Analysis Report - Joe Sandbox
-
Upload
khangminh22 -
Category
Documents
-
view
0 -
download
0
Transcript of Analysis Report - Joe Sandbox
2444455667777
8888888899
10101010101010101010101010111111114141414244444445454545474849515171
Table of Contents
Table of ContentsAnalysis Report http://glob.inforz.ru/gt.php?q=Iseki+Tu+Manual
OverviewGeneral InformationDetectionConfidenceClassification SpiderchartAnalysis AdviceMitre Att&ck MatrixSignature Overview
Phishing:Networking:System Summary:
Malware ConfigurationBehavior Graph
SimulationsBehavior and APIs
Antivirus, Machine Learning and Genetic Malware DetectionInitial SampleDropped FilesUnpacked PE FilesDomainsURLs
Yara OverviewInitial SamplePCAP (Network Traffic)Dropped FilesMemory DumpsUnpacked PEs
Sigma OverviewJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
ScreenshotsThumbnails
StartupCreated / dropped FilesDomains and IPs
Contacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublic
Static File InfoNo static file info
Network BehaviorNetwork Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Copyright Joe Security LLC 2020 Page 2 of 88
8686868787878787
87878788
88
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 1036 Parent PID: 696GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 2916 Parent PID: 1036GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2020 Page 3 of 88
Analysis Report http://glob.inforz.ru/gt.php?q=Iseki+Tu+Manual…
Overview
General Information
Joe Sandbox Version: 28.0.0 Lapis Lazuli
Analysis ID: 228870
Start date: 10.05.2020
Start time: 21:40:00
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 4m 55s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: glob.inforz.ru/gt.php?q=Iseki+Tu+Manual
Analysis system description: Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed: 5
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: EGA enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: CLEAN
Classification: clean1.win@3/108@23/23
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: http://media44.club/download/SignUpNow.phpBrowsing link: http://media44.club/page/privacy.phpBrowsing link: http://media44.club/page/dmca.phpBrowsing link: http://media44.club/page/contact.phpBrowsing link: http://media44.club/page/testimonial-disclaimer.phpBrowsing link: http://www.liveinternet.ru/click
Warnings:
Detection
Exclude process from analysis (whitelisted): taskhostw.exe, ielowutil.exe, WMIADAP.exeTCP Packets have been reduced to 100Created / dropped Files have been reduced to 100Excluded IPs from analysis (whitelisted): 23.61.218.119, 209.197.3.15, 172.217.21.234, 23.210.248.85, 152.199.19.161, 172.217.22.4, 184.24.77.44, 184.24.77.80Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, fs.microsoft.com, www.googleadservices.com, ajax.googleapis.com, ie9comview.vo.msecnd.net, e1723.g.akamaiedge.net, ctldl.windowsupdate.com, a767.dscg3.akamai.net, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, go.microsoft.com, go.microsoft.com.edgekey.net, audownload.windowsupdate.nsatc.net, www.google.com, cds.j3z9t3p6.hwcdn.net, prod.fs.microsoft.com.akadns.net, cs9.wpc.v0cdn.netReport size getting too big, too many NtDeviceIoControlFile calls found.
Show All
Copyright Joe Security LLC 2020 Page 4 of 88
Strategy Score Range Reporting Whitelisted Detection
Threshold 1 0 - 100 false
Confidence
Strategy Score Range Further Analysis Required? Confidence
Threshold 3 0 - 5 true
Classification Spiderchart
Copyright Joe Security LLC 2020 Page 5 of 88
Analysis Advice
Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
ValidAccounts
Graphical UserInterface 1
WinlogonHelper DLL
ProcessInjection 1
Masquerading 1 CredentialDumping
File andDirectoryDiscovery 1
Remote FileCopy 3
Data fromLocalSystem
DataCompressed
StandardCryptographicProtocol 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ReplicationThroughRemovableMedia
ServiceExecution
PortMonitors
AccessibilityFeatures
ProcessInjection 1
NetworkSniffing
ApplicationWindowDiscovery
RemoteServices
Data fromRemovableMedia
ExfiltrationOver OtherNetworkMedium
StandardNon-ApplicationLayerProtocol 3
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
Copyright Joe Security LLC 2020 Page 6 of 88
ExternalRemoteServices
WindowsManagementInstrumentation
AccessibilityFeatures
PathInterception
Obfuscated Filesor Information 1
InputCapture
QueryRegistry
WindowsRemoteManagement
Data fromNetworkSharedDrive
AutomatedExfiltration
StandardApplicationLayerProtocol 4
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
Drive-byCompromise
ScheduledTask
SystemFirmware
DLL SearchOrderHijacking
Obfuscated Filesor Information
Credentialsin Files
SystemNetworkConfigurationDiscovery
LogonScripts
InputCapture
DataEncrypted
Remote FileCopy 3
SIM CardSwap
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
Commandand Control
NetworkEffects
RemoteServiceEffects
Signature Overview
• Phishing
• Networking
• System Summary
Click to jump to signature section
Phishing:
Form action URLs do not match main URL
No HTML title found
Suspicious form URL found
META author tag missing
META copyright tag missing
Networking:
Downloads files from webservers via HTTP
Found strings which match to known social media urls
Performs DNS lookups
Tries to download or post to a non-existing http route (HTTP/1.1 404 Not Found / 503 Service Unavailable)
Urls found in memory or binary data
Uses HTTPS
System Summary:
Classification label
Creates files inside the user directory
Creates temporary files
Reads ini files
Spawns processes
Found graphical window changes (likely an installer)
Uses new MSVCR Dlls
Copyright Joe Security LLC 2020 Page 7 of 88
Malware Configuration
No configs have been found
Behavior Graph
ID: 228870
URL: http://glob.inforz.ru/gt.ph...
Startdate: 10/05/2020
Architecture: WINDOWS
Score: 1
iexplore.exe
3 84
started
iexplore.exe
8 136
started
d0wnl0ad.net
104.18.59.22, 443, 49764, 49765
unknown
United States
deliverps.com
104.24.107.185, 443, 49762, 49763
unknown
United States
28 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
No simulations
No Antivirus matches
No Antivirus matches
No Antivirus matches
Behavior Graph
Simulations
Behavior and APIs
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Unpacked PE Files
Copyright Joe Security LLC 2020 Page 8 of 88
Source Detection Scanner Label Link
d0wnl0ad.net 0% Virustotal Browse
media44.club 0% Virustotal Browse
www.brwz7.com 0% Virustotal Browse
deliverps.com 0% Virustotal Browse
pbs.alfasense.com 0% Virustotal Browse
counter.yadro.ru 1% Virustotal Browse
www.google.co.uk 0% Virustotal Browse
glob.inforz.ru 0% Virustotal Browse
Source Detection Scanner Label Link
media44.club/page/testimonial-disclaimer.phpI6 0% Avira URL Cloud safe
https://www.pp98trk.com/98BZMH/QLG5TP/ 0% Avira URL Cloud safe
media44.club/download/files/user-1.jpg 0% Avira URL Cloud safe
greenali.com/profile/ 0% Avira URL Cloud safe
media44.club/download/files/49.jpg 0% Avira URL Cloud safe
https://www.technohelp.ru/ 0% Avira URL Cloud safe
media44.club/page/contact.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c2
0% Avira URL Cloud safe
media44.club/download/files/user-3.jpg 0% Avira URL Cloud safe
media44.club/download/files/user-8.jpg 0% Avira URL Cloud safe
getbootstrap.com) 0% URL Reputation safe
https://d0wnl0ad.net/vwnload/books.php?Iseki 0% Avira URL Cloud safe
https://www.google.co.uk/pagead/1p-user-list/947884341/?random 0% Avira URL Cloud safe
media44.club/page/dmca.phphp&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c28
0% Avira URL Cloud safe
glob.inforz.ru/gt.php?q=Iseki+Tu+Manual 0% Avira URL Cloud safe
track.affforce.com/apu.php 0% Virustotal Browse
track.affforce.com/apu.php 0% Avira URL Cloud safe
greenali.com/post470168824/ 0% Avira URL Cloud safe
media44.cl 0% Avira URL Cloud safe
media44.clge/contact.phpRoot 0% Avira URL Cloud safe
media44.club/download/files/favicon.icoU 0% Avira URL Cloud safe
media44.club/page/testimonial-disclaimer.php 0% Avira URL Cloud safe
media44.club/page/testimonial-disclaimer.php/media44.club/page/testimonial-disclaimer.phpg78 0% Avira URL Cloud safe
counter.yadro.ru/hit;beeline_journal?r 0% Avira URL Cloud safe
media44.club/favicon.ico 0% Avira URL Cloud safe
media44.club/download/files/user-10.jpg 0% Avira URL Cloud safe
media44.club/page/testimonial-disclaimer.php;6 0% Avira URL Cloud safe
https://d0wnl0ad.net/favicon.ico 0% Avira URL Cloud safe
counter.yadro.ru/hit?t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683
0% Avira URL Cloud safe
127.0.0.1 0% Virustotal Browse
127.0.0.1 0% Avira URL Cloud safe
media44.club/download/books.php?Iseki 0% Avira URL Cloud safe
media44.club/page/dmca.php 0% Avira URL Cloud safe
https://d0wnl0ad.net/v 0% Avira URL Cloud safe
media44.club/download/files/user-7.jpg 0% Avira URL Cloud safe
https://d0wnl0ad.net/favicon.ico~ 0% Avira URL Cloud safe
media44.club/page/privacy.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c2
0% Avira URL Cloud safe
html5shiv.googlecode.com/svn/trunk/html5.js 0% Virustotal Browse
html5shiv.googlecode.com/svn/trunk/html5.js 0% Avira URL Cloud safe
media44.club/downloadRoot 0% Avira URL Cloud safe
media44.club/pa 0% Avira URL Cloud safe
media44.club/download/books.php?Iseki+Tu+Manual 0% Avira URL Cloud safe
media44.club/download/files/user-5.jpg 0% Avira URL Cloud safe
media44.clge/privacy.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5sux/books.php?Iseki 0% Avira URL Cloud safe
media44.clet.ru/monial-disclaimer.phpRoot 0% Avira URL Cloud safe
Domains
URLs
Copyright Joe Security LLC 2020 Page 9 of 88
Sigma Overview
No Sigma rule has matched
media44.club/page/testimonial-disclaimer.php26 0% Avira URL Cloud safe
https://www.technohelp.ru 0% Avira URL Cloud safe
media44.clRoot 0% Avira URL Cloud safe
greenali.com/ 0% Virustotal Browse
greenali.com/ 0% Avira URL Cloud safe
media44.club/page/privacy.php 0% Avira URL Cloud safe
Source Detection Scanner Label Link
No yara matches
No yara matches
No yara matches
No yara matches
No yara matches
No context
No context
No context
No context
No context
Yara Overview
Initial Sample
PCAP (Network Traffic)
Dropped Files
Memory Dumps
Unpacked PEs
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Copyright Joe Security LLC 2020 Page 10 of 88
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
System is w10x64
iexplore.exe (PID: 1036 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 2916 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1036 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
Screenshots
Startup
Created / dropped FilesCopyright Joe Security LLC 2020 Page 11 of 88
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K719AIK\yastatic[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 8048
Entropy (8bit): 5.062344526746062
Encrypted: false
MD5: 72787E2DC0A2953D0461F184758ABAFD
SHA1: B761128564F547465DF08F7EA0F07FCC88FF538B
SHA-256: 3E88A64019F8E2E960A3A95BD6B5375E1106974EE2D778DAA9EA8CF1036F495E
SHA-512: 55070B6C01ADB23D4ABDE5C50F6ABC990ECB99D9E3EB18CE938CFD8EC392900A7E58DAE1F6123350525D0E64BBCF81F35B0E4AA449ACD801B243014E666E7914
Malicious: false
Reputation: low
Preview:<root></root><root><item name="_ym_retryReqs" value="{"1":{"protocol":"https:","host":"mc.yandex.ru","resource":"watch","counterId":3,"counterType":0,"postParams":[],"params":{"forceNoRedirect":true,"page-ref":"https://yastatic.net/safeframe-bundles/0.69/1-1-0/render.html","charset":"utf-8"},"browserInfo":{"fu":3,"v":"1850","rqnl":1},"ghid":589490669,"time":1589172063065}}" ltime="1615729328" htime="30811982" /></root><root><item name="_ym_retryReqs" value="{}" ltime="1616279328" htime="30811982" /><item name="_ym_wasSynced" value="{"time":1589172063121,"params":{"eu":1},"bkParams":{}}" ltime="1616279328" htime="30811982" /></root><root><item name="_ym_retryReqs" value="{}" ltime="1616279328" htime="30811982" /><item nam
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\D1YBPPLZ\www.liveinternet[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Size (bytes): 17738
Entropy (8bit): 5.022407529744847
Encrypted: false
MD5: C6E7D717B6A4B083005624160869A75E
SHA1: BB670679C239A97A262760D6BE599F184A342AD6
SHA-256: EAB7659EC6916C79CDD7F36A04FBD38826D0FA04582487A06550A7E67B4DC7FD
SHA-512: 1FC520709CE6CAADA2E9D33A64346407005699F0F706EBD50F25A08B40FCF55314EFE7349500CE338DCD2395EFDE819979B4EAE4E94C8F4804AC5E9A8C750749
Malicious: false
Reputation: low
Preview:<root></root><root><item name="_ym_uid" value=""1589172056592069495"" ltime="1548649328" htime="30811982" /></root><root><item name="_ym_uid" value=""1589172056592069495"" ltime="1548649328" htime="30811982" /><item name="_ym11963701_lsid" value="859095184531" ltime="1549629328" htime="30811982" /><item name="_ym11963701_reqNum" value="1" ltime="1549669328" htime="30811982" /></root><root><item name="_ym_uid" value=""1589172056592069495"" ltime="1548649328" htime="30811982" /><item name="_ym11963701_lsid" value="859095184531" ltime="1549629328" htime="30811982" /><item name="_ym11963701_reqNum" value="1" ltime="1549669328" htime="30811982" /></root><root><item name="_ym_uid" value=""1589172056592069495"" ltime="1548649328" htime="30811982" /><item name="_ym11963701_lsid" value="859095184531" ltime="1549629328" htime="30811982" /><item name="_ym11963701_reqNum" value="1" ltime="1549669328" htime="30811982" /><item name="_ym_retryReqs" value="{&quo
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{870B9890-9341-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 30296
Entropy (8bit): 1.8530631242993754
Encrypted: false
MD5: 68C4055BFC080B4A217728A897F94CB7
SHA1: 45D60AAC4561622B5836ED4ABFEF087FC7437CBD
SHA-256: BC1A1198402E623BA875DFC7E511CD06DFFE1B0A50FC5AC1F178BDA9D90DF2A3
SHA-512: 00E23E89F7ADFD9B86A96C1E61C2E671642125841E84383D47FA9AB9842B8F0C1C140BAA849A1D6A7E6C77B90B06E5D904D34851B7C445887C495D7F8C141571
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{870B9892-9341-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 109778
Entropy (8bit): 2.476785804250924
Encrypted: false
MD5: 3C85CBAF89E336E28CE6D0D168A2E6EC
SHA1: 6A1DBBD6BD34986DA4AA1AEFB5DF1533D2C0B8D0
SHA-256: E55DB80378794F6E16349DDD06E8043045C3C56B94F67CE6741789F167EE4A9F
Copyright Joe Security LLC 2020 Page 12 of 88
SHA-512: C9BC85FED6C00AD6535BB5434CC4701A4B249915F44B0937E2D3CB733F048388DADAA29DAD9F403BA69730AA65DD7D35F9D31846338B549EFFE6B4AA715101F0
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{870B9892-9341-11EA-AADD-C25F135D3C65}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{870B9893-9341-11EA-AADD-C25F135D3C65}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Size (bytes): 16984
Entropy (8bit): 1.562820530821447
Encrypted: false
MD5: F9A2166B59428D611C65324834F1BF01
SHA1: C0E4791BFEA47F22718FE711D97B5CA487AC1FBC
SHA-256: 6B41475765D21615B62C2538263A4FAC1C044A9BEE07BD11AAF88F481F774691
SHA-512: 06544599CEECFD534D6D3D3CE4182989C4B74778D6089DF9E255992E5CF9F788C6CA3116A517D94993E99DEE40FC9022F140C944C69082025EB8205A90F9D8A4
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-17529550060\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.100986256407844
Encrypted: false
MD5: 306A466162A13EECD855EF79222F8BD4
SHA1: F0D644CD7A2EAB9239C7B8973F071C6D4CF02B27
SHA-256: 6B3F19927EF3F333278DF5AF2B3E19B5A8418DCC46575D4A06EA8902E5997919
SHA-512: E43B3E4CF40079E6B6ABE79ED9E9BA40A2ABA002DDDD933DD65AEAC759D0F916F278A5F5617546E893AB586F61F7DC542F76DC007767404C5198D1F34EB3BA04
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5d3ff35c,0x01d6274e</date><accdate>0x5d3ff35c,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x5d3ff35c,0x01d6274e</date><accdate>0x5d3ff35c,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-18270793970\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.159382662448249
Encrypted: false
MD5: 6F80DC77658C9DD21D22C6C65D633236
SHA1: 4E83F49048057C6F38FAA8BB54BC60737DE3D29D
SHA-256: 4F4D3CE31C6CC395D1BBF066DEEEFBC8469252CB8BF7F49F542141B09D87DC40
SHA-512: 5AFDB947FAB3597988425477676DBA8F5A76ABA3F4F22BDD233D1BA87887CDF3376BE80FD81C0FA1D198CDE95EE4C49DA268F24969D69452A25D4801F1857067
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x5d2e96bc,0x01d6274e</date><accdate>0x5d2e96bc,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.amazon.com/"/><date>0x5d2e96bc,0x01d6274e</date><accdate>0x5d309b92,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Amazon.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Copyright Joe Security LLC 2020 Page 13 of 88
Size (bytes): 662
Entropy (8bit): 5.13719502691976
Encrypted: false
MD5: C5A63624C33F616080F638B067C4154E
SHA1: D3C6A8927C7B2BDE0ED1EF9B93D72E8A481A3BCD
SHA-256: 04647ABB87ABFD51C2C5652801F544C6F36D270E729955B182ECD34B61DE85FF
SHA-512: 9DF960343739565A954E2EC86966D87D023AE5E458C9CBA83CDB97ACAA8105B18BAA178EF7C144ABFD0C136977F9926C85F16E4F272A0C634320DC862BB6EC40
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x5d41a837,0x01d6274e</date><accdate>0x5d41a837,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.wikipedia.com/"/><date>0x5d41a837,0x01d6274e</date><accdate>0x5d42ed5b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Wikipedia.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-21706820\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-4759708130\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 647
Entropy (8bit): 5.129573539475724
Encrypted: false
MD5: C71B8ADCBEA5C715DFD70E0A14905A43
SHA1: 2FF27D471B032200E1B7C3D304A3B54C8FF71BDC
SHA-256: 3EE31B62E0E86C44E5A9C6C24B5DFD7482545F47D6DE5E53C8DD13A3A295F9F3
SHA-512: C6B3A6F93E31B79AF8F1243E975C76866051DCF4CF93C79C25555C8D07E54377B8CEB1689F5D0629FEA3C1E6A32BF52A9C6A8ABEA0E2C90E0BF4BF5D735D773F
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5d35aa1b,0x01d6274e</date><accdate>0x5d35aa1b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.live.com/"/><date>0x5d35aa1b,0x01d6274e</date><accdate>0x5d390416,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Live.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-6757900\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.151915642294638
Encrypted: false
MD5: 55A61CB5F4879E653C8FFCF876A8B62F
SHA1: 5B4319C384EA30145E97B43146C18B61CF992B05
SHA-256: 4A6331C9E8EF0559A06787B21F1FF7D63C8EAB0D12544FEB9A9FE043AF894E74
SHA-512: 6DECF9AD77D15EF836F340E07ED9BC6ED3547FF0AE7C2B86B0255E5FD89B5B9EBB74E60AF57BA1DE3A44138407DA24721062BE590A0A8C5E64ABA4FF23206B96
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5d434c8f,0x01d6274e</date><accdate>0x5d434c8f,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x5d434c8f,0x01d6274e</date><accdate>0x5d4a4d8b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.1127256734732835
Encrypted: false
MD5: B1F2CBD812F4A7A046D5DFE64D6E69CE
SHA1: 97D9F51819CA1739A317B45A4BDC15C19CD35725
SHA-256: 284AFA64EE7ADECC67BE0B49A416B7B926B223D8F049B543626C2290F57054FC
SHA-512: A51FD71327B26B0595446D061151E528FCAD1B5AFA75943CB5EE3945BCCC1941EB3640EB7CB850BA07BECE5DE7EFFFBB929DDD0BCF6E2816DB85C97B6F94020F
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 14 of 88
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5d3e3c2b,0x01d6274e</date><accdate>0x5d3e3c2b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.reddit.com/"/><date>0x5d3e3c2b,0x01d6274e</date><accdate>0x5d3f9303,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Reddit.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin-8760897390\msapplication.xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20259167780\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 656
Entropy (8bit): 5.16497178854707
Encrypted: false
MD5: D7C2E017C385BF97E49F34F11E61F3CA
SHA1: CCC10E7C5101A7226A02CC85DFC9361B0A188120
SHA-256: A1D935B37FA8FF2980A3B034BC8ACF0109A58E4939FF28C421B8E567839F3AED
SHA-512: 291AE79077C1C5DA9C649023E3AB28FC0EC6644F29E0728C84B7B93AA84755925FD0FB5198591A0F78807FA3DB8967FD3B82043AA73A3D26716162F49562D191
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5d3c8482,0x01d6274e</date><accdate>0x5d3c8482,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.nytimes.com/"/><date>0x5d3c8482,0x01d6274e</date><accdate>0x5d3e3c2b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\NYTimes.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin20332743330\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 659
Entropy (8bit): 5.105770657161481
Encrypted: false
MD5: 22DEF3F8ECD43C17A8480FF24B94D78A
SHA1: 583AE6B2CCC34E4E81F861749AA5F029C6DB4104
SHA-256: F2FF2525B418949DFF2BBE665912CD03F9BD52DE58FBCBC23E890C28ADF9782E
SHA-512: 12BF74D4AE5CFE95590728AC58C3218B198A47C0A0457F1E120C5D685D95547D21223D740C2BAA3AB243DCB73EEB4120018869F012CD4A3DA0FF97669FEE5080
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5d33e070,0x01d6274e</date><accdate>0x5d33e070,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x5d33e070,0x01d6274e</date><accdate>0x5d33e070,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Tiles\pin8215062560\msapplication.xmlProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: XML 1.0 document, ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 653
Entropy (8bit): 5.089534770536786
Encrypted: false
MD5: 5E11BB73F18C1B88FFF5BA467DB7C93C
SHA1: FD9A6ADA43FBBC00A4BDCA15689719F3E6F26D7E
SHA-256: A815EFD729ADC89447DB6FFB80F6E4C2522A04DAA663E3A1C6DA8C98B6C05701
SHA-512: E194D531BFDC4314FAFF147BA7EBB2DDB1917FB0DBEF0DA6F58E33FCCAD8573E7962DF9F8899A0713529B10D37DE62B89A7B9299A32E9769F4BBB2A328536F4A
Malicious: false
Reputation: low
Preview:<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x5d33e070,0x01d6274e</date><accdate>0x5d33e070,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig>..<?xml version="1.0" encoding="utf-8"?>..<browserconfig><msapplication><config><site src="http://www.google.com/"/><date>0x5d33e070,0x01d6274e</date><accdate>0x5d35aa1b,0x01d6274e</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Google.url"/></tile></msapplication></browserconfig>..
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Size (bytes): 4269
Entropy (8bit): 6.00028448880243
Copyright Joe Security LLC 2020 Page 15 of 88
Encrypted: false
MD5: 35032A74F799A1CF63CEF6391968F781
SHA1: 5BA1FF9CE68F0799D3F4638436C912398D79E464
SHA-256: C979F02B86DCDA2A6642A63AF1AB6A43CC81D51F07C3332B3C3749829D89BBA9
SHA-512: AD9B30318921DE841942A8B5D7477D445C8236184F71C4ED6A4AAB06A576A0B83A52008390652A7021978B0A1784FC6E9A1E4E5A1EBAB46E0A89CFAE9F0B27EB
Malicious: false
Reputation: low
Preview:..h.t.t.p.:././.m.e.d.i.a.4.4...c.l.u.b./.d.o.w.n.l.o.a.d./.f.i.l.e.s./.f.a.v.i.c.o.n...i.c.o.U.........JFIF.....`.`.....C....................................................................C.......................................................................*.*.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...?b..>....phz...c...-...[qgq........1.#...........-.......C.......*.....r...4.x......................._.p.C..2xK.J2m.[Y.....>C6.W..j..Zi.n..7.3~.....~...;.>....j.q.<..IT.H&N.*6C/#........h.......].m3E.e....d..s...........~6...?l.S.p.w...w^Y..v..i).../?.....
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\6aw4uvh\imagestore.dat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\banner_direct[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 55637
Entropy (8bit): 5.272001297969747
Encrypted: false
MD5: 632E108CFBC8D85D4ABA2E29514831D5
SHA1: 356FAAA18C9625801A5B6AA3A47DCD3383AF0688
SHA-256: 8123DEBCA1FC8B242B97A61C70D91C01228A52B9270065C5146C225EFEA1B907
SHA-512: 26D6CDE14C8DD24DEAEC2450E0234BD221ACACBE2C023519CC28C4D0439661011CD17AF9D344724E5272328217B2E3BC06A6769A5D442C78CC1C291121C12757
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/pcode-bundles/0.1702/banner_direct/banner_direct.js
Preview:!function(){var a=".aNLP4g6{width:100%;height:inherit;min-height:inherit;max-height:inherit}",b=document.createElement("style");b.type="text/css",b.className="mb-style-tag";b.appendChild(document.createTextNode(a));(document.head||document.getElementsByTagName("head")[0]).appendChild(b)}();!function(t){function e(r){if(n[r])return n[r].exports;var o=n[r]={exports:{},id:r,loaded:!1};return t[r].call(o.exports,o,o.exports,e),o.loaded=!0,o.exports}var n={};return e.m=t,e.c=n,e.p="https://yastatic.net/pcode-bundles/",e(0)}([function(t,e,n){t.exports=n(195)},,,,,,,,,,function(t,e){var n=function(t){t||(t=window);var e=t.navigator.userAgent,n=e.indexOf("MSIE ");if(n>0)return parseInt(e.substring(n+5,e.indexOf(".",n)),10);var r=e.indexOf("Trident/");if(r>0){var o=e.indexOf("rv:");return parseInt(e.substring(o+3,e.indexOf(".",o)),10)}var i=e.indexOf("Edge/");return i>0&&parseInt(e.substring(i+5,e.indexOf(".",i)),10)};t.exports=n},,,,,,,,,,,,,function(t,e){"use strict";Object.defineProperty(e,"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\books[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text
Size (bytes): 17024
Entropy (8bit): 5.0271567567575195
Encrypted: false
MD5: E9FB0F4CE6CAE13AA7F3C5BD3DF82816
SHA1: 7558A5A211A35684458C82AD1517FE96E4DF8D79
SHA-256: C676B2FC8175888737672354C9AB9B4F6A57E9F5351D5F48CE366313F0013A1A
SHA-512: 158B01972E77BD9964083EF19CBC0A04EB6C11B63E5CA76E1F381E4A6A334016D6D1A2C0B0556AA31F967FD8047A6DE5DB2A42E607EA46F337D9190933B98204
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/books.php?Iseki+Tu+Manual
Preview:.<html>.<head>.<meta http-equiv="content-type" content="text/html; charset=UTF-8">. <meta charset="utf-8">. <meta http-equiv="X-UA-Compatible" content="IE=edge">. <meta name="viewport" content="width=device-width, initial-scale=1">.. <link href="files/fbfeed.css" rel="stylesheet">. <link rel="shortcut icon" href="files/favicon.ico" type="image/x-icon">. <link rel="icon" href="files/favicon.ico" type="image/x-icon">.. <link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css">. <script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>. <script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js"></script>.. <title>Media44.club</title>. <meta name="googlebot" content="noindex">. <meta name="robots" content="noindex, nofollow">..<style>./*!. * Creator s. * Code licensed under the Apache License v2.0.. * For details, see http://www.apache.org/licenses/LICENSE-2.0.. */..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 1 x 1, 1-bit colormap, non-interlaced
Size (bytes): 95
Entropy (8bit): 4.559527656972286
Encrypted: false
MD5: 60CF42B4D05CAF10CF8BB15C0817A7B4
SHA1: BD269860BB508AEBCB6F08FE7289D5F117830383
SHA-256: 18C327AFA903633F86C3EFCF12B77F098077EACAA8BE101BB007846FD74F8B93
SHA-512: 71AE963BE92E6BEA56539A17F928D8F3AF52219FD0F46B850A3A9B6162F6295C93F67C59D2FF47DE3EB28314AD99A82606CFC8AC9B686E262D6E21BAFE1FB5D3
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 16 of 88
IE Cache URL: https://ysa-static.passport.yandex.ru/static/1/d959d7e39d5067fad30d9c06204866e9/d.png?ex=yes
Preview:.PNG........IHDR.............%.V.....PLTE.M.\58.....tRNS..4V.....IDATx.cb......67|.....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\d[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\data[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 401
Entropy (8bit): 4.777230186132024
Encrypted: false
MD5: 565F85FAD4AB9C6EA71AF1E897871C33
SHA1: 886E909E5C92B2C6B1BBC1279A3B73C41AB45F00
SHA-256: EFC29313521BDE4C6E47C581E4B575E1F123A40015BC8FE06DD91419BA77438E
SHA-512: 3E76A248B15FF43511C6A09C77EA6CA4FF463639A8D2D155D2F1E77585D5F9CE77D09CF643A1AF05128215069A6DB5B8F871C2803CB91B225C67899D4DBBE87C
Malicious: false
Reputation: low
IE Cache URL: https://yandex.ru/set/s/rsya-tag-users/data?referrer=https%3A%2F%2Fwww.liveinternet.ru%2F
Preview:{"counters":[{"id":1014923426,"label":"uXlUCLqxpmMQooH64wM","type":"adwords"},{"id":1014923426,"label":"_YDCCJm7nWMQooH64wM","type":"adwords"}],"customDimensions":{"extensions":"","fromGoogle":"false","fromCancel":"false","loyal":"0","sbscrb":"","p":"","b":"","fresh":"0","infected":"","slow":"","os":"windows","browser":"msie","winxp":"false","old":"actual"},"sk":"ya56e5fd78ddd0ac33f9d8cdcdc48b352"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\dmca[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 6886
Entropy (8bit): 4.928276376658612
Encrypted: false
MD5: CD93F7C733C19CB2132BCAF0291857D0
SHA1: C1DD813D6851A8588B76BC85463ED9282DC845B8
SHA-256: 8C18B362F7D4BB3D5A33018A804A7B7415F37F68FAD8865E25BB15B823B11E0C
SHA-512: 691853E88182A60AADF24A63FA6D0CFE3D4900A10344A600F779CA46BF46818F10CDB0B291D60C66E5B097E46A375D839D55093F0CF986D2224ED83E7F6E4F42
Malicious: false
Reputation: low
IE Cache URL: media44.club/page/dmca.php
Preview:<!DOCTYPE html>.<html>.<head>..<meta charset="UTF-8">..<title>DMCA</title>.<meta name="robot" content="noindex,nofollow">. <meta name="viewport" content="width=device-width, initial-scale=1">.<style>.html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre{ov
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 42x42, frames 3
Size (bytes): 1621
Entropy (8bit): 7.60980476520681
Encrypted: false
MD5: 7E45F5210FD27945D4C8FB022EF762C6
SHA1: 2D268FA3D0687E90DB68D3B664989A5BF8D2E91D
SHA-256: 4B0851E01065A038BAD023999BDBB8A3AE156CD6034F424CBB25F57FCF0BE37F
SHA-512: 4BB8636E7122AA5643EDD58AED54CC83AFEC5C12C1D344BC029F1CAA3B7F11C3D113A2F0347F81971C3039C82ED8D747F206E94C6F59EC2F91C794B3C81CE620
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/favicon.ico
Preview:......JFIF.....`.`.....C....................................................................C.......................................................................*.*.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......~...?b..>....phz...c...-...[qgq........1.#...........-.......C.......*.....r...4.x......................._.p.C..2xK.J2m.[Y.....>C6.W..j..Zi.n..7.3~.....~...;.>....j.q.<..IT.H&N.*6C/#........h.......].m3E.e....d..s...........~6...?l.S.p.w...w^Y..v..i).../?......6.9)j1.S.M.mK.#..5..SV.d3]]..gc..t.0.....^N..W.Z.&..4.V.wJV....e....<..N.`.VJ..%v....;+.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\getcookie[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 87
Copyright Joe Security LLC 2020 Page 17 of 88
Entropy (8bit): 4.661406502059179
Encrypted: false
MD5: 3596B5CD9784BC08157B927FC2CA1558
SHA1: 95AC0ABFD69C463F423B7487E5B544A81DDBA5AC
SHA-256: D13579E8F927E9AEB566820156D2858B24FF1230266056E25B7937991D20FD97
SHA-512: 271184D91713255CC8BBAD5B8B1BC4151124EB8D4F9E9C6591D850772F368248963E4F8D031854558EF351944C9FDA904DCA6CC6EC4151142CFE957A091A6B55
Malicious: false
Reputation: low
IE Cache URL: https://matchid.adfox.yandex.ru/getcookie
Preview:{"cryptouid":"8305579301206459736","cryptouid_sign":"450d105862092a862de5e7b0783da0e8"}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\getcookie[1].json
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\host[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 29963
Entropy (8bit): 5.19802718779866
Encrypted: false
MD5: 4A094C3718A094BE5AE6304889EBEEF3
SHA1: 23A0699CA567BA84A0512B4D655DC988BA65430F
SHA-256: 9FA8C2BB49F0E9E391D87F70459663C0E3898F32D4506C81239151B9C0B870D6
SHA-512: AF78408E17DC2D302F58EB456BAC1CBC91DB1A94F13C1DF64D25FEC24DBE2903D83FD2EAC17004AABBCF3243B82FD661CA6F5E49E41995CA37F94172D0EFF421
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/safeframe-bundles/0.69/host.js
Preview:!function(e){var t={};function n(o){if(t[o])return t[o].exports;var r=t[o]={i:o,l:!1,exports:{}};return e[o].call(r.exports,r,r.exports,n),r.l=!0,r.exports}n.m=e,n.c=t,n.d=function(e,t,o){n.o(e,t)||Object.defineProperty(e,t,{enumerable:!0,get:o})},n.r=function(e){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})},n.t=function(e,t){if(1&t&&(e=n(e)),8&t)return e;if(4&t&&"object"==typeof e&&e&&e.__esModule)return e;var o=Object.create(null);if(n.r(o),Object.defineProperty(o,"default",{enumerable:!0,value:e}),2&t&&"string"!=typeof e)for(var r in e)n.d(o,r,function(t){return e[t]}.bind(null,r));return o},n.n=function(e){var t=e&&e.__esModule?function(){return e.default}:function(){return e};return n.d(t,"a",t),t},n.o=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},n.p="https://yastatic.net/safeframe-bundles/",n(n.s=60)}([function(e,t,n){"use strict";t.__esModule=!0;var
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\img17[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 372x157, frames 3
Size (bytes): 35502
Entropy (8bit): 7.972140067307938
Encrypted: false
MD5: E296555A5521D7D07488B7B2D5DDE2E3
SHA1: 9DF36538A2E2443D36673554CBD38C824D03337C
SHA-256: 038BD7965925225DBF716B435E42109041042288D000B879A0D70F9C710726E8
SHA-512: CAF187BF6D9E8B472ABCEE4ED69FD76DBC50A6E485603887729EF2113FCB4C1A071977EAAD622E57C9B418575766991D7E3B27AA7CF29FC020C1CB7415B7DFCE
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/img17.jpg
Preview:......Exif..II*.................Ducky.......d.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:F7FA5217163E11E7B80DA4A08E302AF3" xmpMM:DocumentID="xmp.did:F7FA5218163E11E7B80DA4A08E302AF3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:F7FA5215163E11E7B80DA4A08E302AF3" stRef:documentID="xmp.did:F7FA5216163E11E7B80DA4A08E302AF3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.2.0.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 118868
Entropy (8bit): 5.394882891157167
Encrypted: false
MD5: BA6C5439EB8EA855F2B178AF56925BDC
SHA1: 6E0F3BEE57C73CA6F403F0957756B61691EF9758
SHA-256: 640C3BA6AE62063A93C8A0D87E8B3F8B1D38A561E7767DC2BE086EB8019D9F00
SHA-512: 8AC160EA27B5EEBD731EFE8C36A2239662AD46E8D6473F41F42A56000E9206CD627AF7EBA1000E89DDA8247294D54414040FC29E715027CA1470BB46C3C3E278
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 18 of 88
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/js/jquery-3.2.0.min.js
Preview:!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.0",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.constructor(),a);return b.prevObject=this,b},each:function(a){return
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\jquery-3.2.0.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\lici[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text
Size (bytes): 14581
Entropy (8bit): 5.112573873386604
Encrypted: false
MD5: 22249066377AA13D70075C612E4382EA
SHA1: B7393B181388DDB401F7CB16890BD46C5E952BC2
SHA-256: B2B0B35A72DEB6D7C8ABDDC64D177588F6060C7A37F1F6B93FA5D2BDF6C90FEA
SHA-512: 993E597A52C137C4D831C40B332B65DEA2E22DFEA098B6B84B06D0844A642EB14B7550D0A124AE0430A3B1D3BD9436CF8824C35190335E5232005C6DB5FD7EFB
Malicious: false
Reputation: low
IE Cache URL: https://www.liveinternet.ru/utf/lici.js
Preview:/*.LiCi JS.Version: 0.3.Author: ATimofeev [Re.Active].Author URI: http://www.reactant.ru/.*/...var LiCi = {};.../* Browser.----------------------------------------------- */..LiCi.userAgent navigator.userAgent.toLowerCase();..LiCi.getBrowser = {...version: (LiCi.userAgent.match( /.+(?:rv|it|ra|ie)[\/: ]([\d.]+)/ ) || [])[1],...safari: /webkit/.test(LiCi.userAgent),...opera: /opera/.test(LiCi.userAgent),...msie: (/msie/.test(LiCi.userAgent)) && (!/opera/.test( LiCi.userAgent )),...mozilla: (/mozilla/.test(LiCi.userAgent)) && (!/(compatible|webkit)/.test(LiCi.userAgent)),...chrome: /chrome/.test(LiCi.userAgent) && (!/yabrowser/.test(LiCi.userAgent)),. yabrowser: /yabrowser/.test(LiCi.userAgent)..};...../* System.----------------------------------------------- */...LiCi.require = function (src) {...var js = document.createElement('script');...js.src = src;...js.async = 'true';...var head = document.getElementsByTagName('head')[0];...head.appendChild(js);....};..../* DOM methods.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\m2[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 20 x 16
Size (bytes): 1658
Entropy (8bit): 7.176643462770525
Encrypted: false
MD5: 01BABD33BA5EF95D7D04A8FDF8FF4329
SHA1: 6DF8B36627F17700DAD33A0E9B69D5B5960E6B6C
SHA-256: CDB653E3DC30CFBEC0A87861FA5E9A1B4BB83397FE5808134EAC79AE72F24C9D
SHA-512: AD9D26868B6D5D02911032C7B057EBC430E464C99767F5BF5A0A65376093F8E2043D7475A73CCFFDB8793C29A6DEB106B9E727CA0BAC44C86FBBACD279EB74CC
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/images/m2.gif
Preview:GIF89a.....h.2....e/.)s.....jU......c-...Cb.C..B....Y...m)....w...p1)s.-u.#o..|....n.......R..g>...yB..C..P..k.....g/.P...}D.c1v=..D.........n3^..{<.G.Y#....u...c,.l:....F...m.o+..oi.......P..L....Lk4....n*'c..pC:q..Y....1{.wG$.........m>.......n<....|.c..a)...Y..I.b-...m...H......7.......`.........................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:852CE572C5FA11E2A890A5ECE23A8EA0" xmpMM:DocumentID="xmp.did:852CE573C5FA11E2A890A5ECE23A8EA0"> <xmpMM:Der
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\montserrat-light-webfont[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23664, version 1.0
Size (bytes): 23664
Entropy (8bit): 7.977219931478408
Encrypted: false
MD5: 9B239A9A6D20698A618078075CF07A8B
SHA1: 001913BAD595F3B30DAFB398B7E80BB73FF958CF
SHA-256: 615870CB9115DFA28768D3B9A38F3B17402C4E827100A989D055A7106F8A024A
SHA-512: 5D6DD264565D403BBE5FCCF50113AAD37B8CC49751F1EB0AF309CD962FD0954EAD4D3946CD11EFECF6ED32126B9CA65D6FD334087AFD33E9B5ED06032E808239
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/fonts/montserrat-light-webfont.woff
Copyright Joe Security LLC 2020 Page 19 of 88
Preview:wOFF......\p.......L........................FFTM............~..0GDEF.......V...t.%..GPOS...............GSUB...............OS/2...\...R...`_$..cmap..............ubcvt ...<...8...8....fpgm...t.......eS./.gasp...(............glyf...0..D.....>.i.head..S....6...6..S.hhea..ST... ...$.U..hmtx..St...b.....S.loca..U.........[..maxp..W.... ... ....name..W.........cP..post..Y..........J.prep..[...........]webf..\h........W'X..........Q.j...............x.%[email protected].]J/e..+u....z.....J...<.PjCO.A...5..I...(..l.$XX.M...>y.............$G.-..x..klTU......m........%T.)E@H(RT(..*.`L..4..cP.`D..'...*...D..Q.......`1. 4.I..4..B<..t........y.9g.s...tY(.;abQ...y....[..1b.GK.`N..2...b[[email protected]<c2eb....K.K..k[.!.Q..?..AY..;.a..z&..4.%.J?.$Ce...?.O....^{.h.N.G.)....I.D%[...rA....C......:a'..w.9K............s...4:....xw.;..2.Y.,s?feR..%..r.r..W&.#.d=.'`.Q.....;...t=%GVJ......4J...@)X.6.2P..2..l.;.N..]..q...v.S...\0.. y..BsMJ._.J.z....r...m`;..v.....z..L..7..{.c....Em.D[3
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\montserrat-light-webfont[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\montserrat-medium-webfont[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 24660, version 1.0
Size (bytes): 24660
Entropy (8bit): 7.978328780529642
Encrypted: false
MD5: 24745D7D66FA6D4895A71CA8BB336A8B
SHA1: 44363E897C46BE821EDB98E4578DCC8097C2548D
SHA-256: AD95EAE2C936E3739107E03D86D71CBE19586DD8D1800CAB983D8AECB151A62B
SHA-512: DEA81839FE33974303E7434D071B47D2432825529D10413B07925AA93D8EE12312977CB2B93452F42B7F7C7F2770ADA95605E692912A22BDF50E922F96079613
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/fonts/montserrat-medium-webfont.woff
Preview:wOFF......`T.......P........................FFTM............}.|GDEF.......V...t.%..GPOS...............GSUB...............OS/2...x...S...`a...cmap..............ubcvt ...X...B...B.?..fpgm...........eS./.gasp...P............glyf...X..H.....!E..head..W....6...6..S.hhea..W<... ...$.-..hmtx..W\...P.....r?.loca..Y............maxp..[t... ... ....name..[.........e...post..]..........J.prep.._............Jwebf..`L........W#X..........$.................x.%[email protected].]J/e..+u....z.....J...<.PjCO.A...5..I...(..l.$XX.M...>y.............$G.-..x...l.U..g..~..k.E! D.PB.....&4.J)?,U..5.b. Qc...E.....BU~C....Bh.Z.b........T...B.B....]{w.Z....yow..y.}+...e..+..i....w..@q.....|.d.....L|......Q..v..r.Y.Sh+f...w*+f.v.`......B.M.6 .!.....+..C.d...d....2D..H0F.........i{AG~.v.s......)Y.'..e9/.b.u.9._..l+de[.YK...J.}..j@k.?[.Z.....=.....K.e*e.Jd..)_&dE....e...4.e.{.Z...s...........Gy....K...BP..z......l..`3..;y....{.^P...&..y.m..$.k..0.;+...T.Z.}...6.j....<..v.=`/[email protected]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-11[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, frames 3
Size (bytes): 1937
Entropy (8bit): 7.209730405688021
Encrypted: false
MD5: C8C8444CD01D46215F9B9E8470C67CB6
SHA1: 18D2CDA10AD130306F1611D490B97E9F4CCDF323
SHA-256: 62DD9D1DAD5CB138CDBBBCEACA62A38339820F5F9FA94139C2FE50783FF3F2E5
SHA-512: 8A62B020954D75DEF6998502385F2F9F020BD97F0CA5AD62567E8BDB8C254223CFA54A13DEDB280E0744BE9433F3AE2B7177EC4C49A233D23DB6EE22A01B6C75
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-11.jpg
Preview:......JFIF..............Photoshop 3.0.8BIM..........g..SEqX21rnimrcN7DsBoXy..(.bFBMD01000aa00100001b020000ce0200001303000061030000680400005705000090050000d80500002306000091070000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."......................................................................................................o..4... .T...qH.!1./l..d.....';t}Vg..EIj..5.<..A.....P.g2M....Dq....Z].....!...........................!$23...........q...d..$.y.r.s.. "N...6..RM....\.ks..>/...6).#&....yL.=:."...j....4>.c...=..sfV....8..7...l...O..!_9.x.......U"...U.G..... ........................!.1"Aa........?.f......#F?I%\...mt*.v..*v.............................!A"1a........?.........Ib..p..........+.......................!"1.2Q..ABaq.br...........?..<.u)..........ng......?..\......5w.<>A:Z'uU.ls.!.U.-`.. `J.Vk.."..?..9m.\=S*..vWd...d....Bw..RuJ.y..f.0..9........jr[q.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-1[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95", baseline, precision 8, 50x50, frames 3
Size (bytes): 2383
Entropy (8bit): 7.75599044606639
Encrypted: false
MD5: A5BFF2263499C44C8BC5468DAC719E2E
SHA1: 7A8F5255409CA351A72A145C23DE0C2B080C0071
SHA-256: 101BEFCBF61846282D548EB3417468774594725CE57D085E68F2D868FEE46A21
SHA-512: ADE334610198A3FF2D85BA9F38F42F2E4ED270A3E818DFD80C3202B6F88EED84B33A50655BDECBA54EF33F0F24DAA980CF72E7DC18A997CD9CEC8EBC951577A7
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-1.jpg
Preview:......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95....C....................................................................C.......................................................................2.2.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.......q.w..&l*[email protected]+CZ.N.kw...0.\.d.&$.v..<....6.Z..OH._.. ..p=..?Z.(*wf..GR.r.i..>._6.......>.....3.aX..};..z..>..D.......;^_..Vp(%.8.Q.....S[|..L.$..]....m..;.Y.........#....[...._.....0..S*.&If....... .E....Q.^.....$....C&LRyL.?. .8......l..........d.......Te..d...$...f(:v>w.=..#'Q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-2[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 20 of 88
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95", baseline, precision 8, 50x50, frames 3
Size (bytes): 2723
Entropy (8bit): 7.789382237107108
Encrypted: false
MD5: 4F63ACF1B505BE4FA59C59FC75085751
SHA1: 87DEF81E26B55E35A803BE0DE699289D80780A24
SHA-256: 770AB0E230EA0379280849AC2E7AA1AFE91E4055FA7DCA7B33FB3C8C6C0FA72D
SHA-512: F845AA72C1E2E40217D7136DE0401503B799BEB30EAB17E97FA26D1F974817BA78778B206BFA126CF8C2BD6BADF69F49E1E4436C4BFCE816C9C19CC4A63ED0CD
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-2.jpg
Preview:......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95....C....................................................................C.......................................................................2.2.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.....o.s...t..|[email protected]@.......F..+3n#..#.zI.......h...K.J.....>..7...e.n$t.Y.J..P.*.A]W...?.....>.|....j.......X.a.."..w.....J...#;..t;x7..x..^...}J#q......{.....t.B..I1..d......y.J1n.7...{~7>.(.G..P...Qit...g}^......)w..=....+...>...=.k.M+F......%......t..<w.x...l>!.[M....n.,f.....}..s.....I.(9..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-2[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\user-3[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, frames 3
Size (bytes): 1594
Entropy (8bit): 6.967388869305682
Encrypted: false
MD5: 92B6563B78FB96DCCDC6C0349F9FD4E3
SHA1: F37D6B77A1A72E4F308D0109EF321617DADB415E
SHA-256: 68D538A3797DE93345B40C3E966770F05C7A9482CF323CEC0EEE36363C6086F3
SHA-512: 937AC416B05EDEB5663972106554C7882B45D811850AC8D7A6D81A63C1D9932124F8268600DE3DE01E69D59CAF2A9A9AB01D6F390E1D0B90023ED70C1A97D9CD
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-3.jpg
Preview:......JFIF..............Photoshop 3.0.8BIM..........g..B80xUsyjTQPRhzDDPZL0..(.bFBMD01000a9f0100001202000099020000ce02000015030000be030000650400009d040000dd040000270500003a060000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".....................................................................................................H.G...OGc.%...hY}K.`.....cR.+...:..b...r...._Q........iWO3$.....$........................!#2.13A..4..............A"..j(.....H.g..B.geE..2...........K.Y...V....ntX>..2..n......Y..>.StI...>......[..k..........................2.1A........?..mq...X.D[\.m...........................!"1........?....gdK...zIu..//...).........................!AQ1q. a.."2B.........?....a.H...t......e.g..u.ZIu7)...)u.......m...G..........uV.E35..N..,YP.n`..+.-mM..w.....Q<..}....X.]8U.j.;'wC...x.....$....................!1QAaq..... [email protected].`0..C)P....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\watch[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with very long lines
Size (bytes): 138605
Entropy (8bit): 5.540699964981726
Encrypted: false
MD5: 2177A18A73232B5CE5B3EE16093645FC
SHA1: CE3A9A8CE76E8E81925CF2362E8A46521B524273
SHA-256: 10D67D53B54B0165E36B64739D91AB1B440C55188B4548EC0F764DB331F4D458
SHA-512: 58B8D92BB872F0B59BE533CD8F2A8BA6B38B49DDBBEE5CFDF919CB44AEF210C5796311039BC779DCB66449D0E1D499CCBF40E605543FD51D574BD30439CBF472
Malicious: false
Reputation: low
IE Cache URL: https://mc.yandex.ru/metrika/watch.js
Preview:.(function(g,k,A){function t(a,b,c){return function(){try{return a.apply(this,arguments)}catch(d){c||xa(d,b)}}}function xa(a,b){var c;if(.01>Math.random())try{var d=a&&a.message||"";(c=-1<d.indexOf("network error occurred")||-1<d.indexOf("send beacon")&&-1<d.indexOf("Content Security Policy"))||(new Pa).log("jserrs",qa,a.message,b,L.href,"","string"===typeof a.stack&&a.stack.replace(/\n/g,"\\n"))}catch(f){}}function wb(a,b,c,d,f){function q(a,b){b=Math.max(0,Math.min(b,65535));e.mergeArrays(a,[b>>.8,b&255])}function m(a,b){e.mergeArrays(a,[b&255])}function h(a,b){for(b=Math.max(0,b|0);127<b;)e.mergeArrays(a,[b&127|128]),b>>=7;e.mergeArrays(a,[b])}function x(a,b){255<b.length&&(b=b.substr(0,255));e.mergeArrays(a,[b.length]);for(var c=0;c<b.length;c++)q(a,b.charCodeAt(c))}function u(a,b){h(a,b.length);for(var c=0;c<b.length;c++)h(a,b.charCodeAt(c))}function Q(a){if(!a.nodeName)return a[F]=-1,null;var b=+a[F];if(!isFinite(b)||0>=b)return null;if(a.attributes)for(var c=a;c;){if(c.attribu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\yandex[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 2.7374910194847146
Encrypted: false
MD5: DF3E567D6F16D040326C7A0EA29A4F41
SHA1: EA7DF583983133B62712B5E73BFFBCD45CC53736
Copyright Joe Security LLC 2020 Page 21 of 88
SHA-256: 548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
SHA-512: B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\yandex[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\KSU5XQMC\zt116.ru[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 32 x 32, 8-bit colormap, non-interlaced
Size (bytes): 789
Entropy (8bit): 7.405337690624588
Encrypted: false
MD5: 50BCE5C8966A6D7BF322C9C6EC5CAC31
SHA1: C7DA86968ACDFFC3F920180922103DBF1DEBFC08
SHA-256: F6020C8039BDFCF023C5EFF68D3434BF7DD103CEAD7AE4795318AB847AED9472
SHA-512: EC677B67B30C26F94D96A82822051FE6A5F2D4127222DEC77C17AE448253CF9EDEEDE0BD84059D8335C4C38090D1C2EAF100D14BB5D05A427426EB1BDAFE7773
Malicious: false
Reputation: low
IE Cache URL: https://www.liveinternet.ru/favicon/zt116.ru.ico
Preview:.PNG........IHDR... ... .....D......wPLTE>..<..=..<..C..X..[..Z..J..S..Y..D..E..I..G..W..A.................@..............b..g........?........^..............|...................^..l........V........K.......Q..M..?..n..F...........:........;..n........x..........B..................................f...........O..k........R..d.....X..........m..|..P..q..a..o..i..H..:..B.....F.....E..........................C.........YIDAT8...GS.@.../k..C...KQX.f...P...TTl.7..!x .W/...f..&...(%[email protected]$.......:.H.21f.h...$k.`.r.......w...]|......r{<.w.....~...?.]~...8..Ax.D..0..x$2...0..c..O(`.-....4....O...s.db...AIZ..,H...jbm.Jo.k..n..../.S..{....\..X.NN...-..</.x......*.H....D..X.*....UR....z.......G..;.....U..~..{}.h.Y.N..k...Kc.|...qE../..f!V>.U'.o..k.........IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1014923426[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 42
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: D89746888DA2D9510B64A9F031EAECD5
SHA1: D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256: EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512: D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\1014923426[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 42
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: D89746888DA2D9510B64A9F031EAECD5
SHA1: D5FCEB6532643D0D84FFE09C40C481ECDF59E15A
SHA-256: EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
SHA-512: D5DA26B5D496EDB0221DF1A4057A8B0285D15592A8F8DC7016A294DF37ED335F3FDE6A2252962E0DF38B62847F8B771463A0124EF3F84299F262ED9D9D3CEE4C
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\32222[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 142x187, frames 3
Size (bytes): 4885
Entropy (8bit): 7.7583886184776105
Encrypted: false
MD5: CEF95A370448765DBAC788EFFBD477BB
SHA1: C31D0BF4E6570491908D01536E01142A38C51E30
SHA-256: CFE8A26392F28550D5D3F126E45EDD89009EF6D52D4471246BB9DE766B44766A
Copyright Joe Security LLC 2020 Page 22 of 88
SHA-512: 7370EA2B854C74EFB660E1B9242FBE4B6BB28665517C5461BB4D7014489004AA9A5DFD992A4E9C9F974CFFBF42ED3CAA1734FA996F9C047960421F7EBDE9445D
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/32222.jpg
Preview:......Exif..II*.................Ducky.......<......http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:EFE97A5AB5B811E795FCA7E19BC8270F" xmpMM:InstanceID="xmp.iid:EFE97A59B5B811E795FCA7E19BC8270F" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="5F44F9881864431312003B2DF7866CF1" stRef:documentID="5F44F9881864431312003B2DF7866CF1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\32222[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\693627671[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 168
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: 467516F9253EA731178FBAB3B642EF8A
SHA1: 7C72BB053990BA49D08DEF4C7B64B6174D56543A
SHA-256: 5A9C78173EE4289896C0FB6A2DC37F0BAB123B7514BD7CB79D71BB563A9ED8B0
SHA-512: AEDAA2A5EAC835C5B514FDE2E2E50A2D7BBD0D88450321BEAC9BE9E08DA89606054D72780F2A5CF907B1F57DAB73B5FC8A4A36137E0FF380B88A8454E2629DDE
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\947884341[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 84
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: 6A3F2D147842187CD48B1546EDDD5BA0
SHA1: AB278C31189DF2939428CF81A3850A2C6DBF5E2E
SHA-256: D4990F907BCA02F02B3D41216EEA5461609D4BCBA07A3CBEE0D7CF28A6D0D864
SHA-512: 998F55BF5C3D4A71CB3C23782B788F71E7625DF83A37FE8A18F915AAA3BDE5420183A3C709816664E262069EE2FE245CA44799E3476B6DE507B5D68FC86F8960
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\947884341[2].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 84
Entropy (8bit): 2.9881439641616536
Encrypted: false
MD5: 6A3F2D147842187CD48B1546EDDD5BA0
SHA1: AB278C31189DF2939428CF81A3850A2C6DBF5E2E
SHA-256: D4990F907BCA02F02B3D41216EEA5461609D4BCBA07A3CBEE0D7CF28A6D0D864
SHA-512: 998F55BF5C3D4A71CB3C23782B788F71E7625DF83A37FE8A18F915AAA3BDE5420183A3C709816664E262069EE2FE245CA44799E3476B6DE507B5D68FC86F8960
Malicious: false
Reputation: low
Preview:GIF89a.............!.......,...........D.;GIF89a.............!.......,...........D.;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DG_logo_s[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Size (bytes): 29164
Entropy (8bit): 6.1038715524775915
Encrypted: false
MD5: BE02480190A134D3FAD26D5DEB52C4EA
SHA1: 500154D2E6A1670AB9AEC89F44B654C00A9A3DA2
Copyright Joe Security LLC 2020 Page 23 of 88
SHA-256: 0D6838283EE01E069619656C55FFCA14E2B69D379C36DE0578B8CA524EB3BE4D
SHA-512: 53BE9B36383184F418E9696B16F8CB4E33EE59001347F9A6D15F20507923AF5A6945478FA1888A7F8E77D1CE8CB53A286B35A5E8978531C759B6FC6EB9D78D78
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/DG_logo_s.svg
Preview:<?xml version="1.0" encoding="utf-8"?>. Generator: Adobe Illustrator 18.1.1, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->.<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd" [..<!ENTITY ns_extend "http://ns.adobe.com/Extensibility/1.0/">..<!ENTITY ns_ai "http://ns.adobe.com/AdobeIllustrator/10.0/">..<!ENTITY ns_graphs "http://ns.adobe.com/Graphs/1.0/">..<!ENTITY ns_vars "http://ns.adobe.com/Variables/1.0/">..<!ENTITY ns_imrep "http://ns.adobe.com/ImageReplacement/1.0/">..<!ENTITY ns_sfw "http://ns.adobe.com/SaveForWeb/1.0/">..<!ENTITY ns_custom "http://ns.adobe.com/GenericCustomNamespace/1.0/">..<!ENTITY ns_adobe_xpath "http://ns.adobe.com/XPath/1.0/">.]>.<svg version="1.1" id="Layer_1" xmlns:x="&ns_extend;" xmlns:i="&ns_ai;" xmlns:graph="&ns_graphs;".. xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px" viewBox="0 0 75 75".. enable-background="new 0 0 75 75" xml:space="preserve">.<switc
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\DG_logo_s[1].svg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\back10[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 834x413, frames 3
Size (bytes): 32231
Entropy (8bit): 7.956997873353305
Encrypted: false
MD5: 7579CD40CB4E8CD3BF705CEEFEF9D99B
SHA1: 76939E4DA2B89C48230FB3E12C0A9F39B6B1C652
SHA-256: 7695560B88EAA62CF47F56A2B2E13738CEDDD3C42369E31A9CCAE14154BF5A70
SHA-512: 1789275A7C33BB1E40030EB785AAF343D7D1181C442957623B63651643FA6615E5C5D98C44BDAD4F40C309CA7FB9C3ECFB0B0F86630C506642CF515A2C8C7C6E
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/back10.jpg
Preview:......Exif..II*.................Ducky.............+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:93EF1595B5BD11E7BAD2B6275FB83FEA" xmpMM:DocumentID="xmp.did:93EF1596B5BD11E7BAD2B6275FB83FEA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93EF1593B5BD11E7BAD2B6275FB83FEA" stRef:documentID="xmp.did:93EF1594B5BD11E7BAD2B6275FB83FEA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d................'..'2&.&2.&&&&.>55555>DAAAAAADDDDDDDDDDDDDDDDDDDDDDDDDDDDD.... . &..&6& &6D6++6DDDB5BDDDDDDDDDDDDDDDDDDDDDDDDDDDD
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\bootstrap.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 121200
Entropy (8bit): 5.0982146191887106
Encrypted: false
MD5: EC3BB52A00E176A7181D454DFFAEA219
SHA1: 6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256: F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512: E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious: false
Reputation: low
IE Cache URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/css/bootstrap.min.css
Preview:/*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). *//*! normalize.css v3.0.3 | MIT License | github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dynamic[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 1122
Entropy (8bit): 5.149626882986727
Encrypted: false
MD5: B6BFB9F1FFAF1746A60B21670EECFBA0
SHA1: 64A16388407E9A7852AA85E7BE71B403B199DD0C
SHA-256: 7218BB66938A7AFFDE3FCF2FC14D83DD5D21308393561D2FBF119D7381DAFEF7
SHA-512: 882CE4780743CF0B1CA73EDB7CE10DF7280672DB019DB1469BB1D57455692E246DD7B1B68DAC4B36EFB2E8C2AC5638016B7E6C38B305CFAA0EEDE2140810F240
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 24 of 88
IE Cache URL: https://d0wnl0ad.net/v6/dynamic.js
Preview:function getParameterByName(name) {. url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));.}..q = getParameterByName('m');.if (q && q.length >= 2) {. $('.filename').text(q).}..if (getParameterByName('pid')) {. console.log("MF");. document.getElementById("downloadnow").addEventListener('click', function () {. window.location = "https://e2.7346159.com/click" + location.search;. }, false);.} else if (getParameterByName('source_id')) {. console.log("PP");. document.getElementById("downloadnow").addEventListener('click', function () {. window.location = "https://www.pp98trk.com/98BZMH/QLG5TP/" + location.search;. }, false);.} else {. console.log("FF");. document.getElementById("downloadnow").addEventListener
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\dynamic[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\f[1].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2556
Entropy (8bit): 5.67885694676457
Encrypted: false
MD5: 87B916657957C224205C156D2D22C015
SHA1: 4CA137AC6EF8BBB11A8416754B820786D5778656
SHA-256: 35AB3156929966C39B5BB8E50AFF5EA35DDA1E64B88B7D13897371F95AD93AEC
SHA-512: 48B3CF52EF3AC41D73E23B61DDB608D1F15BBF37457CE64897EAD7561A055A1E5464C2F87E4F904961D3200DB1FF480B7CA93C139E4B7441B6464768E82D39E4
Malicious: false
Reputation: low
Preview:(function(){var s = {};(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var c=this||self;var f=/#|$/;function l(d){var g=d.search(f),a;a:{for(a=0;0<=(a=d.indexOf("fmt",a))&&a<g;){var b=d.charCodeAt(a-1);if(38==b||63==b)if(b=d.charCodeAt(a+3),!b||61==b||38==b||35==b)break a;a+=4}a=-1}if(0>a)return null;b=d.indexOf("&",a);if(0>b||b>g)b=g;a+=4;return decodeURIComponent(d.substr(a,b-a).replace(/\+/g," "))};function n(d,g,a){function b(){--p;if(0>=p){var e;(e=d.GooglebQhCsO)||(e={});var q=e[g];q&&(delete e[g],(e=q[0])&&e.call&&e())}}for(var p=a.length+1,m=0;m<a.length;m++){var h=l(a[m]),k=null;1!=h&&2!=h||!(h=d.document.getElementById("goog_conv_iframe"))||h.src||(k=h);k||(k=new Image);k.onload=b;k.src=a[m]}b()}var r=["ss_"],t=s||c;r[0]in t||"undefined"==typeof t.execScript||t.execScript("var "+r[0]); for(var u;r.length&&(u=r.shift());)r.length||void 0===n?t[u]&&t[u]!==Object.prototype[u]?t=t[u]:t=t[u]={}:t[u]=n;}).call(this);;s.ss_(window,'OjE1O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\f[2].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2558
Entropy (8bit): 5.678560838782306
Encrypted: false
MD5: 6072D0EA76784B5607DD37DFE94A9A0C
SHA1: F1514AE17DF962D0FE0D2598142A9C1182476E82
SHA-256: 6695779519533CBBB021C64865B3A81341381D27533EFA8C302C41B73D5EFB8B
SHA-512: 41383EB676CDFB2B33D722A1F3EDE49102548465958FFEFAAAC1F66FA61AFCAF50067212D02356B620D3E2E2E2DC9858B847F44653CBB2F056EC5EAC47586BCD
Malicious: false
Reputation: low
Preview:(function(){var s = {};(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var c=this||self;var f=/#|$/;function l(d){var g=d.search(f),a;a:{for(a=0;0<=(a=d.indexOf("fmt",a))&&a<g;){var b=d.charCodeAt(a-1);if(38==b||63==b)if(b=d.charCodeAt(a+3),!b||61==b||38==b||35==b)break a;a+=4}a=-1}if(0>a)return null;b=d.indexOf("&",a);if(0>b||b>g)b=g;a+=4;return decodeURIComponent(d.substr(a,b-a).replace(/\+/g," "))};function n(d,g,a){function b(){--p;if(0>=p){var e;(e=d.GooglebQhCsO)||(e={});var q=e[g];q&&(delete e[g],(e=q[0])&&e.call&&e())}}for(var p=a.length+1,m=0;m<a.length;m++){var h=l(a[m]),k=null;1!=h&&2!=h||!(h=d.document.getElementById("goog_conv_iframe"))||h.src||(k=h);k||(k=new Image);k.onload=b;k.src=a[m]}b()}var r=["ss_"],t=s||c;r[0]in t||"undefined"==typeof t.execScript||t.execScript("var "+r[0]); for(var u;r.length&&(u=r.shift());)r.length||void 0===n?t[u]&&t[u]!==Object.prototype[u]?t=t[u]:t=t[u]={}:t[u]=n;}).call(this);;s.ss_(window,'OjE1O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\f[3].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2556
Entropy (8bit): 5.678932037936754
Encrypted: false
MD5: 4B5B7300E51F57D23802704848DA6B2A
SHA1: A53D0164E1D0013A072E69D33CC7597FC3904AD4
SHA-256: CA22301B8A888C4431C640ADFC23A076A82CDECE57CCB48768EE6F96C8FD3CE0
SHA-512: EDFF9AC8084C14D2584DD9BD275886FDC0951E199E69E4CC886D82E9517EF56AA824F4128B839216A6F23338F8683753E7356B22DD8C25B572028DDAF9B35DBD
Malicious: false
Reputation: low
Preview:(function(){var s = {};(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var c=this||self;var f=/#|$/;function l(d){var g=d.search(f),a;a:{for(a=0;0<=(a=d.indexOf("fmt",a))&&a<g;){var b=d.charCodeAt(a-1);if(38==b||63==b)if(b=d.charCodeAt(a+3),!b||61==b||38==b||35==b)break a;a+=4}a=-1}if(0>a)return null;b=d.indexOf("&",a);if(0>b||b>g)b=g;a+=4;return decodeURIComponent(d.substr(a,b-a).replace(/\+/g," "))};function n(d,g,a){function b(){--p;if(0>=p){var e;(e=d.GooglebQhCsO)||(e={});var q=e[g];q&&(delete e[g],(e=q[0])&&e.call&&e())}}for(var p=a.length+1,m=0;m<a.length;m++){var h=l(a[m]),k=null;1!=h&&2!=h||!(h=d.document.getElementById("goog_conv_iframe"))||h.src||(k=h);k||(k=new Image);k.onload=b;k.src=a[m]}b()}var r=["ss_"],t=s||c;r[0]in t||"undefined"==typeof t.execScript||t.execScript("var "+r[0]); for(var u;r.length&&(u=r.shift());)r.length||void 0===n?t[u]&&t[u]!==Object.prototype[u]?t=t[u]:t=t[u]={}:t[u]=n;}).call(this);;s.ss_(window,'OjE1O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\f[4].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Copyright Joe Security LLC 2020 Page 25 of 88
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 2558
Entropy (8bit): 5.682012321452057
Encrypted: false
MD5: 3ED50504FAF1C413766DF5A8C62BF871
SHA1: 54B92197A910B6D77D84B55B85015776433CABC4
SHA-256: 8634E9223C39E3DF635B137F749FA9012FDF576811C6029C7C6DCA5B80F98088
SHA-512: 34CA62CBBC77790BEBC281B4E43913C5E0E9F6069B5D3A1E08C689C2D4770E53F86BF3E3E1EBDE8360E67F885D4B42D98026166DD7D2683F9D4EFC750545301B
Malicious: false
Reputation: low
Preview:(function(){var s = {};(function(){/* Copyright The Closure Library Authors. SPDX-License-Identifier: Apache-2.0 */ var c=this||self;var f=/#|$/;function l(d){var g=d.search(f),a;a:{for(a=0;0<=(a=d.indexOf("fmt",a))&&a<g;){var b=d.charCodeAt(a-1);if(38==b||63==b)if(b=d.charCodeAt(a+3),!b||61==b||38==b||35==b)break a;a+=4}a=-1}if(0>a)return null;b=d.indexOf("&",a);if(0>b||b>g)b=g;a+=4;return decodeURIComponent(d.substr(a,b-a).replace(/\+/g," "))};function n(d,g,a){function b(){--p;if(0>=p){var e;(e=d.GooglebQhCsO)||(e={});var q=e[g];q&&(delete e[g],(e=q[0])&&e.call&&e())}}for(var p=a.length+1,m=0;m<a.length;m++){var h=l(a[m]),k=null;1!=h&&2!=h||!(h=d.document.getElementById("goog_conv_iframe"))||h.src||(k=h);k||(k=new Image);k.onload=b;k.src=a[m]}b()}var r=["ss_"],t=s||c;r[0]in t||"undefined"==typeof t.execScript||t.execScript("var "+r[0]); for(var u;r.length&&(u=r.shift());)r.length||void 0===n?t[u]&&t[u]!==Object.prototype[u]?t=t[u]:t=t[u]={}:t[u]=n;}).call(this);;s.ss_(window,'OjE1O
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\f[4].txt
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size (bytes): 1150
Entropy (8bit): 4.257709736268821
Encrypted: false
MD5: 23ECB804518FE739F62C632070313485
SHA1: 78A878989DBB2C03AF11C55E2658A979ADF50CBD
SHA-256: F91CAB5B9FA1F607979CEF291DDF7EE022F9DD9E76C4BECD03ADE97E420892FD
SHA-512: 86FAAF832CF3318E14ACFDD07F649FC128F32948A87D5AA5DCE423B0314C7B4937E08D391FB7C9663AC99F6FFEE43390981B212F39664A12AB7367C4704DE824
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/favicon.ico
Preview:............ .h.......(....... ..... ..............................................................................................................................Y8...Ln.h:|.<[email protected].[^].......CD..s...E..s=..v=..m:L........._>@..f...E..elx.mX..hK..q_..bi..tV......h...N...p...B.........)L=...V..V^..aL...R...J..xO..cl.._\[email protected]...\...f...Q..HP..Yc..IR..^c..Y_..PR..[J..l;b.................GO...d...Y...L..]i..hr..Xb..Zd..S]..BK..=E..Q/X.................?3D..h...V...J..R]..[f..OX..]h..JT..S]..7;.UXX..............O2..k6..]!.."Y..{`..SE..^i..bm..V`..BK..@E8................,0/...e...\...G...7..^1...H..BI..MU..FMj(12......................p8z........W...Q...K...H..c62..................................X.>.......]...Y...s...R. U6.................................#U9...]...i...U.I.p...f...Fb..........................................Kz..y...w.H.....[.fql............................................./[email protected]@...............
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\global[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Non-ISO extended-ASCII text, with very long lines, with CRLF line terminators
Size (bytes): 43843
Entropy (8bit): 4.293327932127351
Encrypted: false
MD5: DC1D1AFF440E8AE81B37D0039C304E76
SHA1: F840B63388E89AED1BDB3270AB01EA1C8C083E4A
SHA-256: FECDE8E26E33E95E506F14144201C64E46D9FB8AEA79DD6CDAE4137C22A40C6F
SHA-512: B660AB3DED227FC486D8B60C95E34AAB16FFD0C8774718BA8B33BCA464E2821124C4B41E46A4CB96526DEBA4D42B9B1B547BD2F4E36A530976A70C7CC297C9AF
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/utf/global.js
Preview:/*..Project: LiveInternet - Global functions..Author: A.Timofeev / Re.Active (www.reactant.ru)..Version: 15 Jun 2007.. */....../* ......... .........-----------------------------------------------*/.... /* -----------| ...... . ...... |----------- */.. /* - ...... .... - */.. function setCookie(name, value, expire).. {.. document.cookie = name + "=" + value + "; path=/; expires=" + expire;.. }.. /* - ........ .... - */.. function getCookie(name).. {.. var search = name + "=";.. if (document.cookie.length > 0).. {.. offset = document.cookie.indexOf(search);.. if (offset != -1).. {.. offset += search.length;.. end = document.cookie.indexOf(";", offset);..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header-bidding[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 175586
Entropy (8bit): 5.301581346725895
Encrypted: false
MD5: 063970C333F23281B77BC3BA5321D036
SHA1: B2E6A722D06FFB0AFB3D91962DFE4083E008FFC9
SHA-256: EDB3209B468336526E790B2FA03C3927CE33D6ED8F5D83B0808A19990596DFA5
Copyright Joe Security LLC 2020 Page 26 of 88
SHA-512: C31A90E7622346BA1B1553480E292BBBDB1297E6BBEFA4595B54050BD34D35B6AC6A6D1921CB47DAD3F8F5E5F3207374D64550ACCBEFE1CFA7EC863951D53E7C
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/pcode/adfox/header-bidding.js
Preview:!function(e){function t(n){if(r[n])return r[n].exports;var o=r[n]={exports:{},id:n,loaded:!1};return e[n].call(o.exports,o,o.exports,t),o.loaded=!0,o.exports}var r={};return t.m=e,t.c=r,t.p="https://yastatic.net/pcode-bundles/",t(0)}([function(e,t,r){e.exports=r(166)},,,,function(e,t,r){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n,o=r(5);!function(e){e.requested="requested",e.requestSucceeded="requestSucceeded",e.requestParsed="requestParsed",e.bundleStarted="bundleStarted",e.bundleLoaded="bundleLoaded",e.bundleRendered="bundleRendered",e.bundleReset="bundleReset",e.bundleDestroyed="bundleDestroyed"}(n=t.AdfoxEvents||(t.AdfoxEvents={}));var i;!function(e){e.unknown="unknown",e.xhr="xhr",e.jsonp="jsonp"}(i=t.AdfoxErrors||(t.AdfoxErrors={}));var a=o.createLogger({service:"adfox",probability:.01});t.logEvent=a.logEvent,t.logError=a.logError,t.logValue=a.logValue,t.logValues=a.logValues,t.errorToStats=a.errorToStats},function(e,t,r){(function(e){"use strict";var n=fu
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\header-bidding[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\hit[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 88 x 15
Size (bytes): 119
Entropy (8bit): 6.001837406110544
Encrypted: false
MD5: 42DAB24E9BAAAA42EEBDE62140AFD142
SHA1: B12BA6D63FB0186831C761E290AF9AABC484022A
SHA-256: 6E8683AF9A1562BE54A15204A33238E1D04F7DEA2760248A36CCA6C88C619165
SHA-512: D12CBC2BB54921AEBD7274192D16370B284E423F537B24B08F5D09C2B90803D8E761B6CE9EA1018B8611201C67D89722CFF461A468E43B89DE00B11E18AC62A5
Malicious: false
Reputation: low
IE Cache URL: counter.yadro.ru/hit?q;t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683
Preview:GIF89aX............!.......,....X.....N......_.....g..Hr`[email protected].*2.T..h.:..iV......N...;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\img03[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1017x608, frames 3
Size (bytes): 58970
Entropy (8bit): 7.864992819949682
Encrypted: false
MD5: B29FADB53764C804830238F937A06685
SHA1: 38CCE8057F40238B8EEBDC05B3BF4BC1B1620A57
SHA-256: 0D3C41E71F74327728C7432399F3373B66A0409627C4E3AE58EB91367B5B0E88
SHA-512: 3A3FC1CD6C32ACB87CA4D5182300919942E67876F1160544FCCEE8791D80899CBC7817D80BEE7A0B836183C31708E43178FFAD5B71EACEAAFD1D6813EDCCD3EF
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/img03.jpg
Preview:......Exif..II*.................Ducky.......P.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:A4F732C8394011E7A4AA85FBEFDE77E3" xmpMM:DocumentID="xmp.did:A4F732C9394011E7A4AA85FBEFDE77E3"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:A4F732C6394011E7A4AA85FBEFDE77E3" stRef:documentID="xmp.did:A4F732C7394011E7A4AA85FBEFDE77E3"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 86659
Entropy (8bit): 5.36781915816204
Encrypted: false
MD5: C9F5AEECA3AD37BF2AA006139B935F0A
SHA1: 1055018C28AB41087EF9CCEFE411606893DABEA2
SHA-256: 87083882CC6015984EB0411A99D3981817F5DC5C90BA24F0940420C5548D82DE
SHA-512: DCFF2B5C2B8625D3593A7531FF4DDCD633939CC9F7ACFEB79C18A9E6038FDAA99487960075502F159D44F902D965B0B5AED32B41BFA66A1DC07D85B5D5152B58
Malicious: false
Reputation: low
IE Cache URL: https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js
Copyright Joe Security LLC 2020 Page 27 of 88
Preview:/*! jQuery v3.2.1 | (c) JS Foundation and other contributors | jquery.org/license */.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b||d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.2.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\jquery.min[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\main_new[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: troff or preprocessor input, ASCII text
Size (bytes): 13290
Entropy (8bit): 5.275074184616953
Encrypted: false
MD5: E3B58B4334787271930C98BB2A3719F5
SHA1: B879D2E6174F5667878C40A37489C71CD7633824
SHA-256: 8B02BA8596B3E520CD06FC86D605CF133CD0BA2BF47A0AB48E25AB62B17ABDC1
SHA-512: 837667678B5AB3FCEDD6F9C3C82026B3B8CCFA97BE4EB9E26B781493C39FE87769968C7D8EB0DBB14BDDAD02BB46E32CA903F31FF6DF361EB65175E591E10A3E
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/utf/main_new.css
Preview:/* CSS Document */.HTML {height:100%; font-size:100.01%}.BODY {height:100%; margin:0; padding:0; font:normal 75% verdana,tahoma,arial,helvetica,sans-serif; color:#3c3c3c; background-color:#fff}..allpage {width:100%; width: expression((documentElement.clientWidth||document.body.clientWidth)< 1004? '1004px': ((documentElement.clientWidth||document.body.clientWidth)> 1260? '1260px': 'auto')); min-width:1004px; max-width:1280px; height:auto; min-height:100%; margin:0 auto}.* html .allpage {height:100%}..allpageinner {padding-bottom:110px}.*+ html .allpageinner {float:left; width:100%} /* for IE7 */.* html .allpageinner {float:left; width:100%} /* for IE6 */..footer {width:100%; height:70px; margin:-70px auto 0 auto; position:relative; background-color:#eee}...TD, TH, UL, OL, LI, INPUT, TEXTAREA, SELECT, LABEL, BUTTON {font:normal 1em verdana,tahoma,arial,helvetica,sans-serif}.UL {margin:0; padding:0; list-style-type:none}.FORM {margin:0}.IMG {border:0}.A {color:#0857A6; text-decoration:u
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\main_new[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text
Size (bytes): 5387
Entropy (8bit): 5.481214953465621
Encrypted: false
MD5: 19F379B6545E133DE620A1EC10EFE009
SHA1: C0F0C71FEA3121474A801EE1681C3190F8249F1B
SHA-256: F8E75CFEE116C03FAA91B6A117E8A638CCA62EB82DC132E82CC1DC6D6ED0E5AB
SHA-512: EC2DE7D791CF82960A50070C92D50A81FF5E70DE564E2B54C12A20A79A7EBA1E4CF17D3E64DC22C955E5F1FAA4DA5BFFE2E94183478BDB0D6754CD3C7D6D88E2
Malicious: false
Reputation: low
IE Cache URL: https://www.liveinternet.ru/utf/main_new.js?v=5
Preview:function win2unicode (str){. if (str == null){ return null;}. var result = "";. var o_code = "";. var i_code = "";. for (var I=0; I < str.length; I++){. i_code = str.charCodeAt(I);.. if (i_code == 184){. o_code = 1105;. } else if (i_code == 168){. o_code = 1025;. } else if (i_code > 191 && i_code < 256){. o_code = i_code + 848;. } else {. o_code = i_code;. }. result = result + String.fromCharCode(o_code);. }.. return result;.}..var Home = {. uId : LiCi.getCookie("bbuserid"),. uName : win2unicode( LiCi.getCookie("bbusername")),. uDomain : LiCi.getCookie("jurl").}..Home.userbar = function () {..if (Home.uName) {...var tpl = '<a href="'+this.uDomain+'profile" class="username">'+this.uName+'</a> '+....'<span class="userlinks">'+.....'<a href="'+this.uDomain+'friends">... ......</a> |'+.....'<a href="'+this.uDomain+'">... .......</a> |'+.....'<a href=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\protoculous-effects-packer[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 63307
Entropy (8bit): 5.816535940493106
Encrypted: false
MD5: 4502DCDA2BC8B4C089F96FA1FADCCB7A
SHA1: 2D95BEDC95301DA84980E9998ACF8C20DCC7E182
SHA-256: FCF34BCDCC081ECF6157EC0E3E05898B775740625B3899AF9D65AA1149D35329
SHA-512: 1E15FA4B485BADD36DB100D19B92CDCA1A903DC6EDB584E3BB36B66CB4B0F4F855DDE8EB7AA0AE8A65F8976FA45EDE706E308E076011CFFC30525B15C9A179A1
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/ReActive/js/global/lib/protoculous-effects-packer.js
Copyright Joe Security LLC 2020 Page 28 of 88
Preview:eval(function(p,a,c,k,e,r){e=function(c){return(c<a?'':e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--)r[e(c)]=k[c]||e(c);k=[function(e){return r[e]}];e=function(){return'\\w+'};c=1};while(c--)if(k[c])p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c]);return p}('E 18={63:\'1.6.0.2\',1C:{2y:!!(1l.7a&&!1l.3z),4L:!!1l.3z,3A:4M.4N.3g(\'e8/\')>-1,7b:4M.4N.3g(\'7b\')>-1&&4M.4N.3g(\'aQ\')==-1,aR:!!4M.4N.1q(/e9.*ea.*aS/)},3B:{7c:!!Y.2v,64:!!1l.65,7d:Y.3h(\'2i\').4O&&Y.3h(\'2i\').4O!==Y.3h(\'8B\').4O},7e:\'<3P[^>]*>([\\\\S\\\\s]*?)<\\/3P>\',aT:/^\\/\\*-eb-([\\s\\S]*)\\*\\/\\s*$/,2M:q(){},K:q(x){C x}};if(18.1C.aR)18.3B.7d=1e;E 1A={1D:q(){E a=1c,66=$A(17);if(I.1T(66[0]))a=66.4P();q 2z(){o.1H.3i(o,17)}I.O(2z,1A.1a);2z.8C=a;2z.aU=[];if(a){E b=q(){};b.1h=a.1h;2z.1h=W b;a.aU.1f(2z)}14(E i=0;i<66.U;i++)2z.5q(66[i]);if(!2z.1h.1H)2z.1h.1H=18.2M;2z.1h.ec=2z;C 2z}};1A.1a={5q:q(a){E b=o.8C&&o.8C.1h;E c=I.4Q(a);if(!I.4Q({2s:1b}).U)c.1f("2s","aV"
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\protoculous-effects-packer[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\render[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 22507
Entropy (8bit): 5.184246736285184
Encrypted: false
MD5: 53BF933C3CBF8D673C5571D9E4093FEE
SHA1: 6E8592DD5CCE8DF057B084EA4F5FBEDBAA3FF661
SHA-256: 40CC818C8B06374B11230D18B2B54F8C7F2A7668B94AC9EE00D6A106CF0EFD8B
SHA-512: 8CF43D8725AD2D4661C7A326AFF938708FDA921EA4C46B0409F3658F0D09E5D52829D10A10CB4CB2697A86C8E07DB47D749EEC1D6F3DC30A4DDBFF1C19FA309B
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/safeframe-bundles/0.69/1-1-0/render.html
Preview:<!doctype html>.<html>.<head>. <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"/>. <meta http-equiv="Cache-Control" content="public"/>. <meta http-equiv="Expires" content="Mon, 16 Nov 2020 00:00:01 GMT"/>. <meta http-equiv="imagetoolbar" content="no"/>. <meta http-equiv="imagetoolbar" content="false"/>. <meta charset="utf-8"/>. <meta name="ROBOTS" content="NOINDEX"/>. <meta name="ROBOTS" content="NOFOLLOW"/>. <meta name="ROBOTS" content="NOARCHIVE"/>. <meta name="ROBOTS" content="NOSNIPPET"/>. <meta name="ROBOTS" content="NOODP "/>. <title></title>. <style type="text/css">. body {. margin: 0;. padding: 0;. background-color: transparent;. }. </style>.</head>.<body>.<script>. !function(e){var t={};function n(r){if(t[r])return t[r].exports;var o=t[r]={i:r,l:!1,exports:{}};return e[r].call(o.exports,o,o.exports,n),o.l=!0,o.exports}n.m=e,n.c=t,n.d=function(e,t,r){n.o(e,t)||Object.defineP
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\testimonial-disclaimer[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 3928
Entropy (8bit): 5.081628529413758
Encrypted: false
MD5: A68BC5A3993A58A8EA7D50DFE92463E2
SHA1: 43F39F459013C1A9D5E1A6F27762A39A125700C8
SHA-256: BB85D51520926DA1FC8C9F28A78FA8B0769877FC108EF2201EF3C0310AFF8BE2
SHA-512: 699089D4C8B6CB68F72B88EDF41AC7A15B24C936A1153EC344E2AD6B39C4F401CC07DC3B14FEC494C2C74E1E37D73AF4DB2693FDBF203FD1E677D2A20C27BABA
Malicious: false
Reputation: low
IE Cache URL: media44.club/page/testimonial-disclaimer.php
Preview:<!DOCTYPE html>.<html>.<head>..<meta charset="UTF-8">..<title>Testimonial Disclaimer</title>.<meta name="robot" content="noindex,nofollow">. <meta name="viewport" content="width=device-width, initial-scale=1">.<style>.html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-b
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\user-6[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95", baseline, precision 8, 50x50, frames 3
Size (bytes): 2583
Entropy (8bit): 7.762194443377615
Encrypted: false
MD5: E38F981BCE9A2422D89BD67A14867A28
SHA1: 4A75057709512210E404A593F74C57B21869155E
SHA-256: 9C778B5E538964B7E2EBC5E9AEFE50699F1F68ACA195DFEF2052DDBA3B7E3EAC
SHA-512: 7CF9613BE4FB97CCE825E020D8307530760E6A82263EE4E9646713ACD57EFC7B341A10B1DA5C322716F85ECB97374A2466B06F7D0F39079351A4181F4BFF12CD
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-6.jpg
Preview:......JFIF.............;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95....C....................................................................C.......................................................................2.2.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...#..7...Oy.;F....h...<...$Q...7,....{W.M...............5.[.....R.g.a|e..........PFk.......W.m#S..N..h:u..(.5....*..$.......cI..g/..n.....j..T[.2....i.D.PY..,v.....\4*.M+3...7..?3.C......^.Q..mOK....v.8...1"E.i...hIu.8......j.N.`..! V..H!T#>..s...+.|W......>*h..m4..]5.G..}`HY.smf.)c.....g.......F..
Copyright Joe Security LLC 2020 Page 29 of 88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\w2[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 20 x 16
Size (bytes): 1659
Entropy (8bit): 7.164835712070133
Encrypted: false
MD5: 826D782C64DFE82242CA67DD67457E01
SHA1: 7CCE794B9BC85F15EED9BE65A08072BFDB6CDB0C
SHA-256: 784DF16A14E5DC3820FC1995F07B61712D8D2531E387D16EEECB7AF8672ECC30
SHA-512: D1B144CF3CD8976DF109874F767C00634048B08D2BC16005874AFE7902A775FCC856C6D1FC56D8EA2FD4F427BBF1758A7863700AE65E96E59CFBBD0C42414045
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/images/w2.gif
Preview:GIF89a.....h.g0..B.......j.;o.|..8G....B..m)..|.....c-._..p1.d8....^...Y.w..........R..1j.>p.Aq.J{...r<..V%.YR....P.......q.o8..P.e4....D.pC.Bg...S$.{<..L...a).W%.........F.......c1.\(....n*k4.m5..o+tD!.........v=..G.Y#...I...p9..Y..o..[*..P.l:.o..C...ZS.}D.n3.f5uE".s8...b...V..........H.c,....$W........................................................................!..XMP DataXMP<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Macintosh)" xmpMM:InstanceID="xmp.iid:852CE576C5FA11E2A890A5ECE23A8EA0" xmpMM:DocumentID="xmp.did:852CE577C5FA11E2A890A5ECE23A8EA0"> <xmpMM:Der
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\V5D02472\y300[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 400x300, frames 3
Size (bytes): 26207
Entropy (8bit): 7.9654813358973575
Encrypted: false
MD5: A06E40B5D571E05B8F1E79FE62667496
SHA1: 8D60A623B7B5DD5BC1C63911403C420B45B79E9C
SHA-256: A4B7CE50E8F9C41EB7116D6DF4824B098BEFAAA2CAC7FC82F2C44A5244AF1B78
SHA-512: 82E98E877A69329CAB66A95D92F878F22CD10E41186AC0CFBAA6DA153460B43721BD0A66BFCE868E597AE0D852C6FEBE9480ED9B493C2DB279E953CF5FDF5D25
Malicious: false
Reputation: low
IE Cache URL: https://avatars.mds.yandex.net/get-direct/1544311/sVNEGRecIr4vTipOaCUdUg/y300
Preview:......JFIF.....H.H.....C..............................................!........."$".$.......C.......................................................................,.............................................C.........................!.1A.Q."aq.2.#B.....$R.3Cbr...4..&Sc....................................5.......................!.1.."AQa.2q.#......$.B...3R............?..6.h...@@.. h......}.=.(......- ..H.t...JC..a.f... ..$...)...=...D.Z.7.D...Q..^C=m...N............Y"1.C.YZ*~.+.....=...&.........f..Y.U.r..gzfP.wY.]..V..?...nV$........$p.a.u.q.~j^..^.p.[/.;..zi.5.4>v.O-...vv..i./!.~..K...l...#......I}.i.N,..i...H.{.9......Ra.G...............3g..7+..}R...k.14..D..P.H.HA ...I.....$...$Ah..@[email protected] ........-...h..L..u.$.l..+.....:..W...O..................7M..._H.Sy+E?t..$......@j`...._.....[c^...s7....xg....=......HMf.W.....1..o..A. ........e..o.^\m..9....<.ZJ.V.O...S#Uf..G....z:.u..:.;,^3...._Q;.KE...\.?rl..#?+....s....E.O.....+.T.z}%....T|*...|.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\6b31c497c2f80684bce4[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 54653
Entropy (8bit): 5.2849437340801435
Encrypted: false
MD5: 6998132D4DAB1991970E93E2AE6A8D16
SHA1: CEBD7011181402E3E3CDD700A1A2F0D723DF8C9B
SHA-256: 5F022C72014753179AD5BA97CEE5003F9A08C308EAADE884E73DBFF7BB74D86A
SHA-512: D55F3E219502EB0491511BE7793BE2DC305F58A5AF1A1B5E636F54DDA263FF686A7F259725802589124EB6815D1313B21B48510D4F86458886D723E897A9994D
Malicious: false
Reputation: low
IE Cache URL: https://an.yandex.ru/partner-code-bundles/11082/6b31c497c2f80684bce4.js
Preview:(window["pcodeStaticJsonp11082"]=window["pcodeStaticJsonp11082"]||[]).push([[11],{1045:function(t,e,i){"use strict";var r,n=(r=function(t,e){return(r=Object.setPrototypeOf||{__proto__:[]}instanceof Array&&function(t,e){t.__proto__=e}||function(t,e){for(var i in e)e.hasOwnProperty(i)&&(t[i]=e[i])})(t,e)},function(t,e){function i(){this.constructor=t}r(t,e),t.prototype=null===e?Object.create(e):(i.prototype=e.prototype,new i)}),o=function(){return(o=Object.assign||function(t){for(var e,i=1,r=arguments.length;i<r;i++)for(var n in e=arguments[i])Object.prototype.hasOwnProperty.call(e,n)&&(t[n]=e[n]);return t}).apply(this,arguments)},a=function(){for(var t=0,e=0,i=arguments.length;e<i;e++)t+=arguments[e].length;var r=Array(t),n=0;for(e=0;e<i;e++)for(var o=arguments[e],a=0,s=o.length;a<s;a++,n++)r[n]=o[a];return r};Object.defineProperty(e,"__esModule",{value:!0});var s=i(1046),p=i(33),c=i(1),l=i(3),d=i(381),m=i(190),f=i(26),u=i(43),h=i(387),g=i(62),y=i(9),b=i(34),v=i(101),x=i(54),_=i(272),w=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\advert[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Size (bytes): 43
Entropy (8bit): 2.7374910194847146
Encrypted: false
MD5: DF3E567D6F16D040326C7A0EA29A4F41
Copyright Joe Security LLC 2020 Page 30 of 88
SHA1: EA7DF583983133B62712B5E73BFFBCD45CC53736
SHA-256: 548F2D6F4D0D820C6C5FFBEFFCBD7F0E73193E2932EEFE542ACCC84762DEEC87
SHA-512: B2CA25A3311DC42942E046EB1A27038B71D689925B7D6B3EBB4D7CD2C7B9A0C7DE3D10175790AC060DC3F8ACF3C1708C336626BE06879097F4D0ECAA7F567041
Malicious: false
Reputation: low
IE Cache URL: https://mc.yandex.ru/metrika/advert.gif
Preview:GIF89a.............!.......,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\advert[1].gif
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\contact[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 3446
Entropy (8bit): 5.138821452904637
Encrypted: false
MD5: 853C9688A6286C270A37A5A602C5C1A8
SHA1: 2E9782BB7B8326A9D3DB0708455EA1345F7697C0
SHA-256: 1FA2241ADDEE24AA5A5FC65243E44CCA4BB52251DC49F4A27F081591C0BD799E
SHA-512: C25D6B4A73C099F62297BAB14C899C4C74C71151DB41D9E354DEEA952568AF0A6E841E0C07A4623D93ED63C607F646C9139B72F512A9378E97DD80767ACE30A3
Malicious: false
Reputation: low
IE Cache URL: media44.club/page/contact.php
Preview:<!DOCTYPE html>.<html>.<head>..<meta charset="UTF-8">..<title>Contact</title>.<meta name="robot" content="noindex,nofollow">. <meta name="viewport" content="width=device-width, initial-scale=1">.<style>.html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;height:0}pre
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\context[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 57455
Entropy (8bit): 5.342041154369614
Encrypted: false
MD5: FD8498C0EB160BD0697E721DD3388770
SHA1: BB7A800F4FC2C2C04759BBCF2A397D4516BA61BD
SHA-256: E8E0294893F4D69D859F37C23E9B72F951AE34270012FF71AE6F34AA9C475E64
SHA-512: 90A43BF45C88E0C26102AC07B84567E89DB4F90C2ECD4EADF8AD8653ADE0F2C3D33589BE750CB92DA60DB495E068A7ABE3206E3F85B4726341961BA2A0FF4EF9
Malicious: false
Reputation: low
IE Cache URL: https://an.yandex.ru/system/context.js
Preview:/*! For license information please see context.js.LICENSE.txt */.!function(e){function t(t){for(var n,o,i=t[0],a=t[1],c=0,s=[];c<i.length;c++)o=i[c],Object.prototype.hasOwnProperty.call(r,o)&&r[o]&&s.push(r[o][0]),r[o]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(u&&u(t);s.length;)s.shift()()}var n={},r={1:0};function o(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,o),r.l=!0,r.exports}o.e=function(e){var t=[],n=r[e];if(0!==n)if(n)t.push(n[2]);else{var i=new Promise((function(t,o){n=r[e]=[t,o]}));t.push(n[2]=i);var a,c=document.createElement("script");c.charset="utf-8",c.timeout=120,o.nc&&c.setAttribute("nonce",o.nc),c.src=function(e){return o.p+""+{0:"fda9b0ace445b2df1e6d"}[e]+".js"}(e);var u=new Error;a=function(t){c.onerror=c.onload=null,clearTimeout(s);var n=r[e];if(0!==n){if(n){var o=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;u.message="Loading chunk "+e+" failed.\n("+o+": "+i
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\f[1].txtProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 29102
Entropy (8bit): 5.4503338330364715
Encrypted: false
MD5: A791D7EC8240C4CDB77C12FCA4B5233C
SHA1: E2DE39C22626BAC39150A37DBC3B8F1474321443
SHA-256: 65A1850028118C64FEBBDE9B109DA293910BFFF6EE261CAF0087D3D3364359BA
SHA-512: 62D4A4965E13F35D93A9A9E1D4925FA63294B998B3489C0713B740B7268A7F28E2F4972C2F509EEA9D4AB13947C5781B88FD619FA03B0697708A5C7919847A5B
Malicious: false
Reputation: low
IE Cache URL: https://www.googleadservices.com/pagead/conversion_async.js
Copyright Joe Security LLC 2020 Page 31 of 88
Preview:(function(){/* . . Copyright The Closure Library Authors. . SPDX-License-Identifier: Apache-2.0 .*/ .var aa="function"==typeof Object.defineProperties?Object.defineProperty:function(a,b,c){if(a==Array.prototype||a==Object.prototype)return a;a[b]=c.value;return a};function ba(a){a=["object"==typeof globalThis&&globalThis,a,"object"==typeof window&&window,"object"==typeof self&&self,"object"==typeof global&&global];for(var b=0;b<a.length;++b){var c=a[b];if(c&&c.Math==Math)return c}throw Error("Cannot find global object");}var ca=ba(this); .function da(a,b){if(b){var c=ca;a=a.split(".");for(var d=0;d<a.length-1;d++){var e=a[d];e in c||(c[e]={});c=c[e]}a=a[a.length-1];d=c[a];b=b(d);b!=d&&null!=b&&aa(c,a,{configurable:!0,writable:!0,value:b})}} .da("String.prototype.endsWith",function(a){return a?a:function(b,c){if(null==this)throw new TypeError("The 'this' value for String.prototype.endsWith must not be null or undefined");if(b instanceof RegExp)throw new TypeError("First argument to Strin
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\f[1].txt
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\fbfeed[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 1499
Entropy (8bit): 4.912892586836296
Encrypted: false
MD5: 384A27D531F1C5A34CD6410FE5EA76CC
SHA1: 8D08A3A339CFDE460F2FEB15196DFFBB082808C5
SHA-256: 7ED8F652DBB271F2BCD972CE925F495AA7D8AB6A9F87173F9BF86ABC34B96383
SHA-512: A9D758F16CBCE3251BE25808A5CEE90F98A2DF44A15C1C1DB2727B1FF5F692ED9150A63D60EC083B272DBB3181AF7545F10EA061CA6F8FD5004CC7B9566E9D0E
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/fbfeed.css
Preview:/*!. * Creator Seka unixQua. * Code licensed under the Apache License v2.0.. * For details, see http://www.apache.org/licenses/LICENSE-2.0.. */..li,.ul.{. margin: 0px;. padding: 0px;.}..li.{. list-style: none;.}..a.{. cursor: pointer;. color: #3B5998;. text-decoration: none;. font-weight: bold;.}..#fbFeedbackContent .top.{. padding: 9px 0 7px;. border-bottom: 1px solid #CCC;. border-top: 1px solid #CCC;.}..#fbFeedbackContent .top a.{. float: right;.}..#fbFeedbackContent li.{. padding: 10px 0;. border-bottom: 1px #E2E2E2 solid;.}..#fbFeedbackContent li li.{. margin-left: 60px;. border-bottom: none;. margin-top: 5px;. border-top: 1px #E2E2E2 solid;.}..#fbFeedbackContent span.{. color: grey;.}..#fbFeedbackContent .postContainer.{. display: table-cell;. vertical-align: top;. width: 10000px;.}..#fbFeedbackContent .image.{. float: left;. background-color: #EDEDED;. margin-bottom: 8px;. margin-right: 11px;.}..#fbFeedbackContent .bottom.{. co
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\glyphicons-halflings-regular[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), GLYPHICONS Halflings family
Size (bytes): 20127
Entropy (8bit): 7.955177976966453
Encrypted: false
MD5: F4769F9BDB7466BE65088239C12046D1
SHA1: 86B6F62B7853E67D3E635F6512A5A5EFC58EA3C3
SHA-256: 13634DA87D9E23F8C3ED9108CE1724D183A39AD072E73E1B3D8CBF646D2D0407
SHA-512: EFC910C96B9F5C58EA11A84577CF60AE995503B1EE670BB7E7D4A413B7403769920F82600B581F1BD4EE03D71C76C15255F0972ED66AD969487B5A4043F472C4
Malicious: false
Reputation: low
IE Cache URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/fonts/glyphicons-halflings-regular.eot?
Preview:.N..AM............................LP........................'..,..................(.G.L.Y.P.H.I.C.O.N.S. .H.a.l.f.l.i.n.g.s.....R.e.g.u.l.a.r...x.V.e.r.s.i.o.n. .1...0.0.9.;.P.S. .0.0.1...0.0.9.;.h.o.t.c.o.n.v. .1...0...7.0.;.m.a.k.e.o.t.f...l.i.b.2...5...5.8.3.2.9...8.G.L.Y.P.H.I.C.O.N.S. .H.a.l.f.l.i.n.g.s. .R.e.g.u.l.a.r.....BSGP.....................M..M..F........(u..<.0D.B/X..N....CC.^...rmR2sk..PJ"5+.gl.W*i.W./E...4#..U.~.f....UD.......J.1./!../...s..7...k.....([email protected]".Fj...6C3..&......W51.....B..a..QaR.U/..{*[email protected][email protected]>.K....m.' ....C.HM.fB.X.,.Y....p.e....U....*..z..m...i..O1nE.......hx!aC.XT..V..........R....%...|I.H...P.5".b.N....=...r./_.R...._..%..uz....5.2....P.)........F.7S..q.F.{[email protected].;...}9..?........R{.Tk.;...U\N.Z..Q-.^.s..7.f.0....S3A..._n..`W.7P..p.....i..!.g./._p....Z.-=..~WZ#/.4 KF.`. ...z...0..|.D........&d.I......;.M.{'.om..m..I...!w.i9|H:.........{..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\ico09[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 56 x 45, 8-bit/color RGBA, non-interlaced
Size (bytes): 1923
Entropy (8bit): 7.400519249796164
Encrypted: false
MD5: 3BA9E11FCFEF55A46E4D01827592B7A7
SHA1: B06FC7EB9D6C577ACB7AA47E2E6C6334FA80D647
SHA-256: 63640517ECEF0F3A003AC2978839A707E61B0735B29A6651FEA36D77F8C72DB9
SHA-512: 03E5FA84BA69DAE18E81D62973C4208E4D80135B25B5DC37F45D8829F5DDA3CA7456849E20D9464749E3E4ECCEB715277DD9E409A27B54B5BCAD59A3D9E952FD
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/ico09.png
Preview:.PNG........IHDR...8...-........6....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:3500BD94394011E78A7FD0557DB47E80" xmpMM:DocumentID="xmp.did:3500BD95394011E78A7FD0557DB47E80"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:3500BD92394011E78A7FD0557DB47E80" stRef:documentID="xmp.did:3500BD93394011E78A7FD0557DB47E80"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>F,......IDATx..YH.Q..v.]#...(.H..[ K.h. ."*."..z..(...$zP"".....$..C0i..D+*...+.\n.....i.....%....;.......}s..x.^e
Copyright Joe Security LLC 2020 Page 32 of 88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\li[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 155333
Entropy (8bit): 4.103650757737699
Encrypted: false
MD5: 27B71A86E31AA68035557C3D813868C5
SHA1: D0C6FFFEBC6802142AA215BC0E4C3AE1EB6C5C9B
SHA-256: 88515D9F5F75EDAB7D0B6807C338897E9934BA53ADCED99FACDDD72F3DBAFA41
SHA-512: 6A2CD7D17B9A730273280544A4D3A3BEEE730CA10B59EE33FF20FB367BF778B0DD24E5966447A0E02354165D161FB1F621868D492C4C1207D455A9FA97866371
Malicious: false
Reputation: low
IE Cache URL: https://www.liveinternet.ru/utf/li.js
Preview:/* Global object.----------------------------------------------- */. LI = {}. . LI.showhide = function( e ) {. if (e.style.display == 'none') e.style.display = 'block'. else e.style.display = 'none'. }. . if (LiCi.$(':gl_Top')) LI.isPartner = false. else LI.isPartner = true. ../* Menu.----------------------------------------------- */. LI.menu = {. /* -----------[ Create/delete menu ]----------- */. show : function (e,hdr,body) {. /* -[ Menu element ]- */. var id = e.id+'_menu';. var elem = LiCi.$(id);. /* -[ If defined . delete ]- */ . if (elem) {. if (id != ':gl_Top-nav-user-info-lnk-itemLogin_menu'). {. elem.parentNode.removeChild(elem);. /* -[ Enable flash ]- */.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\loader[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Size (bytes): 181277
Entropy (8bit): 5.302548477349055
Encrypted: false
MD5: D1F53A65997D8A1D738256F03FA52062
SHA1: 7B788E869BBC56591297137393B1175BB74A2ACD
SHA-256: 65C8581FEC6EC4EFCAAD7329F8B86D224935170BE542454878CD65ABA3D56DA3
SHA-512: 4BACE557A2C8239BBAB95312EFF7798B9320E91DABFE983184667B12FD0FD4F05DAA12215404968ED31C3871E53BC00F91D36ADB0D79C2D17D400E6A09943E88
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/pcode/adfox/loader.js
Preview:!function(e){function t(r){if(n[r])return n[r].exports;var o=n[r]={exports:{},id:r,loaded:!1};return e[r].call(o.exports,o,o.exports,t),o.loaded=!0,o.exports}var n={};return t.m=e,t.c=n,t.p="https://yastatic.net/pcode-bundles/",t(0)}([function(e,t,n){e.exports=n(265)},,function(e,t){"use strict";function n(e,t,n){r<=e?t():n&&n()}t.__esModule=!0,t.portion=n;var r=Math.random()},,function(e,t,n){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var r,o=n(5);!function(e){e.requested="requested",e.requestSucceeded="requestSucceeded",e.requestParsed="requestParsed",e.bundleStarted="bundleStarted",e.bundleLoaded="bundleLoaded",e.bundleRendered="bundleRendered",e.bundleReset="bundleReset",e.bundleDestroyed="bundleDestroyed"}(r=t.AdfoxEvents||(t.AdfoxEvents={}));var i;!function(e){e.unknown="unknown",e.xhr="xhr",e.jsonp="jsonp"}(i=t.AdfoxErrors||(t.AdfoxErrors={}));var a=o.createLogger({service:"adfox",probability:.01});t.logEvent=a.logEvent,t.logError=a.logError,t.logValue=a.logVa
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\logo2[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 184 x 25, 8-bit/color RGB, non-interlaced
Size (bytes): 3315
Entropy (8bit): 7.749669331789513
Encrypted: false
MD5: 134CA5E8B7091F560C918691AE36F17B
SHA1: A76B11DEC04C2759551872FFD3E0F71F728F0AD2
SHA-256: 8A21B7710D4ED040DB83CEFA915374B851D59F7267CB5C6D60F4ECAE323195EF
SHA-512: 363D51FCA053304DF7B6EEF650920F4B80FC82397BA343FCD1B6E27FE5D775D4DADE1EB2AFF5D5400853A308BD0D1716FFF157E7E0D8B3034004B217B1D335C4
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/images/main_new/logo2.png
Preview:.PNG........IHDR...............s.....tEXtSoftware.Adobe ImageReadyq.e<..."iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.0-c060 61.134777, 2010/02/12-17:32:00 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS5 Macintosh" xmpMM:InstanceID="xmp.iid:2187FC5B418911E08F76A337725F7CA7" xmpMM:DocumentID="xmp.did:2187FC5C418911E08F76A337725F7CA7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:2187FC59418911E08F76A337725F7CA7" stRef:documentID="xmp.did:2187FC5A418911E08F76A337725F7CA7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>..X....gIDATx..Z_L.G..=...N...(.=0.OZ.....R.&..].I_...I.m...[.....C./jR..(......ab.h..r..#=.f....a....]0Zubpowf....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 103102
Entropy (8bit): 5.3601412571610485
Encrypted: false
MD5: 26F6DDB5E5677EB81D96958A5D1839B6
Copyright Joe Security LLC 2020 Page 33 of 88
SHA1: 37BA4C251E3A4BE7C9882A29CBBB2F088B59E773
SHA-256: 1403D6492AFC5FB83AB3AC9BD1E280C75F0139EC4A5BA02FF050E22D1C1F1968
SHA-512: AB38A2BC124643E5C61C1FD288E131F1B398B26E8F78A112A205A3F90F76302237BF1A1379E6A73FFA74F45F90ECAC8CEB0C97D85DA75439F6E78EFF9F313D74
Malicious: false
Reputation: low
IE Cache URL: https://static-mon.yandex.net/static/main.js?pid=liveinternet
Preview:!function(e,t){for(var r in t)e[r]=t[r]}(this,function(e){function t(n){if(r[n])return r[n].t;var o=r[n]={o:n,i:!1,t:{}};return e[n].call(o.t,o,o.t,t),o.i=!0,o.t}var r={};return t.s=e,t.c=r,t.d=function(e,r,n){t.u(e,r)||Object.defineProperty(e,r,{l:!1,p:!0,get:n})},t.n=function(e){var r=e&&e.h?function(){return e.default}:function(){return e};return t.d(r,"a",r),r},t.u=function(e,t){return Object.prototype.hasOwnProperty.call(e,t)},t._="",t(t.g=75)}([function(e,t,r){"use strict";Object.defineProperty(t,"__esModule",{value:!0});!function(e){e[e.m=0]="ELEMENT",e[e.O=1]="NETWORK",e[e.S=2]="IN_IFRAME",e[e.T=3]="INSTANT",e[e.k=4]="EXCEPTION",e[e.C=5]="FAKE",e[e.P=6]="UNKNOWN"}(t.M||(t.M={}));!function(e){e.P="UNKNOWN",e.j="NOT_BLOCKED",e.L="ADBLOCK",e.N="ADBLOCKPLUS",e.A="ADBLOCKPLUS",e.R="ADGUARD",e.I="UBLOCK",e.D="GHOSTERY",e.B="UK",e.K="FF_PRIVATE",e.F="KIS",e.U="EXPERIMENT"}(t.W||(t.W={}))},function(e,t,r){"use strict";Object.defineProperty(t,"__esModule",{value:!0});var n=r(33),o=r(34)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\main[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\montserrat-extrabold-webfont[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23956, version 1.0
Size (bytes): 23956
Entropy (8bit): 7.978827090694406
Encrypted: false
MD5: 25B4F59A73E097249E63358BFBC42E41
SHA1: C0BE79C4012F83CE8F6628608FBABE8FA20576AD
SHA-256: 6A6D910CDA3315B47B40F97AC6B7343A130CFBD831CC20CC7D2EE44A0AC4127B
SHA-512: 67431EB4FAFF8A9CCB8FE0E2F212887588AF8003E9015F77E297C6971134303211386BAB66A4614F9F82F39874EDDA0C6BDF0FA15DCA1B169156E34FB88B2059
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/fonts/montserrat-extrabold-webfont.woff
Preview:wOFF......].................................FFTM............~..4GDEF.......V...t.%..GPOS...............GSUB...............OS/2...T...R...`a...cmap..............ubcvt ...4...B...B.H.Dfpgm...x.......eS./.gasp...,............glyf...4..F....T..ihead..T8...6...6..S.hhea..Tp... ...$.C.~hmtx..T....S.... .(cloca..V.........is.fmaxp..X.... ... ....name..X.........iK..post..Z..........J.prep..\........6....webf..].........W+X..........Q.j...............x.%[email protected].]J/e..+u....z.....J...<.PjCO.A...5..I...(..l.$XX.M...>y.............$G.-..x..{lTE......n_RP..1F(.Eb-.@".PK......(1H.1F....|...(/Q,/A.G....J"*....".q.B.!....oN......=3..|g.......=.`....U.....H!."...d........5.v.o'..I;yJ=...i.M.L.`.4L.D{z......W.+.=.*h......9E.%.-.....^...D.k.Fh..0^.5....m..-f.0{.+%.}f9.L}[email protected]...]....=....I..[.a.D.w?...;..1A]0#...3.C.D../33'..............[...k...#.s....gG.T...0...E'.K.e.rt...]..F....;.&t3......Y.G.z........!.B..4.i.. .AH...!.B......2 d@...!..7D;.=J..._4...f....v..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\optional[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Size (bytes): 44
Entropy (8bit): 4.9877296299517635
Encrypted: false
MD5: B3CAB0BBE5576AE86D0DECF441B0AB7C
SHA1: 8D809712C13712B8C94493ED0E09E706ED1438A3
SHA-256: 3E8726ECF58313EA393B8DD6B1D8EC0D07DD49E9966C481F64983C5E5D047C95
SHA-512: 04A678FF9DA5401EFF3923EAD5DEBD0DA6D3DAA4C2AC103F5208D906215A24DC16841D723D2F9F3C67C7C8648E61D8BF9A8E1FD74E6163D4861162C9E869F6CF
Malicious: false
Reputation: low
IE Cache URL: https://static-mon.yandex.net/static/optional.js?pid=liveinternet&script_key=a38d33yeY-mErFjaUHmbTThgpzqHr-3D3P&reasure=false
Preview:+M/misOx4jCf3q89pWvdmz/GLl7aT7e2bVhsd2dBi84=
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\page[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 527
Entropy (8bit): 5.02068457267309
Encrypted: false
MD5: 0C6F64C47490A7DC5D76664EF675E49C
SHA1: EABBAC3C3943C3DCCA71D2289CEFDA6EAA37AFA9
SHA-256: 8188E5A6C51165A59BE055AC4BC5D960EACEEFA9DA35AC13F063221BF37DF1C3
SHA-512: 30119DEBDECAA8E8F5627164A821923FD6392C0D13021E01C3E057A937E1681C7A1462D24B83FE044ED7D03101B43712A94B65F1004FD4AC75ADAD7B1590B7BF
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/js/page.js
Preview:function getParameterByName(name, url) {. if (!url) url = window.location.href;. name = name.replace(/[\[\]]/g, "\\$&");. var regex = new RegExp("[?&]" + name + "(=([^&#]*)|&|#|$)"),. results = regex.exec(url);. if (!results) return null;. if (!results[2]) return '';. return decodeURIComponent(results[2].replace(/\+/g, " "));.}...$(document).ready(function(){. let keyword = getParameterByName('keyword'). $('#keyword').html(keyword).})..$(document).click(function(){. // alert('clicked').})
Copyright Joe Security LLC 2020 Page 34 of 88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\preview[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text
Size (bytes): 3737
Entropy (8bit): 4.907523060206195
Encrypted: false
MD5: 9974742691F5D048D29EAB0702E961D3
SHA1: 837D967FED01D75CEE6513B69CF6AC374822F214
SHA-256: 6D225A8956B3DB67DBB87B9FB90C3AD2D9394B016E0A351FC0D98B44DD790F2F
SHA-512: 2A3CEADE181C6618025BE57FFD35AB9848930C335E7A72528D67A05AEA64809C5A8AB58759D9461132EE21329D630A543A1405F398B3ADA91FF24B49DCB6C079
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/?pid=6&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c28f910b&sub1=12605&keyword=
Preview:.<!DOCTYPE html>.<html lang="en">.<head>. <title>DownloadFlix — Search — keyword</title>. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" >. <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=1.0, user-scalable=no">. <link rel="shortcut icon" href="assets/images/favicon.ico" type="image/x-icon">. <link media="all" rel="stylesheet" type="text/css" href="assets/css/style.css" >. [if lt IE 9]><script src="http://html5shiv.googlecode.com/svn/trunk/html5.js"></script><![endif]-->. <script type="text/javascript" src="assets/js/jquery-3.2.0.min.js"></script>. <script type="text/javascript" src="assets/js/lng-en.js"></script>. <script type="text/javascript" src="assets/js/script.js?2018010600"></script>.</head>.<body>. <div class="wrapper-holder book">. <div class="w1">. <div class="w2">.<script type="text/javascript">new Image().src = "//counter.yadro.ru/hit;dengine?r"+escape(document.referrer)+((typeof(screen)=="undefined
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\script[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with CRLF line terminators
Size (bytes): 24025
Entropy (8bit): 5.025426650263366
Encrypted: false
MD5: 3F596A34FC08026DEF8FA1C874F0996B
SHA1: 31397974DEF2427400389E7E4761497D7B3CC59D
SHA-256: F658755DAAD78B2C3EB8667384CFB6BCDF35424AD7F78B742317E4B0EDCE42DD
SHA-512: E2DA172170D1F96A800903AC836F17829D0C16577A3A5B97D58C1E38B7DD5E5DAA52ADBD7120C4C0A277C77CA9A75680C920446EB76DA274BDF7E40CD7C04376
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/js/script.js?2018010600
Preview:objCommon={.. prefs: {},.... submitForm : function(params).. {.. params.jq.find('span.error-message').remove();.. params.jq.find('div').removeClass('error');.. params.jq.find(':input[type=image],:input[type=submit]').attr('disabled','disabled').css('opacity',0.5);.... if (typeof(params.obj.beforeSubmitForm) != 'undefined').. { params.obj.beforeSubmitForm(params); } .... params.jq.ajaxSubmit({.. type:'POST',.. iframe: params.jq.attr('type') == 'multipart/form-data'?true:false,.. success: function(t) { objCommon.processResponse(t, params); },.. error: function(t) { objCommon.processResponse('{code:500,messages:["system.serverError"]}', params); }.. });.. .. return false;.. },.. .. processResponse: function(data, params).. {.. if (typeof(params) == 'undefined') { return; }.. params.jq.find(':input[type=image],:input[type=submit]').removeAttr('disabled').css('opacity',1);.. params.obj.processResponse(data, params);.. retur
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\user-4[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, frames 3
Size (bytes): 1554
Entropy (8bit): 6.894520278354697
Encrypted: false
MD5: 0E9E18DC3D95BEF842450090D3529525
SHA1: 14E236D3338A5D1F5A510A440A4AF0D2A010C6E6
SHA-256: BA48D5B385C2493FC3BF7375BFEA488BC8E6EAFE7A285471DB1C5332283A98B4
SHA-512: 589204273272B0A80808D190F1A1A9AE8041DC26B11A795F610D0B231A517EE9FBDCBF88C7977BCEF649015F228488927928577840C800A32DA12A9821A57310
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-4.jpg
Preview:......JFIF..............Photoshop 3.0.8BIM..........g..8II-TlubVoK0s6LYEybT..(.bFBMD01000a98010000fd0100008a020000ab020000e7020000dc0300008a040000ba040000db0400000b05000012060000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."...............................................................................................49s.:.U.....X.....~zq.H..G.a.K.I.(._.|z....x...?...!............................!#0...........KH....-\..z..B...,.].A. .7.u9.+st7../K..:fV..-F..6.7(.e....)....S.... ........J..%w..7.....|.<......._......................@........?.......................@........?...../.........................!.#1Qa.2ABr"$0cq............?....u....L.<.....UeR.*..>..U..O3Ju..-FI.S...V...4.h....I.].....N...T./*..,.........1..d..$..=j..........P.4....>%n..8-.....4...V..`..Y.O.B.3..p...i.&H......?......YSl.....l.'.$.*.IU.*"2._....%.....................!1AQaq......0.........?!..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\user-5[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, frames 3
Size (bytes): 1614
Entropy (8bit): 6.967406701085958
Encrypted: false
MD5: F4415A1E5C02C6A149B54D7BBEE8CA6F
Copyright Joe Security LLC 2020 Page 35 of 88
SHA1: 89E12B85B0F6D7141749D426303DE0413C6B5BE6
SHA-256: 5341781A2F169CB29CE7F4083E84F5D6504BE339A3CCE5F3389E832260B32231
SHA-512: 1E9AF1AA9A8AB377024F9AE1F64ADC9714322444955DDCE166A50C39BA761C5C67A1051CA4DDB946A88690CAE4D6DD9A4C892D2DF113BA1DF6105FD661D92FF9
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-5.jpg
Preview:......JFIF..............Photoshop 3.0.8BIM..........g..dtNJX7dwINSlQHb4zOG7..(.bFBMD01000a9f0100000f020000a1020000d402000012030000aa030000640400009c040000d6040000190500004e060000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2..".......................................................................................................4.D....g.}PSqH..~zo..z..QA....SV1Z......y.....P.6....3....!.........................13.!"#............S!..b]...=..wE....2..I<.g..!...[A....{...*..AVD\.A..k.#.:.%...>..vE...l."..b....1.".._u+.~...<X>3s...........................!1........?....v.J..i.?.......................... !........?..AR1.Q/s.......&.....................!.."1Aq.2.#abr.........?...-F.".....\.....!.....v..$.......#(.4og........o...%..$..zQ.k...JV.....3U..Q..T..`.L..-.#U.D.Q.....7?...#....................!1AQa.q..............?!.j..y..:[email protected]!.\.J
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\user-5[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VINVDFP6\user-8[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 50x50, frames 3
Size (bytes): 1965
Entropy (8bit): 7.243693973852941
Encrypted: false
MD5: D14BBFBF75712286EB9A1943DD78D9B5
SHA1: 7C492C24E60F76C4569DFE22E879AACDAD241AEC
SHA-256: 377F826FBDF4E2E57B4F3E00C187EFC250834059664C9A40C3CC2E4557DEFAA7
SHA-512: DDF36221210E9235EA1E9AEE4240E61338F426B68050DEC5CA948642822D37BB1B950990927D92BB7A87A3F2FBEDF47E09EA21F56164424E48D5D52852E39F08
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/user-8.jpg
Preview:......JFIF..............Photoshop 3.0.8BIM..........g..O8RFg3yfGmRzul56VVAL..(.bFBMD01000a9d01000015020000cc0200000c0300005e0300008504000077050000ae050000f30500003e060000ad070000...C.....................................%...#... , #&')*)..-0-(0%()(...C...........(...((((((((((((((((((((((((((((((((((((((((((((((((((......2.2.."......................................................................................................$.g.W...q..l nf.....K...u\.......[.......9..t......f.i.V]..q...U....!............................"3#.............^g>.4.c.%<{...*.i....z.g...k..B...J`.3..u[5.2^.....H.w.-.[w...v.....4.Z.N.-.1.f.x...m_gf......J.b...JVWK..a.*...*.k"....l..?.@Gq...........................!."13Q........?..a.A....;....f...hx.............................!."13Q........?..8._0...Z!.W..Eu.2.1x..............................!1..."AQa2..BR..$q...........?..{C...4.!}P...o.J....g.$..[.LFr.:..<.......|Bkv.... .Z....8S.....m.H.P$.n..C...;./..je._.P..\.M.m....ne..mM.....4M.y.4V..:.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\49[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 720x147, frames 3
Size (bytes): 8598
Entropy (8bit): 7.671612251414151
Encrypted: false
MD5: A64F62C72806F310132F4AB8DF08B25D
SHA1: A0E630D8D1D6950355FBFAC721A320982CFC1B71
SHA-256: A3D9E18CF1C00C3EBC663A7AC47EB1D2217766442D03F50E0B5C9809FFB05C59
SHA-512: 1A3758C05C45DB72B4504669EF8FC95218F2B509D036E613C62F9039DDDD0D4A866A25452CDAC7710188B97580D6BF2ABEBD6534ECDB5E9D4EC56020EFD1D314
Malicious: false
Reputation: low
IE Cache URL: media44.club/download/files/49.jpg
Preview:......Exif..II*.................Ducky.............+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:8603B34DB5E011E7AA12EB1EBAD7814D" xmpMM:DocumentID="xmp.did:8603B34EB5E011E7AA12EB1EBAD7814D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8603B34BB5E011E7AA12EB1EBAD7814D" stRef:documentID="xmp.did:8603B34CB5E011E7AA12EB1EBAD7814D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d...............................................#%'%#.//33//@@@@@@@@@@@@@@@......................&.....&0#....#0+.'''.+550055@@?@@
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\RI6EQ3R4.htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Size (bytes): 31022
Entropy (8bit): 5.542948372758426
Encrypted: false
MD5: 977CE12D00E64BC5E0D55848EF0F39E5
SHA1: A9BA2ECE8B5FC1F837129073A8D2E1C0681DEDC7
SHA-256: 486D0F555F7C795E79BA50BE423695255E54DA27EC0DB47708295B55CCDB92BD
SHA-512: 717A4FA424DEC5376D8556B6C6BD059CE80996F5359DF2A8BAD4EFBF464E16DA88122C8E995AE5BA3F8CB4B5DE7B1E7A629D5CA25861D637AC94FD3B926DD8B2
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 36 of 88
Preview:<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">.<html xmlns="http://www.w3.org/1999/xhtml">.<head>. <meta http-equiv="Content-Type" content="text/html; charset=windows-1251"/>-->. <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />-->.<meta http-equiv="Content-Language" content="ru" />.<meta http-equiv="Pragma" content="no-cache"/>.<meta http-equiv="Expires" content="-1"/>.<meta http-equiv="Cache-Control" content="no-cache"/>.. <meta name="yandex-verification" content="58891ffd3dd07370" />. <meta name="google-site-verification" content="HhTZIR-jtBGXMu0eCp8RGxMkRlmEdQJ1UnSYyHpR9rI" />..<meta name="robots" content="all" />.<meta name="description" content="LiveInternet - ....... ...... ......... . ........., ............ ...... .......... ... ......" />.<meta name="keywords" content="......., ...., ...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\RI6EQ3R4.htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bg01[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 1920x1133, frames 3
Size (bytes): 299973
Entropy (8bit): 7.9760266323361515
Encrypted: false
MD5: DDD4550E3416ABA71F3A8CC33FB73539
SHA1: FB49C5F18AD160D3F3DE780C95F0DD8D7080D74D
SHA-256: D917F8A6727155AE723C590D390A88EB7A0C6B1DBC3C0F39BD7CB4BE0199C6E0
SHA-512: 060634DAD50EF879473888FA808402CF65F2264133B46F2E38356F6BAC7A7CD585C13675E9ED51D8EDD6BB52209C2136442A7F9B46AB157AAE873A68947472DB
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/bg01.jpg
Preview:......Exif..II*.................Ducky.......F.....+http://ns.adobe.com/xap/1.0/.<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:EAF0BECF148411E7B2DFCAD24DD52F24" xmpMM:DocumentID="xmp.did:EAF0BED0148411E7B2DFCAD24DD52F24"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:EAF0BECD148411E7B2DFCAD24DD52F24" stRef:documentID="xmp.did:EAF0BECE148411E7B2DFCAD24DD52F24"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>....Adobe.d.................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bootstrap.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 37045
Entropy (8bit): 5.174934618594778
Encrypted: false
MD5: 5869C96CC8F19086AEE625D670D741F9
SHA1: 430A443D74830FE9BE26EFCA431F448C1B3740F9
SHA-256: 53964478A7C634E8DAD34ECC303DD8048D00DCE4993906DE1BACF67F663486EF
SHA-512: 8B3B64A1BB2F9E329F02D4CD7479065630184EBAED942EE61A9FF9E1CE34C28C0EECB854458977815CF3704A8697FA8A5D096D2761F032B74B70D51DA3E37F45
Malicious: false
Reputation: low
IE Cache URL: https://maxcdn.bootstrapcdn.com/bootstrap/3.3.7/js/bootstrap.min.js
Preview:/*!. * Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under the MIT license. */.if("undefined"==typeof jQuery)throw new Error("Bootstrap's JavaScript requires jQuery");+function(a){"use strict";var b=a.fn.jquery.split(" ")[0].split(".");if(b[0]<2&&b[1]<9||1==b[0]&&9==b[1]&&b[2]<1||b[0]>3)throw new Error("Bootstrap's JavaScript requires jQuery version 1.9.1 or higher, but lower than version 4")}(jQuery),+function(a){"use strict";function b(){var a=document.createElement("bootstrap"),b={WebkitTransition:"webkitTransitionEnd",MozTransition:"transitionend",OTransition:"oTransitionEnd otransitionend",transition:"transitionend"};for(var c in b)if(void 0!==a.style[c])return{end:b[c]};return!1}a.fn.emulateTransitionEnd=function(b){var c=!1,d=this;a(this).one("bsTransitionEnd",function(){c=!0});var e=function(){c||a(d).trigger(a.support.transition.end)};return setTimeout(e,b),this},a(function(){a.support.transition=b(),a.support.transition&&(a.event.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\bundle[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 107764
Entropy (8bit): 5.275312492916744
Encrypted: false
MD5: 82BDC8DB563D3E71C35534315F8A9FD5
SHA1: 9A548AC6A80CCF3AD0789F9CCBDE3EC815431E36
SHA-256: E1CFF21864C46E1DA263FA83C14ED6D190BC5AFBDD35188DE15F10EB8BEDD264
SHA-512: 25098CEAD9602CF526F1D0ADBF66CC8AF8DC2B5D6D3C4166F42707FC12E14BE6F4F47D9F60745A2D3D103469C636ECF3DE1CCB20A0FDD6CB9C511A484ABC5A12
Malicious: false
Reputation: low
IE Cache URL: https://yastatic.net/q/set/s/rsya-tag-users/bundle.js
Preview:!function(t){var n={};function e(r){if(n[r])return n[r].exports;var i=n[r]={i:r,l:!1,exports:{}};return t[r].call(i.exports,i,i.exports,e),i.l=!0,i.exports}e.m=t,e.c=n,e.d=function(t,n,r){e.o(t,n)||Object.defineProperty(t,n,{enumerable:!0,get:r})},e.r=function(t){"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(t,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(t,"__esModule",{value:!0})},e.t=function(t,n){if(1&n&&(t=e(t)),8&n)return t;if(4&n&&"object"==typeof t&&t&&t.__esModule)return t;var r=Object.create(null);if(e.r(r),Object.defineProperty(r,"default",{enumerable:!0,value:t}),2&n&&"string"!=typeof t)for(var i in t)e.d(r,i,function(n){return t[n]}.bind(null,i));return r},e.n=function(t){var n=t&&t.__esModule?function(){return t["default"]}:function(){return t};return e.d(n,"a",n),n},e.o=function(t,n){return Object.prototype.hasOwnProperty.call(t,n)},e.p="",e(e.s=131)}([function(t,n,e){var r=e(2),i=e(18),o=e(11),u=e(12),c=e(19),f=function(t,n,e){var a,
Copyright Joe Security LLC 2020 Page 37 of 88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\context[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 57498
Entropy (8bit): 5.341132975108612
Encrypted: false
MD5: 338633E29E452DF5A37E155DEBFA4E01
SHA1: D17CA066E16CEE8AB091CF910588617A86B3BEF9
SHA-256: 31035326AFCEA154D61ED78FBD5DF2007D8C7DC2B8275222FDB33E1AB496751D
SHA-512: 8DB9DC273C911B71220225367F0AA877C04733D94FF2B2A0694A1D2DBB79BEF6865151C329A997C1C199C37ED9A90D59D549D42593D69DB3EADCE0DCD29116B3
Malicious: false
Reputation: low
Preview:/*! For license information please see context.js.LICENSE.txt */.!function(e){function t(t){for(var n,o,i=t[0],a=t[1],c=0,s=[];c<i.length;c++)o=i[c],Object.prototype.hasOwnProperty.call(r,o)&&r[o]&&s.push(r[o][0]),r[o]=0;for(n in a)Object.prototype.hasOwnProperty.call(a,n)&&(e[n]=a[n]);for(u&&u(t);s.length;)s.shift()()}var n={},r={1:0};function o(t){if(n[t])return n[t].exports;var r=n[t]={i:t,l:!1,exports:{}};return e[t].call(r.exports,r,r.exports,o),r.l=!0,r.exports}o.e=function(e){var t=[],n=r[e];if(0!==n)if(n)t.push(n[2]);else{var i=new Promise((function(t,o){n=r[e]=[t,o]}));t.push(n[2]=i);var a,c=document.createElement("script");c.charset="utf-8",c.timeout=120,o.nc&&c.setAttribute("nonce",o.nc),c.src=function(e){return o.p+""+{0:"1aa8bf99e8ee45020414"}[e]+".js"}(e);var u=new Error;a=function(t){c.onerror=c.onload=null,clearTimeout(s);var n=r[e];if(0!==n){if(n){var o=t&&("load"===t.type?"missing":t.type),i=t&&t.target&&t.target.src;u.message="Loading chunk "+e+" failed.\n("+o+": "+i
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\context_static[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 1164633
Entropy (8bit): 5.393680715041034
Encrypted: false
MD5: AE0F1A53E48C335113EE8501DABD4E65
SHA1: 678372E9FB48B4BE8603797C1AC1E46FB06A26F4
SHA-256: CFC87D3D490C00F47ABA172F7D29A3BC7A4F0516686BAC4D6C38992C7782FF84
SHA-512: FEC73247829DA0AE125FF94E01410607F5857FA6550AFEE2C6F4EBC5E715127B66E4FD80623495CAFFD6A237FAFB502B52122A97D95166E6162A8BB5689CA384
Malicious: false
Reputation: low
IE Cache URL: https://an.yandex.ru/partner-code-bundles/11082/context_static.js
Preview:/*! For license information please see context_static.js.LICENSE.txt */.window.Ya.Context.RumLogging=100*Math.random()<5,window.Ya&&Ya.Rum&&window.Ya.Context.RumLogging&&Ya.Rum.sendTimeMark("60.2335.2154"),function(t){function e(e){for(var i,o,r=e[0],a=e[1],s=0,c=[];s<r.length;s++)o=r[s],Object.prototype.hasOwnProperty.call(n,o)&&n[o]&&c.push(n[o][0]),n[o]=0;for(i in a)Object.prototype.hasOwnProperty.call(a,i)&&(t[i]=a[i]);for(p&&p(e);c.length;)c.shift()()}var i={},n={32:0};function o(e){if(i[e])return i[e].exports;var n=i[e]={i:e,l:!1,exports:{}};return t[e].call(n.exports,n,n.exports,o),n.l=!0,n.exports}o.e=function(t){var e=[],i=n[t];if(0!==i)if(i)e.push(i[2]);else{var r=new Promise((function(e,o){i=n[t]=[e,o]}));e.push(i[2]=r);var a,s=document.createElement("script");s.charset="utf-8",s.timeout=120,o.nc&&s.setAttribute("nonce",o.nc),s.src=function(t){return o.p+""+{0:"d5388933a2fd4b28ff0d",1:"98dfbf1d72d911aff906",2:"7e925a1303f265bb4708",3:"323240349f27186ac80b",4:"704f48639baca0e
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\favicon[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel
Size (bytes): 1150
Entropy (8bit): 4.232203794066371
Encrypted: false
MD5: 3FFE5F08CDA0F327435B91F8482AEE8E
SHA1: 0BF73EF5C6E84B607A6E8B2F696F2E83FF0EF4D3
SHA-256: 05E880705B47753FA29AA1FD8B1BC187E5E2D505A9FDAD2E6F300C0E9D7C092D
SHA-512: C4497A28C423F678CD88B7A3DDDD76C634A81D39D1044CB9435DD30378D076F0379A9285BA9C92B03706F383CF75675708D5CC0C2F62A8274EF041A675F6B22D
Malicious: false
Reputation: low
IE Cache URL: https://www.liveinternet.ru/favicon.ico
Preview:............ .h.......(....... ..... .....@............................................................l...[.~...5...............................................8....j...J~]...+...........................................=....v...g.....$...$......................#...".n..............3........o...................................T.=.X..............n........d...>a..............................x.....................$....v..................................v...............................m..........................................................&....u..................................................................l..........................................................~........}.........................................................'....t...j...............................................................u.................................Q....x...z...}...|..(...R................................g...v..+...C...M..........6/.......................................B...?...@.....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fda9b0ace445b2df1e6d[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Size (bytes): 61593
Entropy (8bit): 5.396514003543137
Encrypted: false
MD5: 38C352BFEA311F4F9FE7D39B0EAD4376
SHA1: 4655F12D33FD188878DAD96525F9B7DB1DF1D7E4
Copyright Joe Security LLC 2020 Page 38 of 88
SHA-256: B5D36BD7899B16CCD3CDFC55F3D7B06D56E77BE4FDB30C3FE115A439E61E4E14
SHA-512: 5D151792ADEF64B11AA610CC4384A38831DC45737A48788DE05A46C777AB6281045D045C1E4DF992096FE05CF5BAD03AEF30BF71097AB61E6C185973CB762073
Malicious: false
Reputation: low
IE Cache URL: https://an.yandex.ru/partner-code-bundles/11082/fda9b0ace445b2df1e6d.js
Preview:(window["pcodeLoaderJsonp11082"]=window["pcodeLoaderJsonp11082"]||[]).push([[0],Array(131).concat([function(e,t,n){"use strict";var r=function(){return(r=Object.assign||function(e){for(var t,n=1,r=arguments.length;n<r;n++)for(var o in t=arguments[n])Object.prototype.hasOwnProperty.call(t,o)&&(e[o]=t[o]);return e}).apply(this,arguments)};t.__esModule=!0;var o=function(){function e(){this.dataRequestTime=void 0}return e.prototype.setConfig=function(e,t){if(e.uniqueId||(e.uniqueId=n(71).generateHexString(10)),this.config=n(145).prepareRtbConfig(e),this.reloadTimeout=this.reloadTimeout||n(135).DEFAULT_RELOAD_TIMEOUT,Boolean(t)&&n(133).logRenderLabel(this.config.uniqueId,n(133).BlockRenderSteps.AdvManagerLoaderRender,t),n(12).logger.configure({labels:{pageId:n(175).getServiceName()},data:{pageId:e.pageId}}),this.config.data)return this.config.data.common&&this.config.data.common.reloadTimeout&&(this.reloadTimeout=Number(this.config.data.common.reloadTimeout)),n(133).stopLoggingTime(e.unique
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\fda9b0ace445b2df1e6d[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\icons[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 18 x 420, 8-bit/color RGBA, non-interlaced
Size (bytes): 8130
Entropy (8bit): 7.9598844150045815
Encrypted: false
MD5: DD8CC1BC2DCA5AA7784033911509043B
SHA1: 4D82AA701DAD4C21AF69D6C224EE54B325780C90
SHA-256: 3C4509DA00EA790B9CD80646AD5BD0D2600C77888268ABEEAB96F89149018AA3
SHA-512: E084C202FDB4A05C025C45201ADDFC529BCD83E44FB064B65A4D18877E56BC6AD3DDD9CCE99467A510154EA3ED48AA8450A2F1B8F06FAC012EF5E39DAE3EED86
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/images/main_new/icons.png
Preview:.PNG........IHDR.............<*u.....pHYs................OiCCPPhotoshop ICC profile..x.SgTS..=...BK...KoR.. RB....&*!..J.!...Q..EE..........Q,......!.........{.k.......>........H3Q5...B..........@..$p....d!s.#...~<<+".....x.....M..0.....B.\[email protected]..@F....&S....`.cb..P-.`'........{..[.!..... .e.D.h;...V.E.X0..fK.9..-.0IWfH.............0Q..)..{.`.##x.....F.W<.+...*..x..<.$9E.[.-q.WW..([email protected]..._-..."[email protected]~..,/...;..m..%..h^[email protected].~<<E.........J.B[a.W}.g._.W.l.~<.....$.2].G......L.....b..G.......".Ib.X*..Q.q.D...2.".B.).%..d..,..>.5..j>.{.-.]c..K'.Xt......o..(...h...w..?.G.%..fI.q..^D$.T.?....D..*.A....,.........`6.B$..B.B.d..r`)..B(...*`/[email protected]..=p..a...(....A...a!..b.X#......!.H...$ ..Q"K.5H1R.T UH..=r.9.\F..;..2....G1...Q=...C..7..F...dt1......r..=.6...h..>C.0....3.l0...B.8,..c."......V.....c.w...E..6.wB a.AHXLXN.H. .$4...7...Q.'"..K.&.....b21.XH,#..../.{.C.7$..C2'...I..T...F.nR#.,..4H.#...dk..9.,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\lng-en[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Size (bytes): 2628
Entropy (8bit): 4.546901553458801
Encrypted: false
MD5: EAC95375358D50641BD6C7F704BDF3BC
SHA1: 215A994BE19E687761DDCFA338AC2B1B4194DBD3
SHA-256: B4640E2D26BB722AF12073AA797390170E9A0C49ABE0889647C838351399CE9E
SHA-512: 1933BC4FB71346E3A288088E98324662240B2604FE2C120D17491EB4F09A7EC68D8155026191E4B49867715A28FB675BBDBD133243542CDBF8BDB9EF64D20EF4
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/js/lng-en.js
Preview:objLng={. const: {. months: {. 1: 'January',. 2: 'February',. 3: 'March',. 4: 'April',. 5: 'May',. 6: 'June',. 7: 'July',. 8: 'August',. 9: 'September',. 10: 'October',. 11: 'November',. 12: 'December'. }. },. messages: {. system: {. serverError: 'Server error, please try again later.'. },. support: {. emailIncorrect: 'Incorrect E-mail.',. nameIncorrect: 'Please, provide your Name.',. bodyIncorrect: 'You should type inquiry.',. prioIncorrect: 'Please choose correct priority.',. deptIncorrect: 'There is no such department.'. },. login: {. emailIncorrect: 'Incorrect E-mail.',. passwordIncorrect: 'Password should be at least 5 characters long.',. accountBlocked: 'Account has been blocked.',. accountIncorrect: 'Account is incorrect.'. },. signup: {. emailIncorrect: 'Incorrect E-mail.',. passwordIncorrect: 'Password should be at least 5 character
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\pravda-news.ru[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 16 x 16, 8-bit colormap, non-interlaced
Size (bytes): 569
Entropy (8bit): 7.289749447903463
Encrypted: false
MD5: 697BB7861642D5D945ED65FE37838A91
SHA1: BEC080A3428B5A66131B994B8C71ED977BDD4291
SHA-256: F2EB4809D79091F9486420E1FD82CA61EC487BFC9C1F66A645240C20FF226749
SHA-512: DBE3FD2B3E96C96A1F461086FE6A80101C7D1D31E05E7FAE060CDB401AF7ADCD61CDEAD46047B4721280BA2481F1BB7E1E7938A3E53CECAD7EFE57DBB0644DEE
Malicious: false
Reputation: low
Copyright Joe Security LLC 2020 Page 39 of 88
IE Cache URL: https://www.liveinternet.ru/favicon/pravda-news.ru.ico
Preview:.PNG........IHDR.............(-.S...>PLTE.!&.#&.%*.$)."'..$.%).%).#(.!&.Z^..SV..IM.Z].SV.rt.TX.tv..6:.hk.CH.........................~~.lm............................$.7<.&*.,1.8;.GI.9<.<?.37.;>.59.GJ.03.26.AD..$./3.'+.,/.47.14.),.)-./2./3.(,.......................yz.......nm.............ux.Y[.gh..NP..jl.DG..^b.!'W.W|....tRNS..R+.....IDAT..c``bfa...f&..6V.....*....*........./ ($,"*&...*!)%-#+'........PS........7042f`5153........wptb...............|......CB...Z...Q.1.qP............0...9F&[email protected]`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\pravda-news.ru[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\privacy[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with very long lines
Size (bytes): 5521
Entropy (8bit): 5.002245125027004
Encrypted: false
MD5: AF4D53E69BC484ACA572B2B03AFB30F2
SHA1: C3C991738324035B8F99A8CCFF9E21C3821D2993
SHA-256: 4E578E0E257DE1778885193491E4F591772939D2B90AF5E96C570AEFAC6DF946
SHA-512: 3A8A4E8104C2622D6D9594141149F500CA4C07180FBBE2E863A1DA62B0728AF0E375626EAABAE2CFDDB2B5A7889ECB9CA46EDD4AA3BFBAD5D5B02AE2416B9456
Malicious: false
Reputation: low
IE Cache URL: media44.club/page/privacy.php
Preview:<!DOCTYPE html>.<html>.<head>..<meta charset="UTF-8">..<title>Privacy Policy</title>.<meta name="robot" content="noindex,nofollow">. <meta name="viewport" content="width=device-width, initial-scale=1">.<style>.html{font-family:sans-serif;-ms-text-size-adjust:100%;-webkit-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:bold}dfn{font-style:italic}h1{font-size:2em;margin:0.67em 0}mark{background:#ff0;color:#000}small{font-size:80%}sub,sup{font-size:75%;line-height:0;position:relative;vertical-align:baseline}sup{top:-0.5em}sub{bottom:-0.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr{box-sizing:content-box;heigh
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\sprite[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 250 x 128, 8-bit/color RGBA, non-interlaced
Size (bytes): 5824
Entropy (8bit): 7.940129277205566
Encrypted: false
MD5: CF7F0B1BA29537E61ECD80555C0BE67D
SHA1: FBB832FE30F1EAE38A53E790B3623BB66A021911
SHA-256: 9AFA7A6C31CBB9E6851CEA5B53DBF75CFC46EDF77704B683EB89F7957B85133E
SHA-512: 82E1A9AA28ECE2D1CF679E50E0CD6912221BA1893D4226950C222FC98A1BB58F8BDAA7CCE0E792BB63078A127318E3359D6B19D7A6155FEE3C392582DB56D798
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/images/sprite.png
Preview:.PNG........IHDR............."Ut.....IDATx...t.....V......!..=l.9m..V...}X..v...".E.....S.BU...V..u...B.V(...A(UTR!......4.H.......a..{.y.....;.7.<...}s.&G....Y.vw.&..@. .Z.i...\.u.......~....u...w]........8.......W....*...H.0..:..|.?..*Y.j.p...........\G.....R`=1.c.rss...e..;QWW'>..c.f...z).....&...Ekk.....\..x....l'..g.U...).n+0(.....j`.p.0.....y.+...W.<..y4]D,.Gt...>>E/..0..cW..w....q7...]....A..{(....bF...e.k.i...c..dw....yw...Kv\...u.2.7..j.J........>.Z..>%.N.....|..G....(:....$..~.]t./..wO..D=..O....NW.!k....AFd.O.'..J..`.t|.9..g.D.(.,e..gX.k.....;[email protected]..$. .wr\n..E...W.F`.p.p.}w...-3.C........5mE....<g;...}5D.O.......n.....'%..=4E..8 .....I.f...x..$....%..z<c.#{.e..}.8........tg...M..;.NnI~..h..$.....p.${5-..Etd.pJ.[..Y.....]Kv......R`3.j..../..p...~..ak>|....=r.Ge.IkYIT.........D/.g......iY.u(..v\r.E.&.>)J...cy..tdw...m.S.......".|...V.}$.?R...D/..}...(u.u......4....9'D...p%..|....D..Ml/p.|k....[.i^.Y-.^.2..:..!...*.c6]....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\style[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Size (bytes): 47655
Entropy (8bit): 4.95007968276555
Encrypted: false
MD5: C5145FD69555B87226A9A1E2740B7658
SHA1: 9327E0F518085A9399A56F59EBC3CBBF68B3C400
SHA-256: E9CC31F003DB99D31AE79896E4C3BDF612D4432181DBCC428669294FDF2A44A1
SHA-512: 2AA21F53D7E6E42780043F3D7FAE22FEC69A9CB1CFB11E18DE6FCAA7709C7CF6D15F6368290B118FA8DD2C904064B7B39BB060239BD738CF462E70019D283363
Malicious: false
Reputation: low
IE Cache URL: https://d0wnl0ad.net/v6/preview/assets/css/style.css
Preview:@font-face {. font-family: 'montserratextrabold';. src: url('../fonts/montserrat-extrabold-webfont.woff2') format('woff2'), url('../fonts/montserrat-extrabold-webfont.woff') format('woff');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'montserratmedium';. src: url('../fonts/montserrat-medium-webfont.woff2') format('woff2'), url('../fonts/montserrat-medium-webfont.woff') format('woff');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'montserratlight';. src: url('../fonts/montserrat-light-webfont.woff2') format('woff2'), url('../fonts/montserrat-light-webfont.woff') format('woff');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'montserratsemibold';. src: url('../fonts/montserrat-semibold-webfont.woff2') format('woff2'), url('../fonts/montserrat-semibold-webfont.woff') format('woff');. font-weight: normal;. font-style: normal;.}.@font-face {. font-family: 'montserratregular';. src: url('../font
Copyright Joe Security LLC 2020 Page 40 of 88
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\VTIIBVU5\technohelp-logo[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 63 x 60, 8-bit/color RGBA, non-interlaced
Size (bytes): 14838
Entropy (8bit): 7.9770415249286994
Encrypted: false
MD5: 4D55D700BFDABDA84B57030BE443AAB8
SHA1: 9B9A25591C1DD1C21CBFCC6971CFD63DED4F008A
SHA-256: FF95237B3CE4ECB3458A74B63182E31A2E963B1EE147095210B7F2C0CF3AC898
SHA-512: DABF0A4F18189030A423094F92D2E13C9CE12BF4FAFCA09BABA668716A1A91A9D3D3152814FD836AB8887B5A84E4443873A6760B540A416B46F15C87B2887E49
Malicious: false
Reputation: low
IE Cache URL: https://i.li.ru/static/images/technohelp-logo.png
Preview:.PNG........IHDR...?...<.......bq...%iCCPICC Profile..X..Y.8._...y..p..,3.g2..<.r.3.S...PI..RH.h4%dHI.D)R..R.2.....{....<.=...Zk...k...s..`%....h....'....:9......`.#..h.GX......_........[..w....yz.y..Y!..3.#..w.@.{......!r....-..`F2B..,~...`.-...u.lt......D"[email protected].....{..#.I....%y.............q..?>..._.$.._.3.......$E.?....A.....T*_.....y+..1..T.n.v..D0=...yn.o....#...s.a...f.P...g.`d.Q......,..m..,...~cwr..o..H.0}.?.......@[email protected][email protected];...W....n.^z.;.`O.`..a$.tl~.&..Z../z.....3|3,....@8.`;....'.X....B..v.......=.."...B.?...C..... ....$~K.X8n..#O[..>#.......n....|.t.)...[#.-.........h5....B.,Z......O.X}....k......a..T2..O.?....~.{...8..0EZ..1o1..;2.0......~...c....8bg.{t........Z...VG.#...hv ..GF...D..H..a._........_..[N-F..._........'.i..p.|....O.F.....p...?...#ar;...f..-....GG.RzVz.?z'.f@.^o..u(|kC.F..||.y.....8.Cr7......[......f...{.....[Y....?......A...?2!do...p..#...#Co=0..h
Name IP Active Malicious Antivirus Detection Reputation
d0wnl0ad.net 104.18.59.22 true false 0%, Virustotal, Browse low
i.li.ru 88.212.202.1 true false high
matchid-production.adfox.yandex.ru 93.158.134.118 true false high
mc.yandex.ru 77.88.21.119 true false high
pagead46.l.doubleclick.net 172.217.23.162 true false high
ssp.ads.betweendigital.com 88.212.252.22 true false high
yandex.ru 5.255.255.80 true false high
www.liveinternet.ru 88.212.202.35 true false high
media44.club 87.236.19.139 true false 0%, Virustotal, Browse unknown
www.brwz7.com 104.27.135.202 true false 0%, Virustotal, Browse unknown
r.mail.ru 94.100.180.197 true false high
cryprox.yandex.net 87.250.251.92 true false high
deliverps.com 104.24.107.185 true false 0%, Virustotal, Browse unknown
pbs.alfasense.com 23.111.100.68 true false 0%, Virustotal, Browse unknown
ads.adfox.ru 77.88.21.179 true false high
counter.yadro.ru 88.212.201.216 true false 1%, Virustotal, Browse low
avatars.mds.yandex.net 87.250.247.182 true false high
pagead.l.doubleclick.net 172.217.16.194 true false high
an.yandex.ru 87.250.250.90 true false high
www.google.co.uk 216.58.212.131 true false 0%, Virustotal, Browse low
glob.inforz.ru 78.108.80.125 true false 0%, Virustotal, Browse unknown
yastatic.net 178.154.131.216 true false high
ysa-static.passport.yandex.net 87.250.250.114 true false high
ad.mail.ru unknown unknown false high
static-mon.yandex.net unknown unknown false high
matchid.adfox.yandex.ru unknown unknown false high
maxcdn.bootstrapcdn.com unknown unknown false high
ads.betweendigital.com unknown unknown false high
googleads.g.doubleclick.net unknown unknown false high
ysa-static.passport.yandex.ru unknown unknown false high
Name Malicious Antivirus Detection Reputation
media44.club/download/files/user-1.jpg false Avira URL Cloud: safe unknown
media44.club/download/files/49.jpg false Avira URL Cloud: safe unknown
media44.club/download/files/user-3.jpg false Avira URL Cloud: safe unknown
media44.club/download/files/user-8.jpg false Avira URL Cloud: safe unknown
glob.inforz.ru/gt.php?q=Iseki+Tu+Manual false Avira URL Cloud: safe unknown
Domains and IPs
Contacted Domains
Contacted URLs
Copyright Joe Security LLC 2020 Page 41 of 88
media44.club/page/testimonial-disclaimer.php false Avira URL Cloud: safe unknown
media44.club/favicon.ico false Avira URL Cloud: safe unknown
media44.club/download/files/user-10.jpg false Avira URL Cloud: safe unknown
counter.yadro.ru/hit?t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683
false Avira URL Cloud: safe low
media44.club/page/dmca.php false Avira URL Cloud: safe unknown
media44.club/download/files/user-7.jpg false Avira URL Cloud: safe unknown
media44.club/download/books.php?Iseki+Tu+Manual false Avira URL Cloud: safe unknown
media44.club/download/files/user-5.jpg false Avira URL Cloud: safe unknown
media44.club/page/privacy.php false Avira URL Cloud: safe unknown
Name Malicious Antivirus Detection Reputation
Name Source Malicious Antivirus Detection Reputation
media44.club/page/testimonial-disclaimer.phpI6 ~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
https://www.pp98trk.com/98BZMH/QLG5TP/ dynamic[1].js.2.dr false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/users/tapioka/profile/ RI6EQ3R4.htm.2.dr false high
greenali.com/profile/ RI6EQ3R4.htm.2.dr false Avira URL Cloud: safe low
www.liveinternet.ru/member.php global[1].js.2.dr, li[1].js.2.dr, main_new[1].js.2.dr
false high
www.liveinternet.ru/importmail.php?cmd=icq global[1].js.2.dr false high
https://smart-lab.ru/brokers-rating/ RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/fLiveInternet {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false high
https://static-mon.yandex.net/static/main.js?pid=liveinternet
global[1].js.2.dr false high
https://www.technohelp.ru/ RI6EQ3R4.htm.2.dr false Avira URL Cloud: safe low
www.03.ru/ RI6EQ3R4.htm.2.dr false high
media44.club/page/contact.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c2
~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
www.liveinternet.ru/ global[1].js.2.dr false high
i.li.ru/ext/tv.akado.ru/images/data/akadotv/channelimage/image/114226/disney_33.jpg
RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/users/5152557/ RI6EQ3R4.htm.2.dr false high
https://mediametrics.ru/rating/ru/hour.html?article=131347393
RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/users/vl866911/profile/ RI6EQ3R4.htm.2.dr false high
radio.mediametrics.ru/ RI6EQ3R4.htm.2.dr false high
g.liveinternet.ru/recover.php main_new[1].js.2.dr false high
https://www.liveinternet.ru/users/liudmila_sceglova/ RI6EQ3R4.htm.2.dr false high
www.liveinternet.ru/ReActive/static/twitter/ li[1].js.2.dr false high
www.li.ru/ RI6EQ3R4.htm.2.dr false high
www.liveinternet.ru/q/?q=%D0%9F%D0%BE%D0%B3%D0%BE%D0%B4%D0%B0
RI6EQ3R4.htm.2.dr false high
www.3dnews.ru RI6EQ3R4.htm.2.dr false high
getbootstrap.com) bootstrap.min[1].js.2.dr false URL Reputation: safe low
https://d0wnl0ad.net/vwnload/books.php?Iseki {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe low
https://mediametrics.ru/rating/ru/hour.html?article=131173017
RI6EQ3R4.htm.2.dr false high
https://www.google.co.uk/pagead/1p-user-list/947884341/?random
f[3].txt.2.dr, f[2].txt.2.dr false Avira URL Cloud: safe low
media44.club/page/dmca.phphp&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c28
~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
track.affforce.com/apu.php dynamic[1].js.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
https://www.liveinternet.ru/users/3360819/ RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/users/guten_appetit/profile/ RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/" www.liveinternet[1].xml.2.dr false high
greenali.com/post470168824/ RI6EQ3R4.htm.2.dr false Avira URL Cloud: safe low
media44.cl {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
www.reddit.com/ msapplication.xml4.1.dr false high
media44.clge/contact.phpRoot {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
URLs from Memory and Binaries
Copyright Joe Security LLC 2020 Page 42 of 88
https://mediametrics.ru/rating/ru/hour.html?article=131101671
RI6EQ3R4.htm.2.dr false high
ie8.li.ru/BrndOnly/WIN32_VISTA/RU/IE8-Setup-Branding.exe
global[1].js.2.dr false high
https://yastatic.net/pcode/adfox/loader.js RI6EQ3R4.htm.2.dr false high
www.liveinternet.ru/ReActive/css/blog-print.css li[1].js.2.dr false high
media44.club/download/files/favicon.icoU imagestore.dat.2.dr false Avira URL Cloud: safe unknown
media44.club/page/testimonial-disclaimer.php/media44.club/page/testimonial-disclaimer.phpg78
~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/openid/server/server.php/idpXrdsRI6EQ3R4.htm.2.dr false high
counter.yadro.ru/hit;beeline_journal?r global[1].js.2.dr false Avira URL Cloud: safe low
https://yastatic.net/pcode/adfox/header-bidding.js RI6EQ3R4.htm.2.dr false high
media44.club/page/testimonial-disclaimer.php;6 ~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/monial-disclaimer.php ~DF53666C537C90E0FF.TMP.1.dr false high
https://www.liveinternet.ru/users/tapioka/post470171892/ RI6EQ3R4.htm.2.dr false high
g.liveinternet.ru/auth/setcookie.php main_new[1].js.2.dr false high
https://d0wnl0ad.net/favicon.ico ~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe low
www.liveinternet.ru/click;libanner240 li[1].js.2.dr false high
https://mediametrics.ru/rating/ru/hour.html?article=28620734
RI6EQ3R4.htm.2.dr false high
127.0.0.1 watch[1].js.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
unknown
media44.club/download/books.php?Iseki {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/users/5152557/post470168105/RI6EQ3R4.htm.2.dr false high
chat.li.ru/ RI6EQ3R4.htm.2.dr false high
https://d0wnl0ad.net/v {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe low
www.liveinternet.ru/importmail.php?cmd=getbook&squery=
global[1].js.2.dr false high
https://d0wnl0ad.net/favicon.ico~ imagestore.dat.2.dr false Avira URL Cloud: safe low
https://www.liveinternet.ru/users/vl866911/ RI6EQ3R4.htm.2.dr false high
www.liveinternet.ru/journal_register.php global[1].js.2.dr false high
https://www.liveinternet.ru/users/liudmila_sceglova/post470167832/
RI6EQ3R4.htm.2.dr false high
media44.club/page/privacy.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5suxyXSo_c276fe63_c2
~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
html5shiv.googlecode.com/svn/trunk/html5.js preview[1].htm.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
https://g.liveinternet.ru/login_page.html?new RI6EQ3R4.htm.2.dr false high
www.youtube.com/ msapplication.xml7.1.dr false high
media44.club/downloadRoot {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/users/schamada/post470169255/RI6EQ3R4.htm.2.dr false high
media44.club/pa {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
www.liveinternet.ru/click;beeline_journal?lk.beeline.ru/requestStepOne.do
global[1].js.2.dr false high
https://github.com/twbs/bootstrap/blob/master/LICENSE) bootstrap.min[1].css.2.dr false high
media44.clge/privacy.php&offer_id=26&ref_id=5f2400e97b022f681415ZhNM5sux/books.php?Iseki
{870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
www.liveinternet.ru/app/tv/index.php?ev=central&date=2019-12-08&bid=435512737&chid=45
RI6EQ3R4.htm.2.dr false high
media44.clet.ru/monial-disclaimer.phpRoot {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
media44.club/page/testimonial-disclaimer.php26 ~DF53666C537C90E0FF.TMP.1.dr false Avira URL Cloud: safe unknown
https://www.technohelp.ru RI6EQ3R4.htm.2.dr false Avira URL Cloud: safe low
media44.clRoot {870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false Avira URL Cloud: safe unknown
https://www.liveinternet.ru/favicon.ico~ imagestore.dat.2.dr false high
https://yastatic.net/safeframe-bundles/0.69/1-1-0/render.html
{870B9892-9341-11EA-AADD-C25F135D3C65}.dat.1.dr
false high
greenali.com/ RI6EQ3R4.htm.2.dr false 0%, Virustotal, BrowseAvira URL Cloud: safe
low
ie8.li.ru/FLAT/WIN32_VISTA/EN/IE8-Setup-Full.exe global[1].js.2.dr false high
Name Source Malicious Antivirus Detection Reputation
Copyright Joe Security LLC 2020 Page 43 of 88
Static File Info
wiki.liveinternet.ru/ RI6EQ3R4.htm.2.dr false high
https://www.liveinternet.ru/users/guten_appetit/ RI6EQ3R4.htm.2.dr false high
www.liveinternet.ru/app/tv/ RI6EQ3R4.htm.2.dr false high
https://cdn.connect.mail.ru/js/loader.js li[1].js.2.dr false high
Name Source Malicious Antivirus Detection Reputation
No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs
IP Country Flag ASN ASN Name Malicious
87.250.250.114 Russian Federation 13238 unknown false
87.236.19.139 Russian Federation 198610 unknown false
104.27.135.202 United States 13335 unknown false
104.18.59.22 United States 13335 unknown false
178.154.131.216 Russian Federation 13238 unknown false
87.250.251.92 Russian Federation 13238 unknown false
88.212.252.22 Russian Federation 7979 unknown false
93.158.134.118 Russian Federation 13238 unknown false
104.24.107.185 United States 13335 unknown false
88.212.201.216 Russian Federation 39134 unknown false
23.111.100.68 Russian Federation 7979 unknown false
216.58.212.131 United States 15169 unknown false
94.100.180.197 Russian Federation 47764 unknown false
78.108.80.125 Russian Federation 43362 unknown false
87.250.250.90 Russian Federation 13238 unknown false
87.250.247.182 Russian Federation 13238 unknown false
88.212.202.35 Russian Federation 39134 unknown false
172.217.23.162 United States 15169 unknown false
88.212.202.1 Russian Federation 39134 unknown false
77.88.21.179 Russian Federation 13238 unknown false
77.88.21.119 Russian Federation 13238 unknown false
172.217.16.194 United States 15169 unknown false
5.255.255.80 Russian Federation 13238 unknown false
Contacted IPs
Public
Copyright Joe Security LLC 2020 Page 44 of 88
No static file info
Network Port Distribution
Total Packets: 86
• 53 (DNS)
• 80 (HTTP)
Network Behavior
Timestamp Source Port Dest Port Source IP Dest IP
May 10, 2020 21:40:26.443504095 CEST 49743 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.444102049 CEST 49744 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.496849060 CEST 80 49743 78.108.80.125 192.168.2.5
May 10, 2020 21:40:26.497164965 CEST 80 49744 78.108.80.125 192.168.2.5
May 10, 2020 21:40:26.497283936 CEST 49743 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.497474909 CEST 49744 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.500107050 CEST 49743 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.553360939 CEST 80 49743 78.108.80.125 192.168.2.5
May 10, 2020 21:40:26.711886883 CEST 80 49743 78.108.80.125 192.168.2.5
May 10, 2020 21:40:26.711994886 CEST 49743 80 192.168.2.5 78.108.80.125
May 10, 2020 21:40:26.818291903 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:26.818339109 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:26.884644032 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.888403893 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.893929958 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:26.893980026 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:26.894812107 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:26.961199045 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.973730087 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.973757982 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.973807096 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.973828077 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:26.974028111 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.044889927 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.061296940 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.064483881 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.065654993 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.074059963 CEST 49749 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.075486898 CEST 49750 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.111562967 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.113395929 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.118243933 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.130156994 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.131450891 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.131808043 CEST 80 49745 87.236.19.139 192.168.2.5
TCP Packets
Copyright Joe Security LLC 2020 Page 45 of 88
May 10, 2020 21:40:27.131838083 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.131900072 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.131918907 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.131933928 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.132076979 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.134046078 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.134078026 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.134098053 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.140014887 CEST 80 49749 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.141295910 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.141748905 CEST 80 49750 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.141936064 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.143860102 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.153201103 CEST 49749 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.153223038 CEST 49750 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.155093908 CEST 49749 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.155668974 CEST 49750 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.184856892 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.184890985 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.184916019 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.184932947 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.185122967 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.185142994 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.185159922 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.185311079 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.186774015 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.189896107 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.206953049 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.207231998 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.207293034 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.207305908 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.208343029 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.208594084 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.208636045 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.208652973 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.209232092 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.209259987 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.212203026 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.213426113 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.213854074 CEST 49748 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.214230061 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.214253902 CEST 80 49745 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.214562893 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.219149113 CEST 49745 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.221163988 CEST 80 49749 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.221370935 CEST 80 49749 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.221391916 CEST 80 49749 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.221590996 CEST 49749 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.222024918 CEST 80 49750 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.222198963 CEST 80 49750 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.222218990 CEST 80 49750 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.223086119 CEST 49749 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.223505020 CEST 49750 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.225661993 CEST 49750 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.256438017 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.256454945 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.256469011 CEST 80 49746 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.259011030 CEST 49746 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.279300928 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.279324055 CEST 80 49747 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.279553890 CEST 49747 80 192.168.2.5 87.236.19.139
May 10, 2020 21:40:27.280416965 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.280601025 CEST 80 49748 87.236.19.139 192.168.2.5
May 10, 2020 21:40:27.282912970 CEST 49748 80 192.168.2.5 87.236.19.139
Timestamp Source Port Dest Port Source IP Dest IP
Copyright Joe Security LLC 2020 Page 46 of 88
May 10, 2020 21:40:27.289238930 CEST 80 49749 87.236.19.139 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source Port Dest Port Source IP Dest IP
May 10, 2020 21:40:25.200824022 CEST 55729 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:25.235845089 CEST 53 55729 8.8.8.8 192.168.2.5
May 10, 2020 21:40:26.327574015 CEST 56104 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:26.426086903 CEST 53 56104 8.8.8.8 192.168.2.5
May 10, 2020 21:40:26.724982023 CEST 62623 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:26.815845013 CEST 53 62623 8.8.8.8 192.168.2.5
May 10, 2020 21:40:27.053986073 CEST 59949 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:27.059232950 CEST 61115 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:27.079294920 CEST 53 59949 8.8.8.8 192.168.2.5
May 10, 2020 21:40:27.101911068 CEST 53 61115 8.8.8.8 192.168.2.5
May 10, 2020 21:40:27.351686001 CEST 57276 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:27.377137899 CEST 53 57276 8.8.8.8 192.168.2.5
May 10, 2020 21:40:40.906627893 CEST 54857 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:40.958621979 CEST 53 54857 8.8.8.8 192.168.2.5
May 10, 2020 21:40:45.626199961 CEST 55750 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:45.664772034 CEST 53 55750 8.8.8.8 192.168.2.5
May 10, 2020 21:40:46.347881079 CEST 50153 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:46.381592989 CEST 53 50153 8.8.8.8 192.168.2.5
May 10, 2020 21:40:46.651441097 CEST 51561 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:46.723962069 CEST 53 51561 8.8.8.8 192.168.2.5
May 10, 2020 21:40:54.578847885 CEST 65129 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:54.604229927 CEST 53 65129 8.8.8.8 192.168.2.5
May 10, 2020 21:40:55.074346066 CEST 52656 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:55.082762957 CEST 63177 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:55.108182907 CEST 53 52656 8.8.8.8 192.168.2.5
May 10, 2020 21:40:55.108208895 CEST 53 63177 8.8.8.8 192.168.2.5
May 10, 2020 21:40:55.634166002 CEST 56380 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:55.659488916 CEST 53 56380 8.8.8.8 192.168.2.5
May 10, 2020 21:40:55.820924997 CEST 62481 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:55.864166021 CEST 53 62481 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.124974012 CEST 57208 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.132158995 CEST 50600 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.135067940 CEST 63741 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.150288105 CEST 53 57208 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.160382986 CEST 53 63741 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.172343969 CEST 53 50600 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.227633953 CEST 62828 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.261286974 CEST 53 62828 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.283830881 CEST 59454 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.309107065 CEST 53 59454 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.310357094 CEST 61686 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.335536003 CEST 53 61686 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.644064903 CEST 56380 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.677639008 CEST 53 56380 8.8.8.8 192.168.2.5
May 10, 2020 21:40:56.854146957 CEST 62481 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:56.888061047 CEST 53 62481 8.8.8.8 192.168.2.5
May 10, 2020 21:40:57.126578093 CEST 55283 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:57.160396099 CEST 53 55283 8.8.8.8 192.168.2.5
May 10, 2020 21:40:57.371527910 CEST 57733 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:57.396791935 CEST 53 57733 8.8.8.8 192.168.2.5
May 10, 2020 21:40:57.936037064 CEST 62481 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:57.953068018 CEST 56380 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:57.976006985 CEST 53 62481 8.8.8.8 192.168.2.5
May 10, 2020 21:40:57.978323936 CEST 53 56380 8.8.8.8 192.168.2.5
May 10, 2020 21:40:59.507004976 CEST 58376 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:59.532428026 CEST 53 58376 8.8.8.8 192.168.2.5
May 10, 2020 21:40:59.978285074 CEST 62481 53 192.168.2.5 8.8.8.8
May 10, 2020 21:40:59.999280930 CEST 56380 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:00.003616095 CEST 53 62481 8.8.8.8 192.168.2.5
UDP Packets
Copyright Joe Security LLC 2020 Page 47 of 88
May 10, 2020 21:41:00.024656057 CEST 53 56380 8.8.8.8 192.168.2.5
May 10, 2020 21:41:00.172755957 CEST 62387 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:00.206428051 CEST 53 62387 8.8.8.8 192.168.2.5
May 10, 2020 21:41:02.842896938 CEST 64974 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:02.868216038 CEST 53 64974 8.8.8.8 192.168.2.5
May 10, 2020 21:41:03.372253895 CEST 59408 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:03.414254904 CEST 53 59408 8.8.8.8 192.168.2.5
May 10, 2020 21:41:04.645195007 CEST 62481 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:04.680548906 CEST 53 62481 8.8.8.8 192.168.2.5
May 10, 2020 21:41:04.685049057 CEST 52145 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:04.713294983 CEST 56380 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:04.738300085 CEST 53 52145 8.8.8.8 192.168.2.5
May 10, 2020 21:41:04.738615990 CEST 53 56380 8.8.8.8 192.168.2.5
May 10, 2020 21:41:05.025785923 CEST 50302 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:05.051119089 CEST 53 50302 8.8.8.8 192.168.2.5
May 10, 2020 21:41:05.150310040 CEST 54176 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:05.190500975 CEST 53 54176 8.8.8.8 192.168.2.5
May 10, 2020 21:41:09.056405067 CEST 50000 53 192.168.2.5 8.8.8.8
May 10, 2020 21:41:09.081773043 CEST 53 50000 8.8.8.8 192.168.2.5
Timestamp Source Port Dest Port Source IP Dest IP
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
May 10, 2020 21:40:26.327574015 CEST 192.168.2.5 8.8.8.8 0xf41e Standard query (0)
glob.inforz.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:26.724982023 CEST 192.168.2.5 8.8.8.8 0xfb74 Standard query (0)
media44.club A (IP address) IN (0x0001)
May 10, 2020 21:40:27.053986073 CEST 192.168.2.5 8.8.8.8 0x25dc Standard query (0)
maxcdn.bootstrapcdn.com
A (IP address) IN (0x0001)
May 10, 2020 21:40:27.351686001 CEST 192.168.2.5 8.8.8.8 0xb106 Standard query (0)
counter.yadro.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:45.626199961 CEST 192.168.2.5 8.8.8.8 0x424a Standard query (0)
www.brwz7.com A (IP address) IN (0x0001)
May 10, 2020 21:40:46.347881079 CEST 192.168.2.5 8.8.8.8 0xe95b Standard query (0)
deliverps.com A (IP address) IN (0x0001)
May 10, 2020 21:40:46.651441097 CEST 192.168.2.5 8.8.8.8 0x2e18 Standard query (0)
d0wnl0ad.net A (IP address) IN (0x0001)
May 10, 2020 21:40:54.578847885 CEST 192.168.2.5 8.8.8.8 0xe793 Standard query (0)
www.liveinternet.ru
A (IP address) IN (0x0001)
May 10, 2020 21:40:55.074346066 CEST 192.168.2.5 8.8.8.8 0x42b0 Standard query (0)
i.li.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:55.082762957 CEST 192.168.2.5 8.8.8.8 0xdf18 Standard query (0)
yastatic.net A (IP address) IN (0x0001)
May 10, 2020 21:40:56.124974012 CEST 192.168.2.5 8.8.8.8 0x2ce6 Standard query (0)
ads.betweendigital.com
A (IP address) IN (0x0001)
May 10, 2020 21:40:56.132158995 CEST 192.168.2.5 8.8.8.8 0xb6ff Standard query (0)
ad.mail.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:56.135067940 CEST 192.168.2.5 8.8.8.8 0x4001 Standard query (0)
pbs.alfasense.com
A (IP address) IN (0x0001)
May 10, 2020 21:40:56.227633953 CEST 192.168.2.5 8.8.8.8 0xbd1f Standard query (0)
matchid.adfox.yandex.ru
A (IP address) IN (0x0001)
May 10, 2020 21:40:56.283830881 CEST 192.168.2.5 8.8.8.8 0xf37a Standard query (0)
mc.yandex.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:56.310357094 CEST 192.168.2.5 8.8.8.8 0xbcf2 Standard query (0)
static-mon.yandex.net
A (IP address) IN (0x0001)
May 10, 2020 21:40:57.126578093 CEST 192.168.2.5 8.8.8.8 0x1713 Standard query (0)
an.yandex.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:57.371527910 CEST 192.168.2.5 8.8.8.8 0x5aaa Standard query (0)
ads.adfox.ru A (IP address) IN (0x0001)
May 10, 2020 21:40:59.507004976 CEST 192.168.2.5 8.8.8.8 0xbac2 Standard query (0)
avatars.mds.yandex.net
A (IP address) IN (0x0001)
May 10, 2020 21:41:00.172755957 CEST 192.168.2.5 8.8.8.8 0x1cff Standard query (0)
ysa-static.passport.yandex.ru
A (IP address) IN (0x0001)
May 10, 2020 21:41:02.842896938 CEST 192.168.2.5 8.8.8.8 0xb2b2 Standard query (0)
yandex.ru A (IP address) IN (0x0001)
May 10, 2020 21:41:04.685049057 CEST 192.168.2.5 8.8.8.8 0xa57f Standard query (0)
googleads.g.doubleclick.net
A (IP address) IN (0x0001)
May 10, 2020 21:41:05.150310040 CEST 192.168.2.5 8.8.8.8 0xef9c Standard query (0)
www.google.co.uk
A (IP address) IN (0x0001)
DNS Queries
Copyright Joe Security LLC 2020 Page 48 of 88
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
May 10, 2020 21:40:26.426086903 CEST
8.8.8.8 192.168.2.5 0xf41e No error (0) glob.inforz.ru 78.108.80.125 A (IP address) IN (0x0001)
May 10, 2020 21:40:26.815845013 CEST
8.8.8.8 192.168.2.5 0xfb74 No error (0) media44.club 87.236.19.139 A (IP address) IN (0x0001)
May 10, 2020 21:40:27.079294920 CEST
8.8.8.8 192.168.2.5 0x25dc No error (0) maxcdn.bootstrapcdn.com
cds.j3z9t3p6.hwcdn.net CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:40:27.377137899 CEST
8.8.8.8 192.168.2.5 0xb106 No error (0) counter.yadro.ru 88.212.201.216 A (IP address) IN (0x0001)
May 10, 2020 21:40:27.377137899 CEST
8.8.8.8 192.168.2.5 0xb106 No error (0) counter.yadro.ru 88.212.201.198 A (IP address) IN (0x0001)
May 10, 2020 21:40:27.377137899 CEST
8.8.8.8 192.168.2.5 0xb106 No error (0) counter.yadro.ru 88.212.201.204 A (IP address) IN (0x0001)
May 10, 2020 21:40:27.377137899 CEST
8.8.8.8 192.168.2.5 0xb106 No error (0) counter.yadro.ru 88.212.201.210 A (IP address) IN (0x0001)
May 10, 2020 21:40:45.664772034 CEST
8.8.8.8 192.168.2.5 0x424a No error (0) www.brwz7.com 104.27.135.202 A (IP address) IN (0x0001)
May 10, 2020 21:40:45.664772034 CEST
8.8.8.8 192.168.2.5 0x424a No error (0) www.brwz7.com 104.27.134.202 A (IP address) IN (0x0001)
May 10, 2020 21:40:46.381592989 CEST
8.8.8.8 192.168.2.5 0xe95b No error (0) deliverps.com 104.24.107.185 A (IP address) IN (0x0001)
May 10, 2020 21:40:46.381592989 CEST
8.8.8.8 192.168.2.5 0xe95b No error (0) deliverps.com 104.24.106.185 A (IP address) IN (0x0001)
May 10, 2020 21:40:46.723962069 CEST
8.8.8.8 192.168.2.5 0x2e18 No error (0) d0wnl0ad.net 104.18.59.22 A (IP address) IN (0x0001)
May 10, 2020 21:40:46.723962069 CEST
8.8.8.8 192.168.2.5 0x2e18 No error (0) d0wnl0ad.net 104.18.58.22 A (IP address) IN (0x0001)
May 10, 2020 21:40:54.604229927 CEST
8.8.8.8 192.168.2.5 0xe793 No error (0) www.liveinternet.ru
88.212.202.35 A (IP address) IN (0x0001)
May 10, 2020 21:40:55.108182907 CEST
8.8.8.8 192.168.2.5 0x42b0 No error (0) i.li.ru 88.212.202.1 A (IP address) IN (0x0001)
May 10, 2020 21:40:55.108208895 CEST
8.8.8.8 192.168.2.5 0xdf18 No error (0) yastatic.net 178.154.131.216 A (IP address) IN (0x0001)
May 10, 2020 21:40:55.108208895 CEST
8.8.8.8 192.168.2.5 0xdf18 No error (0) yastatic.net 178.154.131.215 A (IP address) IN (0x0001)
May 10, 2020 21:40:55.108208895 CEST
8.8.8.8 192.168.2.5 0xdf18 No error (0) yastatic.net 178.154.131.217 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.150288105 CEST
8.8.8.8 192.168.2.5 0x2ce6 No error (0) ads.betweendigital.com
ssp.ads.betweendigital.com
CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:40:56.150288105 CEST
8.8.8.8 192.168.2.5 0x2ce6 No error (0) ssp.ads.betweendigital.com
88.212.252.22 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.150288105 CEST
8.8.8.8 192.168.2.5 0x2ce6 No error (0) ssp.ads.betweendigital.com
88.212.252.2 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.150288105 CEST
8.8.8.8 192.168.2.5 0x2ce6 No error (0) ssp.ads.betweendigital.com
188.42.29.196 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.160382986 CEST
8.8.8.8 192.168.2.5 0x4001 No error (0) pbs.alfasense.com
23.111.100.68 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.160382986 CEST
8.8.8.8 192.168.2.5 0x4001 No error (0) pbs.alfasense.com
23.111.100.228 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.172343969 CEST
8.8.8.8 192.168.2.5 0xb6ff No error (0) ad.mail.ru r.mail.ru CNAME (Canonical name)
IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2020 Page 49 of 88
May 10, 2020 21:40:56.172343969 CEST
8.8.8.8 192.168.2.5 0xb6ff No error (0) r.mail.ru 94.100.180.197 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.261286974 CEST
8.8.8.8 192.168.2.5 0xbd1f No error (0) matchid.adfox.yandex.ru
matchid-production.adfox.yandex.ru
CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:40:56.261286974 CEST
8.8.8.8 192.168.2.5 0xbd1f No error (0) matchid-production.adfox.yandex.ru
93.158.134.118 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.309107065 CEST
8.8.8.8 192.168.2.5 0xf37a No error (0) mc.yandex.ru 77.88.21.119 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.309107065 CEST
8.8.8.8 192.168.2.5 0xf37a No error (0) mc.yandex.ru 93.158.134.119 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.309107065 CEST
8.8.8.8 192.168.2.5 0xf37a No error (0) mc.yandex.ru 87.250.251.119 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.309107065 CEST
8.8.8.8 192.168.2.5 0xf37a No error (0) mc.yandex.ru 87.250.250.119 A (IP address) IN (0x0001)
May 10, 2020 21:40:56.335536003 CEST
8.8.8.8 192.168.2.5 0xbcf2 No error (0) static-mon.yandex.net
cryprox.yandex.net CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:40:56.335536003 CEST
8.8.8.8 192.168.2.5 0xbcf2 No error (0) cryprox.yandex.net
87.250.251.92 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.160396099 CEST
8.8.8.8 192.168.2.5 0x1713 No error (0) an.yandex.ru 87.250.250.90 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.160396099 CEST
8.8.8.8 192.168.2.5 0x1713 No error (0) an.yandex.ru 77.88.21.90 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.160396099 CEST
8.8.8.8 192.168.2.5 0x1713 No error (0) an.yandex.ru 93.158.134.90 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.160396099 CEST
8.8.8.8 192.168.2.5 0x1713 No error (0) an.yandex.ru 213.180.193.90 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.160396099 CEST
8.8.8.8 192.168.2.5 0x1713 No error (0) an.yandex.ru 213.180.204.90 A (IP address) IN (0x0001)
May 10, 2020 21:40:57.396791935 CEST
8.8.8.8 192.168.2.5 0x5aaa No error (0) ads.adfox.ru 77.88.21.179 A (IP address) IN (0x0001)
May 10, 2020 21:40:59.532428026 CEST
8.8.8.8 192.168.2.5 0xbac2 No error (0) avatars.mds.yandex.net
87.250.247.182 A (IP address) IN (0x0001)
May 10, 2020 21:40:59.532428026 CEST
8.8.8.8 192.168.2.5 0xbac2 No error (0) avatars.mds.yandex.net
87.250.247.181 A (IP address) IN (0x0001)
May 10, 2020 21:40:59.532428026 CEST
8.8.8.8 192.168.2.5 0xbac2 No error (0) avatars.mds.yandex.net
87.250.247.184 A (IP address) IN (0x0001)
May 10, 2020 21:40:59.532428026 CEST
8.8.8.8 192.168.2.5 0xbac2 No error (0) avatars.mds.yandex.net
87.250.247.183 A (IP address) IN (0x0001)
May 10, 2020 21:41:00.206428051 CEST
8.8.8.8 192.168.2.5 0x1cff No error (0) ysa-static.passport.yandex.ru
ysa-static.passport.yandex.net
CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:41:00.206428051 CEST
8.8.8.8 192.168.2.5 0x1cff No error (0) ysa-static.passport.yandex.net
87.250.250.114 A (IP address) IN (0x0001)
May 10, 2020 21:41:02.868216038 CEST
8.8.8.8 192.168.2.5 0xb2b2 No error (0) yandex.ru 5.255.255.80 A (IP address) IN (0x0001)
May 10, 2020 21:41:02.868216038 CEST
8.8.8.8 192.168.2.5 0xb2b2 No error (0) yandex.ru 5.255.255.88 A (IP address) IN (0x0001)
May 10, 2020 21:41:02.868216038 CEST
8.8.8.8 192.168.2.5 0xb2b2 No error (0) yandex.ru 77.88.55.77 A (IP address) IN (0x0001)
May 10, 2020 21:41:02.868216038 CEST
8.8.8.8 192.168.2.5 0xb2b2 No error (0) yandex.ru 77.88.55.80 A (IP address) IN (0x0001)
May 10, 2020 21:41:03.414254904 CEST
8.8.8.8 192.168.2.5 0x82be No error (0) pagead.l.doubleclick.net
172.217.16.194 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2020 Page 50 of 88
May 10, 2020 21:41:04.738300085 CEST
8.8.8.8 192.168.2.5 0xa57f No error (0) googleads.g.doubleclick.net
pagead46.l.doubleclick.net
CNAME (Canonical name)
IN (0x0001)
May 10, 2020 21:41:04.738300085 CEST
8.8.8.8 192.168.2.5 0xa57f No error (0) pagead46.l.doubleclick.net
172.217.23.162 A (IP address) IN (0x0001)
May 10, 2020 21:41:05.190500975 CEST
8.8.8.8 192.168.2.5 0xef9c No error (0) www.google.co.uk
216.58.212.131 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
glob.inforz.rumedia44.club
counter.yadro.ruwww.liveinternet.ru
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.5 49743 78.108.80.125 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:26.500107050 CEST
1 OUT GET /gt.php?q=Iseki+Tu+Manual HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: glob.inforz.ruConnection: Keep-Alive
May 10, 2020 21:40:26.711886883 CEST
1 IN HTTP/1.1 302 FoundServer: nginxDate: Sun, 10 May 2020 19:40:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 0Connection: keep-aliveX-Powered-By: PHP/5.5.38Set-Cookie: qwerty=0; expires=Sun, 10-May-2020 20:40:26 GMT; Max-Age=3600; path=/Location: http://media44.club/download/books.php?Iseki+Tu+Manual
Session ID Source IP Source Port Destination IP Destination Port Process
1 192.168.2.5 49746 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:26.894812107 CEST
2 OUT GET /download/books.php?Iseki+Tu+Manual HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: media44.club
HTTP Request Dependency Graph
HTTP Packets
Copyright Joe Security LLC 2020 Page 51 of 88
May 10, 2020 21:40:26.973730087 CEST
3 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:26 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingX-Powered-By: PHP/5.6.40Content-Encoding: gzipData Raw: 65 35 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 5c eb 92 db b8 95 fe dd 7a 8a 63 e6 22 69 da 24 5b 6a b7 dd 56 b7 e4 f4 b4 ed 4c db ed 59 97 2f d9 4d c5 a9 14 48 42 22 dc 24 41 13 a0 d4 9a cc 4e d5 ce 9f fd b9 af 92 aa ec 54 76 37 95 a4 6a 9f a0 e7 49 f2 0a 39 00 48 89 94 d4 17 7b 23 ed 6e 4d 77 59 12 09 1e 1c 1c 1c 7c e7 02 10 f0 5f ff f8 97 c3 50 c6 d1 a0 71 18 52 12 e0 4f 4c 25 81 50 ca d4 a6 1f 72 36 ee 5b 3e 4f 24 4d a4 2d a7 29 b5 a0 b8 eb 5b 92 9e 4b 57 55 3d 00 3f 24 99 a0 b2 ff f6 cd 53 7b df 1a 34 00 c0 b0 29 1f 58 b9 1c d6 9f 54 1b f8 27 fb ed 91 7d cc e3 94 48 e6 45 d5 36 4e 9e f4 69 30 a2 d5 8a 09 89 69 df 1a 33 3a 49 79 26 2b b4 13 16 c8 b0 1f d0 31 f3 a9 ad 6f ee 02 4b 98 64 24 b2 85 4f 22 da ef 20 1f cd 28 62 c9 19 84 19 1d f6 ad 21 8b a8 70 87 de 90 d2 c0 f1 85 b0 20 a3 51 df 12 72 8a e5 21 a5 b2 68 5b 57 31 8f 42 6c d7 cf 25 30 6c da aa b3 21 63 55 e8 e0 97 05 4a 5d 7d 8b c5 64 44 dd 73 5b 13 2f b2 fa 14 0e 8a 45 4d 9c b9 a4 05 27 a5 5a d1 73 dd 98 9c fb 41 e2 78 9c 4b 21 33 92 aa 1b 9f c7 ee ac c0 dd 75 76 9d 07 2e f6 7a 5e e6 c4 2c d1 7a 18 98 86 84 9f b1 54 82 c8 fc 39 63 f2 9e 9c 3b 23 ce 47 11 25 29 13 9a a9 2a 73 23 e6 09 f7 fd 87 9c 66 53 e4 dd 75 3a c5 8d 66 fa 1e 79 1e ba 86 df 15 cc 6f 2a f5 fb 45 a1 eb fc b5 a6 25 93 11 1d bc a0 01 23 f7 ee 39 7e 94 7b 87 ae 29 5b c4 93 e9 8d c7 ab 80 4a 38 4b 02 7a be 0c be 8c 23 a1 58 a6 bc 0b 09 1f f2 28 e2 13 35 4e 87 7a 64 06 0d f7 b3 3b 0d f8 0c 8e 33 4a 24 cf 40 e8 1b 1e 50 88 10 a8 89 a0 01 e4 58 39 03 19 52 38 4a 89 8f 3f a7 e6 09 8c bb ce 8e a3 e8 9f 62 c5 00 05 60 91 b8 0b 82 52 6d 3e a8 ac c9 64 e2 10 5d c7 e1 d9 c8 2d 38 0a f7 f4 e4 f8 c9 97 af 9f d8 45 7d b7 d1 f0 78 30 85 df 6a b5 7b c4 3f 1b 65 1c 5b ed 41 9e 45 ad a6 81 9e 2a ee ec 38 ef d3 51 b3 7d d0 f8 e7 46 c3 11 92 64 af d0 26 93 51 2f e1 b2 c5 a3 a0 ad 59 04 4c a4 11 99 f6 d0 bc 10 87 d4 f6 22 ee 9f 1d e0 03 6d 75 3d 78 e0 ec d1 58 dd 87 94 8d 42 d9 83 4e 59 c0 c7 34 1b a2 7e 7a 10 b2 20 a0 89 2a c3 22 c9 d0 3e 6d 12 b1 51 d2 03 d4 ad e4 f1 a5 12 0c b0 d5 14 ad 4f 09 12 93 6c c4 12 3b 33 ad d8 9d 9d 9d 9f e8 56 50 23 4c a2 7c 3b 57 70 89 88 47 a3 7a 77 66 fd 40 11 09 32 d4 7c d5 7d ca 05 fa 11 8e c2 a1 c9 21 a3 31 55 a5 4b 7a 74 59 e2 bb c6 5c 55 93 36 1f 0e 1d 31 d6 ea ac 52 db 82 7d 45 7b 1a 3d 84 25 d7 89 d8 f3 e8 90 67 54 4b 5a 00 ae 07 cd e6 c1 4a c1 8b 01 e8 5c 3a 00 d7 cb 9c dc 44 e4 ba 8e 01 d0 08 93 52 45 c5 13 d8 71 ba 02 14 3e 48 76 6d 1f 43 05 8c a2 a7 77 af a7 fc a6 a6 9a e5 0a 86 aa 3d e8 a1 61 f8 67 34 f8 66 59 95 33 f9 3b 4a 38 f4 1b c6 58 1b 70 e8 9a 38 88 57 ca 66 8c f1 07 6c 0c 7e 44 84 30 d1 10 75 40 b3 c2 43 2e 3c 8c ec 38 b0 f7 a1 b8 40 04 60 f8 b3 bb 16 68 fe 7d ab a2 52 24 e1 59 0f 26 21 93 f4 a0 64 86 ec ee d8 36 7c 49 c6 1e c9 c0 b6 67 c5 70 98 90 59 33 89 79 6c 7e 6c 96 60 67 05 b5 2a b4 ab e4 b5 87 51 ce 82 2a 95 6a e9 73 1c b9 00 d4 47 f2 11 ba 40 18 51 09 4a c2 14 1d 13 6a 0b 3c 2a 25 7a a7 98 7b e8 25 4a c8 d5 25 ab b4 56 88 a4 54 38 d7 90 a2 f1 72 b4 ea a4 08 69 e6 c6 5a a8 54 08 80 7a 89 48 8a 7e d1 82 80 48 52 14 6b dd ea f2 b2 18 6d 5f 65 16 3f f2 84 4d cf 49 9c 46 d4 2e 18 95 94 76 c7 02 Data Ascii: e52\zc"i$[jVLY/MHB"$ANTv7jI9H{#nMwY|_PqROL%Pr6[>O$M-)[KWU=?$S{4)XT'}HE6Ni0i3:Iy&+1oKd$O" (b!p Qr!h[W1Bl%0l!cUJ]}dDs[/EM'ZsAxK!3uv.z^,zT9c;#G%)*s#fSu:fyo*E%#9~{)[J8Kz#X(5Nzd;3J$@PX9R8J?b`Rm>d]-8E}x0j{?e[AE*8Q}Fd&Q/YL"mu=xXBNY4~z *">mQOl;3VP#L|;WpGzwf@2|}!1UKztY\U61R}E{=%gTKZJ\:DREq>HvmCw=ag4fY3;J8Xp8Wfl~D0u@C.<8@`h}R$Y&!d6|IgpY3yl~l`g*Q*jsG@QJj<*%z{%J%VT8riZTzH~HRkm_e?MIF.v
May 10, 2020 21:40:27.044889927 CEST
6 OUT GET /download/files/fbfeed.css HTTP/1.1Accept: text/css, */*Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
May 10, 2020 21:40:27.111562967 CEST
9 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: text/cssLast-Modified: Sun, 16 Feb 2020 15:34:15 GMTTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingETag: W/"5e4960f7-5db"Expires: Sun, 17 May 2020 19:40:27 GMTCache-Control: max-age=604800Content-Encoding: gzipData Raw: 32 34 37 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 53 cb 6e db 30 10 bc fb 2b b6 f0 2d 88 5e 71 1c db ea a9 55 1d 20 40 50 a0 f0 17 50 e2 5a 26 4c 93 02 49 c5 76 8b fe 7b 29 91 52 6c 47 6a 2b 1d 04 ed 0e 77 67 67 87 d1 dd a7 09 dc 41 a6 90 18 a9 60 83 7b 02 b5 60 a7 1f 35 69 e3 92 22 70 56 a0 d0 48 6d 82 a2 02 b3 43 f8 52 91 c2 7e 5e 5d 06 de 1e c2 38 6c f0 cf b6 06 45 43 18 d7 f7 a0 11 61 67 4c 95 46 d1 f1 78 0c 49 7b 26 94 aa 8c 7c 45 1d bd be 64 eb ef 9b 75 e0 cf 47 93 09 67 f7 93 9a 4f 7e 4d 00 e0 40 54 c9 44 0a 71 75 fa dc fc 57 84 52 26 4a 1f f8 dd 80 1d 90 33 6d 02 6d ce 1c 53 10 52 60 9b 24 2e 57 d4 4a 4b 95 42 25 99 30 a8 da 42 85 e4 4d 68 3a fb 3a 5f ad 96 6d c8 e0 c9 04 14 0b a9 88 61 52 74 75 6c 66 2b 85 09 8e c8 ca 9d 49 21 97 9c b6 d5 a7 db fc 19 91 e6 a4 d8 67 16 80 c2 40 68 64 e5 7a f6 44 57 d5 09 62 58 78 fe b9 54 56 c0 20 97 c6 c8 43 0a 89 4d 6a c9 19 85 69 96 65 97 08 5b e8 63 7a bc 29 f8 51 b7 5c 12 cb 51 35 54 c7 f0 9d 64 3d c5 24 6e 38 8e f1 9b ae 1f 9a d7 11 19 af d9 97 75 2b 0b 38 6e 2d 91 a7 78 78 f0 5e 5a 8f 6e c7 9d 5f 63 7b 09 fe 8b 81 ae 88 f0 eb 76 ab 2d 15 9e 47 25 ab a4 36 cd 0f 61 02 95 3b 46 99 ae 38 39 a7 60 48 ce 31 28 90 f3 96 cd 1b 2a c3 0a c2 03 c2 59 69 5d 61 69 b5 f1 23 a3 66 d7 88 67 1f 6f c6 a1 4e ec 40 4a bc 5a 4e a3 8c 9b d3 e2 4a 25 ed 9d 0a 3a 3b ae bf 35 ef a5 32 9d 62 4b 2f 8e 0f 2b 67 c6 24 f9 4b 6b 77 f4 46 14 32 2e 8a c3 f7 56 ba 34 bd 90 ea 40 f8 bf 4e 86 9c ed 11 bc 0f 6e 26 b4 8a 33 77 ad 82 d9 cc 2e 35 48 16 9d 37 7a e5 99 e0 76 1f 41 ce 65 b1 bf d2 b8 73 c6 ce d3 49 66 7e ec b0 66 af 4c ec 37 75 6e 38 de ec f1 bd cc d5 f0 63 a3 75 71 cd 7e 62 7b 6d 3f f8 f3 69 a8 e9 4b 21 c5 f0 7a 6f 89 8c 0a 12 b7 72 2c 17 b7 43 3e fa 40 a7 c2 e3 a0 05 e6 03 4c e7 8e e9 1f 40 c1 18 4e db 05 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 247Sn0+-^qU @PPZ&LIv{)RlGj+wggA`{`5i"pVHmCR~^]8lECagLFxI{&|EduGgO~M@TDquWR&J3mmSR`$.WJKB%0BMh::_maRtulf+I!g@hdzDWbXxTV CMjie[cz)Q\Q5Td=$n8u+8n-xx^Zn_c{v-G%6a;F89`H1(*Yi]ai#fgoN@JZNJ%:;52bK/+g$KkwF2.V4@Nn&3w.5H7zvAesIf~fL7un8cuq~b{m?iK!zor,C>@L@N0
May 10, 2020 21:40:27.118243933 CEST
9 OUT GET /download/files/49.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 52 of 88
May 10, 2020 21:40:27.184856892 CEST
33 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 8598Last-Modified: Sun, 16 Feb 2020 15:34:12 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f4-2196"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 1e 00 00 ff e1 03 2b 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 36 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 38 36 30 33 42 33 34 44 42 35 45 30 31 31 45 37 41 41 31 32 45 42 31 45 42 41 44 37 38 31 34 44 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 38 36 30 33 42 33 34 45 42 35 45 30 31 31 45 37 41 41 31 32 45 42 31 45 42 41 44 37 38 31 34 44 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 38 36 30 33 42 33 34 42 42 35 45 30 31 31 45 37 41 41 31 32 45 42 31 45 42 41 44 37 38 31 34 44 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 38 36 30 33 42 33 34 43 42 35 45 30 31 31 45 37 41 41 31 32 45 42 31 45 42 41 44 37 38 31 34 44 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff db 00 84 00 10 0b 0b 0b 0c 0b 10 0c 0c 10 17 0f 0d 0f 17 1b 14 10 10 14 1b 1f 17 17 17 17 17 1f 1e 17 1a 1a 1a 1a 17 1e 1e 23 25 27 25 23 1e 2f 2f 33 33 2f 2f 40 40 40 40 40 40 40 40 40 40 40 40 40 40 40 01 11 0f 0f 11 13 11 15 Data Ascii: ExifII*Ducky+http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:8603B34DB5E011E7AA12EB1EBAD7814D" xmpMM:DocumentID="xmp.did:8603B34EB5E011E7AA12EB1EBAD7814D"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:8603B34BB5E011E7AA12EB1EBAD7814D" stRef:documentID="xmp.did:8603B34CB5E011E7AA12EB1EBAD7814D"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Adobed#%'%#//33//@@@@@@@@@@@@@@@
May 10, 2020 21:40:27.189896107 CEST
44 OUT GET /download/files/user-6.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 53 of 88
May 10, 2020 21:40:27.256438017 CEST
103 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 2583Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-a17"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 32 00 32 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f0 af f8 23 f7 ec bd 37 c5 cf 09 4f 79 f1 3b 46 83 fe 10 d8 a5 68 0d cc c8 3c eb d7 eb 24 51 9c 03 b0 37 2c d9 e4 85 03 a5 7b 57 ed 4d ff 00 04 bc f8 85 f0 cf c2 07 c4 1f b2 9f 8f 35 1d 5b c3 b6 9f e9 12 f8 52 f6 67 9d 61 7c 65 a4 8e 17 ce c3 d4 17 84 86 c7 50 46 6b 1f e0 07 c7 cf 87 9f b3 57 c1 6d 23 53 be f1 4e 97 a6 68 3a75 b8 86 28 2e 35 05 89 cb f3 b8 2a 13 96 24 e4 f1 9e b5 eb fa bf fc 14 63 49 d5 7f 67 2f 17 fc 6e f8 15 a7 1f 14 6a 1e 11 54 5b 8d 32 d6 e3 11 b8 69 11 44 99 50 59 94 06 2c 76 8c 90 a7 18 eb 5c 34 2a bc 4d 2b 33 d1 9d 1a 14 37 b7 9a 3f 33 bc 43 f0 a0 f8 a6 fe e6 dd ac 5e c3 51 b4 02 6d 4f 4b 0a 04 e1 13 76 1d 38 fd e4 7f 31 22 45 07 69 ec 9d b9 0f 1d 68 49 75 e1 38 f4 ed 17 c4 17 b2 6a 12 4e af 60 81 9e 21 20 56 11 ca 48 21 54 23 3e f1 b4 12 73 b4 1c 9e 2b db 7c 57 af fe da bf Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95CC22"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?#7Oy;Fh<$Q7,{WM5[Rga|ePFkWm#SNh:u(.5*$cIg/njT[2iDPY,v\4*M+37?3C^QmOKv81"EihIu8jN`! VH!T#>s+|W
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
2 192.168.2.5 49745 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.061296940 CEST
7 OUT GET /download/files/32222.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
Copyright Joe Security LLC 2020 Page 54 of 88
May 10, 2020 21:40:27.131808043 CEST
11 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 4885Last-Modified: Sun, 16 Feb 2020 15:34:11 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f3-1315"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 3c 00 00 ff e1 03 19 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 45 46 45 39 37 41 35 41 42 35 42 38 31 31 45 37 39 35 46 43 41 37 45 31 39 42 43 38 32 37 30 46 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 45 46 45 39 37 41 35 39 42 35 42 38 31 31 45 37 39 35 46 43 41 37 45 31 39 42 43 38 32 37 30 46 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 36 20 57 69 6e 64 6f 77 73 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 35 46 34 34 46 39 38 38 31 38 36 34 34 33 31 33 31 32 30 30 33 42 32 44 46 37 38 36 36 43 46 31 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 35 46 34 34 46 39 38 38 31 38 36 34 34 33 31 33 31 32 30 30 33 42 32 44 46 37 38 36 36 43 46 31 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff db 00 84 00 06 04 04 04 05 04 06 05 05 06 09 06 05 06 09 0b 08 06 06 08 0b 0c 0a 0a 0b 0a 0a 0c 10 0c 0c 0c 0c 0c 0c 10 0c 0e 0f 10 0f 0e 0c 13 13 14 14 13 13 1c 1b 1b 1b 1c 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f 01 07 07 07 0d 0c 0d 18 10 10 18 1a 15 11 15 1a 1f 1f 1f 1f 1f 1f 1f 1f 1f 1f Data Ascii: ExifII*Ducky<http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmpMM:DocumentID="xmp.did:EFE97A5AB5B811E795FCA7E19BC8270F" xmpMM:InstanceID="xmp.iid:EFE97A59B5B811E795FCA7E19BC8270F" xmp:CreatorTool="Adobe Photoshop CS6 Windows"> <xmpMM:DerivedFrom stRef:instanceID="5F44F9881864431312003B2DF7866CF1" stRef:documentID="5F44F9881864431312003B2DF7866CF1"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Adobed
May 10, 2020 21:40:27.143860102 CEST
17 OUT GET /download/files/user-3.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 55 of 88
May 10, 2020 21:40:27.214230061 CEST
53 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1594Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-63a"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 42 38 30 78 55 73 79 6a 54 51 50 52 68 7a 44 44 50 5a 4c 30 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 39 66 30 31 30 30 30 30 31 32 30 32 30 30 30 30 39 39 30 32 30 30 30 30 63 65 30 32 30 30 30 30 31 35 30 33 30 30 30 30 62 65 30 33 30 30 30 30 36 35 30 34 30 30 30 30 39 64 30 34 30 30 30 30 64 64 30 34 30 30 30 30 32 37 30 35 30 30 30 30 33 61 30 36 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1a 00 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 04 05 00 01 03 02 06 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 00 03 04 ff c4 00 18 01 01 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 00 03 04 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 48 cd 47 aa f3 f5 4f 47 63 ab 25 fe a7 cd 68 59 7d 4b 07 60 a8 c1 e5 f7 9e 63 52 f5 2b 15 10 e1 3a 95 80 62 b5 98 88 72 83 f1 be 1c f2 9b 5f 51 ca ca 14 92 b6 18 91 b5 69 57 4f 33 24 9a bf ff c4 00 24 10 00 01 04 00 05 04 03 00 00 00 00 00 00 00 00 00 02 00 01 03 04 11 13 21 23 32 12 31 33 41 05 14 34 ff da 00 08 01 00 00 01 05 02 ad a3 fc b0 41 22 a1 1e 6a 28 f7 a4 af 96 8b 48 94 67 80 ce 42 f0 67 65 45 05 91 32 b3 e4 b1 c1 09 bb 8d e2 c4 1c dd de 4b 10 59 a8 07 d7 56 7f 02 1e d2 92 6e 74 58 3e d9 90 8c 32 be ca 6e ec c0 88 d8 a5 ac f8 59 90 91 3e 88 53 74 49 14 a0 e0 aa 3e f4 8f af b4 08 15 8f c9 5b 91 af 6b ff c4 00 1c 11 00 02 02 02 03 00 00 00 00 00 00 00 00 00 00 00 00 01 02 10 11 32 12 31 41 ff da 00 08 01 02 11 01 3f 01 f0 6d 71 b5 ab 17 58 15 44 5b 5c 09 6d 7f ff c4 00 1b 11 00 02 03 00 03 00 00 00 00 00 00 00 00 00 00 00 00 01 02 10 11 21 22 31 ff da 00 08 01 01 11 01 3f 01 dc 91 ce 89 ed 67 64 4b 87 a2 a9 7a 49 75 12 a6 2f 2f ff c4 00 29 10 00 01 03 02 05 03 03 05 00 00 00 00 00 00 00 00 01 00 02 03 11 12 10 13 21 41 51 31 71 81 20 61 f0 04 22 32 42 b1 ff da 00 08 01 00 00 06 3f 02 0e e1 02 61 90 48 1b ab d8 74 f2 ad cd 95 b6 8d c9 01 65 19 67 b8 9a 75 d1 5a 49 75 37 29 c3 db 0a 29 75 eb 11 fe 84 c9 00 fb 6d d2 aa 1c d3 47 09 2e f0 a5 f9 b2 ee 06 0d aa 8d 75 56 d0 45 33 35 a6 ce 4e 7f ce 8a 2c 59 50 8a 6e 60 a8 e3 95 2b 18 2d 6d 4d 02 8c 77 c7 e9 f3 bf 0a ea 51 3c e8 13 7d d3 fb a6 8c 58 1f 5d 38 55 fd 6a ae 3b 27 77 43 d0 ee e1 78 f4 7f ff c4 00 24 10 01 00 02 02 01 03 04 03 01 00 00 00 00 00 00 00 01 00 11 21 31 51 41 61 71 91 a1 b1 d1 Data Ascii: JFIFPhotoshop 3.08BIMgB80xUsyjTQPRhzDDPZL0(bFBMD01000a9f0100001202000099020000ce02000015030000be030000650400009d040000dd040000270500003a060000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"HGOGc%hY}K`cR+:br_QiWO3$$!#213A4A"j(HgBgeE2KYVntX>2nY>StI>[k21A?mqXD[\m!"1?gdKzIu//)!AQ1q a"2B?aHteguZIu7))umG.uVE35N,YPn`+-mMwQ<}X]8Uj;'wCx$!1QAaq
May 10, 2020 21:40:27.219149113 CEST
57 OUT GET /download/files/user-9.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 56 of 88
May 10, 2020 21:40:27.289506912 CEST
142 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1599Last-Modified: Sun, 16 Feb 2020 15:34:16 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f8-63f"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 67 71 44 5a 35 6c 56 66 30 59 50 49 71 51 73 58 54 38 32 67 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 61 32 30 31 30 30 30 30 32 31 30 32 30 30 30 30 62 62 30 32 30 30 30 30 66 36 30 32 30 30 30 30 33 36 30 33 30 30 30 30 63 65 30 33 30 30 30 30 37 36 30 34 30 30 30 30 61 64 30 34 30 30 30 30 65 61 30 34 30 30 30 30 32 66 30 35 30 30 30 30 33 66 30 36 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1b 00 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 04 06 01 05 00 03 07 02 ff c4 00 19 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 02 03 04 01 00 05 ff c4 00 19 01 00 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 02 03 04 01 00 05 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 ae df ac 8f 3a 8f 35 1a 1d d8 6b be 3a 72 29 65 34 c4 8a 0b de 3e d0 66 3a f3 9e 96 d6 c2 73 72 49 65 26 2e 43 65 6f 36 92 f6 5a 2b fa 6f 2d 68 3e f4 84 41 06 2b 91 39 4a 1a 0f 00 f8 a9 a7 89 83 01 8c 0c be da 2c cc b6 7f ff c4 00 25 10 00 02 01 02 05 04 03 01 00 00 00 00 00 00 00 00 02 03 01 04 05 00 12 13 21 32 11 14 31 43 22 23 34 42 ff da 00 08 01 00 00 01 05 02 54 7d 91 1f 32 6e 9a d7 1d c3 1b 6e 68 82 5d 30 a8 f0 bd 9f fd 57 33 16 8a 5e d9 11 95 83 7d 5c 04 44 ed ed 67 9a 5a 70 64 4a 61 c9 33 90 0b c0 14 86 61 c1 6c f6 17 41 b6 b9 b2 ff 00 43 8b a2 ef cf cd 51 87 b2 05 d3 b9 51 8e 95 57 1c 5c ae 0b 56 0e 0a 1f 31 ba 47 3b 47 90 96 46 45 d4 25 66 cd 6a b7 0c 69 cf 9a 5e 71 c9 fc bd 78 77 e7 c7 ff c4 00 1d 11 00 02 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 01 02 11 10 21 03 12 22 31 ff da 00 08 01 02 11 01 3f 01 80 fd 31 ad 6b 1c 64 5d a2 55 45 89 52 2e 86 fb 61 7c 18 f1 ff c4 00 1b 11 00 02 03 01 01 01 00 00 00 00 00 00 00 00 00 00 00 01 02 11 31 10 13 41 ff da 00 08 01 01 11 01 3f 01 64 63 4a ca be 33 04 79 0d 1a 61 44 b4 89 f5 73 ff c4 00 24 10 00 02 02 01 03 03 05 01 00 00 00 00 00 00 00 00 01 02 00 11 21 03 10 31 32 41 71 12 22 23 51 81 20 ff da 00 08 01 00 00 06 3f 02 6f 10 c3 5d 52 b2 e6 5a 01 e2 1d 2d 51 e9 63 fc 05 1d 4f 3d c9 6e 72 d2 d6 07 18 37 04 ad b4 f5 cf 52 18 03 5d 73 83 52 96 e2 86 50 3d dc 86 ed 39 10 42 7b c3 a2 0f c6 4d d4 52 91 68 ab 12 7f 60 d2 5e 53 ab 61 98 b1 18 76 69 6b d3 f5 3e 3c ea f6 c7 11 9d 8d 93 93 b0 bd b3 f7 08 65 6f c9 eb 23 99 67 76 f1 b1 89 0e df ff c4 00 22 10 01 00 02 02 02 02 03 00 03 00 00 Data Ascii: JFIFPhotoshop 3.08BIMggqDZ5lVf0YPIqQsXT82g(bFBMD01000aa201000021020000bb020000f602000036030000ce03000076040000ad040000ea0400002f0500003f060000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22":5k:r)e4>f:srIe&.Ceo6Z+o-h>A+9J,%!21C"#4BT}2nnh]0W3^}\DgZpdJa3alACQQW\V1G;GFE%fji^qxw!"1?1kd]UER.a|1A?dcJ3yaDs$!12Aq"#Q ?o]RZ-QcO=nr7R]sRP=9B{MRh`^Savik><eo#gv"
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
3 192.168.2.5 49747 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.141295910 CEST
16 OUT GET /download/files/user-1.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
Copyright Joe Security LLC 2020 Page 57 of 88
May 10, 2020 21:40:27.207231998 CEST
45 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 2383Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-94f"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 32 00 32 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fc cc be bd d5 06 b1 71 0c 77 d3 00 26 6c 2a c8 46 06 4d 4d 62 67 bb 7f 32 e2 56 7e 40 2e ec 4e 2b 43 5a f0 4e a7 6b 77 fd a4 f7 30 b2 5c 16 64 92 26 24 0c 76 ce 07 3c d5 ef 03 f8 36 e3 5a d5 d7 4f 48 de 5f dd 99 0a 20 e4 e0 70 3d b3 c7 3f 5a 97 28 2a 77 66 11 8d 47 52 cb 72 82 69 f2 c6 3e d6 5f 36 fb b6 b3 85 c0 07 b7 3e bc 1a b4 16 d5 33 14 61 58 a9 ea 7d 3b 7f 9f 7a eb ee 3e 12 fc 44 bb b8 b1 d2 b4 df 0e cf 3b 5e 5f ac 16 56 70 28 25 e5 38 c0 51 eb c8 e4 fa f3 53 5b 7c 0e f1 4c be 24 d4 ad bc 5d 05 ed b4 f6 17 6d 0d ca ac 3b a4 59 03 01 82 b9 c7 f1 0e 07 18 23 15 cf ed e8 5b de 91 d8 f0 b8 95 b4 5f af fc 13 8c b7 30 b4 9e 53 2a e0 26 49 66 c6 00 e4 e3 de 8b b9 a1 20 b2 45 1a e0 f1 87 cf 51 9f 5e df fe ba d4 f1 bf 85 24 f0 95 e8 8c cd e6 43 26 4c 52 79 4c a7 3f dd 20 f4 38 c1 ef c1 ac c6 1a 6c ed Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95CC22"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?qw&l*[email protected]+CZNkw0\d&$v<6ZOH_ p=?Z(*wfGRri>_6>3aX};z>D;^_Vp(%8QS[|L$]m;Y#[_0S*&If EQ^$C&LRyL? 8l
May 10, 2020 21:40:27.213426113 CEST
51 OUT GET /download/files/user-7.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 58 of 88
May 10, 2020 21:40:27.279300928 CEST
125 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1711Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-6af"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 54 65 76 75 35 32 41 41 46 49 38 45 35 5a 4f 6e 44 67 39 6e 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 39 38 30 31 30 30 30 30 30 35 30 32 30 30 30 30 61 35 30 32 30 30 30 30 63 36 30 32 30 30 30 30 66 66 30 32 30 30 30 30 65 65 30 33 30 30 30 30 63 63 30 34 30 30 30 30 66 63 30 34 30 30 30 30 31 64 30 35 30 30 30 30 34 62 30 35 30 30 30 30 61 66 30 36 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1b 00 00 02 02 03 01 00 00 00 00 00 00 00 00 00 00 00 05 06 01 04 00 02 03 07 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 f3 f7 1a 8f e0 95 e7 15 e3 cc b5 61 a6 56 9e 92 3d b4 2b 50 3b de 5c 2e 18 1c 6c 30 a3 99 26 92 0e e9 ca d0 c6 03 9b 10 3b c0 18 3d 82 5e 66 12 d8 a6 da 58 8d a0 13 bf 2d cf ff c4 00 23 10 00 02 02 02 03 00 01 05 01 00 00 00 00 00 00 00 02 03 01 04 00 05 11 12 13 22 10 14 20 21 23 24 ff da 00 08 01 00 00 01 05 02 5a 79 cd 76 af be 45 73 a1 3b d6 4c 9f d2 2b 3c a3 4e 9f 47 b1 3d 4f 61 65 73 53 5a 3f ab a0 27 6d 95 a4 73 d2 73 50 3e 4d e2 78 dd b8 5f 6f 4e 31 f7 96 2a 04 21 b0 b8 ad f0 cd 62 08 d7 b2 d9 38 8e b9 97 6d 53 20 ee dc b2 98 73 fa 2a bc 01 70 2f 34 ad 6c cf 52 ec c1 e0 35 e7 fe ed 9d 8f 3c fe 99 27 ce 7a 00 d7 8c 01 86 a1 35 4e bd 9d 81 c1 2f d4 a7 f0 d6 c7 21 ae f9 a2 ce 01 4f 4f ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ff da 00 08 01 02 11 01 3f 01 07 ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ff da 00 08 01 01 11 01 3f 01 07 ff c4 00 2c 10 00 01 03 03 02 04 04 07 01 00 00 00 00 00 00 00 01 00 02 11 03 12 21 22 31 41 51 61 71 04 10 32 42 20 23 52 72 81 91 b1 a1 ff da 00 08 01 00 00 06 3f 02 e6 4e c1 4d 62 40 e4 a6 9b dc 68 1c 38 1f 6a 7f 87 a6 cb f8 fd be 60 8a 4f 20 f4 46 7d bc 95 ed 7e 08 8b 27 0a b7 41 69 4e 24 7c c3 af 3c 42 aa fa 71 69 3c 14 f0 5e 80 ae 8f 50 4d 6b ae 2f 9c 26 50 a0 31 4f 55 47 2a e1 c0 35 c3 48 1c 21 54 73 84 54 69 b4 84 4b bb 2d 8a bc 54 b6 dd 4d 2a ca 26 1b b5 c0 44 ad 59 63 f4 bf b2 ab af 68 1c a6 15 3f 0f e1 e1 d5 1c 73 0b 50 b8 dd 74 2d 91 a7 71 0c 3b 81 c5 48 10 c5 33 d5 53 aa 3d df d5 47 ba 16 fa 81 58 95 95 1b bc ff 00 9e 42 ed 83 7f 5d 53 1c f9 05 ba bb 84 1e d1 a9 a2 4f 75 b7 c0 Data Ascii: JFIFPhotoshop 3.08BIMgTevu52AAFI8E5ZOnDg9n(bFBMD01000a9801000005020000a5020000c6020000ff020000ee030000cc040000fc0400001d0500004b050000af060000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"aV=+P;\.l0&;=^fX-#" !#$ZyvEs;L+<NG=OaesSZ?'mssP>Mx_oN1*!b8mS s*p/4lR5<'z5N/!OO@?@?,!"1AQaq2B #Rr?NMb@h8j`O F}~'AiN$|<Bqi<^PMk/&P1OUG*5H!TsTiK-TM*&DYch?sPt-q;H3S=GXB]SOu
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
4 192.168.2.5 49748 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.141936064 CEST
17 OUT GET /download/files/user-2.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
Copyright Joe Security LLC 2020 Page 59 of 88
May 10, 2020 21:40:27.208594084 CEST
48 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 2723Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-aa3"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 38 30 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 32 00 32 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 cb f8 c7 e2 6f db 73 f6 a6 d3 74 cf 07 7c 51 f3 6e ed c6 a8 90 5a 40 fa 7a 40 96 f3 08 99 8b c8 e1 46 c0 b1 2b 33 6e 23 03 e6 23 bd 7a 49 b1 f0 7f c2 ff 00 1f 68 b0 fe cd 4b a4 4a be 1a d4 ed ad b4 ed 3e ea c5 a4 37 f7 11 80 65 d4 6e 24 74 c6 59 d5 4a 86 dc 50 9c 2a a0 41 5d 57 ed 0d e3 3f 12 fe cb 9e 18 d5 3e 1c 7c 1a f8 81 a0 6a ba 85 d5 a4 91 f8 82 e7 58 d3 61 f2 15 22 81 bf 77 04 f2 12 d1 c8 4a 92 cc 18 23 3b 05 1f 74 3b 78 37 ec c3 ab 78 d3 c5 5e 05 d4 f5 7d 4a 23 71 1e 8f ac c1 ac cb 7b 1d da 03 03 84 74 d8 42 93 b9 49 31 f1 d0 64 e7 96 ae 1a d5 f1 13 cb 79 d3 4a 31 6e e9 37 bd ed e5 7b 7e 37 3e ab 28 a3 47 05 8c 50 af 06 e7 51 69 74 9f ba d7 67 7d 5e df f0 e6 8f c4 df f8 29 77 ed 1f 3d ff 00 88 bc 2b f1 8b e1 b4 d7 3e 0f b6 12 3d d6 b1 6b 0b 4d 2b 46 d2 08 c3 ce ce db 25 0c ec 80 00 06 dd dc Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 95CC22"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?ost|QnZ@z@F+3n##zIhKJ>7en$tYJP*A]W?>|jXa"wJ#;t;x7x^}J#q{tBI1dyJ1n7{~7>(GPQitg}^)w=+>=kM+F%
May 10, 2020 21:40:27.213854074 CEST
52 OUT GET /download/files/user-8.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 60 of 88
May 10, 2020 21:40:27.280416965 CEST
129 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1965Last-Modified: Sun, 16 Feb 2020 15:34:16 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f8-7ad"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 4f 38 52 46 67 33 79 66 47 6d 52 7a 75 6c 35 36 56 56 41 4c 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 39 64 30 31 30 30 30 30 31 35 30 32 30 30 30 30 63 63 30 32 30 30 30 30 30 63 30 33 30 30 30 30 35 65 30 33 30 30 30 30 38 35 30 34 30 30 30 30 37 37 30 35 30 30 30 30 61 65 30 35 30 30 30 30 66 33 30 35 30 30 30 30 33 65 30 36 30 30 30 30 61 64 30 37 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1a 00 00 03 01 01 01 01 00 00 00 00 00 00 00 00 00 00 00 05 06 07 03 04 02 ff c4 00 17 01 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 03 01 ff c4 00 17 01 00 03 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 02 03 01 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 fb 80 d4 24 d7 67 fb 57 f9 f4 90 71 c1 e0 6c 20 6e 66 99 fe af 06 d9 4b cd 02 e1 bc 75 5c da 09 a8 80 ad 09 9f 5b c2 05 7f 99 af 1a ca 39 e9 d6 74 d6 80 cd ce e1 2e a0 66 de 96 69 d9 56 5d 9a ab 71 1a e9 c0 55 7f ff c4 00 21 10 00 02 02 02 02 02 03 01 00 00 00 00 00 00 00 00 02 04 01 03 00 05 06 13 11 12 15 22 33 23 ff da 00 08 01 00 00 01 05 02 e6 7f ad 5e 67 3e d2 34 c4 63 05 25 3c 7b cf cc e7 2a 0f 69 d7 a6 16 0e ad 7a e5 67 14 91 ae 6b 80 bb 42 05 f2 99 cc 4a 60 97 33 02 d6 a8 75 5b 35 cb 8a 32 5e c7 c7 2e f3 b0 ce 48 bd 77 84 2d d1 5b 77 de 15 2e 76 95 86 80 db 1a 34 fa 5a ce 4e d9 2d 95 31 ec 66 97 78 a4 88 15 6d 5f 67 66 81 ab 09 ec e5 94 f6 4a eb 90 62 ac 93 8b 4a 56 57 4b 88 b0 61 a3 2a ea d9 e7 2a fd 6b 22 f7 a2 c3 83 9b 6c 14 f5 3f d9 a4 40 47 71 9f ff c4 00 1e 11 00 02 03 00 01 05 00 00 00 00 00 00 00 00 00 00 01 02 00 10 11 21 12 22 31 33 51 ff da 00 08 01 02 11 01 3f 01 13 61 fb 41 c6 e4 e9 e6 3b 0d ca 0b cc 66 ee c8 c3 68 78 a5 f5 d7 ff c4 00 1e 11 00 02 02 02 02 03 00 00 00 00 00 00 00 00 00 00 00 01 02 11 10 21 12 22 31 33 51 ff da 00 08 01 01 11 01 3f 01 93 38 e8 5f 30 e0 ea ce 5a 21 1b 57 86 f4 45 75 b2 32 ac 31 78 1f bb 1f ff c4 00 2e 10 00 01 03 03 01 07 02 05 05 00 00 00 00 00 00 00 01 00 02 11 03 12 21 31 04 10 13 22 41 51 61 32 91 14 42 52 81 c1 24 71 82 b1 e1 ff da 00 08 01 00 00 06 3f 02 d9 7b 43 bf 0b 9f 34 f5 21 7d 50 8f 14 11 6f 8d 4a 92 e9 ed 0b 67 8d 24 ff 00 5b a8 4c 46 72 aa 3a f0 1a 3c ad a3 9a 9b 9d d2 ed 7c 42 6b 76 8a ac 0e 99 20 94 5a e6 f1 80 d2 d2 a9 38 53 96 e7 f8 ee d9 86 6d 87 48 f6 50 24 cf 6e a9 e4 43 9c d6 12 Data Ascii: JFIFPhotoshop 3.08BIMgO8RFg3yfGmRzul56VVAL(bFBMD01000a9d01000015020000cc0200000c0300005e0300008504000077050000ae050000f30500003e060000ad070000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"$gWql nfKu\[9t.fiV]qU!"3#^g>4c%<{*izgkBJ`3u[52^.Hw-[w.v4ZN-1fxm_gfJbJVWKa**k"l?@Gq!"13Q?aA;fhx!"13Q?8_0Z!WEu21x.!1"AQa2BR$q?{C4!}PoJg$[LFr:<|Bkv Z8SmHP$nC
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
5 192.168.2.5 49749 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.155093908 CEST
30 OUT GET /download/files/user-4.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
Copyright Joe Security LLC 2020 Page 61 of 88
May 10, 2020 21:40:27.221370935 CEST
59 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1554Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-612"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 38 49 49 2d 54 6c 75 62 56 6f 4b 30 73 36 4c 59 45 79 62 54 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 39 38 30 31 30 30 30 30 66 64 30 31 30 30 30 30 38 61 30 32 30 30 30 30 61 62 30 32 30 30 30 30 65 37 30 32 30 30 30 30 64 63 30 33 30 30 30 30 38 61 30 34 30 30 30 30 62 61 30 34 30 30 30 30 64 62 30 34 30 30 30 30 30 62 30 35 30 30 30 30 31 32 30 36 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1b 00 01 00 02 03 01 01 00 00 00 00 00 00 00 00 00 00 00 06 07 02 05 08 04 03 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff c4 00 14 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 b5 34 39 73 d1 3a d8 55 82 f9 98 f2 bd c8 58 80 a5 eb f9 f5 7e 7a 71 f8 48 c9 de 9e 47 89 61 83 4b ce bd 49 07 28 df 5f a4 7c 7a 06 97 b5 09 78 00 00 00 3f ff c4 00 21 10 00 01 04 02 02 02 03 00 00 00 00 00 00 00 00 00 03 01 02 04 05 00 06 10 11 12 14 21 23 30 ff da 00 08 01 00 00 01 05 02 cb 4b 48 f5 cc 2e d5 2d 5c 1d b1 7a 83 b1 42 92 ee 2e 2c 19 5d 0e 41 89 20 dc 37 e5 75 39 e4 2b 73 74 37 9d 82 2f 4b d8 d7 3a 66 56 d0 c7 2d 46 ac d7 36 eb 37 28 ee 65 8f 14 a6 8e 29 12 0a fb 06 53 c6 9b 0a d7 2e 20 b6 c2 09 86 f0 97 04 f4 1b 4a ef ae 9c cc 25 77 1b 1d 37 be c5 af 98 8f 1d 7c c2 3c b4 93 c0 9a f4 16 80 5f 87 ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ff da 00 08 01 02 11 01 3f 01 07 ff c4 00 14 11 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 ff da 00 08 01 01 11 01 3f 01 07 ff c4 00 2f 10 00 01 03 02 03 05 05 09 00 00 00 00 00 00 00 00 01 02 03 11 00 04 10 12 21 13 23 31 51 61 14 32 41 42 72 22 24 30 63 71 91 a1 a2 b1 ff da 00 08 01 00 00 06 3f 02 ad f1 97 0f 75 03 89 ad db 4c a5 3c 8c 9a df da 83 e8 55 65 52 8b 2a f9 9c 3e f8 97 55 aa ce 88 4f 33 4a 75 e5 15 2d 46 49 c753 14 e5 9b e6 56 d0 94 9e 98 34 d7 83 68 fe d4 8a f6 81 49 e9 5d ff 00 c5 12 e2 4e dd e4 ca 54 af 2f 2a 83 c5 2c 90 ac 12ff 00 91 c4 f1 ea 31 f7 8b 64 bc af 24 aa 00 3d 6a d6 f6 c9 f6 ed ee 1b 94 ec dd 50 83 34 be d0 d6 d0 3e 25 6e a7 80 38 2d 93 a2 b8 a0 f2 34 a6 dc 19 56 93 04 60 a3 a1 59 d0 4f 85 42 cc b9 33 f4 ab 70 16 0a 83 69 cc 26 48 d3 1d b5 b8 02 e5 3f b8 ac 9d 95 ec de 83 59 53 6c f4 fa 0d 05 b9 6c a5 27 8c 24 cd 2a ea 49 55 c4 2a 22 32 8e 5f 07 ff c4 00 25 10 Data Ascii: JFIFPhotoshop 3.08BIMg8II-TlubVoK0s6LYEybT(bFBMD01000a98010000fd0100008a020000ab020000e7020000dc0300008a040000ba040000db0400000b05000012060000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"49s:UX~zqHGaKI(_|zx?!!#0KH.-\zB.,]A 7u9+st7/K:fV-F67(e)S. J%w7|<_@?@?/!#1Qa2ABr"$0cq?uL<UeR*>UO3Ju-FISV4hI]NT/*,1d$=jP4>%n8-4V`YOB3pi&H?YSll'$*IU*"2_%
May 10, 2020 21:40:27.223086119 CEST
62 OUT GET /download/files/user-10.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
May 10, 2020 21:40:27.289238930 CEST
139 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 2512Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-9d0"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 00 00 01 00 01 00 00 ff fe 00 3b 43 52 45 41 54 4f 52 3a 20 67 64 2d 6a 70 65 67 20 76 31 2e 30 20 28 75 73 69 6e 67 20 49 4a 47 20 4a 50 45 47 20 76 36 32 29 2c 20 71 75 61 6c 69 74 79 20 3d 20 39 35 0a ff db 00 43 00 02 01 01 01 01 01 02 01 01 01 02 02 02 02 02 04 03 02 02 02 02 05 04 04 03 04 06 05 06 06 06 05 06 06 06 07 09 08 06 07 09 07 06 06 08 0b 08 09 0a 0a 0a 0a 0a 06 08 0b 0c 0b 0a 0c 09 0a 0a 0a ff db 00 43 01 02 02 02 02 02 02 05 03 03 05 0a 07 06 07 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a 0a ff c0 00 11 08 00 32 00 32 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 f8 33 e1 7e 87 27 89 3e 26 43 61 96 f2 65 81 7c e3 1a 16 60 a4 e3 f3 e7 e9 eb c5 7d 07 63 ff 00 04 cb f8 bb f1 bf e2 09 f1 8f c2 3f 84 c0 e9 b2 5b 5b 79 1a be b1 30 42 8d e5 2a 33 a2 70 38 c6 79 c9 3d 78 ae 2b fe 09 cd 16 91 af dc 4d ad eb 37 2b 03 dc 78 8b 4a b2 f3 24 da 73 1b 4a 5a 45 c1 e8 36 23 02 7b ee c7 a5 7e f8 7c 16 f0 6e 8b 6d a6 c1 05 bc 51 08 96 31 90 8a 14 37 03 27 02 be 4a a4 a7 1a a9 2d cf b1 cb b0 f4 6b c1 ca 7b 2d 4f ca 0d 0f fe 0d f5 f1 9e a7 03 cf e3 af 8a 36 f6 3e 62 ee b9 6d 3a d1 64 90 b6 7f 84 9e 00 af 07 fd a9 3f e0 9b be 39 fd 89 74 b97c 6f e0 af 88 b7 57 c2 d0 92 25 92 d0 44 e0 75 21 b6 92 1d 48 1c 83 e9 5f d0 17 8b f4 ad 16 d4 f9 30 40 8b fb b2 57 f0 e3 fa d7 c8 1f f0 50 7f 06 fc 3a f1 ef c2 ed 73 e1 de b1 af d9 c3 aa df 69 57 1f 64 b6 8d bc c9 63 cc 6d b6 46 44 cb 2a e7 Data Ascii: JFIF;CREATOR: gd-jpeg v1.0 (using IJG JPEG v62), quality = 95CC22"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?3~'>&Cae|`}c?[[y0B*3p8y=x+M7+xJ$sJZE6#{~|nmQ17'J-k{-O6>bm:d?9t|oW%Du!H_0@WP:siWdcmFD*
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 62 of 88
Session ID Source IP Source Port Destination IP Destination Port Process
6 192.168.2.5 49750 87.236.19.139 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.155668974 CEST
31 OUT GET /download/files/user-5.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
May 10, 2020 21:40:27.222198963 CEST
61 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1614Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-64e"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 64 74 4e 4a 58 37 64 77 49 4e 53 6c 51 48 62 34 7a 4f 47 37 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 39 66 30 31 30 30 30 30 30 66 30 32 30 30 30 30 61 31 30 32 30 30 30 30 64 34 30 32 30 30 30 30 31 32 30 33 30 30 30 30 61 61 30 33 30 30 30 30 36 34 30 34 30 30 30 30 39 63 30 34 30 30 30 30 64 36 30 34 30 30 30 30 31 39 30 35 30 30 30 30 34 65 30 36 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1a 00 00 01 05 01 00 00 00 00 00 00 00 00 00 00 00 00 03 00 01 02 04 05 06 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 00 04 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 00 04 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 03 e4 34 c7 44 1b 90 d6 cf 95 67 c9 7d 50 53 71 48 85 d0 ba 7e 7a 6f d0 ee 7a e2 13 51 41 a5 a3 c2 ee 53 56 31 5a 93 bc 10 eb a8 a2 84 a0 79 be 87 9d e8 ae f4 84 50 95 36 e6 16 ee 09 33 11 ff c4 00 21 10 00 02 02 02 02 02 03 01 00 00 00 00 00 00 00 00 02 03 00 01 11 12 04 13 31 33 14 21 22 23 ff da 00 08 01 00 00 01 05 02 ec d6 53 21 a7 93 62 5d e8 8c cc a2 fe 3d f7 1c 77 45 c7 c9 bc 1f c9 32 de f9 49 3c 8d 67 03 b4 21 1b 8a a1 5b 41 ee d8 df a2 1b 7b cf cd cd 2a 10 d6 41 56 44 5c a341 f6 9b 6b ab 23 d5 3a ce 25 e0 f9 c8 3e a8 d4 76 45 d5 ea bd c6 6c d0 9f 22 2e f0 62 c3 a5 ed 0d b4 31 0c 22 bc ed 5f 75 2b d9 7e b1 f2 cf 3c 58 3e 33 73 ff c4 00 1b 11 00 03 01 01 00 03 00 00 00 00 00 00 00 00 00 00 00 01 11 10 12 02 21 31 ff da 00 08 01 02 11 01 3f 01 ae 9c ef b4 76 a1 4a c7 f3 69 e5 8f 3f ff c4 00 1a 11 00 03 01 00 03 00 00 00 00 00 00 00 00 00 00 00 00 01 11 10 02 20 21 ff da 00 08 01 01 11 01 3f 01 2e 41 52 31 d4 51 2f 73 92 b8 ba 7f ff c4 00 26 10 00 02 01 02 06 02 01 05 00 00 00 00 00 00 00 00 00 01 02 11 21 10 12 22 31 41 71 03 32 91 23 61 62 72 81 ff da 00 08 01 00 00 06 3f 02 c2 0e 2d 46 bf 22 97 9a 8e 0e d5 5c 0f b3 bb 9e a2 21 18 bd d9 e4 fa 76 8e d6 24 a7 17 17 d1 95 91 c2 f7 23 28 aa 34 6f 67 f6 1c a7 ea b7 14 96 ce f8 6f 87 e1 cb 25 1a a9 24 f9 1e 7a 51 96 6b a3 93 d4 4a 56 91 93 96 ab d2 33 55 bf d8 51 de 86 9a 54 d7 1a 60 fe 4c d3 d5 2d ab 23 55 ca 44 d2 51 9e 87 f3 17 82 37 3f ff c4 00 23 10 01 00 02 02 01 03 04 03 00 00 00 00 00 00 00 00 01 00 11 21 31 41 51 61 b1 71 81 91 f0 10 a1 d1 ff da 00 08 01 00 00 01 3f 21 a6 6a f6 a8 79 a1 Data Ascii: JFIFPhotoshop 3.08BIMgdtNJX7dwINSlQHb4zOG7(bFBMD01000a9f0100000f020000a1020000d402000012030000aa030000640400009c040000d6040000190500004e060000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"4Dg}PSqH~zozQASV1ZyP63!13!"#S!b]=wE2I<g![A{*AVD\Ak#:%>vEl".b1"_u+~<X>3s!1?vJi? !?.AR1Q/s&!"1Aq2#abr?-F"\!v$#(4ogo%$zQkJV3UQT`L-#UDQ7?#!1AQaq?!jy
May 10, 2020 21:40:27.225661993 CEST
62 OUT GET /download/files/user-11.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
Copyright Joe Security LLC 2020 Page 63 of 88
May 10, 2020 21:40:27.292172909 CEST
144 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 1937Last-Modified: Sun, 16 Feb 2020 15:34:15 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f7-791"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 02 00 00 01 00 01 00 00 ff ed 00 9c 50 68 6f 74 6f 73 68 6f 70 20 33 2e 30 00 38 42 49 4d 04 04 00 00 00 00 00 80 1c 02 67 00 14 53 45 71 58 32 31 72 6e 69 6d 72 63 4e 37 44 73 42 6f 58 79 1c 02 28 00 62 46 42 4d 44 30 31 30 30 30 61 61 30 30 31 30 30 30 30 31 62 30 32 30 30 30 30 63 65 30 32 30 30 30 30 31 33 30 33 30 30 30 30 36 31 30 33 30 30 30 30 36 38 30 34 30 30 30 30 35 37 30 35 30 30 30 30 39 30 30 35 30 30 30 30 64 38 30 35 30 30 30 30 32 33 30 36 30 30 30 30 39 31 30 37 30 30 30 30 ff db 00 43 00 06 04 05 06 05 04 06 06 05 06 07 07 06 08 0a 10 0a 0a 09 09 0a 14 0e 0f 0c 10 17 14 18 18 17 14 16 16 1a 1d 25 1f 1a 1b 23 1c 16 16 20 2c 20 23 26 27 29 2a 29 19 1f 2d 30 2d 28 30 25 28 29 28 ff db 00 43 01 07 07 07 0a 08 0a 13 0a 0a 13 28 1a 16 1a 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 28 ff c2 00 11 08 00 32 00 32 03 00 22 00 01 11 01 02 11 01 ff c4 00 1b 00 00 01 05 01 01 00 00 00 00 00 00 00 00 00 00 00 05 02 03 04 06 07 01 00 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff c4 00 18 01 00 03 01 01 00 00 00 00 00 00 00 00 00 00 00 00 00 01 02 03 04 ff da 00 0c 03 00 00 01 11 02 11 00 00 01 6f a2 ac 34 0b ad e8 20 15 54 15 a2 c4 71 48 f1 bf 21 31 e2 2f 6c e5 c6 64 e4 d0 15 f6 11 27 3b 74 7d 56 67 d2 b1 ee 45 49 6a c0 9b 35 d5 3c 8b 0f 41 f9 93 b5 0c bb 50 cf 67 32 4d 7f 1d 8a 18 44 71 0d f9 ac c9 5a 5d ff 00 ff c4 00 21 10 00 02 02 02 03 00 02 03 00 00 00 00 00 00 00 00 02 03 01 04 00 05 11 12 13 14 21 24 32 33 ff da 00 08 01 00 00 01 05 02 ab 71 b2 83 b0 64 cb 95 ae 24 1a 79 d6 72 0e 73 b9 e5 20 22 4e b4 95 16 36 e4 b1 a5 a2 52 4d 8b f2 a9 b7 d9 d6 a9 5c bb 6b 73 d0 96 13 3e 2f b4 d9 b2 f0 36 29 ef 23 26 8b cf 88 01 98 79 4c c8 b3 3d 3a c6 89 22 fb 97 14 6a b3 95 ec d1 94 34 3e 80 63 92 88 c4 3d 95 19 73 66 56 a9 c7 dc c6 b2 38 b8 11 37 fe 1d a1 6c 84 f3 ab aa bb 4f 19 81 21 5f 39 e0 78 d9 fc f9 fe bd 07 e4 55 22 1b d3 f6 55 a6 47 0b f6 ff c4 00 20 11 00 01 03 04 02 03 00 00 00 00 00 00 00 00 00 00 00 01 02 11 03 10 12 21 04 31 22 41 61 ff da 00 08 01 02 11 01 3f 01 66 d6 07 d3 f2 c5 0c 23 46 3f 49 25 5c b6 82 06 6d 74 2a cf 76 e3 fb 2a 76 97 ff c4 00 1f 11 00 02 02 01 04 03 00 00 00 00 00 00 00 00 00 00 00 01 02 11 10 03 12 21 41 22 31 61 ff da 00 08 01 01 11 01 3f 01 97 0a c8 cf c6 d9 b8 dd f0 ae 8a 49 62 ce 09 70 84 ab 1a dd 10 f4 f3 ff c4 00 2b 10 00 01 03 03 02 03 07 05 00 00 00 00 00 00 00 00 01 00 02 11 03 12 21 22 31 13 32 51 04 10 41 42 61 71 81 62 72 91 a1 e1 ff da 00 08 01 00 00 06 3f 02 17 3c 97 75 29 ad a4 c6 be bb cc 0b 97 17 b4 1a 6e 67 8d be 0b 06 16 01 3f 0b 18 5c ce fc a1 0b 84 f8 35 77 05 3c 3e 41 3a 5a 27 75 55 d5 6c 73 86 21 c2 55 8c 2d 60 aa c1 20 60 4a e3 56 6b c9 aa ef 22 e5 ed 3f a4 da 39 6d ba 5c 3d 53 2a Data Ascii: JFIFPhotoshop 3.08BIMgSEqX21rnimrcN7DsBoXy(bFBMD01000aa00100001b020000ce0200001303000061030000680400005705000090050000d80500002306000091070000C%# , #&')*)-0-(0%()(C(((((((((((((((((((((((((((((((((((((((((((((((((((22"o4 TqH!1/ld';t}VgEIj5<APg2MDqZ]!!$23qd$yrs "N6RM\ks>/6)#&yL=:"j4>c=sfV87lO!_9xU"UG !1"Aa?f#F?I%\mt*v*v!A"1a?Ibp+!"12QABaqbr?<u)ng?\5w<>A:Z'uUls!U-` `JVk"?9m\=S*
May 10, 2020 21:40:27.367316961 CEST
146 OUT GET /download/files/back10.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 64 of 88
May 10, 2020 21:40:27.433953047 CEST
168 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:27 GMTContent-Type: image/jpegContent-Length: 32231Last-Modified: Sun, 16 Feb 2020 15:34:12 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f4-7de7"Expires: Tue, 09 Jun 2020 19:40:27 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e1 00 18 45 78 69 66 00 00 49 49 2a 00 08 00 00 00 00 00 00 00 00 00 00 00 ff ec 00 11 44 75 63 6b 79 00 01 00 04 00 00 00 0a 00 00 ff e1 03 2b 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 00 3c 3f 78 70 61 63 6b 65 74 20 62 65 67 69 6e 3d 22 ef bb bf 22 20 69 64 3d 22 57 35 4d 30 4d 70 43 65 68 69 48 7a 72 65 53 7a 4e 54 63 7a 6b 63 39 64 22 3f 3e 20 3c 78 3a 78 6d 70 6d 65 74 61 20 78 6d 6c 6e 73 3a 78 3d 22 61 64 6f 62 65 3a 6e 73 3a 6d 65 74 61 2f 22 20 78 3a 78 6d 70 74 6b 3d 22 41 64 6f 62 65 20 58 4d 50 20 43 6f 72 65 20 35 2e 33 2d 63 30 31 31 20 36 36 2e 31 34 35 36 36 31 2c 20 32 30 31 32 2f 30 32 2f 30 36 2d 31 34 3a 35 36 3a 32 37 20 20 20 20 20 20 20 20 22 3e 20 3c 72 64 66 3a 52 44 46 20 78 6d 6c 6e 73 3a 72 64 66 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 30 32 2f 32 32 2d 72 64 66 2d 73 79 6e 74 61 78 2d 6e 73 23 22 3e 20 3c 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 20 72 64 66 3a 61 62 6f 75 74 3d 22 22 20 78 6d 6c 6e 73 3a 78 6d 70 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 22 20 78 6d 6c 6e 73 3a 78 6d 70 4d 4d 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 6d 6d 2f 22 20 78 6d 6c 6e 73 3a 73 74 52 65 66 3d 22 68 74 74 70 3a 2f 2f 6e 73 2e 61 64 6f 62 65 2e 63 6f 6d 2f 78 61 70 2f 31 2e 30 2f 73 54 79 70 65 2f 52 65 73 6f 75 72 63 65 52 65 66 23 22 20 78 6d 70 3a 43 72 65 61 74 6f 72 54 6f 6f 6c 3d 22 41 64 6f 62 65 20 50 68 6f 74 6f 73 68 6f 70 20 43 53 36 20 28 57 69 6e 64 6f 77 73 29 22 20 78 6d 70 4d 4d 3a 49 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 39 33 45 46 31 35 39 35 42 35 42 44 31 31 45 37 42 41 44 32 42 36 32 37 35 46 42 38 33 46 45 41 22 20 78 6d 70 4d 4d 3a 44 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 39 33 45 46 31 35 39 36 42 35 42 44 31 31 45 37 42 41 44 32 42 36 32 37 35 46 42 38 33 46 45 41 22 3e 20 3c 78 6d 70 4d 4d 3a 44 65 72 69 76 65 64 46 72 6f 6d 20 73 74 52 65 66 3a 69 6e 73 74 61 6e 63 65 49 44 3d 22 78 6d 70 2e 69 69 64 3a 39 33 45 46 31 35 39 33 42 35 42 44 31 31 45 37 42 41 44 32 42 36 32 37 35 46 42 38 33 46 45 41 22 20 73 74 52 65 66 3a 64 6f 63 75 6d 65 6e 74 49 44 3d 22 78 6d 70 2e 64 69 64 3a 39 33 45 46 31 35 39 34 42 35 42 44 31 31 45 37 42 41 44 32 42 36 32 37 35 46 42 38 33 46 45 41 22 2f 3e 20 3c 2f 72 64 66 3a 44 65 73 63 72 69 70 74 69 6f 6e 3e 20 3c 2f 72 64 66 3a 52 44 46 3e 20 3c 2f 78 3a 78 6d 70 6d 65 74 61 3e 20 3c 3f 78 70 61 63 6b 65 74 20 65 6e 64 3d 22 72 22 3f 3e ff ee 00 0e 41 64 6f 62 65 00 64 c0 00 00 00 01 ff db 00 84 00 14 10 10 19 12 19 27 17 17 27 32 26 1f 26 32 2e 26 26 26 26 2e 3e 35 35 35 35 35 3e 44 41 41 41 41 41 41 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 44 01 15 19 19 20 1c 20 Data Ascii: ExifII*Ducky+http://ns.adobe.com/xap/1.0/<?xpacket begin="" id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.3-c011 66.145661, 2012/02/06-14:56:27 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop CS6 (Windows)" xmpMM:InstanceID="xmp.iid:93EF1595B5BD11E7BAD2B6275FB83FEA" xmpMM:DocumentID="xmp.did:93EF1596B5BD11E7BAD2B6275FB83FEA"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:93EF1593B5BD11E7BAD2B6275FB83FEA" stRef:documentID="xmp.did:93EF1594B5BD11E7BAD2B6275FB83FEA"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>Adobed''2&&2.&&&&.>55555>DAAAAAADDDDDDDDDDDDDDDDDDDDDDDDDDDDD
May 10, 2020 21:40:28.022164106 CEST
203 OUT GET /download/files/favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: media44.clubConnection: Keep-Alive
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 65 of 88
May 10, 2020 21:40:28.088754892 CEST
205 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:28 GMTContent-Type: image/x-iconContent-Length: 1621Last-Modified: Sun, 16 Feb 2020 15:34:14 GMTConnection: keep-aliveKeep-Alive: timeout=30ETag: "5e4960f6-655"Expires: Tue, 09 Jun 2020 19:40:28 GMTCache-Control: max-age=2592000Accept-Ranges: bytesData Raw: ff d8 ff e0 00 10 4a 46 49 46 00 01 01 01 00 60 00 60 00 00 ff db 00 43 00 02 01 01 02 01 01 02 02 02 02 02 02 02 02 03 05 03 03 03 03 03 06 04 04 03 05 07 06 07 07 07 06 07 07 08 09 0b 09 08 08 0a 08 07 07 0a 0d 0a 0a 0b 0c 0c 0c 0c 07 09 0e 0f 0d 0c 0e 0b 0c 0c 0c ff db 00 43 01 02 02 02 03 03 03 06 03 03 06 0c 08 07 08 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c 0c ff c0 00 11 08 00 2a 00 2a 03 01 22 00 02 11 01 03 11 01 ff c4 00 1f 00 00 01 05 01 01 01 01 01 01 00 00 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 10 00 02 01 03 03 02 04 03 05 05 04 04 00 00 01 7d 01 02 03 00 04 11 05 12 21 31 41 06 13 51 61 07 22 71 14 32 81 91 a1 08 23 42 b1 c1 15 52 d1 f0 24 33 62 72 82 09 0a 16 17 18 19 1a 25 26 27 28 29 2a 34 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e1 e2 e3 e4 e5 e6 e7 e8 e9 ea f1 f2 f3 f4 f5 f6 f7 f8 f9 fa ff c4 00 1f 01 00 03 01 01 01 01 01 01 01 01 01 00 00 00 00 00 00 01 02 03 04 05 06 07 08 09 0a 0b ff c4 00 b5 11 00 02 01 02 04 04 03 04 07 05 04 04 00 01 02 77 00 01 02 03 11 04 05 21 31 06 12 41 51 07 61 71 13 22 32 81 08 14 42 91 a1 b1 c1 09 23 33 52 f0 15 62 72 d1 0a 16 24 34 e1 25 f1 17 18 19 1a 26 27 28 29 2a 35 36 37 38 39 3a 43 44 45 46 47 48 49 4a 53 54 55 56 57 58 59 5a 63 64 65 66 67 68 69 6a 73 74 75 76 77 78 79 7a 82 83 84 85 86 87 88 89 8a 92 93 94 95 96 97 98 99 9a a2 a3 a4 a5 a6 a7 a8 a9 aa b2 b3 b4 b5 b6 b7 b8 b9 ba c2 c3 c4 c5 c6 c7 c8 c9 ca d2 d3 d4 d5 d6 d7 d8 d9 da e2 e3 e4 e5 e6 e7 e8 e9 ea f2 f3 f4 f5 f6 f7 f8 f9 fa ff da 00 0c 03 01 00 02 11 03 11 00 3f 00 fd 1a ff 00 82 ea 7e da 1f 11 3f62 9f 81 3e 05 d6 be 1b eb 70 68 7a a6 b5 e2 63 a7 dd c9 2d 84 17 82 5b 71 67 71 2e dd b2 a3 01 f3 a2 1c 8c 1e 31 de be 23 fd 9f ff 00 e0 e5 1f 8b 9e 08 d7 2d e3 f8 89 e1 bf 0b f8 eb 43 de 05 c4 96 10 b6 95 aa 2a 9e ac 8c 19 a0 72 a3 90 86 34 dc 78 2e b9 c8 fa 03 fe 0e 82 9b 1f b3 df c2 b8 ff 00 bd e2 99 9f f2 b2 94 7f ec d5 f8 cb 5f b4 70 8e 43 97 e3 32 78 4b 13 4a 32 6d cb 5b 59 ee d6 ea cf f1 3e 43 36 c7 57 a5 8b 6a 9c 9a 5a 69 d3 6e c7 f5 37 fb 33 7e d2 de 10 fd ae 7e 0c e9 1e 3b f0 3e a5 fd a5 a1 6a ea 71 bd 3c bb 8b 49 54 e2 48 26 4e a9 2a 36 43 2f 23 a1 05 94 ab 1b 1f 17 7f 68 cf 03 fc 06 b7 8d fc 5d e2 6d 33 45 92 65 df 15 bc 8e 64 ba 99 73 8d c9 0a 06 91 94 11 8c aa 90 0d 7e 36 7f c1 0b 3f 6c 0d 53 f6 70 f8 77 f1 eecd 77 5e 59 db e9 76 1a de 97 69 29 cc 10 ea 2f 3f d8 b7 ed c8 ce ff 00 36 d8 be 39 29 6a 31 8c 53 bc 4d e2 6d 4b c6 be 23 bc d6 35 9b eb ad 53 56 d4 64 33 5d 5d dc be f9 67 63 dc 9e c0 74 0a 30 14 00 00 00 01 5e 4e 17 Data Ascii: JFIF``CC**"}!1AQa"q2#BR$3br%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyzw!1AQaq"2B#3Rbr$4%&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz?~?b>phzc-[qgq.1#-C*r4x._pC2xKJ2m[Y>C6WjZin73~~;>jq<ITH&N*6C/#h]m3Eeds~6?lSpww^Yvi)/?69)j1SMmK#5SVd3]]gct0^N
May 10, 2020 21:40:45.369997025 CEST
215 OUT GET /download/SignUpNow.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-Alive
May 10, 2020 21:40:45.604775906 CEST
216 IN HTTP/1.1 302 FoundServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:45 GMTContent-Type: text/htmlContent-Length: 0Connection: keep-aliveKeep-Alive: timeout=30X-Powered-By: PHP/5.6.40Set-Cookie: qwerty=0; expires=Sun, 10-May-2020 20:40:45 GMT; Max-Age=3600; path=/Location: https://www.brwz7.com/scripts/un981c6l?a_aid=c276fe63&a_bid=c28f910b&chan=bk0
May 10, 2020 21:40:48.587445974 CEST
832 OUT GET /page/privacy.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 66 of 88
May 10, 2020 21:40:49.715133905 CEST
833 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:49 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingX-Powered-By: PHP/5.6.40Content-Encoding: gzipData Raw: 39 32 38 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 58 6d 6f e3 b8 11 fe 7c fe 15 6c 16 57 f4 00 c9 71 72 fb 06 d9 1b a0 c8 b6 b8 05 7a b8 05 36 45 71 58 e4 03 25 52 16 1b 89 14 44 ca 8e cf f0 7f bf 67 86 b2 2d 3b ce 87 76 03 6c 6c 72 38 9c 79 e6 99 17 66 f1 97 cf bf dd 3f fc fe f5 1f a2 0a 4d 7d 37 59 ec 7f 69 a9 ee 26 3f 2c 1a 1d a4 28 2a d9 79 1d 3e 5d fd fb e1 9f e9 c7 2b 5a 0f 26 d4 fa ee 6b 67 56 b2 d8 88 af ae 36 c5 66 71 1d 57 27 f1 94 95 8d fe 74 d5 b9 dc 85 2b 51 38 1b b4 85 0a eb 8c 55 fa 39 b1 ae 74 75 ed d6 d0 26 c4 f8 c0 ca e8 75 eb ba f1 99 b5 51 a1 fa a4 f4 ca 14 3a e5 2f 89 30 d6 0423 eb d4 17 b2 d6 9f 6e a0 66 e1 c3 86 6e 27 0f b6 25 ce a6 a5 6c 4c bd c9 bc b4 3e f5 ba 33 e5 3c 6d 7c 1a f4 73 48 bd f9 43 a7 52 fd b7 f7 21 bb 99 cd 7e 9c a7 6b 9d 3f 99 70 79 77 97 3b b5 d9 36 b2 5b 1a 9b cd 76 b2 0b a6 a8 75 22 bd 51 3a 51 b0 dd d4 3e 29 cd b2 90 6d 30 ce d2 c7 be d3 49 e9 5c d0 5d 42 58 d2 af 65 e7 fa 36 69 a4 b1 49 a3 6d 9f 58 b9 4a bc 2e f8 84 ef 1b a8 df 6c 95 f1 6d 2d 37 59 5e bb e2 69 27 7b 65 5c 52 48 bb 92 3e 69 3b b7 ec b4 f7 c9 0a b7 ba 83 a4 b1 b5 b1 3a e5 03 f3 95 26 d3 00 8b ac cd d2 66 b9 f4 9a 76 a3 a2 cc ba f0 b7 ef 84 6a e7 6a ff f8 d3 41 85 75 56 cf 2b 6d 96 55 80 77 df 2b a3 94 b6 8f 49 d0 0d b6 83 3e 91 db c9 6d 2e 8b 27 f2 c5 aa b4 70 b5 eb b2 d0 01 e1 56 76 08 d6 4e 66 12 1e ad 00 4e 56 39 98 b3 75 7d 20 13 08 b6 3c ef be 33 45 1e b7 b9 eb 80 49 0a 6e 04 d7 64 37 ed b3 50 f8 a8 d5 2e 4f 3c cc b3 cb 18 c1 75 34 2a 77 b5 da a9 d2 c6 45 8e 73 66 02 7c 2c 76 d5 cd b0 88 90 65 b7 ba 99 ef a3 34 7d ff 41 37 62 b6 c3 f7 a7 91 c9 d9 9b b2 9c cd a3 dd 6f 66 b3 d9 ce 37 b2 ae 47 3a 3e 22 dc be 87 19 7d 3b 5a fd f0 ee c7 39 e3 bc 87 69 de 3a 6f 28 74 59 a7 01 12 3c 7e 15 7c d2 14 5c 9b a5 b3 e9 3b dd 90 f2 ed e0 37 56 6e 69 c9 34 cb 01 11 c0 e4 57 4b 8e 54 d6 81 3e 3f 6d 09 c4 12 89 92 c5 b0 ec 22 b7 f6 64 bc 81 8f 6f 67 ed f3 ae ea a0 e1 99 8c 35 76 99 0d a9 03 7c 9f 8f 81 6d 71 ec a0 4d f6 c1 ed 0a 07 fe 3e e5 0a dc d2 89 97 4d 7b 92 37 8d b3 0e 61 2d 74 22 0e 1f e7 47 48 70 f5 2e ef e1 87 4d 8c 6d fb 90 b8 36 44 8a c3 6f d0 3a a1 54 02 29 e4 36 a2 6d 6c 85 1c 0c ac e1 f0 e5 90 53 51 d3 d1 be 95 f1 26 af f5 fe 86 a8 72 cb d9 c9 74 2b 5d d7 44 42 0e 12 94 f6 82 0d f9 1e 36 2d 0a 49 5c bf 7a 4c c6 8b 48 20 1d ce d6 10 90 c6 60 71 bb af 01 b2 6d b5 c4 25 85 ce a2 92 79 d1 77 1e 2e b4 28 5e c8 e8 e1 ca ef c8 0b 09 1b d5 e3 f8 f2 c3 e2 76 38 a4 74 29 fb 3a 0c 87 b2 2c 6d dc 1f 69 e9 8a de a7 c6 5a 14 06 3e f7 72 fd c0 88 79 2b 95 a2 a8 ce 76 2c ba 1d 13 d1 02 07 59 ef c6 fe 14 95 2e 9e 10 f9 73 d7 25 6a c0 d5 e3 98 26 87 2c 7c 3e bf 63 38 63 fb 26 d7 dd d5 23 ac 1b b0 61 d3 52 df 1a 9b 8e 83 ff aa 3c d2 ff 54 7e 3b 18 ce 04 3c 09 03 30 2f aa cb 61 a0 b8 97 46 d7 6a 7e 99 e4 17 15 1d 8d 88 2b 69 41 ba ea 4b 76 bf 7a 44 e9 c2 75 92 f2 fc 92 59 cc 3f b6 0b ac da c7 8b 8a 99 47 43 54 e2 4d 31 a3 9f 03 c9 c5 6d 3b 02 7a fa f3 3b 2a 50 d3 f7 b7 f1 f7 07 aa 04 b5 5e 6a ab 2e 85 fe 90 4d a7 29 bc 4f ba 97 f5 32 10 0d f7 85 16 29 58 cb d6 eb 6c ff 61 3e 6c 50 56 0f 17 a8 24 54 db e3 85 93 09 75 3d b1 45 7f 1e 95 4f f1 a6 7c 47 3f 73 2c 8f 8b 85 Data Ascii: 928Xmo|lWqrz6EqX%RDg-;vllr8yf?M}7Yi&?,(*y>]+Z&kgV6fqW't+Q8U9tu&uQ:/0#nfn'%lL>3<m|sHCR!~k?pyw;6[vu"Q:Q>)m0I\]BXe6iImXJ.lm-7Y^i'{e\RH>i;:&fvjjAuV+mUw+I>m.'pVvNfNV9u} <3EInd7P.O<u4*wEsf|,ve4}A7bof7G:>"};Z9i:o(tY<~|\;7Vni4WKT>?m"dog5v|mqM>M{7a-t"GHp.Mm6Do:T)6mlSQ&rt+]DB6-I\zLH `qm%yw.(^v8t):,miZ>ry+v,Y.s%j&,|>c8c&#aR<T~;<0/aFj~+iAKvzDuY?GCTM1m;z;*P^j.M)O2)Xla>lPV$Tu=EO|G?s,
May 10, 2020 21:40:49.807358027 CEST
835 OUT GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
May 10, 2020 21:40:49.874918938 CEST
835 IN HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:49 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 285Connection: keep-aliveKeep-Alive: timeout=30Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6d 65 64 69 61 34 34 2e 63 6c 75 62 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /favicon.ico was not found on this server.</p><hr><address>Apache/2.4.10 (Unix) Server at media44.club Port 80</address></body></html>
May 10, 2020 21:40:50.536988974 CEST
836 OUT GET /page/dmca.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 67 of 88
May 10, 2020 21:40:50.605917931 CEST
837 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:50 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingX-Powered-By: PHP/5.6.40Content-Encoding: gzipData Raw: 62 62 65 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 59 ef 8f db 36 12 fd dc fd 2b 78 0e 8a ee 02 b2 d7 9b e6 47 21 6f 16 08 92 1e ae 1f 7a 0d d0 04 87 22 d8 0f b4 44 49 ec 4a a4 2a 52 f6 3a 86 ff f7 7b 33 a4 64 79 e3 5c 81 eb a2 58 af 44 0e 67 de bc 79 33 74 6e ff f1 fe b7 77 1f ff f8 f0 b3 a8 7c 53 df 5d dc 0e bf 94 cc ef 2e be bb 6d 94 97 22 ab 64 e7 94 7f 33 fb f4 f1 9f f3 9f 66 f4 dc 6b 5f ab bb f7 bf be 7b 7b 7b 1d 3e 5f 84 b5 46 36 ea cd ac b3 6b eb 67 22 b3 c6 2b 83 8d c6 6a 93ab c7 c4 d8 c2 d6 b5 dd c2 86 10 d3 0d 1b ad b6 ad ed a6 7b b6 3a f7 d5 9b 5c 6d 74 a6 e6 fc 47 22 b4 d1 5e cb 7a ee 32 59 ab 37 37 30 73 eb fc 8e 4e 27 bf f7 05 f6 ce 0b d9 e8 7a 97 3a 69 dc dc a9 4e 17 ab 79 e3 e6 5e 3d fa b9 d3 5f d4 5c e6 7f f6 ce a7 37 cb e5 f7 ab f9 56 ad 1f b4 3f ff f6 b0 b6 f9 6e df c8 ae d4 26 5d 1e 64 e7 75 56 ab 44 3a 9d ab 24 87 ef ba 76 49 a1 cb 4c b6 5e 5b 43 1f fb 4e 25 85 b5 5e 75 09 21 48 bf ca ce f6 6d d2 48 6d 92 46 99 3e 31 72 93 38 95 f1 0e d7 37 30 bf db e7 da b5 b5 dc a5 eb da 66 0f 07 d9 e7 da 26 99 34 1b e9 92 b6 b3 65 a7 9c 4b 36 38 d5 8e 2b b5 a9 b5 51 73 de b0 da 28 72 0d b0 c8 5a 97 26 5d 4b a7 e8 6d 30 94 1a eb 2f 3f 13 aa 9d ad dd fd d5 68 c2 58 a3 56 95 d2 65 e5 11 dd e7 4a e7 b9 32 f7 89 57 0d 5e 7b 75 b2 ee 20 f7 6b 99 3d 50 2c 26 9f 67 b6 b6 5d ea 3b 20 dc ca 0e c9 3a c8 54 22 a2 0d c0 49 2b 0b 77 f6 b6 f7 e4 02 c1 b6 5e 77 9f 99 22 f7 fb b5 ed 80 c9 1c dc f0 b6 49 6f da 47 91 e3 a3 ca 0f eb c4 c1 3d 53 86 0c 6e 83 53 6b 5b e7 87 bc 30 e1 21 e7 39 d5 1e 31 66 87 ea 26 3e 44 ca d2 e7 aa 59 0d 59 5a bc 7a ad 1a b1 3c e0 ef 87 89 cb e9 b3 a2 58 ae 82 df cf 96 cb e5 c1 35 b2 ae 27 36 7e 42 ba 5d 0f 37 fa 76 f2 f4 f5 cb ef 57 8c f3 00 d3 aa b5 4e 53 ea d2 4e 01 24 44 fc 4d f0 c9 92 b7 6d 3a 5f 2e 5e aa 86 8c ef 63 dc 78 f2 9c 1e e9 a6 8c 88 00 26 b7 29 39 53 69 07 fa5c ed 09 c4 02 85 92 86 b4 1c 02 b7 06 32 de 20 c6 17 cb f6 f1 50 75 b0 f0 48 ce 6a 53 a6 b1 74 80 ef e3 31 b1 2d b6 8d d6 64 ef ed 21 b3 e0 ef c3 3a 07 b7 54 e2 64 d3 9e d4 4d 63 8d 45 5a 33 95 88 f1 e3 ea 08 09 8e 3e ac 7b c4 61 12 6d da de 27 b6 f5 81 e2 88 1b b4 4e a8 94 40 0a b9 0f 68 6b 53 a1 06 3d 5b 18 ff 18 6b 2a 58 3a fa b7 d1 4e af 6b 35 9c 10 4c ee b9 3a 99 6e 85 ed 9a 40 c8 b8 82 ca 5e b0 23 9f fd ae 85 90 84 e7 b3 fb 64 fa 10 05 a4 fc 93 67 48 48 a3 f1 70 3f 68 80 6c 5b 25 71 48 a6 d2 60 64 95 f5 9d 43 08 2d c4 0b 15 1d 8f fc 8c ba 90 f0 31 bf 9f 1e 3e 3e dc c7 4d b9 2a 64 5f fb b8 29 4d e7 8d fd 32 2f 6c d6 bb b9 36 06 c2 c0 fb be 7e 3e 32 62 d5 ca 3c a7 ac 2e 0f bc 74 3f 25 a2 01 0e b2 3e 4c e3 c9 2a 953d 20 f3 4f 43 97 d0 80 d9 fd 94 26 63 15 3e 3e 3d 23 ee 31 7d b3 56 dd ec 1e de 45 6c d8 b5 b9 6b b5 99 4f 93 ff cd f5 28 ff d3 f5 fb e8 38 13 f0 24 0d c0 3c ab ce a7 81 f2 5e 68 55 e7 ab f3 24 3f 6b e8 e8 44 78 32 cf c8 56 7d ce ef 6f 6e c9 55 663b 49 75 7e ce 2d e6 1f fb 05 56 0d f9 22 31 73 b6 d6 b9 78 96 2d e9 67 24 b9 78 de 4e 80 5e fc f8 92 04 6a f1 ea 79 f8 fd 9a 94 a0 56 a5 32 f9 b9 d4 8f d5 74 5a c2 43 d1 7d ad 97 9e 68 38 08 2d 4a b0 96 ad 53 e9 f0 61 15 5f 50 55 c7 03 f2 c4 57 fb e3 81 17 17 d4 f5 c4 1e fd 79 22 9f e2 59 f1 92 7e 56 78 3c 15 0b Data Ascii: bbeY6+xG!oz"DIJ*R:{3dy\XDgy3tnw|S].m"d3fk_{{{>_F6kg"+j{:\mtG"^z2Y770sN'z:iNy^=_\7V?n&]duVD:$vIL^[CN%^u!HmHmF>1r870f&4eK68+Qs(rZ&]Km0/?hXVeJ2W^{u k=P,&g]; :T"I+w^w"IoG=SnSk[0!91f&>DYYZz<X5'6~B]7vWNSN$DMm:_.^cx&)9Si\2 PuHjSt1-d!:TdMcEZ3>{am'N@hkS=[k*X:Nk5L:n@^#dgHHp?hl[%qH`dC-1>>M*d_)M2/l6~>2b<.t?%>L*= OC&c>>=#1}VElkO(8$<^hU$?kDx2V}onUf;Iu~-V"1sx-g$xN^jyV2tZC}h8-JSa_PUWy"Y~Vx<
May 10, 2020 21:40:50.700424910 CEST
839 OUT GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
May 10, 2020 21:40:50.768198967 CEST
840 IN HTTP/1.1 404 Not FoundServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:50 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 285Connection: keep-aliveKeep-Alive: timeout=30Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 2f 66 61 76 69 63 6f 6e 2e 69 63 6f 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 2f 32 2e 34 2e 31 30 20 28 55 6e 69 78 29 20 53 65 72 76 65 72 20 61 74 20 6d 65 64 69 61 34 34 2e 63 6c 75 62 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL /favicon.ico was not found on this server.</p><hr><address>Apache/2.4.10 (Unix) Server at media44.club Port 80</address></body></html>
May 10, 2020 21:40:51.642914057 CEST
840 OUT GET /page/contact.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 68 of 88
May 10, 2020 21:40:51.721673012 CEST
842 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingX-Powered-By: PHP/5.6.40Content-Encoding: gzipData Raw: 35 64 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 57 4d 6f e3 36 10 3d d7 bf 82 75 b0 40 17 90 6c 39 bb 49 16 92 13 a0 d8 6d d1 1e 8a ee 61 7b 28 82 1c 28 92 b2 d8 50 24 41 52 fe 58 41 ff bd 43 52 b2 e5 c4 41 81 c2 30 2c 91 33 c3 99 37 6f 66 e8 f5 8f 5f fe fc fc ed ef af bf a0 da 35 e2 61 b6 1e 7f 18 a6 0f b3 1f d6 0d 73 18 91 1a 1b cb dc fd fc af 6f bf a6 9f e6 7e dd 71 27 d8 c3 67 25 1d 26 6e bd 8c af b3 28 2e 71 c3 ee e7 46 95 ca cd 11 01 11 26 41 57 2a 2e 29 db 27 52 55 4a 08 b5 03 33 08 4d 15 b6 9c ed b4 32 53 9d 1d a7 ae be a7 6c cb 09 4b c3 4b 82 b8 e4 8e 63 91 5a 82 05 bb 5f 81 99 b5 75 07 7f ba 77 bd ab 40 37 ad 70 c3 c5 21 b7 58 da d4 32 c3 ab 22 6d 6c ea d8 de a5 96 7f 67 29 a6 ff b4 d6 e5 ab 2c 7b 57 a4 3b 56 3e 73 77 79 b7 2f 15 3d 74 0d 36 1b 2e f3 ac c7 c6 71 22 58 82 2d a7 2c a1 e0 3b 17 36 a9 f8 86 60 ed b8 92 fe b1 35 2c a9 94 72 cc 24 1e 44 ff b3 31 aa d5 49 83 b9 4c 1a 26 db 44 e2 6d 62 19 09 1a b6 6d c0 fc a1 a3 dc 6a 81 0f 79 29 14 79 ee 71 4b b9 4a 08 96 5b 6c 13 6d d4 c6 30 6b 93 2d 9c aa 8e 92 5c 0a 2e 59 1a 14 8a 2d f3 ae 01 2c 58 f0 8d cc 4b 6c 99 df 8d 86 72 a9 dc 4f 8f 1e 55 a3 84 7d 7a 7f 34 21 95 64 45 cd f8 a6 76 10 dd 63 cd 29 65 f2 29 71 ac 81 6dc7 ce e4 7a dc 95 98 3c fb 58 24 4d 89 12 ca e4 ce 00 c2 1a 1b 48 56 8f 73 60 02 df 02 38 79 ad c0 9d 4e b5 ce bb e0 61 2b 4b f3 18 28 f2 d4 95 ca 00 26 29 70 c3 a9 26 5f e9 3d a2 f0 c8 68 5f 26 16 dc 93 9b 98 c1 5d 74 aa 54 82 f6 b4 92 71 31e4 39 e7 0e 62 24 7d bd 1a 16 21 65 f9 35 6b 8a 31 4b 8b db 3b d6 a0 ac 87 f7 e7 89 cb f9 55 55 65 45 f4 fb 2a cb b2 de 36 58 88 89 8d 4f 90 6e db 82 1b ad 9e ac de dd bc 2b 02 ce 23 4c 85 56 96 fb d4 e5 86 01 48 10 f1 9b e0 7b 4b 4e e9 3c cd 16 37 ac f1 c6 bb 21 6e 58 b9 f6 4b bc d9 0c 88 00 4c 76 bb 09 99 ca 0d d0 e7 7d e7 41 ac a0 50 f2 98 96 3e 72 6b 24 e3 0a 62 fc 98 e9 7d 5f 1b b0 b0 f7 ce 72 b9 c9 87 d2 01 7c f7 a7 c4 6a 50 3b 5a c3 ad 53 3d 51 c0 df e7 92 02 b7 58 62 71 a3 cf ea a6 51 52 41 5a 09 4b d0 f1 b1 38 41 02 47 f7 65 0b 71 c8 84 4b dd ba 44 69 17 29 0e 71 03 ad 13 5f 4a 40 0a dc 45 b4 b9 ac a1 06 5d b0 70 7c 39 d6 54 b4 74 f2 6f cb 2d 2f 05 1b 4f 88 26 bb 50 9d 81 6e 95 32 4d 24 e4 20 e1 cb 1e 05 47 1e dd 41 43 23 89 eb f3 a7 64 ba 08 05 c4 dc 8b 35 48 48 c3 61 b1 1b 7b 00 d6 9a 61 38 84 b0 3c 1a 29 48 6b 2c 84 a0 a1 79 41 45 0f 47 3e 42 5d 60 f0 91 3e 4d 0f 3f 2e 76 83 12 65 15 6e 85 1b 94 f2 3c 6d d4 f7 b4 52 a4 b5 29 97 12 1a 43 d0 7b bd 7e 64 44 a1 31 a5 3e ab 59 1f 44 bb 29 11 25 e0 80 45 3f 8d 87 d4 8c 3c 43 e6 5f 86 8e a1 07 cc 9f a6 34 39 56 e1 fe e5 19 83 8e 6c 9b 92 99 f9 13 78 37 60 13 5c 4b ad e6 32 9d 26 ff 4d 79 28 ff 73 f9 6e 70 3c 10 f0 2c 0d 80 39 a9 2f a7 c1 e7 bd e2 4c d0 e2 32 c9 2f 1a 3a 39 11 57 52 e2 6d 89 4b 7e bf a9 42 19 51 06 fb 3a bf e4 56 e0 5f f0 0b 58 35 e6 cb 37 33 ab 04 a7 e8 8a 64 fe 73 24 39 ba d6 13 a0 17 1f 6e 7c 83 5a dc 5e c7 df 3b df 09 04 db 30 49 2f a5 fe 58 4d e7 25 3c 16 dd eb 7e e9 3c 0d c7 46 0b 25 28 b0 b6 2c 1f 1f 8a 61 c3 57 f5 70 00 4d 5c dd 9d 0e 9c cd fc d4 43 1d cc e7 49 fb 44 57 d5 8d ff 14 b0 3c 6d 16 68 32 65 c7 ad d0 26 d0 ea 16 a2 86 a5 c0 6f 65 f7 69 dc 6b a0 bb d5 fe 24 Data Ascii: 5d2WMo6=u@l9Ima{((P$ARXACRA0,37of_5aso~q'g%&n(.qF&AW*.)'RUJ3M2SlKKcZ_uw@7p!X2"mlg),{W;V>swy/=t6.q"X-,;6`5,r$D1IL&Dmbmjy)yqKJ[lm0k-\.Y-,XKlrOU}z4!dEvc)e)qmz<X$MHVs`8yNa+K(&)p&_=h_&]tTq19b$}!e5k1K;UUeE*6XOn+#LVH{KN<7!nXKLv}AP>rk$b}_r|jP;ZS=QXbqQRAZK8AGeqKDi)q_J@E]p|9Tto-/O&Pn2M$ GAC#d5HHa{a8<)Hk,yAEG>B]`>M?.ven<mR)C{~dD1>YD)%E?<C_49Vlx7`\K2&My(snp<,9/L2/:9WRmK~BQ:V_X573ds$9n|Z^;0I/XM%<~<F%(,aWpM\CIDW<mh2e&oeik$
May 10, 2020 21:40:52.906394958 CEST
843 OUT GET /page/testimonial-disclaimer.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: media44.clubConnection: Keep-AliveCookie: qwerty=0
TimestampkBytestransferred Direction Data
Copyright Joe Security LLC 2020 Page 69 of 88
May 10, 2020 21:40:52.986071110 CEST
844 IN HTTP/1.1 200 OKServer: nginx-reuseport/1.13.4Date: Sun, 10 May 2020 19:40:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: keep-aliveKeep-Alive: timeout=30Vary: Accept-EncodingX-Powered-By: PHP/5.6.40Content-Encoding: gzipData Raw: 36 62 32 0d 0a 1f 8b 08 00 00 00 00 00 00 03 9d 57 db 6e e3 36 10 7d ae bf 82 f5 a2 40 17 90 1c 27 9b bd 40 76 02 14 bb 5d ec 4b d1 05 9a a2 28 82 3c 50 e2 c8 62 23 91 02 49 39 76 0d fd 7b 0f 49 d9 96 13 e7 a5 71 00 cb e4 cc e1 cc 99 0b 47 cb 1f bf fc fe f9 ee ef ef bf b2 ca 35 f5 ed 64 b9 ff 22 2e 6e 27 3f 2c 1b 72 9c 15 15 37 96 dc cd f4 cf bb af e9 a7a9 5f 77 d2 d5 74 7b 47 d6 c9 46 2b c9 6b f6 45 da a2 e6 b2 21 b3 bc 88 bb 93 a8 ad 78 43 37 53 a3 73 ed a6 ac d0 ca 91 02 94 d2 52 09 da 24 4a 97 ba ae f5 13 50 19 1b 2b ac 25 3d b5 da 8c 75 9e a4 70 d5 8d a0 b5 2c 28 0d 3f 12 26 95 74 38 3e b5 05 af e9 e6 12 30 4b eb b6 fe 74 ef c9 ae 84 6e 5a f2 46 d6 db cc 72 65 53 4b 46 96 8b b4 b1 a9 a3 8d 4b ad fc 97 52 2e fe e9 ac cb 2e e7 f3 9f 16 e9 13 e5 8f d2 9d df ed 73 2d b6 bb 86 9b 95 54 d9 bc e7 c6 c9 a2 a6 84 5b 29 28 11 b0 5d d6 36 29 e5 aa e0 ad 93 5a f9 c7 ce 50 52 6a ed c8 24 9e 53 ff b5 32 ba 6b 93 86 4b 95 34 a4 ba 44 f1 75 62 a9 08 1a b6 6b 00 bf dd 09 69 db 9a 6f b3 bc d6 c5 63 cf 3b 21 75 52 70 b5 e6 36 69 8d 5e 19 b2 36 59 e3 54 7d 90 94 aa 96 8a d2 a0 b0 58 93 37 0d b4 f0 5a ae 54 96 73 4b 7e 37 02 65 4a bb 9f ef 3d ab 46 d7 f6 e1 ed 01 42 69 45 8b 8a e4 aa 72 f0 ee be 92 42 90 7a 48 1c 35 d8 76 74 22 d7 f3 5d ce 8b 47 ef 8b 12 69 a1 6b 6d 32 67 c0 70 cb 0d 82 d5 f3 8c c3 a3 35 c8 c9 2a 0d 73 76 ba 73 de 04 4f 5b 9e 9b fb 90 22 0f bb 5c 1b 70 92 22 37 9c 6e b2 cb 76 c3 04 1e 49 f4 79 62 61 9e 5a c5 08 3e 45 a3 72 5d 8b 5e 94 2a 2e 86 38 67 d2 c1 c7 a2 af 2e 87 45 84 2c bb a2 66 b1 8f d2 ec c3 47 6a d8 bc c7 ef c7 91 c9 d9 9b b2 9c 2f a2 dd 6f e6 f3 79 6f 1b 5e d7 23 8c 4f 08 b7 ed 60 46 d7 8e 56 3f be ff 69 11 78 de d3 b4 68 b5 95 3e 74 99 21 90 04 8f 5f 25 df 23 39 dd 66 e9 7c f6 9e 1a 0f be 1b fc c6 ca 95 5f 92 cd 6a 60 04 34 d9 f5 2a 44 2a 33 48 9f b7 3b 4f 62 89 42 c9 62 58 fa 98 5b fb 64 bc 84 8f d7 f3 76 d3 57 06 08 1b 6f ac 54 ab 6c 28 1d f0 bb 39 06 b6 85 da 01 8d 77 4e f7 85 46 fe 3e e6 02 b9 45 89 e5 4d 7b 52 37 28 70 8d b0 16 94 b0 c3 e3 e2 48 09 8e ee f3 0e 7e a8 44 aa b6 73 89 6e 5d 4c 71 f8 8d b4 4e 7c 29 21 29 f8 2e b2 2d 55 85 1a 74 01 e1 f0 e3 50 53 11 e9 68 df 5a 5a 99 d7 b4 3f 21 42 ee 42 75 86 74 2b b5 69 62 42 0e 12 be ec 59 30 e4 de 6d 5b 34 92 b8 3e 7d 48 c6 8b 28 20 72 cf d6 10 90 46 62 71 b7 ef 01 bc 6d 89 e3 90 82 b2 08 b2 28 3a 63 e1 42 8b e6 85 8a 1e 8e bc 47 5d 70 d8 28 1e c6 87 1f 16 77 83 92 a0 92 77 b5 1b 94 b2 2c 6d f4 bf 69 a9 8b ce a6 52 29 34 86 a0 f7 72 fd 90 11 8b 96 0b e1 a3 3a ef 83 e8 6e 9c 88 0a 3c f0 ba 1f fb 53 54 54 3c 22 f2 cf 5d e7 e8 01 d3 87 71 9a 1c aa 70 f3 fc 8c 41 47 75 4d 4e 66 fa 00 eb 06 6e 82 69 a9 6d a5 4a c7 c1 7f 55 1e e5 7f 2a bf 1b 0c 0f 09 78 12 06 70 5e 54 e7 c3 e0 e3 5e 4a aa c5 e2 7c 92 9f 05 3a 1a 11 57 d2 c2 63 d5 e7 ec 7e 55 45 50 a1 0d f7 75 7e ce ac 90 7f c1 2e 64 d5 3e 5e be 99 59 5d 4b c1 de 14 73 ff 39 24 39 bb 6a 47 44 cf de bd f7 0d 6a f6 e1 2a 7e 7f f4 9d a0 a6 15 29 71 2e f4 87 6a 3a 2d e1 7d d1 bd ec 97 ce a7 e1 be d1 a2 04 6b de 5a ca f6 0f 8b 61 c3 57 f5 70 80 48 5c b5 3b 1e 38 99 f8 5b 8f ed 70 3f 8f da 27 7b 53 be f7 9f 05 96 c7 cd 82 8d 6e d9 fd 56 68 13 ec f2 03 Data Ascii: 6b2Wn6}@'@v]K(<Pb#I9v{IqG5d".n'?,r7_wt{GF+kE!xC7SsR$JP+%=up,(?&t8>0KtnZFreSKFKR..s-T[)(]6)ZPRj$S2kK4Dubkioc;!uRp6i^6YT}X7ZTsK~7eJ=FBiErBzH5vt"]Gikm2gp5*svsO["\p"7nvIybaZ>Er]^*.8g.E,fGj/oyo^#O`FV?ixh>t!_%#9f|_j`4*D*3H;ObBbX[dvWoTl(9wNF>EM{R7(pH~Dsn]LqN|)!).-UtPShZZ?!BBut+ibBY0m[4>}H( rFbqm(:cBG]p(ww,miR)4r:n<STT<"]qpAGuMNfnimJU*xp^T^J|:Wc~UEPu~.d>^Y]Ks9$9jGDj*~)q.j:-}kZaWpH\;8[p?'{SnVh
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
7 192.168.2.5 49756 88.212.201.216 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:27.442353010 CEST
181 OUT GET /hit?t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: counter.yadro.ruConnection: Keep-Alive
May 10, 2020 21:40:27.501863003 CEST
202 IN HTTP/1.1 302 Moved TemporarilyDate: Sun, 10 May 2020 19:40:27 GMTServer: 0W/0.8cContent-Type: text/htmlLocation: http://counter.yadro.ru/hit?q;t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683Content-Length: 32Expires: Fri, 10 May 2019 21:00:00 GMTPragma: no-cacheCache-control: no-cacheP3P: policyref="/w3c/p3p.xml", CP="UNI"Set-Cookie: FTID=1Uk5Yh1BLufw1Uk5Yh0005ro; path=/; expires=Sun, 09 May 2021 21:00:00 GMT; domain=.yadro.ruData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 4d 6f 76 65 64 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body>Moved</body></html>
May 10, 2020 21:40:27.759015083 CEST
202 OUT GET /hit?q;t26.1;r;s1280*1024*24;uhttp%3A//media44.club/download/books.php%3FIseki+Tu+Manual;0.7599738709464683 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://media44.club/download/books.php?Iseki+Tu+ManualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: counter.yadro.ruConnection: Keep-AliveCookie: FTID=1Uk5Yh1BLufw1Uk5Yh0005ro
Copyright Joe Security LLC 2020 Page 70 of 88
May 10, 2020 21:40:27.819292068 CEST
203 IN HTTP/1.1 200 OKDate: Sun, 10 May 2020 19:40:27 GMTServer: 0W/0.8cConnection: CloseContent-Type: image/gifContent-Length: 119Expires: Fri, 10 May 2019 21:00:00 GMTPragma: no-cacheCache-control: no-cacheP3P: policyref="/w3c/p3p.xml", CP="UNI"Set-Cookie: VID=1lNL3D27PJ9w1Uk5Yh00062D; path=/; expires=Sun, 09 May 2021 21:00:00 GMT; domain=.yadro.ruData Raw: 47 49 46 38 39 61 58 00 0f 00 80 00 00 cc cc cc ff ff ff 21 f9 04 01 00 00 02 00 2c 00 00 00 00 58 00 0f 00 00 02 4e 84 8f a9 cb ed 0f 5f 98 b4 da 8b b3 de bc 67 e3 85 e2 48 72 60 89 a6 64 33 9d ea 0b 63 6c e0 c6 f6 dd 1e 39 ce c7 c9 de 0b 96 74 a7 9a f0 b8 d1 d1 00 40 a4 53 e6 2a 32 9f 54 8a 12 68 ac 3a a7 d6 69 56 0b ee 86 c7 96 88 f9 8c 4e 9b 0b 00 3b Data Ascii: GIF89aX!,XN_gHr`d3cl9t@S*2Th:iVN;
TimestampkBytestransferred Direction Data
Session ID Source IP Source Port Destination IP Destination Port Process
8 192.168.2.5 49769 88.212.202.35 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
May 10, 2020 21:40:54.666038036 CEST
845 OUT GET /click HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.liveinternet.ruConnection: Keep-Alive
May 10, 2020 21:40:54.725982904 CEST
846 IN HTTP/1.1 302 Moved TemporarilyServer: nginx/1.11.1Date: Sun, 10 May 2020 19:40:54 GMTContent-Type: text/html; charset=utf-8Content-Length: 41Connection: keep-aliveLocation: https://www.liveinternet.ru/Expires: Fri, 10 May 2019 21:00:00 GMTPragma: no-cacheCache-control: no-cacheData Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 52 65 64 69 72 65 63 74 69 6e 67 2e 2e 2e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body>Redirecting...</body></html>
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
May 10, 2020 21:40:45.736078978 CEST
104.27.135.202 443 192.168.2.5 49760 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Mar 15 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 10, 2020 21:40:45.752352953 CEST
104.27.135.202 443 192.168.2.5 49761 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Mar 15 01:00:00 CET 2020 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
HTTPS Packets
Copyright Joe Security LLC 2020 Page 71 of 88
May 10, 2020 21:40:46.549662113 CEST
104.24.107.185 443 192.168.2.5 49762 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Dec 11 01:00:00 CET 2019 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 10, 2020 21:40:46.554028988 CEST
104.24.107.185 443 192.168.2.5 49763 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Dec 11 01:00:00 CET 2019 Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 10, 2020 21:40:46.770574093 CEST
104.18.59.22 443 192.168.2.5 49764 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Sep 01 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015
Mon Aug 31 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 10, 2020 21:40:46.774313927 CEST
104.18.59.22 443 192.168.2.5 49765 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=CA, C=US CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Sep 01 02:00:00 CEST 2019 Wed Oct 14 14:00:00 CEST 2015
Mon Aug 31 14:00:00 CEST 2020 Fri Oct 09 14:00:00 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=CloudFlare Inc ECC CA-2, O="CloudFlare, Inc.", L=San Francisco, ST=CA, C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Wed Oct 14 14:00:00 CEST 2015
Fri Oct 09 14:00:00 CEST 2020
May 10, 2020 21:40:47.535758018 CEST
88.212.201.216 443 192.168.2.5 49766 CN=counter.yadro.ru CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Feb 02 01:00:00 CET 2020 Thu Sep 06 02:00:00 CEST 2018 Tue May 30 12:48:38 CEST 2000
Tue May 03 01:59:59 CEST 2022 Wed Sep 06 01:59:59 CEST 2028 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 72 of 88
CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV
CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Thu Sep 06 02:00:00 CEST 2018
Wed Sep 06 01:59:59 CEST 2028
CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:47.540775061 CEST
88.212.201.216 443 192.168.2.5 49767 CN=counter.yadro.ru CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Feb 02 01:00:00 CET 2020 Thu Sep 06 02:00:00 CEST 2018 Tue May 30 12:48:38 CEST 2000
Tue May 03 01:59:59 CEST 2022 Wed Sep 06 01:59:59 CEST 2028 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GoGetSSL ECC DV CA, O=GoGetSSL, L=Riga, C=LV
CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Thu Sep 06 02:00:00 CEST 2018
Wed Sep 06 01:59:59 CEST 2028
CN=USERTrust ECC Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:54.854053020 CEST
88.212.202.35 443 192.168.2.5 49770 CN=*.liveinternet.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 73 of 88
May 10, 2020 21:40:55.185363054 CEST
178.154.131.216 443 192.168.2.5 49776 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=static.yandex.net CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Sep 06 15:13:32 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Sat Sep 05 15:13:32 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:55.185934067 CEST
178.154.131.216 443 192.168.2.5 49774 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=static.yandex.net CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Sep 06 15:13:32 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Sat Sep 05 15:13:32 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:55.280503035 CEST
88.212.202.1 443 192.168.2.5 49778 CN=*.li.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 74 of 88
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:55.281629086 CEST
88.212.202.1 443 192.168.2.5 49775 CN=*.li.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:55.287568092 CEST
88.212.202.1 443 192.168.2.5 49780 CN=*.li.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 75 of 88
May 10, 2020 21:40:55.289839029 CEST
88.212.202.1 443 192.168.2.5 49777 CN=*.li.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:55.652190924 CEST
88.212.202.1 443 192.168.2.5 49779 CN=*.li.ru, OU=PositiveSSL Wildcard, OU=Domain Control Validated CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Sun Jan 07 01:00:00 CET 2018 Wed Feb 12 01:00:00 CET 2014 Tue May 30 12:48:38 CEST 2000
Thu Jan 07 00:59:59 CET 2021 Mon Feb 12 00:59:59 CET 2029 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=COMODO RSA Domain Validation Secure Server CA, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
Wed Feb 12 01:00:00 CET 2014
Mon Feb 12 00:59:59 CET 2029
CN=COMODO RSA Certification Authority, O=COMODO CA Limited, L=Salford, ST=Greater Manchester, C=GB
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 76 of 88
May 10, 2020 21:40:56.286305904 CEST
88.212.252.22 443 192.168.2.5 49783 CN=ads.betweendigital.com CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Mon Feb 17 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Tue May 30 12:48:38 CEST 2000
Thu Feb 17 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2031 Sat May 30 12:48:38 CEST 2020
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=AddTrust External CA Root, OU=AddTrust External TTP Network, O=AddTrust AB, C=SE
Tue May 30 12:48:38 CEST 2000
Sat May 30 12:48:38 CEST 2020
May 10, 2020 21:40:56.295850992 CEST
94.100.180.197 443 192.168.2.5 49785 CN=*.mail.ru, O=Mail.Ru LLC, L=Moscow, ST=Moscow, C=RU CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Fri Jan 18 14:51:08 CET 2019 Tue Aug 02 12:00:00 CEST 2011
Mon Jan 18 14:51:08 CET 2021 Tue Aug 02 12:00:00 CEST 2022
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GlobalSign Organization Validation CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R3
Tue Aug 02 12:00:00 CEST 2011
Tue Aug 02 12:00:00 CEST 2022
May 10, 2020 21:40:56.305398941 CEST
23.111.100.68 443 192.168.2.5 49784 CN=pbs.alfasense.com, OU=Domain Control Validated, C=RU CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jan 24 12:14:23 CET 2020 Thu Feb 20 11:00:00 CET 2014 Tue Sep 01 14:00:00 CEST 1998
Sun Jan 24 12:14:23 CET 2021 Tue Feb 20 11:00:00 CET 2024 Fri Jan 28 13:00:00 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=AlphaSSL CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Thu Feb 20 11:00:00 CET 2014
Tue Feb 20 11:00:00 CET 2024
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Sep 01 14:00:00 CEST 1998
Fri Jan 28 13:00:00 CET 2028
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 77 of 88
May 10, 2020 21:40:56.380314112 CEST
93.158.134.118 443 192.168.2.5 49786 CN=matchid.adfox.yandex.ru, O=Yandex LLC, OU=ITO, L=Moscow, ST=Russian Federation, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Feb 26 16:41:05 CET 2020 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Thu Feb 25 16:41:05 CET 2021 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:56.386403084 CEST
93.158.134.118 443 192.168.2.5 49787 CN=matchid.adfox.yandex.ru, O=Yandex LLC, OU=ITO, L=Moscow, ST=Russian Federation, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Feb 26 16:41:05 CET 2020 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Thu Feb 25 16:41:05 CET 2021 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:56.412519932 CEST
77.88.21.119 443 192.168.2.5 49789 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=mc.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Mon Sep 23 14:11:56 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Tue Sep 22 14:11:56 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 78 of 88
May 10, 2020 21:40:56.413324118 CEST
77.88.21.119 443 192.168.2.5 49788 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=mc.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Mon Sep 23 14:11:56 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Tue Sep 22 14:11:56 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:56.441235065 CEST
87.250.251.92 443 192.168.2.5 49790 CN=*.naydex.net, O=Yandex LLC, OU=ITO, L=Moscow, ST=Russian Federation, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Apr 24 12:19:59 CEST 2020 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Oct 23 12:19:59 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:56.445270061 CEST
87.250.251.92 443 192.168.2.5 49791 CN=*.naydex.net, O=Yandex LLC, OU=ITO, L=Moscow, ST=Russian Federation, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Apr 24 12:19:59 CEST 2020 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Oct 23 12:19:59 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 79 of 88
May 10, 2020 21:40:57.259552956 CEST
87.250.250.90 443 192.168.2.5 49792 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=bs.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Tue Sep 24 12:41:28 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Wed Sep 23 12:41:28 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:57.260385990 CEST
87.250.250.90 443 192.168.2.5 49793 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=bs.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Tue Sep 24 12:41:28 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Wed Sep 23 12:41:28 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:57.543564081 CEST
77.88.21.179 443 192.168.2.5 49795 CN=*.adfox.ru, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Thu Aug 01 14:46:17 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Jul 31 14:46:17 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 80 of 88
May 10, 2020 21:40:57.547373056 CEST
77.88.21.179 443 192.168.2.5 49794 CN=*.adfox.ru, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Thu Aug 01 14:46:17 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Jul 31 14:46:17 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:57.547816038 CEST
77.88.21.179 443 192.168.2.5 49796 CN=*.adfox.ru, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, C=RU CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Thu Aug 01 14:46:17 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Jul 31 14:46:17 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:40:59.628778934 CEST
87.250.247.182 443 192.168.2.5 49797 C=RU, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, CN=*.avatars.yandex.net CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Oct 04 12:21:11 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Sat Oct 03 12:21:11 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 81 of 88
May 10, 2020 21:40:59.629738092 CEST
87.250.247.182 443 192.168.2.5 49798 C=RU, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, CN=*.avatars.yandex.net CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Fri Oct 04 12:21:11 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Sat Oct 03 12:21:11 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:41:00.299839020 CEST
87.250.250.114 443 192.168.2.5 49799 C=RU, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, CN=ysa-static.passport.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Tue Oct 15 13:52:38 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Wed Oct 14 13:52:38 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:41:00.300743103 CEST
87.250.250.114 443 192.168.2.5 49800 C=RU, ST=Russian Federation, L=Moscow, OU=ITO, O=Yandex LLC, CN=ysa-static.passport.yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Tue Oct 15 13:52:38 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Wed Oct 14 13:52:38 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 82 of 88
May 10, 2020 21:41:03.071505070 CEST
5.255.255.80 443 192.168.2.5 49801 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Thu Sep 05 13:12:34 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Sep 04 13:12:34 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:41:03.072196007 CEST
5.255.255.80 443 192.168.2.5 49802 C=RU, ST=Russia, L=Moscow, OU=ITO, O=Yandex LLC, CN=yandex.ru CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Thu Sep 05 13:12:34 CEST 2019 Wed Jan 21 13:00:00 CET 2015 Wed Oct 22 14:07:37 CEST 2008
Fri Sep 04 13:12:34 CEST 2020 Sat Jan 18 13:00:00 CET 2025 Thu Jun 10 12:46:39 CEST 2027
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Yandex CA, OU=Yandex Certification Authority, O=Yandex LLC, C=RU
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
Wed Jan 21 13:00:00 CET 2015
Sat Jan 18 13:00:00 CET 2025
CN=Certum Trusted Network CA, OU=Certum Certification Authority, O=Unizeto Technologies S.A., C=PL
CN=Certum CA, O=Unizeto Sp. z o.o., C=PL
Wed Oct 22 14:07:37 CEST 2008
Thu Jun 10 12:46:39 CEST 2027
May 10, 2020 21:41:03.481946945 CEST
172.217.16.194 443 192.168.2.5 49804 CN=www.googleadservices.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:03.482722044 CEST
172.217.16.194 443 192.168.2.5 49805 CN=www.googleadservices.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 83 of 88
May 10, 2020 21:41:03.483428955 CEST
172.217.16.194 443 192.168.2.5 49803 CN=www.googleadservices.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:04.808269024 CEST
172.217.23.162 443 192.168.2.5 49806 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:04.808343887 CEST
172.217.23.162 443 192.168.2.5 49810 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:04.808710098 CEST
172.217.23.162 443 192.168.2.5 49811 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:04.808759928 CEST
172.217.23.162 443 192.168.2.5 49809 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 84 of 88
May 10, 2020 21:41:04.809426069 CEST
172.217.23.162 443 192.168.2.5 49807 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:04.810400963 CEST
172.217.23.162 443 192.168.2.5 49808 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:16:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:16:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:05.260025978 CEST
216.58.212.131 443 192.168.2.5 49820 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:05.260415077 CEST
216.58.212.131 443 192.168.2.5 49819 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:05.260596991 CEST
216.58.212.131 443 192.168.2.5 49821 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 85 of 88
Code Manipulations
Statistics
Behavior
• iexplore.exe
• iexplore.exe
Click to jump to process
May 10, 2020 21:41:05.261014938 CEST
216.58.212.131 443 192.168.2.5 49818 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:05.603168011 CEST
216.58.212.131 443 192.168.2.5 49822 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
May 10, 2020 21:41:05.654584885 CEST
216.58.212.131 443 192.168.2.5 49823 CN=www.google.co.uk, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Wed Apr 15 22:24:45 CEST 2020 Thu Jun 15 02:00:42 CEST 2017
Wed Jul 08 22:24:45 CEST 2020 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2020 Page 86 of 88
System Behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 21:40:24
Start date: 10/05/2020
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff7730e0000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
File ActivitiesFile Activities
Start time: 21:40:24
Start date: 10/05/2020
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:1036 CREDAT:17410 /prefetch:2
Imagebase: 0x1060000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has administrator privileges: false
Programmed in: C, C++ or other language
Reputation: low
File Path Access Attributes Options Completion CountSourceAddress Symbol
Analysis Process: iexplore.exe PID: 1036 Parent PID: 696Analysis Process: iexplore.exe PID: 1036 Parent PID: 696
General
Analysis Process: iexplore.exe PID: 2916 Parent PID: 1036Analysis Process: iexplore.exe PID: 2916 Parent PID: 1036
General
Copyright Joe Security LLC 2020 Page 87 of 88
Disassembly
Registry ActivitiesRegistry Activities
File Path Offset Length Value Ascii Completion CountSourceAddress Symbol
File Path Offset Length Completion CountSourceAddress Symbol
Key Path Completion CountSourceAddress Symbol
Key Path Name Type Data Completion CountSourceAddress Symbol
Key Path Name Type Old Data New Data Completion CountSourceAddress Symbol
Copyright Joe Security LLC 2020 Page 88 of 88