5jc3M/X25jX3g9SWozV3A4bGc1S3o=
true Google Safe Browsing: phishing unknown
www.joinfproxy.com/ false 3%, Virustotal, BrowseAvira URL Cloud: phishing
unknown
agent.joinf.cn/static/rsrc.php/v3iqES4/yN/l/en_US/lIJrOY0twaO.js?_nc_x=Ij3Wp8lg5Kz true Avira URL Cloud: phishing unknown
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL2wvMCxjcm9zcy9HN1h6Y2FTMVFtTS5jc3M/X25jX3g9SWozV3A4bGc1S3o=
true Google Safe Browsing: phishing unknown
www.joinfproxy.com/policies/cookies/ false Avira URL Cloud: phishing unknown
agent.joinf.cn/static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3ltL3Ivb180bk5kYlppczkucG5n
true Google Safe Browsing: phishing unknown
agent.joinf.cn/static/rsrc.php/v3/yQ/r/SgyPmYUaN1c.js?_nc_x=Ij3Wp8lg5Kz true Avira URL Cloud: phishing unknown
Name Source Malicious Antivirus Detection Reputation
https://sq-al.faceb iexplore.exe false Avira URL Cloud: safe unknown
search.chol.com/favicon.ico iexplore.exe false high
www.mercadolivre.com.br/ iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
www.merlin.com.pl/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
unknown
www.joinfproxy.com/?sk=inbox7http://www.joinfproxy.com/images/icons/app/messages.ico
iexplore.exe false Avira URL Cloud: phishing unknown
www.dailymail.co.uk/ iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
www.joinfproxy.com/?sk=nf3http://www.joinfproxy.com/images/icons/
iexplore.exe false Avira URL Cloud: phishing unknown
https://static.xx.fbcdn.net/rsrc.php/v3/yA/r/dQ_TzJobF0o.js?_nc_x=Ij3Wp8lg5Kz
iexplore.exe false high
https://static.xx.fbcdn.net/rsrc.php/v3/yj/r/ByFjTuPCeTM.js?_nc_x=Ij3Wp8lg5Kz
iexplore.exe, bframe[1].htm.2.dr false high
https://sq-al.facebook iexplore.exe false Avira URL Cloud: safe unknown
agent.joinf.cn/images/icons/app/events.ico iexplore.exe true Avira URL Cloud: phishing unknown
https://pt-pt.face iexplore.exe false Avira URL Cloud: safe unknown
fr.search.yahoo.com/ iexplore.exe false high
in.search.yahoo.com/ iexplore.exe false high
https://fr-fr.messenger.com/ EIBLZYAZ.htm.2.dr false high
img.shopzilla.com/shopzilla/shopzilla.ico iexplore.exe false high
https://agent.joinf.cn/login/identify/?ctx=recover&ars=royal_blue_barJlY292ZXIvaW5pdGlhdGU/bHd2PTExM
~DF7A2EF64569FC7E1B.TMP.1.dr true Avira URL Cloud: phishing unknown
https://static.xx.fbcdn.net/rsrc.php/yo/r/iRmz9lCMBD2.icoiexplore.exe, ~DF7A2EF64569FC7E1B.TMP.1.dr, imagestore.dat.2.dr
false high
msk.afisha.ru/ iexplore.exe false high
www.reddit.com/ msapplication.xml4.1.dr false high
busca.igbusca.com.br//app/static/images/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
https://static.xx.fbcdn.net/rsrc.php/v3/y6/l/0 bframe[1].htm.2.dr false high
agent.joinf.cn/?sk=nf/http://agent.joinf.cn/images/icons/app/
iexplore.exe true Avira URL Cloud: phishing unknown
https://it-it.facebook {B4DC9C65-0B05-11EA-AADB-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
www.ya.com/favicon.ico iexplore.exe false high
www.etmall.com.tw/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
it.search.dada.net/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
agent.joinf.cn/facebook/policies/cookies/ cookies[1].htm.2.dr true Avira URL Cloud: phishing unknown
URLs from Memory and Binaries
Copyright Joe Security LLC 2019 Page 42 of 86
search.hanafos.com/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
cgi.search.biglobe.ne.jp/favicon.ico iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
ocsp.pki.goog/gts1o10 iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
unknown
search.msn.co.jp/results.aspx?q= iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
buscar.ozu.es/ iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
https://static.xx.fbcdn.net/rsrc.php/v3/yD/l/0 bframe[1].htm.2.dr false high
ocsp.pki.goog/gsr202 iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
unknown
https://pki.goog/repository/0 iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
unknown
www.joinfproxy.com/about/privacy/updateRoot {B4DC9C65-0B05-11EA-AADB-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: phishing unknown
www.microsofttranslator.com/BVPrev.aspx?ref=IE8Activity
iexplore.exe false high
https://static.xx.fbcdn.net/rsrc.php/v3/yI/r/LRVea4fy2y9.js?_nc_x=Ij3Wp8lg5Kz
iexplore.exe false high
www.ask.com/ iexplore.exe false high
https://agent.joinf.cn/policies/cookies/ iexplore.exe true Avira URL Cloud: phishing unknown
www.google.it/ iexplore.exe false high
search.auction.co.kr/ iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
www.amazon.de/ iexplore.exe false high
sads.myspace.com/ iexplore.exe false high
https://s.update.fbsbx.com/2/843748/utils.html?ti= e24e1pKT5YP[1].js.2.dr false high
www.pchome.com.tw/favicon.ico iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
browse.guardian.co.uk/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
crl.pki.goog/gsr2/gsr2.crl0? iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
unknown
https://static.xx.fbcdn.net/rsrc.php/v3/yU/r/b6E9gAus05g.js?_nc_x=Ij3Wp8lg5Kz
iexplore.exe false high
google.pchome.com.tw/ iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
list.taobao.com/browse/search_visual.htm?n=15&q= iexplore.exe false high
www.rambler.ru/favicon.ico iexplore.exe false high
https://static.xx.fbcdn.net/rsrc.php/v3/yH/r/iGksp69foR_.js?_nc_x=Ij3Wp8lg5Kz
iexplore.exe false high
www.garagefonts.comhttp://www.joshuadarden.comhttps://www.garagefonts.comFreightSans
dat762B.tmp.2.dr false Avira URL Cloud: safe unknown
uk.search.yahoo.com/ iexplore.exe false high
www.ozu.es/favicon.ico iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
search.sify.com/ iexplore.exe false high
openimage.interpark.com/interpark.ico iexplore.exe false high
search.yahoo.co.jp/favicon.ico iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
www.gmarket.co.kr/ iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
www.joinfproxy.com/legal/terms/updateover&ars=royal_blue_barJlY292ZXIvaW5pdGlhdGU/bHd2PTExMCZ
~DF7A2EF64569FC7E1B.TMP.1.dr false Avira URL Cloud: phishing unknown
search.nifty.com/ iexplore.exe false high
https://static.xx.fbcdn.net/rsrc.php/v3/yT/l/0 bframe[1].htm.2.dr false high
www.google.si/ iexplore.exe false high
www.soso.com/ iexplore.exe false high
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvMTk1MjI3OTIxMjUyNDAw
update[1].htm.2.dr true Avira URL Cloud: phishing unknown
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvaW50ZWxsZWN0dWFsX3By
update[1].htm.2.dr true Avira URL Cloud: phishing unknown
busca.orange.es/ iexplore.exe false high
cnweb.search.live.com/results.aspx?q= iexplore.exe false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2019 Page 43 of 86
www.twitter.com/ msapplication.xml5.1.dr false high
auto.search.msn.com/response.asp?MT= iexplore.exe false high
www.target.com/ iexplore.exe false high
https://static.xx.fbcdn.net/rsrc.php/v3/yo/l/0 iframe[1].htm0.2.dr, iframe[1].htm.2.dr false high
https://static.xx.fbcdn.net/rsrc.php/v3/yi/r/OBaVg52wtTZ.pngTOPRBCQQ.htm.2.dr false high
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29tL2hlbHAvY29udGFjdC8yNTk1MTg3MTQ3
iexplore.exe true Avira URL Cloud: phishing unknown
agent.joinf.cn/facebook?u=aH&r=R0cHM6Ly93d3cuZmFjZWJvb2suY29t
iexplore.exe true Avira URL Cloud: phishing unknown
search.orange.co.uk/favicon.ico iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
www.iask.com/ iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
search.centrum.cz/favicon.ico iexplore.exe false high
service2.bfast.com/ iexplore.exe false 0%, Virustotal, BrowseURL Reputation: safe
low
ariadna.elmundo.es/ iexplore.exe false high
www.news.com.au/favicon.ico iexplore.exe false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
www.cdiscount.com/ iexplore.exe false high
www.tiscali.it/favicon.ico iexplore.exe false high
it.search.yahoo.com/ iexplore.exe false high
www.ceneo.pl/favicon.ico iexplore.exe false high
www.servicios.clarin.com/ iexplore.exe false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
47.91.149.178 United States 45102 unknown true
185.60.216.6 Ireland 32934 unknown false
185.60.216.19 Ireland 32934 unknown false
185.60.216.35 Ireland 32934 unknown false
185.60.216.36 Ireland 32934 unknown false
157.240.15.22 United States 32934 unknown false
185.60.216.15 Ireland 32934 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2019 Page 44 of 86
Static File Info
No static file info
Network Port Distribution
Total Packets: 67
• 53 (DNS)
• 80 (HTTP)
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
Nov 19, 2019 11:49:35.891938925 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:35.892390013 CET 49714 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:36.225436926 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.225725889 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:36.226774931 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:36.231400013 CET 80 49714 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.231662035 CET 49714 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:36.560228109 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750426054 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750454903 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750468016 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750479937 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750492096 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750504017 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750514984 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.750524998 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.751337051 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.751389027 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:36.752312899 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.085818052 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085853100 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085895061 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085916996 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085935116 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085952044 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085969925 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.085988045 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.086004972 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.086023092 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.086040974 CET 80 49715 47.91.149.178 192.168.2.5
TCP Packets
Copyright Joe Security LLC 2019 Page 45 of 86
Nov 19, 2019 11:49:37.086081982 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.086385965 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.413372040 CET 49716 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.415570974 CET 49717 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.416826010 CET 49718 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.419056892 CET 49719 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.419724941 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419754982 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419771910 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419787884 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419873953 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419893980 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419912100 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419929981 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.419934988 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.420010090 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.420030117 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.420048952 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.420067072 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.420137882 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.421391010 CET 49720 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.423955917 CET 49721 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.740263939 CET 80 49719 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.744482040 CET 49719 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.750534058 CET 80 49716 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.750791073 CET 49716 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.753448963 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753474951 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753493071 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753505945 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753518105 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753530025 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753890991 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753912926 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.753962040 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.753990889 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754004002 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754015923 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754029036 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754041910 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754054070 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754065037 CET 80 49718 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.754138947 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.754677057 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.754801989 CET 49718 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.759246111 CET 80 49720 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.759569883 CET 49720 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.761802912 CET 80 49721 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.762063980 CET 49721 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:37.768733978 CET 80 49717 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:37.769005060 CET 49717 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.007592916 CET 49717 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.008619070 CET 49721 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.009865999 CET 49720 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.012952089 CET 49719 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.017383099 CET 49716 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.021445990 CET 49718 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.022581100 CET 49722 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.023341894 CET 49723 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.087865114 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088030100 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088053942 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088071108 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088085890 CET 80 49715 47.91.149.178 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2019 Page 46 of 86
Nov 19, 2019 11:49:38.088099957 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088113070 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088126898 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088131905 CET 49715 80 192.168.2.5 47.91.149.178
Nov 19, 2019 11:49:38.088140011 CET 80 49715 47.91.149.178 192.168.2.5
Nov 19, 2019 11:49:38.088155031 CET 80 49715 47.91.149.178 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
Nov 19, 2019 11:49:34.036386013 CET 52588 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:34.071762085 CET 53 52588 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:35.522537947 CET 65023 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:35.874118090 CET 53 65023 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:37.000458002 CET 55971 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:37.343982935 CET 53 55971 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:38.060834885 CET 49832 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:38.098078966 CET 53 49832 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:38.119072914 CET 53295 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:38.154145956 CET 53 53295 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:38.343662024 CET 56580 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:38.379194021 CET 53 56580 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:38.542232990 CET 62656 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:38.577048063 CET 53 62656 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:38.740999937 CET 60252 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:38.775857925 CET 53 60252 8.8.8.8 192.168.2.5
Nov 19, 2019 11:49:55.484703064 CET 60799 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:49:55.519766092 CET 53 60799 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:04.030963898 CET 49526 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:04.056344986 CET 53 49526 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:04.649698019 CET 62631 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:04.675117970 CET 53 62631 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:05.038561106 CET 49526 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:05.063942909 CET 53 49526 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:05.643994093 CET 62631 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:05.669429064 CET 53 62631 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:06.051414013 CET 49526 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:06.076755047 CET 53 49526 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:06.652525902 CET 62631 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:06.678041935 CET 53 62631 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:08.070595980 CET 49526 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:08.095987082 CET 53 49526 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:08.658091068 CET 62631 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:08.683518887 CET 53 62631 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:12.089787006 CET 49526 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:12.115166903 CET 53 49526 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:12.669357061 CET 62631 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:12.694765091 CET 53 62631 8.8.8.8 192.168.2.5
Nov 19, 2019 11:50:28.803518057 CET 60941 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:50:29.146650076 CET 53 60941 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:02.765186071 CET 62000 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:02.802969933 CET 53 62000 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:03.085506916 CET 55384 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:03.122356892 CET 53 55384 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:06.613114119 CET 60015 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:06.648487091 CET 53 60015 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:09.160711050 CET 62002 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:09.196171045 CET 53 62002 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:09.432104111 CET 53698 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:09.457412958 CET 53 53698 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:09.715004921 CET 57346 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:09.740542889 CET 53 57346 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:10.766544104 CET 49178 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:10.800203085 CET 53 49178 8.8.8.8 192.168.2.5
UDP Packets
Copyright Joe Security LLC 2019 Page 47 of 86
Nov 19, 2019 11:51:15.731463909 CET 54942 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:15.766516924 CET 53 54942 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:23.060081005 CET 49398 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:23.095483065 CET 53 49398 8.8.8.8 192.168.2.5
Nov 19, 2019 11:51:28.816099882 CET 49849 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:51:28.850986958 CET 53 49849 8.8.8.8 192.168.2.5
Nov 19, 2019 11:52:11.769804001 CET 61206 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:52:11.795223951 CET 53 61206 8.8.8.8 192.168.2.5
Nov 19, 2019 11:52:12.161809921 CET 62729 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:52:12.187175989 CET 53 62729 8.8.8.8 192.168.2.5
Nov 19, 2019 11:52:12.909183025 CET 65311 53 192.168.2.5 8.8.8.8
Nov 19, 2019 11:52:12.934689999 CET 53 65311 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Nov 19, 2019 11:49:35.522537947 CET 192.168.2.5 8.8.8.8 0xe50b Standard query (0)
www.joinfproxy.com
A (IP address) IN (0x0001)
Nov 19, 2019 11:49:37.000458002 CET 192.168.2.5 8.8.8.8 0x236f Standard query (0)
agent.joinf.cn A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.060834885 CET 192.168.2.5 8.8.8.8 0xb734 Standard query (0)
scontent-hkg3-2.xx.fbcdn.net
A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.119072914 CET 192.168.2.5 8.8.8.8 0xa58e Standard query (0)
facebook.com A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.343662024 CET 192.168.2.5 8.8.8.8 0x33c6 Standard query (0)
fbcdn.net A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.542232990 CET 192.168.2.5 8.8.8.8 0xcb36 Standard query (0)
fbsbx.com A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.740999937 CET 192.168.2.5 8.8.8.8 0xa081 Standard query (0)
connect.facebook.net
A (IP address) IN (0x0001)
Nov 19, 2019 11:49:55.484703064 CET 192.168.2.5 8.8.8.8 0x3005 Standard query (0)
pixel.facebook.com
A (IP address) IN (0x0001)
Nov 19, 2019 11:50:28.803518057 CET 192.168.2.5 8.8.8.8 0x5fb6 Standard query (0)
agent.joinf.cn A (IP address) IN (0x0001)
Nov 19, 2019 11:51:02.765186071 CET 192.168.2.5 8.8.8.8 0xbfe6 Standard query (0)
de-de.facebook.com
A (IP address) IN (0x0001)
Nov 19, 2019 11:51:03.085506916 CET 192.168.2.5 8.8.8.8 0x7042 Standard query (0)
static.xx.fbcdn.net
A (IP address) IN (0x0001)
Nov 19, 2019 11:51:06.613114119 CET 192.168.2.5 8.8.8.8 0x96cb Standard query (0)
fr-fr.facebook.com
A (IP address) IN (0x0001)
Nov 19, 2019 11:51:09.160711050 CET 192.168.2.5 8.8.8.8 0x552f Standard query (0)
cx.atdmt.com A (IP address) IN (0x0001)
Nov 19, 2019 11:51:15.731463909 CET 192.168.2.5 8.8.8.8 0x5383 Standard query (0)
it-it.facebook.com A (IP address) IN (0x0001)
Nov 19, 2019 11:51:23.060081005 CET 192.168.2.5 8.8.8.8 0xffa3 Standard query (0)
pt-pt.facebook.com
A (IP address) IN (0x0001)
Nov 19, 2019 11:51:28.816099882 CET 192.168.2.5 8.8.8.8 0x3864 Standard query (0)
sq-al.facebook.com
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Nov 19, 2019 11:49:35.874118090 CET
8.8.8.8 192.168.2.5 0xe50b No error (0) www.joinfproxy.com
47.91.149.178 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:37.343982935 CET
8.8.8.8 192.168.2.5 0x236f No error (0) agent.joinf.cn 47.91.149.178 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.098078966 CET
8.8.8.8 192.168.2.5 0xb734 No error (0) scontent-hkg3-2.xx.fbcdn.net
157.240.15.22 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.154145956 CET
8.8.8.8 192.168.2.5 0xa58e No error (0) facebook.com 185.60.216.35 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.379194021 CET
8.8.8.8 192.168.2.5 0x33c6 No error (0) fbcdn.net 185.60.216.35 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.577048063 CET
8.8.8.8 192.168.2.5 0xcb36 No error (0) fbsbx.com 185.60.216.35 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:38.775857925 CET
8.8.8.8 192.168.2.5 0xa081 No error (0) connect.facebook.net
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
DNS Queries
DNS Answers
Copyright Joe Security LLC 2019 Page 48 of 86
Nov 19, 2019 11:49:38.775857925 CET
8.8.8.8 192.168.2.5 0xa081 No error (0) scontent.xx.fbcdn.net
185.60.216.19 A (IP address) IN (0x0001)
Nov 19, 2019 11:49:55.519766092 CET
8.8.8.8 192.168.2.5 0x3005 No error (0) pixel.facebook.com
z-m.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:49:55.519766092 CET
8.8.8.8 192.168.2.5 0x3005 No error (0) z-m.c10r.facebook.com
185.60.216.36 A (IP address) IN (0x0001)
Nov 19, 2019 11:50:29.146650076 CET
8.8.8.8 192.168.2.5 0x5fb6 No error (0) agent.joinf.cn 47.91.149.178 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:02.802969933 CET
8.8.8.8 192.168.2.5 0xbfe6 No error (0) de-de.facebook.com
star.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:02.802969933 CET
8.8.8.8 192.168.2.5 0xbfe6 No error (0) star.facebook.com
star.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:02.802969933 CET
8.8.8.8 192.168.2.5 0xbfe6 No error (0) star.c10r.facebook.com
185.60.216.15 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:03.122356892 CET
8.8.8.8 192.168.2.5 0x7042 No error (0) static.xx.fbcdn.net
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:03.122356892 CET
8.8.8.8 192.168.2.5 0x7042 No error (0) scontent.xx.fbcdn.net
185.60.216.19 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:06.648487091 CET
8.8.8.8 192.168.2.5 0x96cb No error (0) fr-fr.facebook.com
star.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:06.648487091 CET
8.8.8.8 192.168.2.5 0x96cb No error (0) star.facebook.com
star.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:06.648487091 CET
8.8.8.8 192.168.2.5 0x96cb No error (0) star.c10r.facebook.com
185.60.216.15 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:09.196171045 CET
8.8.8.8 192.168.2.5 0x552f No error (0) cx.atdmt.com atlas.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:09.196171045 CET
8.8.8.8 192.168.2.5 0x552f No error (0) atlas.c10r.facebook.com
185.60.216.6 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:15.766516924 CET
8.8.8.8 192.168.2.5 0x5383 No error (0) it-it.facebook.com
star.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:15.766516924 CET
8.8.8.8 192.168.2.5 0x5383 No error (0) star.facebook.com
star.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:15.766516924 CET
8.8.8.8 192.168.2.5 0x5383 No error (0) star.c10r.facebook.com
185.60.216.15 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:23.095483065 CET
8.8.8.8 192.168.2.5 0xffa3 No error (0) pt-pt.facebook.com
star.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:23.095483065 CET
8.8.8.8 192.168.2.5 0xffa3 No error (0) star.facebook.com
star.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:23.095483065 CET
8.8.8.8 192.168.2.5 0xffa3 No error (0) star.c10r.facebook.com
185.60.216.15 A (IP address) IN (0x0001)
Nov 19, 2019 11:51:28.850986958 CET
8.8.8.8 192.168.2.5 0x3864 No error (0) sq-al.facebook.com
star.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:28.850986958 CET
8.8.8.8 192.168.2.5 0x3864 No error (0) star.facebook.com
star.c10r.facebook.com CNAME (Canonical name)
IN (0x0001)
Nov 19, 2019 11:51:28.850986958 CET
8.8.8.8 192.168.2.5 0x3864 No error (0) star.c10r.facebook.com
185.60.216.15 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
www.joinfproxy.comagent.joinf.cn
HTTP Request Dependency Graph
HTTP Packets
Copyright Joe Security LLC 2019 Page 49 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.5 49715 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:36.226774931 CET
0 OUT GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.joinfproxy.comConnection: Keep-Alive
Nov 19, 2019 11:49:36.750426054 CET
2 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:36 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsP3P: CP="Facebook has no P3P policy fb.me/p3p"Cache-Control: private, no-cache, no-store, must-revalidatePragma: no-cacheStrict-Transport-Security: max-age=15552000; preloadVary: Accept-EncodingX-Content-Type-Options: nosniffX-Frame-Options: DENYX-XSS-Protection: 0Expires: Sat, 01 Jan 2000 00:00:00 GMTContent-Type: text/html;charset=utf-8X-FB-Debug: GVGE2oXlAC/wZukVAVEOy9oO73y0b3iZwXYVC6g2Q2UWQi9s/kViWbtvxbXHBlsjX7xWTaMPjZq0UqenI+Lvzw==Alt-Svc: h3-23=":443"; ma=3600Set-Cookie: fr=1eTjJVMiQZ9ySWbSf..Bd08jA.ka.AAA.0.0.Bd08jA.AWW0tbVB; expires=Mon, 17-Feb-2020 10:49:35 GMT; Max-Age=7775999; path=/; domain=.joinf.cn; httponlySet-Cookie: sb=wMjTXXZph9yITlS0rO9Qj_9z; expires=Thu, 18-Nov-2021 10:49:36 GMT; Max-Age=63072000; path=/; domain=.joinf.cn; httponlyKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedData Raw: 31 66 33 61 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 5f 63 73 74 61 72 74 3d 2b 6e 65 77 20 44 61 74 65 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 Data Ascii: 1f3a<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(
Session ID Source IP Source Port Destination IP Destination Port Process
1 192.168.2.5 49717 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.007592916 CET
60 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lnL2wvMCxjcm9zcy9kV21qSDN1OE5WRi5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 50 of 86
Nov 19, 2019 11:49:38.373991013 CET
155 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: RVg8QjmnXU2Skh8XfnCY/w==Cache-Control: public,max-age=31536000,immutableExpires: Tue, 17 Nov 2020 18:36:40 GMTX-FB-Debug: TqYWwQp0A+HiilzoZbXULfz2LE7p4vxn98HH8EexyzXwbVno9dsLYk7/2e2PkBbpDEhQW8rOsAOCyk20TEpakw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 3946Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 57 72 61 70 70 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 77 69 64 74 68 3a 39 38 30 70 78 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 43 6f 6e 74 65 6e 74 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 66 32 66 32 66 32 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 4e 6f 42 6f 72 64 65 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 52 69 67 68 74 43 6f 6c 20 69 6d 67 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 63 63 63 3b 62 6f 72 64 65 72 3a 35 70 78 20 73 6f 6c 69 64 20 23 66 61 66 61 66 61 3b 66 6c 6f 61 74 3a 72 69 67 68 74 3b 70 61 64 64 69 6e 67 3a 31 70 78 7d 2e 66 62 42 75 73 69 6e 65 73 73 48 6f 6d 65 56 69 64 65 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 66 66 66 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 63 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 43 6f 6e 74 65 6e 74 20 69 6d 67 2c 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 46 6c 6f 61 74 65 64 4c 65 66 74 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 50 61 67 65 48 65 61 64 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 30 70 78 7d 2e 66 62 46 6f 72 42 75 73 69 6e 65 73 73 48 6f 6d 65 50 61 67 65 48 65 61 64 65 72 54 65 78 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 35 30 70 78 7d 2e 66 62 4d 61 72 6b 65 74 69 6e 67 4d 65 6e 75 7b 6c 69 73 74 2d 73 74 79 Data Ascii: .fbForBusinessWrapper{margin:0 auto;width:980px}.fbForBusinessContent{border-bottom:1px solid #f2f2f2;position:relative}.fbForBusinessNoBorder{border-bottom:none}.fbForBusinessRightCol img{background-color:#ccc;border:5px solid #fafafa;float:right;padding:1px}.fbBusinessHomeVideo{background-color:#fff;border:1px solid #ccc}.fbForBusinessContent img,.fbForBusinessFloatedLeft{display:block;float:left}.fbForBusinessPageHeader{margin-top:40px}.fbForBusinessHomePageHeaderText{margin-top:50px}.fbMarketingMenu{list-sty
Nov 19, 2019 11:49:38.430510044 CET
185 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lUL2wvMCxjcm9zcy81aXNJV09EZjJyTy5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:38.795861959 CET
337 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 3kaS8SZ0PmPpP8bcotI4xg==Cache-Control: public,max-age=31536000,immutableExpires: Mon, 16 Nov 2020 05:11:49 GMTX-FB-Debug: +vyRvCOXEo+e0RoTyVHsgGd4/Tw79Kb2SLWM3oiiv76pboWxaH2jjbMLUucY5lBu2bv0CIR3BB+tOogukAWssQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 29316Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 2e 5f 31 62 6e 71 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 34 70 78 7d 2e 5f 31 62 6e 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 7d 0a 2e 5f 32 6e 75 67 7b 77 69 64 74 68 3a 32 30 30 7d 2e 5f 32 6e 75 68 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 0a 2e 5f 34 66 33 38 7b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 7d 2e 5f 35 5f 36 65 7b 63 6f 6c 6f 72 3a 23 34 62 34 66 35 36 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 38 70 78 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 30 70 78 7d 2e 5f 34 66 33 61 7b 63 6f 6c 6f 72 3a 23 34 62 34 66 35 36 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 34 70 78 7d 2e 5f 34 66 33 62 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 32 70 78 3b 63 6f 6c 6f 72 3a 23 36 36 36 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69 6e 67 3a 34 70 78 20 34 70 78 20 33 70 78 7d 2e 5f 37 61 69 31 7b 63 6f 6c 6f 72 3a 23 36 36 36 7d 2e 5f 31 6b 61 31 7b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 34 70 78 7d 2e 5f 34 6c 66 6d 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 7d 2e 5f 34 66 33 62 3a 68 6f 76 65 72 2c 2e 5f 34 66 33 62 3a 66 6f 63 75 73 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 61 64 64 65 31 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 5f 79 6f 7a 2c 2e 5f 31 75 36 71 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 5f 32 2d 63 767b 6d 61 78 2d 77 69 64 74 68 3a 36 34 30 70 78 7d 2e 5f 31 75 36 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 Data Ascii: ._1bnq{font-size:14px;font-weight:bold;padding-bottom:4px}._1bnr{font-size:14px}._2nug{width:200}._2nuh{position:relative}._4f38{margin-bottom:20px}._5_6e{color:#4b4f56;font-size:18px;margin-bottom:20px}._4f3a{color:#4b4f56;margin-bottom:4px}._4f3b{border-radius:2px;color:#666;display:flex;padding:4px 4px 3px}._7ai1{color:#666}._1ka1{margin-right:4px}._4lfm{margin-top:20px}._4f3b:hover,._4f3b:focus{background:#dadde1;text-decoration:none}._yoz,._1u6q{display:none}._2-cv{max-width:640px}._1u6r{align-items:cente
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 51 of 86
Nov 19, 2019 11:49:43.090621948 CET
1261 OUT GET /rsrc.php/v3/yl/r/O6NksE4uoLC.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.445282936 CET
1365 IN HTTP/1.1 200 OKDate: Fri, 15 Nov 2019 04:51:04 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/pngLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: oZtAJpOMBuP9WeB58KN3rA==Cache-Control: public,max-age=31536000,immutableExpires: Sat, 14 Nov 2020 04:51:04 GMTX-FB-Debug: 50jSD580wmN3+dHt68nQqc59d0Eqlts3kL6GiI0RxGzqvmEESoJtWYMwadMFcBqeN2uktZr13zfvxsLlD43ZIQ==Content-Length: 1163Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 16 00 00 00 4d 08 06 00 00 00 a2 fd 94 0f 00 00 04 52 49 44 41 54 58 47 ed 98 4d 88 96 55 14 c7 7f 33 0e 16 91 2d 34 2c 84 44 c2 85 b4 30 d1 69 53 d2 22 b2 11 0d 05 c5 42 c3 cd 1b 32 39 b5 68 0a 5a b6 10 5a b4 88 59 94 af 33 48 13 4a 4e 0b bf 50 31 9b b0 16 36 48 6d 0a 45 5c 48 0b 47 5a 58 86 a0 49 84 e4 8c fc 2f f7 be dd b9 de f3 7c bc 8e 34 8b 39 f0 f0 be f7 b9 f7 fc ef 79 ce 3d 9f b7 63 74 dd 5a 0c 5a 09 6c 01 5e 02 96 00 f3 81 eb c0 15 e0 0c 70 00 f8 39 c7 bb e6 c4 29 ba 32 13 4b 81 4f 81 dc 8e 0b 01 3d dd c0 7b c0 b7 40 2f 70 39 c5 e9 4c 5e 6c 02 7e 31 40 73 c2 bd 02 9c 03 36 14 01 6b f2 20 f0 a8 a5 1b e3 fd 63 9e ef d5 78 3e 48 ac cf ff 0a 48 bf a0 ea 1e 73 bd ce 75 16 8e 02 d0 6e e0 11 03 e5 34 d0 11 3d 1a e7 48 92 ef 89 81 57 00 d2 95 45 b2 86 98 d2 71 3c a7 03 97 35 39 89 65 52 45 24 2b 88 29 1d a7 bc 0e 4f c0 2f 97 00 3f 9e cc a7 e3 94 5d 76 ef 80 5b 0a 37 36 78 38 d2 bf ce 41 e3 22 5a 16 80 8b 74 16 00 9e f4 7f c2 6f 11 b0 33 57 49 2c 37 2d a3 f0 f9 55 84 f8 53 60 72 69 b9 63 d9 81 fc 54 b6 73 34 ef dc 5b 12 7f 5f 83 a9 ca 52 87 27 60 b9 71 19 c5 0e 52 b6 d6 e1 09 58 a1 ef 9b b2 d5 15 e7 e5 95 2e 94 06 97 de 09 dc ac c8 6c 2d fb 1b 10 8e a3 00 2c 85 6f 07 26 0c ae 49 20 3c b9 25 e2 13 ff af 29 b0 c6 c7 bd 7b df aa 29 b9 be 54 6e 7c 24 e6 4b c3 a4 26 57 f9 cc 50 05 ff 6b e0 d9 14 34 d8 71 0a 70 09 e8 f1 51 ea 0d e0 45 60 31 20 27 91 f1 2b e7 e9 90 14 bf cf 5b bb 77 4c dc 91 ea a6 9f ba 2e 1f 9f 67 a1 b6 9d a5 97 6c f8 6b 36 4b ff a7 d5 b2 2c ad 90 2a 6f 7a 0a 78 08 78 02 90 a5 a4 05 4a ad 2c fd 2f b0 06 18 04 7e 03 6e 03 7f 00 23 c0 73 c0 d5 e4 d4 2b 67 69 79 62 a8 cd 3e 00 c6 81 8f 3d 98 ec b9 95 ea a3 0d 2a 65 e9 53 9e 41 8e f1 91 77 12 d5 6b 81 2e 1a 76 ea b2 b4 32 88 95 a5 df 06 5e f7 25 57 28 1e c7 22 30 2b 09 bb 2c 2d 06 6b 81 0a 99 Data Ascii: PNGIHDRMRIDATXGMU3-4,D0iS"B29hZZY3HJNP16HmE\HGZXI/|49y=ctZZl^p9)2KO={@/p9L^l~1@s6k cx>HHsun4=HWEq<59eRE$+)O/?]v[76x8A"Zto3WI,7-US`ricTs4[_R'`qRX.l-,o&I <%){)Tn|$K&WPk4qpQE`1 '+[wL.glk6K,*ozxxJ,/~n#s+giyb>=*eSAwk.v2^%W("0+,-k
Nov 19, 2019 11:49:47.453804016 CET
3007 OUT GET /static/rsrc.php/v3ie_l4/yT/l/en_US/RCJbNX5Ogbs.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:47.810070038 CET
3089 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-UA-Compatible: IE=edgeVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: xM8pLAxbY7WMLv/K9TuQHQ==Cache-Control: public,max-age=31536000,immutableExpires: Mon, 16 Nov 2020 02:21:19 GMTX-FB-Debug: fPhJ2FtG2/FAo8N7pSpglfxiGzYOf7ja5Q/6DsMkgbpgvX30WLmo72wm2X3ST/MVZm8m4jn70GyvL6bNrKbTFQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 101201Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 Data Ascii: i
Nov 19, 2019 11:49:49.712685108 CET
4022 OUT GET /static/rsrc.php/v3/yQ/r/SgyPmYUaN1c.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 52 of 86
Nov 19, 2019 11:49:50.069499969 CET
4153 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:49 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: A78bE5dRWWAxO337AIfS9w==Cache-Control: public,max-age=31536000,immutableExpires: Tue, 17 Nov 2020 17:56:44 GMTX-FB-Debug: YqKs0qrMXGK1cdFXthe+mCfmxLtU2dyJX6lcddbIYNZghvqKDBSgAdUQV2lRI3KR5Hgp5zxEdnTalmkMk1ISwQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 161640Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 59 32 33 62 39 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 72 65 71 75 65 73 74 49 64 6c 65 43 61 6c 6c 62 61 63 6b 42 6c 75 65 22 2c 5b 22 54 69 6d 65 72 53 74 6f 72 61 67 65 22 2c 22 54 69 6d 65 53 6c 69 63 65 22 2c 22 72 65 71 75 65 73 74 49 64 6c 65 43 61 6c 6c 62 61 63 6b 41 63 72 6f 73 73 54 72 61 6e 73 69 7469 6f 6e 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 3b 66 75 6e 63 74 69 6f 6e 20 66 28 61 29 7b 62 28 22 54 69 6d 65 72 53 74 6f 72 61 67 65 22 29 2e 75 6e 73 65 74 28 62 28 22 54 69 6d 65 72 53 74 6f 72 61 67 65 22 29 2e 49 44 4c 45 5f 43 41 4c 4c 42 41 43 4b 2c 65 29 2c 63 28 61 29 7d 62 28 22 54 69 6d 65 53 6c 69 63 65 22 29 2e 63 6f 70 79 47 75 61 72 64 46 6f 72 57 72 61 70 70 65 72 28 63 2c 66 29 3b 65 3d 62 28 22 72 65 71 75 65 73 74 49 64 6c 65 43 61 6c 6c 62 61 63 6b 41 63 72 6f 73 73 54 72 61 6e 73 69 74 69 6f 6e 73 22 29 2e 63 61 6c 6c 28 61 2c 66 2c 64 29 3b 62 28 22 54 69 6d 65 72 53 74 6f 72 61 67 65 22 29 2e 73 65 74 28 62 28 22 54 69 6d 65 72 53 74 6f 72 61 67 65 22 29 2e 49 44 4c 45 5f 43 41 4c 4c 42 41 43 4b 2c 65 29 3b 72 65 74 75 72 6e 20 65 7d 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 53 63 68 65 64 75 6c 65 72 2d 64 65 76 22 2c 5b 22 53 63 68 65 64 75 6c 65 72 46 65 61 74 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["Y23b9"]); }__d("requestIdleCallbackBlue",["TimerStorage","TimeSlice","requestIdleCallbackAcrossTransitions"],(function(a,b,c,d,e,f){e.exports=function(c,d){var e;function f(a){b("TimerStorage").unset(b("TimerStorage").IDLE_CALLBACK,e),c(a)}b("TimeSlice").copyGuardForWrapper(c,f);e=b("requestIdleCallbackAcrossTransitions").call(a,f,d);b("TimerStorage").set(b("TimerStorage").IDLE_CALLBACK,e);return e}}),null);__d("Scheduler-dev",["SchedulerFeat
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
10 192.168.2.5 49735 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:48.332392931 CET
3239 OUT GET /intern/common/referer_frame.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.joinfproxy.comConnection: Keep-Alive
Nov 19, 2019 11:49:48.855935097 CET
3491 IN HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsP3P: CP="Facebook has no P3P policy fb.me/p3p"Cache-Control: private, no-cache, no-store, must-revalidatePragma: no-cacheStrict-Transport-Security: max-age=15552000; preloadVary: Accept-EncodingX-Content-Type-Options: nosniffX-Frame-Options: DENYX-XSS-Protection: 0Expires: Sat, 01 Jan 2000 00:00:00 GMTContent-Type: text/html;charset=utf-8X-FB-Debug: zArmNbcj55va5871C9P4wBHT8qUIptEYeTPUV4+EURRse89dHyqtjzhv/FL89a4zbB4E9tyyjBcXLrnAD5NIHg==Alt-Svc: h3-23=":443"; ma=3600Set-Cookie: fr=1bvs6as95Ypswbfnx..Bd08jM.Iw.AAA.0.0.Bd08jM.AWXAqbqg; expires=Mon, 17-Feb-2020 10:49:47 GMT; Max-Age=7775999; path=/; domain=.joinf.cn; httponlyKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedData Raw: 34 32 30 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 5f 63 73 74 61 72 74 3d 2b 6e 65 77 20 44 61 74 65 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69 6e 64 6f 77 2e 72 65 71 75 69 72 65 4c 61 7a 79 3f 77 69 6e 64 6f 77 2e 72 65 71 75 69 72 65 4c 61 7a 79 28 5b 22 45 6e 76 22 5d 2c 62 29 3a 28 77 69 6e 64 6f 77 2e 45 6e 76 3d 77 69 6e 64 6f 77 2e 45 6e 76 7c 7c 7b 7d 2c 62 28 77 69 6e 64 6f 77 2e 45 Data Ascii: 420<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}window.requireLazy?window.requireLazy(["Env"],b):(window.Env=window.Env||{},b(window.E
Copyright Joe Security LLC 2019 Page 53 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
11 192.168.2.5 49738 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:50.093059063 CET
4169 OUT GET /static/rsrc.php/v3iTQy4/yp/l/en_US/QLSN9IUafxl.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:50.435575962 CET
4248 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:50 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: bEiXSFu3r35kR+QRqCk+Pg==Cache-Control: public,max-age=31536000,immutableExpires: Mon, 16 Nov 2020 14:58:17 GMTX-FB-Debug: fqrzfDfh2bbmWghaPe+VC/jdyxI9ByDsFJNusKhqhh8mzGwyKAdDQcs8z7H+oYPfP5TZ0xFFuGvkuNnhOnnVpw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 44505Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 6e 42 6e 78 62 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 44 69 61 6c 6f 67 22 2c 5b 22 66 62 74 22 2c 22 41 6e 69 6d 61 74 69 6f 6e 22 2c 22 41 72 62 69 74 65 72 22 2c 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 2c 22 42 75 74 74 6f 6e 22 2c 22 43 6f 6e 74 65 78 74 75 61 6c 54 68 69 6e 67 22 2c 22 43 53 53 22 2c 22 44 4f 4d 22 2c 22 45 6e 76 22 2c 22 45 76 65 6e 74 22 2c 22 46 6f 63 75 73 22 2c 22 46 6f 72 6d 22 2c 22 48 54 4d 4c 22 2c 22 4b 65 79 73 22 2c 22 4c 6f 63 61 6c 65 22 2c 22 50 61 67 65 54 72 61 6e 73 69 74 69 6f 6e 73 22 2c 22 50 61 72 65 6e 74 22 2c 22 52 75 6e 22 2c 22 53 74 79 6c 65 22 2c 22 55 52 49 22 2c 22 56 65 63 74 6f 72 22 2c 22 62 69 6e 64 22 2c 22 63 72 65 61 74 65 41 72 72 61 79 46 72 6f 6d 4d 69 78 65 64 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 67 65 74 4f 62 6a 65 63 74 56 61 6c 75 65 73 22 2c 22 67 65 74 4f 76 65 72 6c 61 79 5a 49 6e 64 65 78 22 2c 22 72 65 6d 6f 76 65 46 72 6f 6d 41 72 72 61 79 22 2c 22 73 68 69 65 6c 64 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 20 24 6d 6f 64 75 6c 65 5f 44 69 61 6c 6f 67 28 67 6c 6f 62 61 6c 2c 72 65 71 75 69 72 65 2c 72 65 71 75 69 72 65 44 79 6e 61 6d 69 63 2c 72 65 71 75 69 72 65 4c 61 7a 79 2c 6d 6f 64 75 6c 65 2c 65 78 70 6f 72 74 73 2c 66 62 74 29 7b 5f 5f 70 26 26 5f 5f 70 2829 3b 76 61 72 20 63 5f 45 6e 76 2c 63 5f 55 52 49 2c 5f 73 75 70 70 6f 72 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["nBnxb"]); }__d("Dialog",["fbt","Animation","Arbiter","AsyncRequest","Button","ContextualThing","CSS","DOM","Env","Event","Focus","Form","HTML","Keys","Locale","PageTransitions","Parent","Run","Style","URI","Vector","bind","createArrayFromMixed","emptyFunction","getObjectValues","getOverlayZIndex","removeFromArray","shield"],(function $module_Dialog(global,require,requireDynamic,requireLazy,module,exports,fbt){__p&&__p();var c_Env,c_URI,_suppor
Nov 19, 2019 11:49:51.700598955 CET
4390 OUT GET /static/rsrc.php/v3/y4/r/-PAXP-deijE.gif HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:52.043493032 CET
4421 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:51 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/gifLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: YRyRbJo4R7CNEE1X8k7Jfg==Cache-Control: public,max-age=31536000,immutableExpires: Sat, 14 Nov 2020 17:54:06 GMTX-FB-Debug: I0aupOb34wp/FVVr2I779oPAdFiZla9/EHqikAV67J/qrrt61lRmJsr9lORs5Xj5DA0Bm3Ih8E2aSnyywbH8sA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 43Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 47 49 46 38 39 61 01 00 01 00 80 00 00 2f 61 6c 6f 6b 00 21 f9 04 01 00 00 00 00 2c 00 00 00 00 01 00 01 00 00 02 02 44 01 00 3b Data Ascii: GIF89a/alok!,D;
Session ID Source IP Source Port Destination IP Destination Port Process
12 192.168.2.5 49737 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 54 of 86
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:50.097790956 CET
4170 OUT GET /static/rsrc.php/v3ivK94/yW/l/en_US/-fNtMGApV03.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:50.442398071 CET
4260 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:50 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: a2mk8QBsK7gf96eBtC8S6w==Cache-Control: public,max-age=31536000,immutableExpires: Mon, 16 Nov 2020 14:30:19 GMTX-FB-Debug: OSmUSj+BfM+uo2Ne/xNTWCl9BU5QwvvjAM7qv7a67pxeo44uXoDTxxnF9Qrm9HsGuOkdrk2R/4AMk/FwXcWxfQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 14288Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 59 55 38 2b 6c 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 4d 65 73 73 65 6e 67 65 72 4d 51 54 54 47 61 74 69 6e 67 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 67 3d 7b 5f 66 6f 72 63 65 64 4f 66 66 3a 21 31 2c 69 73 45 6e 61 62 6c 65 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 21 67 2e 5f 66 6f 72 63 65 64 4f 66 66 7d 2c 74 75 72 6e 4f 66 66 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 67 2e 5f 66 6f 72 63 65 64 4f 66 66 3d 21 30 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 67 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 69 73 41 64 73 45 78 63 65 6c 41 64 64 69 6e 55 52 49 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 76 61 72 20 67 3d 6e 65 77 20 52 65 67 45 78 70 28 22 28 5e 7c 5c 5c 2e 29 66 62 61 64 64 69 6e 73 5c 5c 2e 63 6f 6d 24 22 2c 22 69 22 29 2c 68 3d 5b 22 68 74 74 70 73 22 5d 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 29 7b 69 66 28 61 2e 69 73 45 6d 70 74 79 28 29 26 26 61 2e 74 6f 53 74 72 69 6e 67 28 29 21 3d 3d 22 23 22 29 72 65 74 75 72 6e 21 31 3b 72 65 74 75 72 6e 21 61 2e 67 65 74 44 6f 6d 61 69 6e 28 29 26 26 21 61 2e 67 65 74 50 72 6f 74 6f 63 6f 6c 28 29 3f 21 31 3a 68 2e 69 6e 64 65 78 4f 66 28 61 2e 67 65 74 50 72 6f 74 6f 63 6f 6c 28 29 29 21 3d 3d 2d 31 26 26 67 2e 74 65 73 74 28 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["YU8+l"]); }__d("MessengerMQTTGating",[],(function(a,b,c,d,e,f){"use strict";var g={_forcedOff:!1,isEnabled:function(){return!g._forcedOff},turnOff:function(){g._forcedOff=!0}};e.exports=g}),null);__d("isAdsExcelAddinURI",[],(function(a,b,c,d,e,f){var g=new RegExp("(^|\\.)fbaddins\\.com$","i"),h=["https"];function a(a){if(a.isEmpty()&&a.toString()!=="#")return!1;return!a.getDomain()&&!a.getProtocol()?!1:h.indexOf(a.getProtocol())!==-1&&g.test(
Nov 19, 2019 11:49:51.839150906 CET
4391 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lwL3IvVTRCMDZuTE1HUXQucG5n HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/intern/common/referer_frame.phpAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 55 of 86
Nov 19, 2019 11:49:52.184067965 CET
4422 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:52 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/pngLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 5QrA65A8qw+cAvr9er3YXA==Cache-Control: public,max-age=31536000,immutableExpires: Sat, 07 Nov 2020 00:38:16 GMTX-FB-Debug: y99kM2x1gbU7jjkZoDbSyJRYP2xk9Ms1sbly6CVmprQDJnB/hwdWGVgErfRsod/9d1QI0Dhk3+mZDQbP5+RdPg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 11134Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 1a 00 00 00 fa 08 06 00 00 00 7e 80 88 8c 00 00 20 00 49 44 41 54 78 9c ed dd 67 40 14 57 fb 36 f0 8b ba 0b bb f4 ba 2c 45 11 14 15 01 1b d6 d8 7b af 49 ec 2d 96 d8 7b 4d 34 26 d1 c4 12 bb 89 1a bb 89 f8 58 23 f6 de 22 d8 40 45 94 50 44 70 e9 28 4b db a5 2c e5 fd e0 5f 5f 0b bb cc c2 ce 36 ef df b7 c7 39 73 e6 36 0f 5c ce 9c 99 73 0e 40 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 21 84 10 42 08 d1 7d 06 6c 74 5a 5e 5e ce 46 b7 44 4b 88 d2 32 ed 83 83 4f 7e fd 6f c8 fd 0e 49 c9 49 1e af c5 f9 4e 45 45 45 9c b2 f2 32 43 43 03 c3 32 63 13 63 99 9d 15 ff 95 8b 50 28 6a d1 b4 e1 f5 af fa 0f d8 e3 ea ee f2 4a d3 75 13 66 0c 0c 54 1f 0b 14 34 84 91 94 a4 34 db e5 6b d6 ad 0d b9 fd 6f fb ac 5c a9 03 00 9e 12 a7 4b ac f9 66 59 6d da b4 bd b8 64 f6 f4 85 14 3a da 8d 82 86 a8 dd bd 47 11 fe 8b 97 fc b0 2d 2a 36 be 01 94 0b 17 79 24 75 bd 3d 9f ac 5c f1 c3 a4 c0 00 bf c7 2a e8 8f a8 18 05 0d 51 9b d4 d7 62 eb b1 e3 26 fd 13 f1 2c ba 09 54 13 30 1f 93 34 f6 f7 0d dd be 6d f3 60 81 9d 4d 36 0b fd 93 2a 62 23 68 0c 55 de 23 d1 79 3b f7 1d 18 d7 bc 75 e7 17 11 cf a2 db 82 9d 90 01 00 5e d8 e3 c8 4e cd 5b 77 7e b1 71 eb b6 59 2c 5d 83 68 09 ba a3 21 ef 94 94 c9 30 62 ec d4 e3 37 43 ee 76 01 7b 01 53 11 49 83 ba b5 c3 8f 06 ed 6a c7 37 b7 28 53 e3 75 49 05 e8 d1 89 b0 26 23 3b 97 d7 a7 ef a0 bb a2 d4 8c 1a 50 6f c8 bc 63 cd 37 13 1d ff 7b 7f bb 3a 75 bd e3 35 71 7d f2 06 05 0d 61 4d f3 b6 5d 22 45 a9 19 f5 95 39 c7 d9 49 80 46 fe f5 e1 59 cb 13 56 56 56 e0 f1 f8 28 2c 2c 44 56 d6 6b c4 3c 7f 89 88 c7 8f 91 96 9e aa 54 1d 5c 63 bc da f5 e7 1f fd da b5 6a 71 5b a9 13 89 ca 50 d0 Data Ascii: PNGIHDR~ IDATxg@W6,E{I-{M4&X#"@EPDp(K,__69s6\s@!B!B!B!B!B}ltZ^^FDK2O~oIINEEE2CC2ccP(jJufT44ko\KfYmd:G-*6y$u=\*Qb&,T04m`M6*b#hU#y;u^N[w~qY,]h!0b7Cv{SIj7(SuI&#;Poc7{:u5q}aM]"E9IFYVVV(,,DVk<T\cjq[P
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
13 192.168.2.5 49743 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:50:00.087872982 CET
4475 OUT POST /ajax/bz HTTP/1.1Accept: */*Content-Type: application/x-www-form-urlencodedReferer: http://www.joinfproxy.com/Accept-Language: en-USAccept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.joinfproxy.comContent-Length: 10805Connection: Keep-AliveCache-Control: no-cache
Nov 19, 2019 11:50:00.553596973 CET
4487 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:50:00 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsExpires: Sat, 01 Jan 2000 00:00:00 GMTX-XSS-Protection: 0X-Frame-Options: DENYPragma: no-cacheStrict-Transport-Security: max-age=15552000; preloadAccess-Control-Expose-Headers: X-FB-Debug, X-Loader-LengthAccess-Control-Allow-Credentials: trueX-Content-Type-Options: nosniffVary: OriginCache-Control: private, no-cache, no-store, must-revalidateAccess-Control-Allow-Origin: https://facebook.comAccess-Control-Allow-Methods: OPTIONSContent-Type: text/html; charset="utf-8"X-FB-Debug: rS0aoc1IOfhdqjwFk10jDBPKf4EzV79NUjE9R4FMFmjZfUXjT3fmKhEukfh4RvF62CUnIOzjpaglDLPY60v5cA==Alt-Svc: h3-23=":443"; ma=3600Content-Length: 0Keep-Alive: timeout=5, max=100Connection: Keep-Alive
Session ID Source IP Source Port Destination IP Destination Port Process
14 192.168.2.5 49744 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 56 of 86
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:50:29.491652012 CET
4491 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3lvL3IvaVJtejlsQ01CRDIuaWNv HTTP/1.1User-Agent: AutoItHost: agent.joinf.cn
Nov 19, 2019 11:50:29.831828117 CET
4492 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:50:29 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/x-iconLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 0oUNMbHN7JHLbtJJ2ZL3QA==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 08 Nov 2020 16:17:47 GMTX-FB-Debug: FzcBrjXFO5U/b0z53f3YIfB9T7kQ/CNzQ58BsVBDCDvnKO7peB02VMXw8V/Jkzf3cP7e8+WITRcHDhoD60dNjw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 5430Data Raw: 00 00 01 00 02 00 10 10 00 00 01 00 20 00 68 04 00 00 26 00 00 00 20 20 00 00 01 00 20 00 a8 10 00 00 8e 04 00 00 28 00 00 00 10 00 00 00 20 00 00 00 01 00 20 00 00 00 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 b3 68 42 b5 b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b3 68 42 b5 b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff c5 8c 70 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff d1 a4 8d ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 67 42 ff b2 Data Ascii: h& ( hBgBgBgBgBgBgBgBgBgBgBgBgBhBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBgBpgBgBgBgBgBgBgBgBgBgBgBgBgBgBgB
Session ID Source IP Source Port Destination IP Destination Port Process
15 192.168.2.5 49745 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
16 192.168.2.5 49746 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
17 192.168.2.5 49750 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
18 192.168.2.5 49752 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
19 192.168.2.5 49749 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 57 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
2 192.168.2.5 49721 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.008619070 CET
60 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3k1L2wvMCxjcm9zcy9NTmR5aWhCYS01ZS5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:38.357106924 CET
109 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 62+Fg3dN4SmwJkxhV0FshQ==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 16:18:41 GMTX-FB-Debug: 2yTMnV+Lj/8eeZreCeaYN91xeu2XbiX3NZ6o80BU8ij+xlCZnRez5XJCUcaySVXHF4Qc3HZWsAkgvlHr2Gd/rA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 99334Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e 5f 37 6a 61 5f 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 2e 5f 33 6e 34 32 2c 2e 5f 33 6e 34 33 2c 2e 5f 37 78 62 6c 2c 2e 5f 33 6e 62 34 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 31 36 70 78 3b 77 69 64 74 68 3a 31 36 70 78 7d 2e 5f 33 6e 34 32 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 47 2f 72 2f 43 51 79 33 4f 6c 4c 66 73 36 35 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 30 20 2d 32 39 38 70 78 7d 2e 5f 37 78 62 6c 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 47 2f 72 2f 43 51 79 33 4f 6c 4c 66 73 36 35 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 33 38 70 78 20 2d 31 35 36 70 78 7d 2e 5f 33 6e 34 33 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 2f 72 73 72 63 2e 70 68 70 2f 76 33 2f 79 47 2f 72 2f 43 51 79 33 4f 6c 4c 66 73 36 35 2e 70 6e 67 29 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 72 65 70 65 61 74 3a 6e 6f 2d 72 65 70 65 61 74 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 73 69 7a 65 3a 61 75 74 6f 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 70 6f 73 69 74 69 6f 6e 3a 2d 31 37 70 78 20 2d 32 31 33 70 78 Data Ascii: ._7ja_{display:block}._3n42,._3n43,._7xbl,._3nb4{display:block;height:16px;width:16px}._3n42{background-image:url(/rsrc.php/v3/yG/r/CQy3OlLfs65.png);background-repeat:no-repeat;background-size:auto;background-position:0 -298px}._7xbl{background-image:url(/rsrc.php/v3/yG/r/CQy3OlLfs65.png);background-repeat:no-repeat;background-size:auto;background-position:-38px -156px}._3n43{background-image:url(/rsrc.php/v3/yG/r/CQy3OlLfs65.png);background-repeat:no-repeat;background-size:auto;background-position:-17px -213px
Nov 19, 2019 11:49:43.086968899 CET
1261 OUT GET /rsrc.php/v3/yk/r/wNrDztRHHAl.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 58 of 86
Nov 19, 2019 11:49:43.426011086 CET
1327 IN HTTP/1.1 200 OKDate: Sat, 16 Nov 2019 12:49:28 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/pngLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: DpKmZivKAr0us1EpDHvTfw==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 12:49:28 GMTX-FB-Debug: YXUlGIbf6wsyt9XPjwqjh/W0Ci9Hh86FS1vWmaamK3swLqTt7nE4MZHBKkWxDR3/FpTQauS0cWn94EgP7b2Ppw==Content-Length: 18814Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 f4 00 00 00 f8 08 06 00 00 00 1a 63 14 45 00 00 20 00 49 44 41 54 78 5e ed 9d 0b 98 5d 55 79 bf bf 7d 32 93 84 48 50 f1 86 f5 82 15 10 2a 88 88 34 0a c1 0a 43 84 fa d7 51 3b 36 1d e2 b5 c5 aa 10 bc 14 b5 b5 68 23 e2 d4 5a db 2a 5e 70 04 a5 b4 88 55 52 6c bc 8c d6 52 d3 10 5b a3 25 f5 42 11 f0 02 54 2d a0 c1 0b 22 d0 10 92 cc ec ff f3 9e b3 bf 73 d6 d9 67 ef 73 d6 99 ec e4 1c c2 6f 3d cf 3c 99 cc 59 fb db 6b bf6b 9f f5 5b eb 5b df 5a 2b b9 f3 ce 3b 53 53 12 01 11 10 01 11 10 01 11 b8 4f 13 a8 dd a7 4b af c2 8b 80 08 88 80 08 88 80 08 d4 09 48 d0 f5 22 88 80 08 88 80 08 88 c0 5e 40 40 82 be 17 54 a2 1e 41 04 44 40 04 44 40 04 24 e8 7a 07 44 40 04 44 40 04 44 60 2f 20 20 41 df 0b 2a 51 8f 20 02 22 20 02 22 20 02 12 74 bd 03 22 20 02 22 20 02 22 b0 17 10 90 a0 ef 05 95 a8 47 10 01 11 10 01 11 10 81 11 21 10 01 11 10 01 11 10 01 11 18 3c 81 cf 5d 79 43 cf 42 3c ef c4 43 4a f3 24 da 58 a6 27 3f 65 10 01 11 10 01 11 10 81 3d 42 e0 ca cd 3f b2 7d 97 2c ea b8 d7 dd 5b ef b5 13 97 1d d8 b5 0c 72 b9 ef 91 2a d2 4d 44 40 04 44 40 04 44 a0 37 01 44 7b eb b6 1d 6d 19 f9 7f 2f 31 e7 02 09 7a 6f be ca 21 02 22 20 02 22 20 02 7b 8c c0 33 8f 79 8c 6d df 31 5b bf 1f ff f2 ff 98 24 41 8f a1 a4 3c 22 20 02 22 20 02 22 b0 07 09 2c 7f ca a3 ea 62 ce bf b1 49 73 e8 b1 a4 94 4f 04 44 40 04 44 40 04 86 98 80 46 e8 43 5c 39 2a 9a 08 88 80 08 88 80 08 c4 12 90 a0 c7 92 52 3e 11 10 01 11 10 01 11 18 62 02 12 f4 21 ae 1c 15 4d 04 44 40 04 44 40 04 62 09 48 d0 63 49 29 9f 08 88 80 08 88 80 08 0c 31 01 09 fa 10 57 8e 8a 26 02 22 20 02 22 20 02 b1 04 24 e8 b1 a4 94 4f 04 44 40 04 44 40 04 86 98 80 04 7d 88 2b 47 45 13 01 11 10 01 11 10 81 58 02 12 f4 58 52 ca 27 02 22 20 02 22 20 02 43 4c 40 82 3e c4 95 a3 a2 89 80 08 88 80 08 88 40 2c 01 09 7a 2c 29 e5 13 01 11 10 01 11 10 81 Data Ascii: PNGIHDRcE IDATx^]Uy}2HP*4CQ;6h#Z*^pURlR[%BT-"sgso=<Ykk[[Z+;SSOKH"^@@TAD@D@$zD@D@D`/ A*Q " " t" " "G!<]yCB<CJ$X'?e=B?},[r*MD@D@D7D{m/1zo!" " {3ym1[$A<" " ",bIsOD@D@FC\9*R>b!MD@D@bHcI)1W&" " $OD@D@}+GEXXR'" " CL@>@,z,)
Nov 19, 2019 11:49:47.442831039 CET
3006 OUT GET /static/rsrc.php/v3/yz/r/1BjrYUERys4.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:47.781980991 CET
3077 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: Ku7cF7w+YEtw+GBSxWxIHw==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 18:55:58 GMTX-FB-Debug: ss7dpp1URLAxwaltTEdeV/H8Jq02GqzDKbf14tPV/YlhgEYtVcAtTrGy0YhTntJHd+/u6eWmVlzz+m5NzObAlg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 501Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 6e 65 2b 4f 6c 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 49 45 50 69 6e 6e 65 64 53 69 74 65 22 2c 5b 22 41 72 62 69 74 65 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 6629 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 61 3d 7b 6c 69 73 74 65 6e 54 6f 4e 6f 74 69 66 69 63 61 74 69 6f 6e 73 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 76 61 72 20 63 3d 77 69 6e 64 6f 77 2e 65 78 74 65 72 6e 61 6c 2c 64 3d 21 31 3b 74 72 79 7b 64 3d 63 26 26 22 6d 73 49 73 53 69 74 65 4d 6f 64 65 22 69 6e 20 63 26 26 63 2e 6d 73 49 73 53 69 74 65 4d 6f 64 65 28 29 7d 63 61 74 63 68 28 61 29 7b 7d 69 66 28 64 29 7b 76 61 72 20 65 3d 7b 7d 3b 63 2e 6d 73 53 69 74 65 4d 6f 64 65 43 6c 65 61 72 49 63 6f 6e 4f 76 65 72 6c 61 79 28 29 3b 62 28 22 41 72 62 69 74 65 72 22 29 2e 73 75 62 73 63 72 69 62 65 28 22 6a 65 77 65 6c 2f 63 6f 75 6e 74 2d 75 70 64 61 74 65 64 22 2c 66 75 6e 63 74 69 6f 6e 28 62 2c 64 29 7b 65 5b 64 2e 6a 65 77 65 6c 5d 3d 64 2e 63 6f 75 6e 74 3b 62 3d 30 3b 66 6f 72 28 76 61 72 20 66 20 69 6e 20 65 29 62 2b 3d 65 5b 66 5d 3b 62 3e 30 3f 63 2e 6d 73 53 69 74 65 4d 6f 64 65 53 65 74 49 63 6f 6e 4f 76 65 72 6c 61 79 28 61 29 3a 63 2e 6d 73 53 69 74 65 4d 6f 64 65 43 6c 65 61 72 49 63 6f 6e 4f 76 65 72 6c 61 79 28 29 7d 29 7d 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["ne+Ol"]); }__d("IEPinnedSite",["Arbiter"],(function(a,b,c,d,e,f){__p&&__p();a={listenToNotifications:function(a){__p&&__p();var c=window.external,d=!1;try{d=c&&"msIsSiteMode"in c&&c.msIsSiteMode()}catch(a){}if(d){var e={};c.msSiteModeClearIconOverlay();b("Arbiter").subscribe("jewel/count-updated",function(b,d){e[d.jewel]=d.count;b=0;for(var f in e)b+=e[f];b>0?c.msSiteModeSetIconOverlay(a):c.msSiteModeClearIconOverlay()})}}};e.exports=a}),null);
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 59 of 86
Nov 19, 2019 11:49:47.869009018 CET
3101 OUT GET /static/rsrc.php/v3/yC/r/QVzj7eb7Sfv.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:48.208544016 CET
3208 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: UD3+hpc+mjcHrW7UMiZKpg==Cache-Control: public,max-age=31536000,immutableExpires: Tue, 17 Nov 2020 13:11:53 GMTX-FB-Debug: jmH3J0x53F96J2gwKCnLgv9BD4rDgrUVGZL43QaM0tj7SY7ummxS4HpHrhA/e9JJiFASuyXVk3c1d163So1kIQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 4470Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 42 58 75 4a 59 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 49 64 65 6e 74 69 74 79 42 61 64 67 65 55 74 69 6c 73 22 2c 5b 22 63 78 22 2c 22 67 6b 78 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 5f 5f 70 26 26 5f 5f 70 28 29 3b 76 61 72 20 68 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 22 74 69 70 70 65 72 22 3a 63 61 73 65 22 62 69 72 74 68 64 61 79 5f 77 65 65 6b 5f 74 69 70 70 65 72 22 3a 72 65 74 75 72 6e 20 62 28 22 67 6b 78 22 29 28 22 37 30 39 39 38 38 22 29 3b 63 61 73 65 22 73 68 61 72 65 72 22 3a 72 65 74 75 72 6e 20 62 28 22 67 6b 78 22 29 28 22 37 30 39 39 38 39 22 29 3b 63 61 73 65 22 66 6f 6c 6c 6f 77 65 72 22 3a 72 65 74 75 72 6e 20 62 28 22 67 6b 78 22 29 28 22 38 33 33 38 30 35 22 29 3b 63 61 73 65 22 77 6f 6f 64 68 65 6e 67 65 5f 73 75 62 6d 61 67 65 64 64 6f 6e 22 3a 72 65 74 75 72 6e 20 62 28 22 67 6b 78 22 29 28 22 31 31 31 33 30 37 30 22 29 3b 63 61 73 65 22 6f 72 69 67 69 6e 61 6c 22 3a 72 65 74 75 72 6e 20 62 28 22 67 6b 78 22 29 28 22 31 31 34 34 35 36 31 22 29 3b 63 61 73 65 22 74 6f 70 5f 66 61 6e 22 3a 63 61 73 65 22 66 72 65 71 75 65 6e 74 5f 77 61 74 63 68 65 72 22 3a 63 61 73 65 22 77 6f 6f 64 68 65 6e 67 65 22 3a 63 61 73 65 22 61 75 74 68 6f 72 22 3a 63 61 73 65 22 66 61 6e 5f 66 75 6e 64 69 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["BXuJY"]); }__d("IdentityBadgeUtils",["cx","gkx"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();var h=function(a){switch(a){case"tipper":case"birthday_week_tipper":return b("gkx")("709988");case"sharer":return b("gkx")("709989");case"follower":return b("gkx")("833805");case"woodhenge_submageddon":return b("gkx")("1113070");case"original":return b("gkx")("1144561");case"top_fan":case"frequent_watcher":case"woodhenge":case"author":case"fan_fundi
Nov 19, 2019 11:49:48.337340117 CET
3240 OUT GET /static/rsrc.php/v3i1md4/yp/l/en_US/1U-D-BJnUfo.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:48.677151918 CET
3395 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 8Bi3uHiJsS5xzeyQpQulJw==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 16:55:34 GMTX-FB-Debug: Dc5o4RwEs7gadDOwnWf2AtCezLiEIMm7BEdVIE+6dcqnRXlBCxM+PjO/COQacPwVk6izSG8yj45Cc/OEaTcsBA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 106070Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 Data Ascii: i
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
20 192.168.2.5 49754 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 60 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
21 192.168.2.5 49755 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
22 192.168.2.5 49761 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
23 192.168.2.5 49757 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
24 192.168.2.5 49759 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
25 192.168.2.5 49758 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
26 192.168.2.5 49760 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
3 192.168.2.5 49720 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.009865999 CET
61 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lJL2wvMCxjcm9zcy95TGc2MkZpRGpURC5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 61 of 86
Nov 19, 2019 11:49:38.359839916 CET
131 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-UA-Compatible: IE=edgeVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: DucpAogYFqxgTFsAK9GQ2w==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 09:35:18 GMTX-FB-Debug: fCmy11OMDaHPDlMC9OXeHsYpqxzsbyxcAdUlr6+VSfghu+qTDiUaM7VGFqgqPq2i8UDtan+QQqn1DTtE2YsBzg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 115257Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e Data Ascii: .
Nov 19, 2019 11:49:43.083623886 CET
1261 OUT GET /rsrc.php/v3/yG/r/CQy3OlLfs65.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.423283100 CET
1315 IN HTTP/1.1 200 OKDate: Sat, 16 Nov 2019 12:17:14 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/pngLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: XkDhTf6xsx0KJxtyBPHAoQ==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 12:17:14 GMTX-FB-Debug: zbSWsD2J1S3y0l3PdI18LWvQTNY7RSh0SxjcBuQQ98IhtZfhMZNi9d0477kHWvHCbx75YHo7la2xnLQGMPXvNg==Content-Length: 12617Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 37 00 00 01 3b 08 06 00 00 00 79 6e 19 89 00 00 20 00 49 44 41 54 78 5e ed 5d 0f 98 53 c5 b5 9f 84 b0 52 ff b1 80 a2 2f 42 34 11 b1 b2 82 e2 bf b4 ae b2 b6 ab 52 2d f0 44 0b 4b 15 5a cd d6 a2 d7 07 f5 62 79 56 e3 b3 5f 1f c6 aa 3c 0d b6 cf 00 b6 c4 0a 5a 41 8b ad 88 b6 56 56 5d 65 ad 51 44 54 16 29 60 52 03 46 a5 75 51 41 14 58 72 df f7 1b 66 ae 73 6f e6 e6 fe 49 76 01 9f f3 7d f9 36 7b 33 f7 cc 39 77 ce 9c 39 ff e6 5c 42 be a4 ad b8 5b 23 81 2e a2 cd cf e0 f2 bf 56 c3 14 d9 0f fc 6f 55 d1 a9 26 71 20 a4 dc 47 44 1c c4 94 fb 54 95 48 af c0 40 0c 1e 50 0d 21 e4 40 42 c8 a1 8a a2 0c 58 bd 7a f5 84 cd 9b 37 ff 7a db b6 6d cf ee d8 b1 e3 ed dd bb 77 6f 29 16 8b 3b f0 c1 f7 1d 3b 76 ac df ba 75 eb 53 e8 83 be b8 07 f7 32 18 80 05 98 76 b3 5e 16 67 b0 a5 d7 26 12 75 f0 b4 69 d3 06 6c da b4 e9 67 db b7 6f 7f 41 f3 d8 b6 6d db f6 02 60 00 16 21 e4 60 f6 c0 3c 13 09 e2 7c 1e a8 e3 84 05 7e f3 9bdf 84 2e b9 e4 92 1b fa f4 e9 f3 03 0e a7 b3 b3 73 e7 3b ef bc b3 a1 bd bd 7d dd 6b af bd b6 69 d5 aa 55 1f ac 5f bf 7e 5b a1 50 d8 89 3e c1 60 b0 e6 f8 e3 8f 3f f4 f4 d3 4f 3f 62 c8 90 21 c1 ba ba ba c1 47 1f 7d f4 a0 40 20 80 19 a3 6d cb 96 2d f3 17 2f 5e fc cb 2b af bc 32 4f 08 e9 64 1f 57 eb d2 0b 71 78 92 94 0d b7 6c d9 f2 eb da da 5a 9d a8 b7 df 7e 7b f5 d2 a5 4b 5f 9a 31 63 c6 6b 1f 7e f8 21 10 72 dc 0e 3f fc f0 40 3c 1e 1f 3e 6a d4 a8 6f 1c 7b ec b1 27 f2 1b 3f fa e8 a3 f9 7d fa f4 99 42 08 c1 83 e1 44 3a 82 eb 86 38 2e 28 6a 16 2f 5e fc f5 91 23 47 de 7d d0 41 07 9d 85 51 d6 ac 59 b3 f2 b6 db 6e 7b 72 c1 82 05 1b 1d 8d 6a d3 69 e2 c4 89 03 6f b8 e1 86 0b 87 0c 19 72 0a ba 7e fa e9 a7 cb 9f 7a ea a9 9f 5c 72 c9 25 6b 19 91 5c 10 d9 ae 39 27 6c a9 af af 37 de 78 e3 3b 75 75 75 f7 fb fd fe 03 3f fa e8 a3 cd b7 de 7a eb 03 33 67 ce fc 7b 35 88 32 c3 98 3e 7d Data Ascii: PNGIHDR7;yn IDATx^]SR/B4R-DKZbyV_<ZAVV]eQDT)`RFuQAXrfsoIv}6{39w9\B[#.VoU&q GDTH@P!@BXz7zmwo);;vuS2v^g&uilgoAm`!`<|~.s;}kiU_~[P>`?O?b!G}@ m-/^+2OdWqxlZ~{K_1ck~!r?@<>jo{'?}BD:8.(j/^#G}AQYn{rjior~z\r%k\9'l7x;uuu?z3g{52>}
Nov 19, 2019 11:49:47.450855970 CET
3007 OUT GET /static/rsrc.php/v3/yU/r/b6E9gAus05g.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 62 of 86
Nov 19, 2019 11:49:47.791352987 CET
3078 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: JjK/lvN+V47pB60fAGWHWg==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 15:11:45 GMTX-FB-Debug: 0f93MicBxlCTjD7Kcip926WqLyzmhr28RfWaZoHK6eLa1d4eT9CXwKWfgb6YhHaD+YIngVT9NllKnoUpeT/M3w==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 95272Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 70 4a 65 49 7a 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 56 69 64 65 6f 50 6c 61 79 65 72 46 6f 72 6d 61 74 73 4d 61 70 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 6c 69 76 65 5f 6d 61 70 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 76 65 5f 6d 61 70 5f 73 69 64 65 62 61 72 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 76 65 5f 6d 61 70 5f 6c 69 73 74 76 69 65 77 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 76 65 5f 6d 61 70 5f 74 6f 6f 6c 74 69 70 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 76 65 5f 6d 61 70 5f 74 6f 6f 6c 74 69 70 5f 66 72 6f 6d 5f 6c 69 73 74 76 69 65 77 3a 22 69 6e 6c 69 6e 65 22 2c 6c 69 76 65 5f 6d 61 70 5f 74 6f 6f 6c 74 69 70 5f 66 72 6f 6d 5f 6d 61 70 3a 22 69 6e 6c 69 6e 65 22 2c 76 69 64 65 6f 5f 68 6f 6d 65 5f 69 6e 6c 69 6e 65 3a 22 69 6e 6c 69 6e 65 22 2c 69 6e 6c 69 6e 65 3a 22 69 6e 6c 69 6e 65 22 2c 63 68 61 69 6e 65 64 3a 22 69 6e 6c 69 6e 65 22 2c 70 61 67 65 5f 6c 69 76 65 5f 76 69 64 65 6f 5f 6d 6f 64 75 6c 65 3a 22 69 6e 6c 69 6e 65 22 2c 63 68 61 69 6e 65 64 5f 73 75 67 67 65 73 74 69 6f 6e 3a 22 69 6e 6c 69 6e 65 22 2c 65 6d 62 65 64 64 65 64 5f 76 69 64 65 6f 3a 22 69 6e 6c 69 6e 65 22 2c 65 6d 62 65 64 64 65 64 5f 76 69 64 65 6f 5f 70 72 65 76 69 65 77 3a 22 69 6e 6c 69 6e 65 22 2c 65 6d 62 65 64 64 65 64 5f 76 69 64 65 6f 5f 66 72 6f 6d 5f 75 66 69 3a Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["pJeIz"]); }__d("VideoPlayerFormatsMap",[],(function(a,b,c,d,e,f){e.exports={live_map:"inline",live_map_sidebar:"inline",live_map_listview:"inline",live_map_tooltip:"inline",live_map_tooltip_from_listview:"inline",live_map_tooltip_from_map:"inline",video_home_inline:"inline",inline:"inline",chained:"inline",page_live_video_module:"inline",chained_suggestion:"inline",embedded_video:"inline",embedded_video_preview:"inline",embedded_video_from_ufi:
Nov 19, 2019 11:49:49.713646889 CET
4022 OUT GET /static/rsrc.php/v3/y7/r/svFKQXueTby.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:50.053531885 CET
4122 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:49 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: moIWlSdfIFzJ4/beS7kdug==Cache-Control: public,max-age=31536000,immutableExpires: Fri, 13 Nov 2020 02:49:57 GMTX-FB-Debug: O/WZnc3zPeDMkvc67YVlhyMyAyAyFNyT9MHQO+lLvnf4xKxsK46UTKAnBGqoGx5u7RL1W6QuDPN9X0A5irfbQQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 7750Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 46 45 74 35 47 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 49 6d 70 6c 22 2c 5b 22 41 72 62 69 74 65 72 22 2c 22 42 61 6e 7a 61 69 22 2c 22 42 6f 6f 74 6c 6f 61 64 65 72 22 2c 22 49 6d 61 67 65 54 69 6d 69 6e 67 48 65 6c 70 65 72 22 2c 22 49 53 42 22 2c 22 4b 69 6c 6c 61 62 79 74 65 50 72 6f 66 69 6c 65 72 43 6f 6e 66 69 67 22 2c 22 4e 61 76 69 67 61 74 69 6f 6e 54 69 6d 69 6e 67 48 65 6c 70 65 72 22 2c 22 50 61 67 65 45 76 65 6e 74 73 22 2c 22 50 61 67 65 6c 65 74 45 76 65 6e 74 43 6f 6e 73 74 73 4a 53 22 2c 22 50 61 67 65 6c 65 74 45 76 65 6e 74 73 48 65 6c 70 65 72 22 2c 22 50 65 72 66 58 4c 6f 67 67 65 72 22 2c 22 52 65 73 6f 75 72 63 65 54 69 6d 69 6e 67 42 6f 6f 74 6c 6f 61 64 65 72 48 65 6c 70 65 72 22 2c 22 53 63 72 69 70 74 50 61 74 68 22 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 22 2c 22 70 65 72 66 6f 72 6d 61 6e 63 65 41 62 73 6f 6c 75 74 65 4e 6f 77 22 2c 22 5f 5f 67 65 74 54 6f 74 61 6c 46 61 63 74 6f 72 69 65 73 22 2c 22 5f 5f 67 65 74 43 6f 6d 70 69 6c 65 54 69 6d 65 22 2c 22 5f 5f 67 65 74 46 61 63 74 6f 72 79 54 69 6d 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 76 61 72 20 67 2c 68 2c 69 3d 62 28 22 4b 69 6c 6c 61 62 79 74 65 50 72 6f 66 69 6c 65 72 43 6f 6e 66 69 67 22 29 2e 68 74 6d 6c 50 72 6f 66 69 6c 65 72 4d Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["FEt5G"]); }__d("CavalryLoggerImpl",["Arbiter","Banzai","Bootloader","ImageTimingHelper","ISB","KillabyteProfilerConfig","NavigationTimingHelper","PageEvents","PageletEventConstsJS","PageletEventsHelper","PerfXLogger","ResourceTimingBootloaderHelper","ScriptPath","performance","performanceAbsoluteNow","__getTotalFactories","__getCompileTime","__getFactoryTime"],(function(a,b,c,d,e,f){__p&&__p();var g,h,i=b("KillabyteProfilerConfig").htmlProfilerM
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 63 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
4 192.168.2.5 49719 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.012952089 CET
61 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lrL2wvMCxjcm9zcy9HN1h6Y2FTMVFtTS5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:38.337304115 CET
96 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: M8jeZhmFCAmKrvJ28Y6i/A==Cache-Control: public,max-age=31536000,immutableExpires: Mon, 16 Nov 2020 16:13:27 GMTX-FB-Debug: DVxFKCzVL0P6WrPjzRpki2Z9MPs9L/KBgZSZGDfpwBPEKBG93cStivh1QaT2s2PozxZiTFe5+b57auO7BC1r7w==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 235738Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e 5f 33 5f 73 30 2e 5f 33 5f 73 30 7b 62 6f 72 64 65 72 3a 30 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 34 34 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 36 30 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 74 6f 70 3a 30 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 6f 70 20 2e 33 73 2c 20 68 65 69 67 68 74 20 2e 33 73 3b 7a 2d 69 6e 64 65 78 3a 33 30 31 7d 2e 68 69 64 65 42 61 6e 6e 65 72 20 2e 5f 33 5f 73 30 2c 2e 66 69 78 65 64 42 6f 64 79 20 2e 5f 33 5f 73 30 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 5f 33 5f 73 30 2e 5f 31 74 6f 66 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 7a 2d 69 6e 64 65 78 3a 34 30 30 7d 2e 5f 33 5f 73 30 2e 5f 31 74 6f 65 7b 68 65 69 67 68 74 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 2e 5f 33 5f 73 30 20 2e 5f 36 30 38 6d 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 65 6e 64 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 6d 61 78 2d 77 69 64 74 68 3a 39 38 31 70 78 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 70 78 3b 70 61 64 64 69 6e 67 3a 30 20 31 32 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 73 69 64 65 62 61 72 4d 6f 64 65 20 2e 5f 33 5f 73 30 20 2e 5f 36 30 38 6d 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 31 34 70 78 7d 2e 5f 33 5f 73 30 20 2e 5f 74 62 36 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 68 65 69 67 68 74 3a 34 34 70 78 7d 2e 5f 33 5f 73 30 20 2e 5f 36 30 38 6e 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 5f 33 Data Ascii: ._3_s0._3_s0{border:0;display:flex;height:44px;min-width:600px;position:relative;text-align:left;top:0;transition:top .3s, height .3s;z-index:301}.hideBanner ._3_s0,.fixedBody ._3_s0{display:none}._3_s0._1tof{position:absolute;width:100%;z-index:400}._3_s0._1toe{height:0;overflow:hidden}._3_s0 ._608m{align-self:flex-end;margin:0 auto;max-width:981px;min-width:100px;padding:0 12px;width:100%}.sidebarMode ._3_s0 ._608m{padding-right:214px}._3_s0 ._tb6{align-items:center;height:44px}._3_s0 ._608n{display:flex}._3
Nov 19, 2019 11:49:42.787528992 CET
1260 OUT GET /static/rsrc.php/v3iIJC4/yf/l/en_US/Nmb_F6p7z4a.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.122634888 CET
1262 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:42 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: alhaHZt7MSgeaEiXUiMOLg==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 04:50:01 GMTX-FB-Debug: xgjz+4zIfAvm+qtBt1CU3m7HMfpw0Fix4EnD1+pz1neuqCSpTeCD6nrvugjlD7hH5cl9R/Nlbw6Tzb+pR+GzoA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 515585Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 69 Data Ascii: i
Copyright Joe Security LLC 2019 Page 64 of 86
Nov 19, 2019 11:49:47.436016083 CET
3005 OUT GET /static/rsrc.php/v3/yx/r/TSwa_FPpysc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:47.759746075 CET
3042 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: uGkjMni04DHQ6lcJzi89Pw==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 15:28:53 GMTX-FB-Debug: h0QIy0ssDs7IGpjskkXpEhbV68KjzhgTSFwbC5C5taSzmatPcxwR2zGMx8o6/evM7+w3gK6pGU/TOvE0m02wxw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 16338Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 Data Ascii: i
Nov 19, 2019 11:49:47.860661030 CET
3100 OUT GET /static/rsrc.php/v3iYXl4/yN/l/en_US/NxAfI9A4Tnd.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:48.184936047 CET
3183 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: rS2oHRvwr8eRRm1dydYIuA==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 20:19:08 GMTX-FB-Debug: 2BKWhPkjOQwDB2Sv1ss8B57TKuG0Gm3pyX1g9Gv5njQ1sDuaKqmIFoE0PLdDpCATeIBCnywYwHUTyisrwS0JVw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 29764Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 Data Ascii: i
Nov 19, 2019 11:49:49.711990118 CET
4021 OUT GET /static/rsrc.php/v3/y9/r/h-GkR7hjZkA.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 65 of 86
Nov 19, 2019 11:49:50.035778999 CET
4111 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:49 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 2NC3ZJF/rErSB3qXAiRktA==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 23:00:50 GMTX-FB-Debug: zhnQpDsK4hCwje9lSbttpt9m4VpZUDGnztDUKNBqO2BV7gDAY9D2IjfBTDUtju8pkmFfMZBDarupldZKW9CHXA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 15665Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 6e 70 35 56 6c 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 53 63 72 69 70 74 50 61 74 68 53 74 61 74 65 22 2c 5b 22 41 72 62 69 74 65 72 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 76 61 72 20 67 2c 68 2c 69 2c 6a 2c 6b 3d 31 30 30 2c 6c 3d 7b 73 65 74 49 73 55 49 50 61 67 65 6c 65 74 52 65 71 75 65 73 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 3d 61 7d 2c 73 65 74 55 73 65 72 55 52 49 53 61 6d 70 6c 65 52 61 74 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 6a 3d 61 7d 2c 72 65 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 67 3d 6e 75 6c 6c 2c 68 3d 21 31 2c 69 3d 21 31 7d 2c 5f 73 68 6f 75 6c 64 55 70 64 61 74 65 53 63 72 69 70 74 50 61 74 68 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 68 26 26 21 69 7d 2c 5f 73 68 6f 75 6c 64 53 65 6e 64 55 52 49 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 4d 61 74 68 2e 72 61 6e 64 6f 6d 28 29 3c 6a 7d 2c 67 65 74 50 61 72 61 6d 73 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 7b 7d 3b 6c 2e 5f 73 68 6f 75 6c 64 55 70 64 61 74 65 53 63 72 69 70 74 50 61 74 68 28 29 3f 6c 2e 5f 73 68 6f 75 6c 64 53 65 6e 64 55 52 49 28 29 26 26 67 21 3d 3d 6e 75 6c 6c 26 26 28 61 2e 75 73 65 72 5f 75 72 69 3d 67 2e 73 75 62 73 74 72 69 6e 67 28 30 2c 6b 29 29 3a 61 2e 6e 6f 5f 73 63 72 69 70 74 5f 70 61 74 68 3d 31 3b Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["np5Vl"]); }__d("ScriptPathState",["Arbiter"],(function(a,b,c,d,e,f){__p&&__p();var g,h,i,j,k=100,l={setIsUIPageletRequest:function(a){i=a},setUserURISampleRate:function(a){j=a},reset:function(){g=null,h=!1,i=!1},_shouldUpdateScriptPath:function(){return h&&!i},_shouldSendURI:function(){return Math.random()<j},getParams:function(){var a={};l._shouldUpdateScriptPath()?l._shouldSendURI()&&g!==null&&(a.user_uri=g.substring(0,k)):a.no_script_path=1;
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
5 192.168.2.5 49716 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.017383099 CET
62 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3k2L2wvMCxjcm9zcy9jRGp5QVBQbmtrcC5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 66 of 86
Nov 19, 2019 11:49:38.357525110 CET
120 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: y/eL/pk4pobGv5ItaQ0ILQ==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 15:47:21 GMTX-FB-Debug: UieMQjwjKODS1BbfxEwK8ifc9NDvN1JJGzRsB+qteuk8AyfEm6aUFyVTetlWCAuBKmmHDNhVfEeY6eCJ+SrSBw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 23406Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 7b 70 61 64 64 69 6e 67 3a 31 34 70 78 20 30 20 30 20 31 37 70 78 3b 6d 61 72 67 69 6e 3a 35 30 70 78 20 61 75 74 6f 20 31 35 70 78 20 61 75 74 6f 3b 62 6f 72 64 65 72 2d 74 6f 70 3a 32 70 78 20 73 6f 6c 69 64 20 23 64 33 64 61 65 36 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 53 6c 69 6d 7b 70 61 64 64 69 6e 67 3a 30 20 30 20 30 20 31 37 70 78 3b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 20 31 35 70 78 20 61 75 74 6f 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 66 6f 6f 74 65 72 7b 77 69 64 74 68 3a 35 37 38 70 78 3b 6d 61 72 67 69 6e 3a 35 70 78 20 61 75 74 6f 20 30 20 61 75 74 6f 3b 66 6f 6e 74 2d 73 69 7a 65 3a 39 70 78 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 74 65 78 74 5f 63 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 36 70 78 3b 77 69 64 74 68 3a 34 36 35 70 78 3b 66 6c 6f 61 74 3a 6c 65 66 74 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 74 65 78 74 5f 68 65 61 64 6c 69 6e 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 70 78 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 74 65 78 74 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 31 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 34 70 78 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 6c 61 72 67 65 20 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 74 65 78 74 7b 77 69 64 74 68 3a 34 30 30 70 78 7d 2e 55 49 43 6f 6e 74 65 6e 74 54 6f 70 70 65 72 5f 74 65 78 74 5f 62 6f 6c 64 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c Data Ascii: .UIContentTopper{padding:14px 0 0 17px;margin:50px auto 15px auto;border-top:2px solid #d3dae6}.UIContentTopperSlim{padding:0 0 0 17px;margin:0 auto 15px auto}.UIContentTopper_footer{width:578px;margin:5px auto 0 auto;font-size:9px}.UIContentTopper_text_container{margin-top:6px;width:465px;float:left}.UIContentTopper_text_headline{font-size:15px;font-weight:bold}.UIContentTopper_text{font-size:11px;margin-top:4px}.UIContentTopper_large .UIContentTopper_text{width:400px}.UIContentTopper_text_bold{font-weight:bol
Nov 19, 2019 11:49:38.725240946 CET
294 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lqL3IvQnlGalR1UENlVE0uanM/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:39.078970909 CET
439 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: XvU4kuLc4l4bGmLHXc8PZg==Cache-Control: public,max-age=31536000,immutableExpires: Sat, 14 Nov 2020 18:53:32 GMTX-FB-Debug: U4QwUZxy38wDH0KtE2YCYsx9k3M9ty2aCyBCEX3WNdo5PcBN+VWm8MPA9yTF9ke4oN3S3L71y55MOa+eQm9TlA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 337335Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 71 36 36 57 59 22 5d 29 3b 20 7d 0a 0a 73 65 6c 66 2e 5f 5f 44 45 56 5f 5f 3d 73 65 6c 66 2e 5f 5f 44 45 56 5f 5f 7c 7c 30 2c 73 65 6c 66 2e 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 7d 3b 0a 22 75 73 65 20 73 74 72 69 63 74 22 3b 0a 41 72 72 61 79 2e 66 72 6f 6d 7c 7c 28 41 72 72 61 79 2e 66 72 6f 6d 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 61 3d 3d 6e 75 6c 6c 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 4f 62 6a 65 63 74 20 69 73 20 6e 75 6c 6c 20 6f 72 20 75 6e 64 65 66 69 6e 65 64 22 29 3b 76 61 72 20 62 3d 61 72 67 75 6d 65 6e 74 73 5b 31 5d 2c 63 3d 61 72 67 75 6d 65 6e 74 73 5b 32 5d 2c 64 3d 74 68 69 73 2c 65 3d 4f 62 6a 65 63 74 28 61 29 2c 66 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 53 79 6d 62 6f 6c 2e 69 74 65 72 61 74 6f 72 3a 22 40 40 69 74 65 72 61 74 6f 72 22 3a 22 40 40 69 74 65 72 61 74 6f 72 22 2c 67 3d 74 79 70 65 6f 66 20 62 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 68 3d 74 79 70 65 6f 66 20 65 5b 66 5d 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 2c 69 3d 30 2c 6a 2c 6b 3b 69 66 28 68 29 7b 6a 3d 74 79 70 65 6f 66 20 64 3d 3d 3d 22 66 75 6e 63 74 69 6f 6e 22 3f 6e 65 77 20 64 28 29 3a 5b 5d 3b 76 61 72 20 6c 3d 65 5b 66 5d 28 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["q66WY"]); }self.__DEV__=self.__DEV__||0,self.emptyFunction=function(){};"use strict";Array.from||(Array.from=function(a){if(a==null)throw new TypeError("Object is null or undefined");var b=arguments[1],c=arguments[2],d=this,e=Object(a),f=typeof Symbol==="function"?typeof Symbol==="function"?Symbol.iterator:"@@iterator":"@@iterator",g=typeof b==="function",h=typeof e[f]==="function",i=0,j,k;if(h){j=typeof d==="function"?new d():[];var l=e[f](
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 67 of 86
Nov 19, 2019 11:49:42.780136108 CET
1259 OUT GET /static/rsrc.php/v3i3Gb4/ys/l/en_US/7W_zzge2D8D.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.129458904 CET
1276 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:42 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: LBUPp52DuqjtnGoASsdbtQ==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 02:26:49 GMTX-FB-Debug: 5Ei6EyhMdWrdbp310XRU0D8r2aFi0aJfe8KDKDhuyjQBHvDRZ6GVPgZenzN5ojsQJxvgo5f30Y+mcsdgOF1Asg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 718345Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 69 4a 4f 58 37 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 55 46 49 32 56 69 65 77 4f 70 74 69 6f 6e 22 2c 5b 22 71 65 78 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 61 3d 7b 69 73 43 68 72 6f 6e 6f 6c 6f 67 69 63 61 6c 4f 72 64 65 72 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 62 28 22 71 65 78 22 29 3b 69 66 28 61 3d 3d 3d 22 46 52 49 45 4e 44 53 5f 43 4f 4d 4d 45 4e 54 53 22 26 26 21 63 2e 5f 28 22 31 30 38 30 32 31 37 22 29 29 72 65 74 75 72 6e 21 31 3b 73 77 69 74 63 68 28 61 29 7b 63 61 73 65 22 52 45 43 45 4e 54 5f 41 43 54 49 56 49 54 59 22 3a 63 61 73 65 22 52 41 4e 4b 45 44 5f 54 48 52 45 41 44 45 44 22 3a 63 61 73 65 22 52 41 4e 4b 45 44 5f 55 4e 46 49 4c 54 45 52 45 44 22 3a 63 61 73 65 22 4c 49 56 45 5f 53 54 52 45 41 4d 49 4e 47 22 3a 63 61 73 65 22 52 41 4e 4b 45 44 5f 53 55 42 5f 52 45 50 4c 49 45 53 22 3a 63 61 73 65 22 52 41 4e 4b 45 44 5f 52 45 50 4c 49 45 53 22 3a 72 65 74 75 72 6e 21 31 7d 72 65 74 75 72 6e 21 30 7d 7d 3b 65 2e 65 78 70 6f 72 74 73 3d 61 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 55 46 49 32 43 6f 6d 6d 65 6e 74 73 4c 69 73 74 53 74 61 74 65 22 2c 5b 22 69 6e 76 61 72 69 61 6e 74 22 2c 22 45 72 72 6f 72 55 74 69 6c 73 22 2c 22 46 42 4c 6f 67 67 65 72 22 2c 22 55 46 49 32 56 69 65 77 4f 70 74 69 6f 6e 22 2c Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["iJOX7"]); }__d("UFI2ViewOption",["qex"],(function(a,b,c,d,e,f){"use strict";a={isChronologicalOrder:function(a){var c=b("qex");if(a==="FRIENDS_COMMENTS"&&!c._("1080217"))return!1;switch(a){case"RECENT_ACTIVITY":case"RANKED_THREADED":case"RANKED_UNFILTERED":case"LIVE_STREAMING":case"RANKED_SUB_REPLIES":case"RANKED_REPLIES":return!1}return!0}};e.exports=a}),null);__d("UFI2CommentsListState",["invariant","ErrorUtils","FBLogger","UFI2ViewOption",
Nov 19, 2019 11:49:47.426805973 CET
3005 OUT GET /static/rsrc.php/v3/yR/r/e24e1pKT5YP.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 68 of 86
Nov 19, 2019 11:49:47.767225027 CET
3060 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: rYegUu/am7x0mJnjTaVdqw==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 15:22:45 GMTX-FB-Debug: Ao65AEJ+oRFdtuQYTPAKergFBOq+Uq7+Zn8fgGd0w7Hu5zHWiizuP/IF3vIkDlRVi21FnkIDkq57wBUDLGSoqQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 15392Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 70 76 67 61 57 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 4c 6f 67 67 65 64 4f 75 74 53 77 69 74 63 68 69 6e 67 4c 6f 63 61 6c 65 54 79 70 65 64 4c 6f 67 67 65 72 22 2c 5b 22 42 61 6e 7a 61 69 22 2c 22 47 65 6e 65 72 61 74 65 64 4c 6f 67 67 65 72 55 74 69 6c 73 22 2c 22 6e 75 6c 6c 74 68 72 6f 77 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 5f 5f 70 26 26 5f 5f 70 28 29 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 66 75 6e 63 74 69 6f 6e 20 61 28 29 7b 74 68 69 73 2e 24 31 3d 7b 7d 7d 76 61 72 20 63 3d 61 2e 70 72 6f 74 6f 74 79 70 65 3b 63 2e 6c 6f 67 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 62 28 22 47 65 6e 65 72 61 74 65 64 4c 6f 67 67 65 72 55 74 69 6c 73 22 29 2e 6c 6f 67 28 22 6c 6f 67 67 65 72 3a 4c 6f 67 67 65 64 4f 75 74 53 77 69 74 63 68 69 6e 67 4c 6f 63 61 6c 65 4c 6f 67 67 65 72 43 6f 6e 66 69 67 22 2c 74 68 69 73 2e 24 31 2c 62 28 22 42 61 6e 7a 61 69 22 29 2e 42 41 53 49 43 29 7d 3b 63 2e 6c 6f 67 56 69 74 61 6c 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 62 28 22 47 65 6e 65 72 61 74 65 64 4c 6f 67 67 65 72 55 74 69 6c 73 22 29 2e 6c 6f 67 28 22 6c 6f 67 67 65 72 3a 4c 6f 67 67 65 64 4f 75 74 53 77 69 74 63 68 69 6e 67 4c 6f 63 61 6c 65 4c 6f 67 67 65 72 43 6f 6e 66 69 67 22 2c 74 68 69 73 2e 24 31 2c 62 28 22 42 61 6e 7a 61 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["pvgaW"]); }__d("LoggedOutSwitchingLocaleTypedLogger",["Banzai","GeneratedLoggerUtils","nullthrows"],(function(a,b,c,d,e,f){"use strict";__p&&__p();a=function(){__p&&__p();function a(){this.$1={}}var c=a.prototype;c.log=function(){b("GeneratedLoggerUtils").log("logger:LoggedOutSwitchingLocaleLoggerConfig",this.$1,b("Banzai").BASIC)};c.logVital=function(){b("GeneratedLoggerUtils").log("logger:LoggedOutSwitchingLocaleLoggerConfig",this.$1,b("Banza
Nov 19, 2019 11:49:47.874447107 CET
3101 OUT GET /static/rsrc.php/v3iVop4/yZ/l/en_US/N-He0del83q.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:48.234545946 CET
3213 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: mMX0+Ap9w04Aj4lP22tAOg==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 14:57:29 GMTX-FB-Debug: j6Wm3sICe0/t9DkuFNVGeimXSA0vQ2+lNOMuK3/0sj0lvUq05neukjnn4pu4JUpekQRhuvuBvDrf5sXIdWIqQA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 12100Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 Data Ascii: i
Nov 19, 2019 11:49:48.332758904 CET
3239 OUT GET /static/rsrc.php/v3i1HE4/yx/l/en_US/0lUsxssk6yc.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 69 of 86
Nov 19, 2019 11:49:48.675092936 CET
3346 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: EMMp7pO85X6tmfRQShZL4w==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 14:46:41 GMTX-FB-Debug: WDdDiI/+ardfFnzx78cJIFk3vxsaRE4Ig0CVEa5ywVO1IVu6yfYhxZi01gY3GTPkY4c6Opt3Dzgn7BUuq4ajsA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 211459Keep-Alive: timeout=5, max=95Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 6a 78 50 4a 58 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 46 42 52 54 43 4d 65 73 73 61 67 65 54 79 70 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 4a 4f 49 4e 3a 30 2c 53 45 52 56 45 52 5f 4d 45 44 49 41 5f 55 50 44 41 54 45 3a 31 2c 48 41 4e 47 55 50 3a 32 2c 49 43 45 5f 43 41 4e 44 49 44 41 54 45 3a 33 2c 52 49 4e 47 3a 34 2c 44 49 53 4d 49 53 53 3a 35 2c 43 4f 4e 46 45 52 45 4e 43 45 5f 53 54 41 54 45 3a 36 2c 41 44 44 5f 50 41 52 54 49 43 49 50 41 4e 54 53 3a 37 2c 53 55 42 53 43 52 49 50 54 49 4f 4e 3a 38 2c 43 4c 49 45 4e 54 5f 4d 45 44 49 41 5f 55 50 44 41 54 45 3a 39 2c 44 41 54 41 5f 4d 45 53 53 41 47 45 3a 31 30 2c 52 45 4d 4f 56 45 5f 50 41 52 54 49 43 49 50 41 4e 54 53 3a 31 31 2c 50 49 4e 47 3a 31 38 2c 50 32 50 5f 50 52 4f 54 4f 43 4f 4c 3a 31 39 2c 55 50 44 41 54 45 3a 32 30 2c 4e 4f 54 49 46 59 3a 32 31 2c 43 4f 4e4e 45 43 54 3a 32 32 2c 43 4c 49 45 4e 54 5f 45 56 45 4e 54 3a 32 33 7d 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 46 75 6e 64 73 41 76 61 69 6c 61 62 69 6c 69 74 79 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 4e 4f 4e 45 3a 30 2c 46 55 4e 44 53 5f 41 56 41 49 4c 41 42 49 4c 49 54 59 5f 4e 41 3a 36 35 2c 46 55 4e 44 53 5f 41 56 41 49 4c 41 42 49 4c 49 54 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["jxPJX"]); }__d("FBRTCMessageType",[],(function(a,b,c,d,e,f){e.exports={JOIN:0,SERVER_MEDIA_UPDATE:1,HANGUP:2,ICE_CANDIDATE:3,RING:4,DISMISS:5,CONFERENCE_STATE:6,ADD_PARTICIPANTS:7,SUBSCRIPTION:8,CLIENT_MEDIA_UPDATE:9,DATA_MESSAGE:10,REMOVE_PARTICIPANTS:11,PING:18,P2P_PROTOCOL:19,UPDATE:20,NOTIFY:21,CONNECT:22,CLIENT_EVENT:23}}),null);__d("FundsAvailability",[],(function(a,b,c,d,e,f){e.exports={NONE:0,FUNDS_AVAILABILITY_NA:65,FUNDS_AVAILABILIT
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
6 192.168.2.5 49718 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.021445990 CET
62 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lYL2wvMCxjcm9zcy8wMmFwX2xOZ1pwSC5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 70 of 86
Nov 19, 2019 11:49:38.370961905 CET
143 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-UA-Compatible: IE=edgeVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: mqVGwiLyVwAxz1EVQ/ayXw==Cache-Control: public,max-age=31536000,immutableExpires: Tue, 17 Nov 2020 10:29:59 GMTX-FB-Debug: ICOZHvKARo/cShJtOu0mXTSmNaqsk8c2LGzBxLu8sTmqQ3okUnbtELA95iu8YN1gtT4s9yzA2zN4jpJ4QW+40w==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 18394Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e 5f 34 2d 64 6f 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 5f 34 2d 64 70 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 3a 34 30 70 78 20 30 20 32 30 70 78 7d 2e 5f 34 2d 64 71 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 38 70 78 3b 6d 61 72 67 69 6e 3a 32 30 70 78 20 30 7d 2e 5f 34 2d 64 72 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 30 70 78 7d 0a 2e 5f 31 79 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 7d 2e 5f 34 34 32 6e 20 2e 5f 31 79 74 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 5f 35 75 6e 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 7d 2e 5f 31 79 74 20 2e 5f 35 75 6e 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 2e 5f 31 79 74 20 2e 5f 34 5f 79 6c 20 2e 5f 35 75 6e 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 38 70 78 7d 2e 5f 31 79 74 20 2e 5f 34 5f 79 6c 3a 66 69 72 73 74 2d 63 68 69 6c 64 20 2e 5f 35 75 6e 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 74 6f 70 3a 30 7d 0a 2e 5f 36 6b 5f 20 2e 69 6d 67 7b 6d 61 72 67 69 6e 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 7d 0a 2e 66 62 78 20 23 70 61 67 65 46 6f 6f 74 65 72 7b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 77 69 64 74 68 3a 61 75 74 6f 7d 2e 68 61 73 4c 65 66 74 43 6f 6c 20 23 70 61 67 65 46 6f 6f 74 65 72 Data Ascii: ._4-do{text-align:center}._4-dp{font-size:24px;line-height:28px;margin:40px 0 20px}._4-dq{font-size:16px;line-height:28px;margin:20px 0}._4-dr{font-size:12px;line-height:20px}._1yt{margin-top:8px}._442n ._1yt{margin-top:0}._5und{margin-top:8px}._1yt ._5und:first-child{margin-top:0}._1yt ._4_yl ._5und:first-child{margin-top:8px}._1yt ._4_yl:first-child ._5und:first-child{margin-top:0}._6k_ .img{margin:0;position:absolute}.fbx #pageFooter{margin:auto;width:auto}.hasLeftCol #pageFooter
Nov 19, 2019 11:49:38.731321096 CET
294 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3liL3IvR3NOSk53dUktVU0uZ2lm HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:39.071118116 CET
438 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/gifLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: cH2zTAVPHVXw/aQfDhS/Bg==Cache-Control: public,max-age=31536000,immutableExpires: Thu, 12 Nov 2020 05:31:51 GMTX-FB-Debug: o5cT9MqfPETIxm+h1aqVLC/O1R/4Vo+qAJRJ5RWuZUy4ikzvikpcyfs2bArDRj7+Y9TDMga2GYCom9sQVDvdtg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 522Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 47 49 46 38 39 61 10 00 0b 00 b3 0c 00 e5 e9 f1 ad b9 d3 70 87 b4 ea ed f4 bd c6 db e0 e5 ee f2 f4 f8 9e ac cb 8c 9e c3 52 6f a7 f4 f6 f9 ef f2 f6 ff ff ff 00 00 00 00 00 00 00 00 00 21 ff 0b 4e 45 54 53 43 41 50 45 32 2e 30 03 01 00 00 00 21 f9 04 05 0b 00 0c 00 2c 00 00 00 00 10 00 0b 00 00 04 2b 90 c9 49 ab bd d4 ac 65 a4 e6 de a6 29 ca 22 2d a4 c9 a025 ab ba 67 0a af 69 dc d6 74 69 6f f8 ec 7e 1d 06 30 04 c2 18 8f 94 08 00 21 f9 04 09 0b 00 0c 00 2c 00 00 00 00 04 00 0b 00 00 04 0f 50 a4 24 11 9a 16 df 94 f9 ee e0 77 49 54 04 00 21 f9 04 09 0b 00 0c 00 2c 00 00 00 00 10 00 0b 00 00 04 32 90 c9 29 52 12 73 86 73 82 4c 08 92 64 d2 41 10 c7 17 8e a4 89 aa 22 c9 b8 29 03 c6 ed 59 df 6c 46 c3 bd c9 cf b6 92 0d 79 b2 4d 07 28 93 55 2e b2 08 00 21 f9 04 09 0b 00 0c 00 2c 00 00 00 00 10 00 0b 00 00 04 3e 90 c9 49 a5 48 49 54 16 ce 09 52 82 20 09 50 14 80 74 10 c4 11 8e 49 31 0c 85 ca ba 8c 48 ca b4 dd be bb 59 8d b1 fa e5 60 bc 61 11 a7 8b 09 7d 4c 98 09 05 05 26 36 9d 8f 75 b3 b9 64 22 00 21 f9 04 09 0b 00 0c 00 2c 00 00 00 00 10 00 0b 00 00 04 3d 90 c9 49 ab bd e1 9c 60 d6 32 12 50 14 80 74 10 c4 b1 28 ca 22 15 c3 50 98 a8 ca ba 0c 2c d3 e9 da be b1 19 e3 d4 bb 01 77 c3 9a 0f a7 13 12 0f 9d 4f 68 54 4a a6 2e 95 cc 06 8b 8d 00 00 21 f9 04 05 0b 00 0c 00 2c 00 00 00 00 10 00 0b 00 00 04 33 90 c9 49 ab bd d4 ac 65 a4 e6 12 50 14 c0 a2 28 8b 64 a2 52 31 0c c5 9a 32 72 fb c6 e7 5c 33 2e bc ef 3d 1c 8b 96 b3 c1 3e 1d 06 32 34 02 60 9e d0 4a 04 00 21 f9 04 05 14 00 0c 00 2c 0c 00 02 00 04 00 07 00 00 04 0c d0 ac 25 95 9a 16 df 95 f9 95 54 04 00 3b Data Ascii: GIF89apRo!NETSCAPE2.0!,+Ie)"-%gitio~0!,P$wIT!,2)RssLdA")YlFyM(U.!,>IHITR PtI1HY`a}L&6ud"!,=I`2Pt("P,wOhTJ.!,3IeP(dR12r\3.=>24`J!,%T;
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
7 192.168.2.5 49722 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2019 Page 71 of 86
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.356698990 CET
108 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3lEL2wvMCxjcm9zcy8yV1ROcFRubGZXNy5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:38.692027092 CET
222 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-UA-Compatible: IE=edgeVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: qICr7vxDpcY33oUq3JYTSA==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 15:50:56 GMTX-FB-Debug: bhwNzP7B48R26ZsmDICxzfbMdtyQ7zTaF1KERqOVOrQtD+DjDItk1hO3Qy74qKeE1lb5ch7O+qpPALibtDWgnw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 108023Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 2e Data Ascii: .
Nov 19, 2019 11:49:42.790611982 CET
1260 OUT GET /static/rsrc.php/v3/yf/r/rELlH3fWQtn.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.139174938 CET
1304 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:42 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: pLrTn05cofzUo3yjgD0gjg==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 05:02:51 GMTX-FB-Debug: zF4I5lQ4Q4H0SQjeXrIHE1twDNBsK6VtFGqN5uTTByEcLde5pJO0FFbNBRJIZlslSTJ5rEE010VgDTeyZSBqVQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 412102Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 51 74 45 7a 70 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 41 63 74 6f 72 55 52 49 43 6f 6e 66 69 67 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 50 41 52 41 4d 45 54 45 52 5f 41 43 54 4f 52 3a 22 61 76 22 2c 45 4e 43 52 59 50 54 45 44 5f 50 41 52 41 4d 45 54 45 52 5f 41 43 54 4f 52 3a 22 65 61 76 22 7d 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 43 6f 6d 65 74 53 74 79 6c 65 58 44 61 72 6b 54 68 65 6d 65 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 22 66 64 73 2d 61 63 74 69 76 65 2d 69 63 6f 6e 22 3a 22 62 6c 61 63 6b 22 2c 22 66 64 73 2d 61 74 74 61 63 68 6d 65 6e 74 2d 66 6f 6f 74 65 72 2d 62 61 63 6b 67 72 6f 75 6e 64 22 3a 22 62 6c 61 63 6b 22 2c 22 66 64 73 2d 62 6c 61 63 6b 22 3a 22 62 6c 61 63 6b 22 2c 22 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 30 35 22 3a 22 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 30 35 29 22 2c 22 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 31 30 22 3a 22 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 29 22 2c 22 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 31 35 22 3a 22 72 67 62 61 28 30 2c 20 30 2c 20 30 2c 20 30 2e 31 35 29 22 2c 22 66 64 73 2d 62 6c 61 63 6b 2d 61 6c 70 68 61 2d 32 30 22 3a 22 72 67 62 61 28 30 2c 20 30 2c 20 30 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["QtEzp"]); }__d("ActorURIConfig",[],(function(a,b,c,d,e,f){e.exports={PARAMETER_ACTOR:"av",ENCRYPTED_PARAMETER_ACTOR:"eav"}}),null);__d("CometStyleXDarkTheme",[],(function(a,b,c,d,e,f){e.exports={"fds-active-icon":"black","fds-attachment-footer-background":"black","fds-black":"black","fds-black-alpha-05":"rgba(0, 0, 0, 0.05)","fds-black-alpha-10":"rgba(0, 0, 0, 0.1)","fds-black-alpha-15":"rgba(0, 0, 0, 0.15)","fds-black-alpha-20":"rgba(0, 0, 0
Nov 19, 2019 11:49:47.416718960 CET
3005 OUT GET /static/rsrc.php/v3i-RI4/yf/l/en_US/eQUWlompwsJ.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Copyright Joe Security LLC 2019 Page 72 of 86
Nov 19, 2019 11:49:47.753405094 CET
3008 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: nvzIL/12tJ44boAWtn8rpg==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 14:41:56 GMTX-FB-Debug: zyi9DAVdTcft4J6bpOcdn9WBS2Rp6uV+Om4g7n/xg0Q6TKqSI6rz1KgJf8ZV53pO7c9UrDcG+uHlJxDpiFHplw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 70440Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 76 70 5a 61 62 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 50 69 78 65 6c 52 61 74 69 6f 43 6f 6e 73 74 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 63 6f 6f 6b 69 65 4e 61 6d 65 3a 22 64 70 72 22 7d 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 54 69 6d 65 7a 6f 6e 65 41 75 74 6f 73 65 74 22 2c 5b 22 41 73 79 6e 63 52 65 71 75 65 73 74 22 2c 22 44 61 74 65 43 6f 6e 73 74 73 22 2c 22 46 42 4c 6f 67 67 65 72 22 2c 22 65 6d 70 74 79 46 75 6e 63 74 69 6f 6e 22 2c 22 6b 69 6c 6c 73 77 69 74 63 68 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 76 61 72 20 67 3d 28 63 3d 62 28 22 44 61 74 65 43 6f 6e 73 74 73 22 29 29 2e 48 4f 55 52 5f 50 45 52 5f 44 41 59 2c 68 3d 63 2e 4d 49 4e 5f 50 45 52 5f 48 4f 55 52 2c 69 3d 63 2e 4d 53 5f 50 45 52 5f 53 45 43 2c 6a 3d 63 2e 53 45 43 5f 50 45 52 5f 4d 49 4e 2c 6b 3d 21 31 3b 66 75 6e 63 74 69 6f 6e 20 6c 28 61 29 7b 76 61 72 20 63 3d 68 2a 67 2c 64 3d 6e 65 77 20 44 61 74 65 28 29 2c 65 3d 64 2e 67 65 74 54 69 6d 65 7a 6f 6e 65 4f 66 66 73 65 74 28 29 3b 64 3d 64 2e 67 65 74 54 69 6d 65 28 29 2f 69 3b 76 61 72 20 66 3d 31 35 3b 61 3d 61 2d 64 3b 64 3d 4d 61 74 68 2e 72 6f 75 6e 64 28 61 2f 28 66 2a 6a 29 29 2a 66 3b 64 21 3d 30 26 26 62 28 22 46 42 4c 6f 67 67 65 72 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["vpZab"]); }__d("PixelRatioConst",[],(function(a,b,c,d,e,f){e.exports={cookieName:"dpr"}}),null);__d("TimezoneAutoset",["AsyncRequest","DateConsts","FBLogger","emptyFunction","killswitch"],(function(a,b,c,d,e,f){__p&&__p();var g=(c=b("DateConsts")).HOUR_PER_DAY,h=c.MIN_PER_HOUR,i=c.MS_PER_SEC,j=c.SEC_PER_MIN,k=!1;function l(a){var c=h*g,d=new Date(),e=d.getTimezoneOffset();d=d.getTime()/i;var f=15;a=a-d;d=Math.round(a/(f*j))*f;d!=0&&b("FBLogger
Nov 19, 2019 11:49:48.103930950 CET
3153 OUT GET /static/rsrc.php/v3idwB4/yP/l/en_US/DzWAqG4WWLL.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:48.443103075 CET
3241 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 6lfcKYS/4sRF+murMfGL3w==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 04:25:33 GMTX-FB-Debug: Bks+RhEpWofGCmYAX3GYJ8mK+Yf8q3sfEA5Ac960O0ggv7xhwxjWraxo7O7hm6s9pxeDrKItP/YKb9RV+gRLHg==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 157345Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 46 54 33 6a 39 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 4d 65 73 73 61 67 69 6e 67 54 61 67 22 2c 5b 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 65 2e 65 78 70 6f 72 74 73 3d 7b 47 52 4f 55 50 53 3a 22 67 72 6f 75 70 73 22 2c 55 4e 52 45 41 44 3a 22 75 6e 72 65 61 64 22 2c 46 4c 41 47 47 45 44 3a 22 66 6c 61 67 67 65 64 22 2c 41 43 54 49 4f 4e 5f 41 52 43 48 49 56 45 44 3a 22 61 63 74 69 6f 6e 3a 61 72 63 68 69 76 65 64 22 2c 49 4e 42 4f 58 3a 22 69 6e 62 6f 78 22 2c 4d 41 52 4b 45 54 50 4c 41 43 45 5f 46 4f 4c 44 45 52 3a 22 6d 61 72 6b 65 74 70 6c 61 63 65 5f 66 6f 6c 64 65 72 22 2c 4f 54 48 45 52 3a 22 6f 74 68 65 72 22 2c 50 45 4e 44 49 4e 47 3a 22 70 65 6e 64 69 6e 67 22 2c 4d 4f 4e 54 41 47 45 3a 22 6d 6f 6e 74 61 67 65 22 2c 50 41 47 45 53 3a 22 70 61 67 65 73 22 2c 50 41 47 45 5f 42 41 43 4b 47 52 4f 55 4e 44 3a 22 70 61 67 65 5f 62 61 63 6b 67 72 6f 75 6e 64 22 2c 41 43 54 49 4f 4e 5f 43 4f 50 49 45 44 5f 4d 45 53 53 41 47 45 3a 22 61 63 74 69 6f 6e 3a 63 6f 70 79 5f 6d 65 73 73 61 67 65 22 2c 41 43 54 49 4f 4e 5f 43 4f 50 49 45 44 5f 53 45 4c 46 5f 4d 45 53 53 41 47 45 3a 22 63 6f 70 79 5f 73 65 6c 66 5f 6d 65 73 73 61 67 65 22 2c 41 43 54 49 4f 4e 5f 43 4f 50 49 45 44 5f 41 54 54 41 43 48 4d 45 4e 54 3a 22 61 63 74 69 6f 6e 3a 63 6f 70 79 5f 61 74 74 61 63 68 6d 65 6e 74 22 2c 41 43 54 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["FT3j9"]); }__d("MessagingTag",[],(function(a,b,c,d,e,f){e.exports={GROUPS:"groups",UNREAD:"unread",FLAGGED:"flagged",ACTION_ARCHIVED:"action:archived",INBOX:"inbox",MARKETPLACE_FOLDER:"marketplace_folder",OTHER:"other",PENDING:"pending",MONTAGE:"montage",PAGES:"pages",PAGE_BACKGROUND:"page_background",ACTION_COPIED_MESSAGE:"action:copy_message",ACTION_COPIED_SELF_MESSAGE:"copy_self_message",ACTION_COPIED_ATTACHMENT:"action:copy_attachment",ACT
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 73 of 86
Nov 19, 2019 11:49:50.033911943 CET
4109 OUT GET /static/rsrc.php/v3iqES4/yN/l/en_US/lIJrOY0twaO.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:50.369851112 CET
4201 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:50 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: 9Fk1rRTNCgWehqKjOHJd5A==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 18:32:52 GMTX-FB-Debug: T+3EIuAHwMPwyNGScEXch82duBZ65gq9I9RmrqHKlSD/nh7zJbSXjdNdqc2LoBUqbHK6FL5pkC72rZTsxM72XQ==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 31294Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 31 5a 74 6c 61 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 44 65 74 65 63 74 42 72 6f 6b 65 6e 50 72 6f 78 79 43 61 63 68 65 22 2c 5b 22 41 73 79 6e 63 53 69 67 6e 61 6c 22 2c 22 43 6f 6f 6b 69 65 22 2c 22 55 52 49 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 76 61 72 20 67 3b 66 75 6e 63 74 69 6f 6e 20 61 28 61 2c 63 29 7b 76 61 72 20 64 3d 62 28 22 43 6f 6f 6b 69 65 22 29 2e 67 65 74 28 63 29 3b 69 66 28 64 21 3d 61 26 26 64 21 3d 6e 75 6c 6c 26 26 61 21 3d 22 30 22 29 7b 63 3d 7b 63 3a 22 73 69 5f 64 65 74 65 63 74 5f 62 72 6f 6b 65 6e 5f 70 72 6f 78 79 5f 63 61 63 68 65 22 2c 6d 3a 63 2b 22 20 22 2b 61 2b 22 20 22 2b 64 7d 3b 61 3d 6e 65 77 28 67 7c 7c 28 67 3d 62 28 22 55 52 49 22 29 29 29 28 22 2f 63 6f 6d 6d 6f 6e 2f 73 63 72 69 62 65 5f 65 6e 64 70 6f 69 6e 74 2e 70 68 70 22 29 2e 67 65 74 51 75 61 6c 69 66 69 65 64 55 52 49 28 29 2e 74 6f 53 74 72 69 6e 67 28 29 3b 6e 65 77 28 62 28 22 41 73 79 6e 63 53 69 67 6e 61 6c 22 29 29 28 61 2c 63 29 2e 73 65 6e 64 28 29 7d 7d 65 2e 65 78 70 6f 72 74 73 3d 7b 72 75 6e 3a 61 7d 7d 29 2c 6e 75 6c 6c 29 3b 0a 5f 5f 64 28 22 42 6f 6f 74 6c 6f 61 64 65 72 45 76 65 6e 74 73 54 79 70 65 64 4c 6f 67 67 65 72 22 2c 5b 22 42 61 6e 7a 61 69 22 2c 22 47 65 6e 65 72 61 74 65 64 4c 6f 67 67 65 72 55 74 69 6c 73 22 2c 22 6e 75 6c 6c 74 68 72 6f 77 73 22 5d 2c 28 66 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["1Ztla"]); }__d("DetectBrokenProxyCache",["AsyncSignal","Cookie","URI"],(function(a,b,c,d,e,f){var g;function a(a,c){var d=b("Cookie").get(c);if(d!=a&&d!=null&&a!="0"){c={c:"si_detect_broken_proxy_cache",m:c+" "+a+" "+d};a=new(g||(g=b("URI")))("/common/scribe_endpoint.php").getQualifiedURI().toString();new(b("AsyncSignal"))(a,c).send()}}e.exports={run:a}}),null);__d("BootloaderEventsTypedLogger",["Banzai","GeneratedLoggerUtils","nullthrows"],(f
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
8 192.168.2.5 49723 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:38.391391039 CET
159 OUT GET /static?u=aH&r=R0cHM6Ly9zdGF0aWMueHguZmJjZG4ubmV0L3JzcmMucGhwL3YzL3kyL2wvMCxjcm9zcy9sWjg2Y3Y5YVI5MC5jc3M/X25jX3g9SWozV3A4bGc1S3o= HTTP/1.1Accept: text/css, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:38.742350101 CET
295 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:38 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: D/kK+zzisO302r+X+0OamQ==Cache-Control: public,max-age=31536000,immutableExpires: Fri, 06 Nov 2020 19:17:31 GMTX-FB-Debug: UJezqe2ZuZ/JdxVAProsO5wBUJ/QGAs7qLnxf3ueN0hActuVVBuhGNXcj2UOf+tSNa71UK6kBxtNm1V7NeYzAA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 40628Keep-Alive: timeout=5, max=100Connection: Keep-AliveData Raw: 40 Data Ascii: @
Copyright Joe Security LLC 2019 Page 74 of 86
Nov 19, 2019 11:49:43.092402935 CET
1262 OUT GET /rsrc.php/v3/yj/r/AE-e0Vw8Uhd.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:43.431720018 CET
1338 IN HTTP/1.1 200 OKDate: Mon, 18 Nov 2019 11:35:17 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: image/pngLast-Modified: Mon, 01 Jan 2001 08:00:00 GMTX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: +5u0CX6+ZEWd69WrwHnA9w==Cache-Control: public,max-age=31536000,immutableExpires: Tue, 17 Nov 2020 11:35:17 GMTX-FB-Debug: PTb9ABlfWd2dxJqUF19tcXxPXU0s3WhWgHr0iFJHlLxhY2FoKK3tw7GPRzmV6UxWKgWatI4rHOcJlciqYU5Z6g==Content-Length: 13354Keep-Alive: timeout=5, max=99Connection: Keep-AliveData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 35 00 00 01 28 08 06 00 00 00 f8 d9 b9 81 00 00 20 00 49 44 41 54 78 5e ed 7d 0b 5c 54 d5 f6 ff 9e 61 18 66 50 c9 57 5e 53 a3 52 f3 81 5c 51 03 15 f3 95 9a 91 8a 06 58 94 4a 65 fc 0c 41 b1 48 4d cd 54 f4 de 90 34 1d 05 45 8b 08 bd 68 46 3e b8 81 8f 52 52 a3 42 14 1f 60 20 6a be 53 af 37 4d 0d 11 07 98 99 f3 ff 7c 4f 67 cf 3d 73 38 67 ce 99 07 d6 ed 7f f7 e7 33 1f 86 39 fb b1 be 7b ed bd f6 de 6b ad bd 0e 21 7f b2 64 31 33 44 e3 2a 26 86 61 d8 2a 54 2a 15 fe a0 3e 2d 21 44 c7 7d c7 ff c2 36 4c 84 10 fa 31 12 42 6a f1 3f ad c7 51 7a b8 76 6d 8a b9 0c 4a a5 52 a1 0e 6f 42 48 e3 89 13 27 3e fa fc f3 cf 0f f6 f5 f5 7d a2 69 d3 a6 8f 36 69 d2 a4 b5 4e a7 f3 f1 f0 f0 00 48 62 36 9b 8d 46 a3 b1 f2 ce 9d 3b d7 6e df be 7d e1 d2 a5 4b 47 36 6f de bc 3f 33 33 f3 82 4a a5 aa 22 84 54 bb 02 d0 d1 0e 11 cb 0f 8e 34 1f 3f 7e 7c e0 f7 df 7f 9f 7a fd fa f5 b3 8c 93 09 65 51 c7 b8 71 e3 7a a3 4e 8e db 04 dc 93 fb 08 09 c3 f0 63 c7 8c 83 09 9c 69 1c 17 17 e7 3f 79 f2 e4 37 ba 76 ed 3a 5a a3 d1 00 20 9b 2a 2a 2a 4a ca ca ca ce 94 97 97 5f 2d 2d 2d bd fe e3 8f 3f 56 5d bb 76 0d 43 8c b4 6e dd 5a fb f8 e3 8f 37 0e 08 08 78 b0 5b b7 6e 6d fc fd fd 3b 76 ed da b5 07 2d 6b 32 99 6a 4f 9f 3e fd 65 5a 5a da b2 d5 ab 57 1f 27 84 54 31 0c 83 a1 2a 99 84 c3 cf 19 50 3a 5f 5f df 36 d9 d9 d9 33 03 03 03 5f d5 68 34 ec b0 3a 75 ea d4 f1 dc dc dc c2 b9 73 e7 1e ab ab ab 73 a8 8f 3c 3d 3d c9 7b ef bd d7 73 f4 e8 d1 fd 3a 77 ee dc 1d 85 4d 26 93 b1 b8 b8 78 dd ab af be ba f4 f4 e9 d3 d7 08 21 46 86 61 2c 62 15 bb 02 4a 0d ee 24 26 26 f6 9f 36 6d 5a 6a b3 66 cd da a3 81 13 27 4e 1c 4d 49 49 d9 fd e1 87 1f 9e 77 08 89 44 e6 a8 a8 a8 87 67 cd 9a 15 d2 ad 5b b7 40 64 b9 75 eb d6 85 8f 3e fa e8 8d d9 b3 67 ef e7 b8 56 0f 98 b3 a0 00 a8 e9 b6 6d db 5e 1b 35 6a d4 df 3c 3d 3d 75 ff fa d7 Data Ascii: PNGIHDR5( IDATx^}\TafPW^SR\QXJeAHMT4EhF>RRB` jS7M|Og=s8g39{k!d13D*&a*T*>-!D}6L1Bj?QzvmJRoBH'>}i6iNHb6F;n}KG6o?33J"T4?~|zeQqzNci?y7v:Z ***J_---?V]vCnZ7x[nm;v-k2jO>eZZW'T1*P:__63_h4:uss<=={s:wM&x!Fa,bJ$&&6mZjf'NMIIwDg[@du>gVm^5j<==u
Nov 19, 2019 11:49:47.439567089 CET
3006 OUT GET /static/rsrc.php/v3iXji4/yv/l/en_US/46twG_p7jIg.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:47.912962914 CET
3102 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:47 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: ngnGd4sK09ktONPAgrCbvA==Cache-Control: public,max-age=31536000,immutableExpires: Wed, 18 Nov 2020 10:49:47 GMTX-FB-Debug: htHYrvce+QTzzXKGxQsuatLOEbzUDASEf2qsTp1+4F0DTwuwYWGzOkiHlvi7u4W4ybaxFj24U59t+T1xX+x1xw==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 21739Keep-Alive: timeout=5, max=98Connection: Keep-AliveData Raw: 69 Data Ascii: i
Nov 19, 2019 11:49:48.281894922 CET
3238 OUT GET /static/rsrc.php/v3i5Xt4/yZ/l/en_US/hX1hTfJarhp.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 75 of 86
Nov 19, 2019 11:49:48.623655081 CET
3330 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: s2rywDMHFQC9gIW+jzo5zg==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 17:56:24 GMTX-FB-Debug: F3ez2CUeswach9Q7r1CPJ/xxlXJFFffEX1ezUniCukdClKKG7PWh8hcy80+CX83norZP6yPTHkiRdoJ3mJvz4Q==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 63670Keep-Alive: timeout=5, max=97Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 69 67 74 69 4e 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 58 55 49 43 61 72 64 53 65 63 74 69 6f 6e 2e 72 65 61 63 74 22 2c 5b 22 63 78 22 2c 22 52 65 61 63 74 22 2c 22 58 55 49 42 6c 6f 63 6b 22 2c 22 6a 6f 69 6e 43 6c 61 73 73 65 73 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 5f 5f 70 26 26 5f 5f 70 28 29 3b 61 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 5f 5f 70 26 26 5f 5f 70 28 29 3b 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 69 6e 68 65 72 69 74 73 4c 6f 6f 73 65 28 63 2c 61 29 3b 66 75 6e 63 74 69 6f 6e 20 63 28 29 7b 72 65 74 75 72 6e 20 61 2e 61 70 70 6c 79 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 29 7c 7c 74 68 69 73 7d 76 61 72 20 64 3d 63 2e 70 72 6f 74 6f 74 79 70 65 3b 64 2e 72 65 6e 64 65 72 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 3d 74 68 69 73 2e 70 72 6f 70 73 3b 61 2e 62 61 63 6b 67 72 6f 75 6e 64 3b 76 61 72 20 63 3d 61 2e 63 68 69 6c 64 72 65 6e 2c 64 3d 61 2e 63 6c 61 73 73 4e 61 6d 65 3b 61 3d 62 61 62 65 6c 48 65 6c 70 65 72 73 2e 6f 62 6a 65 63 74 57 69 74 68 6f 75 74 50 72 6f 70 65 72 74 69 65 73 4c 6f 6f 73 65 28 61 2c 5b 22 62 61 63 6b 67 72 6f 75 6e 64 22 2c 22 63 68 69 6c 64 72 65 6e 22 2c 22 63 6c 61 73 73 4e 61 6d 65 22 5d 29 3b 64 3d 62 28 22 6a 6f 69 6e 43 6c 61 73 73 65 73 22 29 28 64 2c 22 5f 34 2d 75 33 22 2c 62 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["igtiN"]); }__d("XUICardSection.react",["cx","React","XUIBlock","joinClasses"],(function(a,b,c,d,e,f,g){"use strict";__p&&__p();a=function(a){__p&&__p();babelHelpers.inheritsLoose(c,a);function c(){return a.apply(this,arguments)||this}var d=c.prototype;d.render=function(){var a=this.props;a.background;var c=a.children,d=a.className;a=babelHelpers.objectWithoutPropertiesLoose(a,["background","children","className"]);d=b("joinClasses")(d,"_4-u3",b
Nov 19, 2019 11:49:49.720098972 CET
4022 OUT GET /static/rsrc.php/v3/yN/r/YSGcJgI3134.js?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: agent.joinf.cnConnection: Keep-Alive
Nov 19, 2019 11:49:50.060749054 CET
4131 IN HTTP/1.1 200 OKDate: Tue, 19 Nov 2019 10:49:49 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsContent-Type: application/x-javascript; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTVary: Accept-EncodingX-Content-Type-Options: nosnifftiming-allow-origin: *Access-Control-Allow-Origin: *Content-MD5: HahWx3TJbMvUg+GtFZe0FQ==Cache-Control: public,max-age=31536000,immutableExpires: Sun, 15 Nov 2020 14:41:58 GMTX-FB-Debug: wNHznsG/4bi8zuB4nuic5cBvaJ+rpaeJhRPKgm0zi7gh4/DMWINf9e2v3o7Eh/wI55KmxLuhT10lN7ESfxJKuA==X-FB-TRIP-ID: 420120009Alt-Svc: h3-23=":443"; ma=3600Content-Length: 20534Keep-Alive: timeout=5, max=96Connection: Keep-AliveData Raw: 69 66 20 28 73 65 6c 66 2e 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 29 20 7b 20 43 61 76 61 6c 72 79 4c 6f 67 67 65 72 2e 73 74 61 72 74 5f 6a 73 28 5b 22 56 71 38 6c 5c 2f 22 5d 29 3b 20 7d 0a 0a 5f 5f 64 28 22 56 65 72 73 65 53 69 64 65 62 61 72 55 74 69 6c 22 2c 5b 22 42 6f 6f 74 6c 6f 61 64 65 72 22 2c 22 43 53 53 22 2c 22 44 4f 4d 22 2c 22 67 65 22 5d 2c 28 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 2c 64 2c 65 2c 66 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 5f 5f 70 26 26 5f 5f 70 28 29 3b 66 75 6e 63 74 69 6f 6e 20 67 28 29 7b 76 61 72 20 61 3d 64 6f 63 75 6d 65 6e 74 2e 64 6f 63 75 6d 65 6e 74 45 6c 65 6d 65 6e 74 7c 7c 22 22 3b 62 28 22 43 53 53 22 29 2e 61 64 64 43 6c 61 73 73 28 61 2c 22 62 75 64 64 79 6c 69 73 74 4f 66 66 22 29 7d 76 61 72 20 68 3d 7b 73 68 6f 77 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 67 28 29 3b 69 66 28 62 28 22 67 65 22 29 28 22 70 61 67 65 6c 65 74 5f 76 65 72 73 65 5f 73 69 64 65 62 61 72 22 29 29 72 65 74 75 72 6e 3b 62 28 22 42 6f 6f 74 6c 6f 61 64 65 72 22 29 2e 6c 6f 61 64 4d 6f 64 75 6c 65 73 28 5b 22 55 49 50 61 67 65 6c 65 74 22 5d 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 62 28 22 44 4f 4d 22 29 2e 63 72 65 61 74 65 28 22 64 69 76 22 2c 7b 69 64 3a 22 70 61 67 65 6c 65 74 5f 76 65 72 73 65 5f 73 69 64 65 62 61 72 22 7d 29 3b 6228 22 44 4f 4d 22 29 2e 61 70 70 65 6e 64 43 6f 6e 74 65 6e 74 28 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2c 63 29 3b 61 2e 6c 6f 61 64 46 72 6f 6d 45 6e 64 70 6f 69 6e 74 28 22 56 65 72 73 65 53 69 64 Data Ascii: if (self.CavalryLogger) { CavalryLogger.start_js(["Vq8l\/"]); }__d("VerseSidebarUtil",["Bootloader","CSS","DOM","ge"],(function(a,b,c,d,e,f){"use strict";__p&&__p();function g(){var a=document.documentElement||"";b("CSS").addClass(a,"buddylistOff")}var h={show:function(){g();if(b("ge")("pagelet_verse_sidebar"))return;b("Bootloader").loadModules(["UIPagelet"],function(a){var c=b("DOM").create("div",{id:"pagelet_verse_sidebar"});b("DOM").appendContent(document.body,c);a.loadFromEndpoint("VerseSid
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2019 Page 76 of 86
Session ID Source IP Source Port Destination IP Destination Port Process
9 192.168.2.5 49736 47.91.149.178 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Nov 19, 2019 11:49:48.284279108 CET
3239 OUT GET /intern/common/referer_frame.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://www.joinfproxy.com/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.joinfproxy.comConnection: Keep-Alive
Nov 19, 2019 11:49:48.827419996 CET
3479 IN HTTP/1.1 404 Not FoundDate: Tue, 19 Nov 2019 10:49:48 GMTServer: Apache/2.4.25 (Unix) proxy_html/3.1.2 OpenSSL/1.0.1e-fipsP3P: CP="Facebook has no P3P policy fb.me/p3p"Cache-Control: private, no-cache, no-store, must-revalidatePragma: no-cacheStrict-Transport-Security: max-age=15552000; preloadVary: Accept-EncodingX-Content-Type-Options: nosniffX-Frame-Options: DENYX-XSS-Protection: 0Expires: Sat, 01 Jan 2000 00:00:00 GMTContent-Type: text/html;charset=utf-8X-FB-Debug: 68D6spAe8BZiPjLTYoaQjW9psRQ9amyh7/5gOi8teU1msqLJ2gK8RznavvnHAaaY2sk81RlpMuGa3V+fr04pTw==Alt-Svc: h3-23=":443"; ma=3600Set-Cookie: fr=1POPjWbQS7WYXeHkp..Bd08jM.9P.AAA.0.0.Bd08jM.AWWRKil8; expires=Mon, 17-Feb-2020 10:49:47 GMT; Max-Age=7775999; path=/; domain=.joinf.cn; httponlyKeep-Alive: timeout=5, max=100Connection: Keep-AliveTransfer-Encoding: chunkedData Raw: 62 37 0d 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 64 65 66 61 75 6c 74 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 3e 3c 73 63 72 69 70 74 3e 77 69 6e 64 6f 77 2e 5f 63 73 74 61 72 74 3d 2b 6e 65 77 20 44 61 74 65 28 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 73 63 72 69 70 74 3e 0d 0a Data Ascii: b7<html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8"><meta name="referrer" content="default" id="meta_referrer"><script>window._cstart=+new Date();</script><script>
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Nov 19, 2019 11:49:38.213150024 CET
185.60.216.35 443 192.168.2.5 49727 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.213356972 CET
185.60.216.35 443 192.168.2.5 49728 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
HTTPS Packets
Copyright Joe Security LLC 2019 Page 77 of 86
Nov 19, 2019 11:49:38.461997032 CET
185.60.216.35 443 192.168.2.5 49730 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Oct 09 02:00:00 CEST 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Jan 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.463088989 CET
185.60.216.35 443 192.168.2.5 49729 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Oct 09 02:00:00 CEST 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Jan 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.620639086 CET
185.60.216.35 443 192.168.2.5 49732 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Oct 09 02:00:00 CEST 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Jan 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
3faf2df7ab96c36419c31725cb1fa7d6
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.621087074 CET
185.60.216.35 443 192.168.2.5 49731 CN=fbcdn.net, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Oct 09 02:00:00 CEST 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Jan 07 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-159-158-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
3faf2df7ab96c36419c31725cb1fa7d6
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.692784071 CET
157.240.15.22 443 192.168.2.5 49725 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 78 of 86
Nov 19, 2019 11:49:38.697261095 CET
157.240.15.22 443 192.168.2.5 49724 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.714059114 CET
157.240.15.22 443 192.168.2.5 49726 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.826069117 CET
185.60.216.19 443 192.168.2.5 49733 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:38.826653004 CET
185.60.216.19 443 192.168.2.5 49734 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:53.263711929 CET
47.91.149.178 443 192.168.2.5 49739 CN=*.joinf.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Dec 15 01:00:00 CET 2017 Mon Nov 06 13:23:33 CET 2017
Sat Dec 15 13:00:00 CET 2018 Sat Nov 06 13:23:33 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 79 of 86
Nov 19, 2019 11:49:55.603070974 CET
185.60.216.36 443 192.168.2.5 49740 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:49:55.605540037 CET
185.60.216.36 443 192.168.2.5 49741 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:50:38.722223997 CET
47.91.149.178 443 192.168.2.5 49747 CN=*.joinf.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Dec 15 01:00:00 CET 2017 Mon Nov 06 13:23:33 CET 2017
Sat Dec 15 13:00:00 CET 2018 Sat Nov 06 13:23:33 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
Nov 19, 2019 11:50:38.751776934 CET
47.91.149.178 443 192.168.2.5 49748 CN=*.joinf.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Dec 15 01:00:00 CET 2017 Mon Nov 06 13:23:33 CET 2017
Sat Dec 15 13:00:00 CET 2018 Sat Nov 06 13:23:33 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
Nov 19, 2019 11:50:41.441549063 CET
47.91.149.178 443 192.168.2.5 49751 CN=*.joinf.com CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Fri Dec 15 01:00:00 CET 2017 Mon Nov 06 13:23:33 CET 2017
Sat Dec 15 13:00:00 CET 2018 Sat Nov 06 13:23:33 CET 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=RapidSSL RSA CA 2018, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert Global Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Nov 06 13:23:33 CET 2017
Sat Nov 06 13:23:33 CET 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 80 of 86
Nov 19, 2019 11:51:02.850929976 CET
185.60.216.15 443 192.168.2.5 49763 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:02.850991011 CET
185.60.216.15 443 192.168.2.5 49762 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:03.164768934 CET
185.60.216.19 443 192.168.2.5 49764 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:03.164941072 CET
185.60.216.19 443 192.168.2.5 49765 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:03.182746887 CET
185.60.216.19 443 192.168.2.5 49766 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 81 of 86
Nov 19, 2019 11:51:03.189198971 CET
185.60.216.19 443 192.168.2.5 49767 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:03.193666935 CET
185.60.216.19 443 192.168.2.5 49768 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:03.203372002 CET
185.60.216.19 443 192.168.2.5 49769 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:06.697761059 CET
185.60.216.15 443 192.168.2.5 49771 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:06.698438883 CET
185.60.216.15 443 192.168.2.5 49770 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 82 of 86
Nov 19, 2019 11:51:09.245987892 CET
185.60.216.6 443 192.168.2.5 49773 CN=*.atlassolutions.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Oct 28 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Jan 26 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:09.252907991 CET
185.60.216.6 443 192.168.2.5 49772 CN=*.atlassolutions.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Mon Oct 28 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Sun Jan 26 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:15.819456100 CET
185.60.216.15 443 192.168.2.5 49781 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:15.850284100 CET
185.60.216.15 443 192.168.2.5 49782 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:23.151668072 CET
185.60.216.15 443 192.168.2.5 49785 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 83 of 86
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
Nov 19, 2019 11:51:23.152524948 CET
185.60.216.15 443 192.168.2.5 49786 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:28.898951054 CET
185.60.216.15 443 192.168.2.5 49788 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Nov 19, 2019 11:51:28.900674105 CET
185.60.216.15 443 192.168.2.5 49787 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed Nov 06 01:00:00 CET 2019 Tue Oct 22 14:00:00 CEST 2013
Tue Feb 04 13:00:00 CET 2020 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2019 Page 84 of 86
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 11:49:33
Start date: 19/11/2019
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7d86a0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Start time: 11:49:33
Start date: 19/11/2019
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1132 CREDAT:17410 /prefetch:2
Imagebase: 0xd70000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 1132 Parent PID: 700Analysis Process: iexplore.exe PID: 1132 Parent PID: 700
General
Analysis Process: iexplore.exe PID: 2672 Parent PID: 1132Analysis Process: iexplore.exe PID: 2672 Parent PID: 1132
General
Copyright Joe Security LLC 2019 Page 85 of 86
Disassembly
Registry ActivitiesRegistry Activities
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2019 Page 86 of 86