Generated by Joe Sandbox
-
Upload
khangminh22 -
Category
Documents
-
view
1 -
download
0
Transcript of Generated by Joe Sandbox
23333333333334455555666778888
101011111111111111111144444545454545476060607373737373737474
74747474
74
Table of Contents
Table of ContentsWindows Analysis Report http://search.hfindingformspro.com
OverviewGeneral InformationDetectionSignaturesClassification
Process TreeMalware ConfigurationYara OverviewSigma OverviewJbx Signature Overview
Phishing:Mitre Att&ck MatrixBehavior GraphScreenshots
ThumbnailsAntivirus, Machine Learning and Genetic Malware Detection
Initial SampleDropped FilesUnpacked PE FilesDomainsURLs
Domains and IPsContacted DomainsContacted URLsURLs from Memory and BinariesContacted IPsPublicPrivate
General InformationSimulations
Behavior and APIsJoe Sandbox View / Context
IPsDomainsASNJA3 FingerprintsDropped Files
Created / dropped FilesStatic File Info
No static file infoNetwork Behavior
Network Port DistributionTCP PacketsUDP PacketsDNS QueriesDNS AnswersHTTP Request Dependency GraphHTTP PacketsHTTPS Packets
Code ManipulationsStatistics
BehaviorSystem Behavior
Analysis Process: iexplore.exe PID: 5236 Parent PID: 792GeneralFile ActivitiesRegistry Activities
Analysis Process: iexplore.exe PID: 5400 Parent PID: 5236GeneralFile ActivitiesRegistry Activities
Disassembly
Copyright Joe Security LLC 2021 Page 2 of 74
Windows Analysis Report http://search.hfindingformspro.com…
Overview
General Information
Sample URL: search.hfindingformspro.com
Analysis ID: 446685
Infos:
Most interesting Screenshot:
Detection
Score: 20
Range: 0 - 100
Whitelisted: false
Confidence: 80%
Signatures
Phishing site detected (based on log
Phishing site detected (based on log
Phishing site detected (based on log
Phishing site detected (based on log
Phishing site detected (based on log
Phishing site detected (based on log
Phishing site detected (based on logPhishing site detected (based on log……
HTML title does not match URL
HTML title does not match URL
HTML title does not match URL
HTML title does not match URL
HTML title does not match URL
HTML title does not match URL
HTML title does not match URLHTML title does not match URL
Classification
Malware Configuration
Yara Overview
Sigma Overview
No Sigma rule has matched
Jbx Signature Overview
Click to jump to signature section
Phishing:
Ransomware
Spreading
Phishing
Banker
Trojan / Bot
Adware
Spyware
Exploiter
Evader
Miner
clean
clean
clean
clean
clean
clean
clean
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
suspicious
malicious
malicious
malicious
malicious
malicious
malicious
malicious
System is w10x64
iexplore.exe (PID: 5236 cmdline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding MD5: 6465CB92B25A7BC1DF8E01D8AC5E7596)
iexplore.exe (PID: 5400 cmdline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5236 CREDAT:17410 /prefetch:2 MD5:
071277CC2E3DF41EEEA8013E2AB58D5A)cleanup
No configs have been found
No yara matches
Process Tree
Copyright Joe Security LLC 2021 Page 3 of 74
Phishing:
Phishing site detected (based on logo template match)
Mitre Att&ck Matrix
InitialAccess Execution Persistence
PrivilegeEscalation
DefenseEvasion
CredentialAccess Discovery
LateralMovement Collection Exfiltration
CommandandControl
NetworkEffects
RemoteServiceEffects Impact
ValidAccounts
WindowsManagementInstrumentation
PathInterception
ProcessInjection 1
Masquerading 1 OSCredentialDumping
File andDirectoryDiscovery 1
RemoteServices
Data fromLocalSystem
ExfiltrationOver OtherNetworkMedium
EncryptedChannel 2
Eavesdrop onInsecureNetworkCommunication
RemotelyTrack DeviceWithoutAuthorization
ModifySystemPartition
DefaultAccounts
ScheduledTask/Job
Boot orLogonInitializationScripts
Boot orLogonInitializationScripts
ProcessInjection 1
LSASSMemory
ApplicationWindowDiscovery
RemoteDesktopProtocol
Data fromRemovableMedia
ExfiltrationOverBluetooth
Non-ApplicationLayerProtocol 2
Exploit SS7 toRedirect PhoneCalls/SMS
RemotelyWipe DataWithoutAuthorization
DeviceLockout
DomainAccounts
At (Linux) Logon Script(Windows)
LogonScript(Windows)
Obfuscated Filesor Information
SecurityAccountManager
QueryRegistry
SMB/WindowsAdmin Shares
Data fromNetworkSharedDrive
AutomatedExfiltration
ApplicationLayerProtocol 3
Exploit SS7 toTrack DeviceLocation
ObtainDeviceCloudBackups
DeleteDeviceData
LocalAccounts
At (Windows) Logon Script(Mac)
LogonScript(Mac)
Binary Padding NTDS SystemNetworkConfigurationDiscovery
DistributedComponentObject Model
InputCapture
ScheduledTransfer
IngressToolTransfer 1
SIM CardSwap
CarrierBillingFraud
Behavior Graph
ID: 446685
URL: http://search.hfindingforms...
Startdate: 10/07/2021
Architecture: WINDOWS
Score: 20
search.hfindingformspro.com px.moatads.com clientconfig.passport.net
Phishing site detected(based on logo template
match)
iexplore.exe
2 69
started
iexplore.exe
19 493
started
dsp.adkernel.com
174.137.133.49, 443, 49882, 49883
WEBAIR-INTERNETUS
United States
oeu.vap.lijit.com
216.52.2.39, 443, 49893, 49895
VOXEL-DOT-NETUS
United States
146 other IPs or domains
Legend:
Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet
Hide Legend
Behavior Graph
Copyright Joe Security LLC 2021 Page 4 of 74
ThumbnailsThis section contains all screenshots as thumbnails, including those not shown in the slideshow.
Source Detection Scanner Label Link
search.hfindingformspro.com 1% Virustotal Browse
search.hfindingformspro.com 0% Avira URL Cloud safe
No Antivirus matches
Screenshots
Antivirus, Machine Learning and Genetic Malware Detection
Initial Sample
Dropped Files
Copyright Joe Security LLC 2021 Page 5 of 74
No Antivirus matches
Source Detection Scanner Label Link
emailhelper.org 0% Virustotal Browse
s9i8s5e7.stackpathcdn.com 0% Virustotal Browse
servedbyadbutler.com 2% Virustotal Browse
thenewscorner.org 0% Virustotal Browse
Source Detection Scanner Label Link
https://findmyforms.com/w-2/ 0% Avira URL Cloud safe
https://search.hfindin 0% Avira URL Cloud safe
https://thenewscorner.org/category/weather/ 0% Avira URL Cloud safe
https://thenewscorner.org/cramers-lightning-round-ford-and-tesla-are-at-buying-levels-cnbc/ 0% Avira URL Cloud safe
https://thenewscorner.org/category/covid-19/ 0% Avira URL Cloud safe
https://thenewscorner.org/tag/entertainment/ 0% Avira URL Cloud safe
https://findmyforms.com/feed/ 0% Avira URL Cloud safe
es5.github.io/#x15.4.4.18 0% Avira URL Cloud safe
https://findmyforms.com/wp-json/wp/v2/categories/2810 0% Avira URL Cloud safe
https://findmyforms.com/w-4/#respond 0% Avira URL Cloud safe
https://thenewscorner.org/xmlrpc.php?rsd 0% Avira URL Cloud safe
https://findmyforms.com/1040-es/#respond 0% Avira URL Cloud safe
https://findmyforms.com/1099-misc/#respond 0% Avira URL Cloud safe
https://thenewscorner.org/slo-county-resident-dies-from-west-nile-complications-ksby-san-luis-obispo
0% Avira URL Cloud safe
https://findmyforms.com/wp-json/wp/v2/pages/20001 0% Avira URL Cloud safe
getbootstrap.com) 0% Avira URL Cloud safe
https://thenewscorner.org/scott-brooks-finalizing-deal-to-be-top-portland-trail-blazers-assistant-co 0% Avira URL Cloud safe
https://emailhelper.org/?ap=&source=&utm_content= 0% Avira URL Cloud safe
https://thenewscorner.org/category/politics/ 0% Avira URL Cloud safe
https://thenewscorner.org/scarlett-johansson-says-black-widow-may-be-final-turn-as-natasha-romanoff-
0% Avira URL Cloud safe
https://findmyforms.com/form-1040/#comments 0% Avira URL Cloud safe
https://findmyforms.com/w-4/ 0% Avira URL Cloud safe
https://findmyforms.com/fax-cover-sheet/ 0% Avira URL Cloud safe
https://html5shiv.googlecode.com/svn/trunk/html5.js 0% Avira URL Cloud safe
https://thenewscorner.org/wp-includes/js/jquery/jquery-migrate.min.js?ver=3.3.2 0% Avira URL Cloud safe
https://findmyforms.com/employee-evaluation-form/ 0% Avira URL Cloud safe
https://thenewscorner.org/video-jackson-state-coach-deion-sanders-looks-to-level-the-playing-field-f
0% Avira URL Cloud safe
https://thenewscorner.org/wp-content/plugins/mvp-scoreboard/css/score-style.css?ver=5.6.4 0% Avira URL Cloud safe
https://thenewscorner.org/wp-content/themes/flex-mag/css/reset.css?ver=5.6.4 0% Avira URL Cloud safe
https://legal.popularvpn.net/Home/Terms?source=-lp0-tst0-&spt=1&ft=1 0% Avira URL Cloud safe
https://findmyforms.com/month-to-month-lease-agreement/ 0% Avira URL Cloud safe
https://thenewscorner.org/category/tech-trends/ 0% Avira URL Cloud safe
https://thenewscorner.org/wp-content/uploads/wordpress-popular-posts/143100-featured-320x165.jpeg
0% Avira URL Cloud safe
https://findmyforms.com/will-amendment-codicil/ 0% Avira URL Cloud safe
https://popularvpn.net 0% Avira URL Cloud safe
search.hfindingformspro.com/ 0% Avira URL Cloud safe
https://findmyforms.com/wp-json/oembed/1.0/embed?url=https%3A%2F%2Ffindmyforms.com%2F 0% Avira URL Cloud safe
https://thenewscorner.org/category/news/ 0% Avira URL Cloud safe
https://thenewscorner.org/category/video/ 0% Avira URL Cloud safe
https://thenewscorner.org/businesses-and-crypto-finding-the-value-and-managing-the-big-risks/ 0% Avira URL Cloud safe
https://thenewscorner.org/wp-content/plugins/mvp-scoreboard/js/score-script.js?ver=5.6.4 0% Avira URL Cloud safe
https://findmyforms.com/w-4p/#respond 0% Avira URL Cloud safe
https://cdn.intergi.com/pageos/js/libs/aws-sdk-kinesis.min.js 0% Avira URL Cloud safe
https://cdn.intergient.com/pageos/1.6.17/iframe/iframe.html 0% Avira URL Cloud safe
Unpacked PE Files
Domains
URLs
Copyright Joe Security LLC 2021 Page 6 of 74
Name IP Active Malicious Antivirus Detection Reputation
emailhelper.org 13.224.99.86 true false 0%, Virustotal, Browse unknown
d2fashanjl7d9f.cloudfront.net 13.224.99.5 true false high
pug-lhr.pubmatic.com 185.64.190.80 true false high
cdn.datatables.net 104.22.50.93 true false high
rt3016.infolinks.com 172.67.39.17 true false high
global.px.quantserve.com 91.228.74.133 true false high
d20skogma9ce2j.cloudfront.net 13.224.99.53 true false high
d27f3qgc9anoq2.cloudfront.net 13.224.99.95 true false high
pixel-a.sitescout.com 66.155.71.25 true false high
dap2y8k6nefku.cloudfront.net 13.224.89.139 true false high
cdn.inspectlet.com 104.22.56.245 true false high
static-cdn.adblade.com 13.224.99.55 true false high
kinja-img.com 151.101.130.166 true false high
s9i8s5e7.stackpathcdn.com 151.139.128.11 true false 0%, Virustotal, Browse unknown
detrlmfafe7oz.cloudfront.net 13.224.99.106 true false high
imagesync22000nf.pubmatic.com 185.64.189.216 true false high
tagr-gcp-odr-euw4.mookie1.com 34.98.67.61 true false high
servedbyadbutler.com 116.202.46.88 true false 2%, Virustotal, Browse unknown
cdnjs.cloudflare.com 104.16.18.94 true false high
cm.g.doubleclick.net 172.217.168.34 true false high
sync.1rx.io 213.19.147.45 true false high
thenewscorner.org 34.236.18.233 true false 0%, Virustotal, Browse unknown
router.infolinks.com 172.67.39.17 true false high
openweathermap.org 138.201.197.100 true false high
netdna.bootstrapcdn.com 104.18.11.207 true false high
nydc1.outbrain.org 64.202.112.95 true false unknown
stats.l.doubleclick.net 108.177.127.154 true false high
search.hfindingformspro.com 54.156.222.111 true false unknown
elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
3.121.49.210 true false high
trends.revcontent.com 34.253.168.234 true false high
hn.inspectlet.com 104.22.56.245 true false high
s.cpx.to 54.194.137.128 true false unknown
s3-w.us-east-1.amazonaws.com 52.217.194.145 true false high
dmp.brand-display.com 35.241.40.233 true false unknown
googleads.g.doubleclick.net 172.217.168.66 true false high
d2n8ih7naru1ql.cloudfront.net 13.224.99.68 true false high
ams-1-sync.go.sonobi.com 178.162.133.149 true false high
sb.scorecardresearch.com 13.224.99.40 true false unknown
resources.infolinks.com 104.22.3.144 true false high
findmyforms.com 3.229.12.229 true false unknown
a97adde81b00f2ca4.awsglobalaccelerator.com 76.223.111.131 true false unknown
de.tynt.com 208.100.17.185 true false high
alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
18.184.94.176 true false high
www.popularvpn.net 34.197.235.204 true false unknown
dsp.adkernel.com 174.137.133.49 true false high
oeu.vap.lijit.com 216.52.2.39 true false high
d3ff8olul1r3ot.cloudfront.net 13.224.89.12 true false high
scontent.xx.fbcdn.net 157.240.17.15 true false high
nep.advangelists.com 52.207.141.143 true false high
search.usa.gov 54.235.238.142 true false high
match.bnmla.com 38.27.122.158 true false unknown
pixel.33across.com 67.202.110.24 true false high
x7b3f6n8.stackpathcdn.com 151.139.128.11 true false unknown
api.openweathermap.org 37.139.1.159 true false high
stackpath.bootstrapcdn.com 104.18.10.207 true false high
rt3044.infolinks.com 172.67.39.17 true false high
pixel.tapad.com 35.227.248.159 true false high
d1rt4thgsoin5q.cloudfront.net 13.224.99.16 true false high
Domains and IPs
Contacted Domains
Copyright Joe Security LLC 2021 Page 7 of 74
siteimproveanalytics.com 172.67.145.176 true false unknown
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud 35.156.153.71 true false unknown
s.amazon-adsystem.com 52.94.232.32 true false high
q6u9q8s3.stackpathcdn.com 151.139.128.11 true false unknown
d11iqv7gybc2be.cloudfront.net 13.224.99.76 true false high
web.adblade.com 52.71.60.78 true false high
spug22000nf.pubmatic.com 185.64.189.114 true false high
cdn.onesignal.com 104.18.226.52 true false high
onetag-sys.com 51.89.9.253 true false unknown
imp.onesearch.org 34.232.40.183 true false high
n6e2v6p8.stackpathcdn.com 151.139.128.11 true false unknown
gum.am5.vip.prod.criteo.com 178.250.2.146 true false high
www.google.ch 172.217.168.67 true false high
ib.anycast.adnxs.com 185.33.220.244 true false high
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
18.156.0.31 true false unknown
load-euw1.exelator.com 34.254.143.3 true false high
nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
34.249.226.229 true false high
cdn.intergi.com unknown unknown false unknown
internal_banner.tiles.ampfeed.com unknown unknown false unknown
ka-f.fontawesome.com unknown unknown false high
ssc-cms.33across.com unknown unknown false high
mb.moatads.com unknown unknown false unknown
sync.go.sonobi.com unknown unknown false high
z.moatads.com unknown unknown false unknown
rules.quantcount.com unknown unknown false unknown
stats.g.doubleclick.net unknown unknown false high
script.crazyegg.com unknown unknown false high
i.kinja-img.com unknown unknown false high
sync.targeting.unrulymedia.com unknown unknown false high
assets.revcontent.com unknown unknown false high
dsum.casalemedia.com unknown unknown false high
cdn.intergient.com unknown unknown false unknown
cdn.revcontent.com unknown unknown false high
match.adsrvr.org unknown unknown false high
thenewscentral.s3.amazonaws.com unknown unknown false high
odr.mookie1.com unknown unknown false high
kit.fontawesome.com unknown unknown false high
pixel-sync.sitescout.com unknown unknown false high
connect.facebook.net unknown unknown false high
px.moatads.com unknown unknown false unknown
ssum-sec.casalemedia.com unknown unknown false high
rtb.mfadsrvr.com unknown unknown false unknown
Name IP Active Malicious Antivirus Detection Reputation
Name Malicious Antivirus Detection Reputation
https://findmyforms.com/?ap&source&utm_content=forms_&utm_term=tbr true unknown
https://thenewscorner.org/ true unknown
search.hfindingformspro.com/ false Avira URL Cloud: safe unknown
IP Domain Country Flag ASN ASN Name Malicious
172.67.39.17 rt3016.infolinks.com United States 13335 CLOUDFLARENETUS false
216.52.2.39 oeu.vap.lijit.com United States 29791 VOXEL-DOT-NETUS false
138.201.197.100 openweathermap.org Germany 24940 HETZNER-ASDE false
104.22.3.144 resources.infolinks.com United States 13335 CLOUDFLARENETUS false
185.64.190.80 pug-lhr.pubmatic.com United Kingdom 62713 AS-PUBMATICUS false
Contacted URLs
URLs from Memory and Binaries
Contacted IPs
Public
Copyright Joe Security LLC 2021 Page 8 of 74
13.224.99.68 d2n8ih7naru1ql.cloudfront.net
United States 16509 AMAZON-02US false
34.236.18.233 thenewscorner.org United States 14618 AMAZON-AESUS false
185.64.189.216 imagesync22000nf.pubmatic.com
United Kingdom 62713 AS-PUBMATICUS false
104.16.18.94 cdnjs.cloudflare.com United States 13335 CLOUDFLARENETUS false
185.33.220.244 ib.anycast.adnxs.com Netherlands 29990 ASN-APPNEXUS false
64.202.112.95 nydc1.outbrain.org United States 22075 AS-OUTBRAINUS false
35.227.248.159 pixel.tapad.com United States 15169 GOOGLEUS false
38.27.122.158 match.bnmla.com United States 14277 GIGSTREEMUS false
54.156.222.111 search.hfindingformspro.com
United States 14618 AMAZON-AESUS false
34.254.143.3 load-euw1.exelator.com United States 16509 AMAZON-02US false
174.137.133.49 dsp.adkernel.com United States 27257 WEBAIR-INTERNETUS false
108.177.127.154 stats.l.doubleclick.net United States 15169 GOOGLEUS false
18.184.94.176 alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
52.216.137.28 unknown United States 16509 AMAZON-02US false
52.217.8.140 unknown United States 16509 AMAZON-02US false
213.19.147.45 sync.1rx.io United Kingdom 26120 RHYTHMONEUS false
76.223.111.131 a97adde81b00f2ca4.awsglobalaccelerator.com
United States 16509 AMAZON-02US false
52.217.194.145 s3-w.us-east-1.amazonaws.com
United States 16509 AMAZON-02US false
35.156.153.71 prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
United States 16509 AMAZON-02US false
178.162.133.149 ams-1-sync.go.sonobi.com Netherlands 60781 LEASEWEB-NL-AMS-01NetherlandsNL
false
52.216.83.88 unknown United States 16509 AMAZON-02US false
18.156.0.31 prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
United States 16509 AMAZON-02US false
34.232.40.183 imp.onesearch.org United States 14618 AMAZON-AESUS false
13.224.99.76 d11iqv7gybc2be.cloudfront.net
United States 16509 AMAZON-02US false
34.253.168.234 trends.revcontent.com United States 16509 AMAZON-02US false
34.98.67.61 tagr-gcp-odr-euw4.mookie1.com
United States 15169 GOOGLEUS false
104.18.10.207 stackpath.bootstrapcdn.com
United States 13335 CLOUDFLARENETUS false
54.194.137.128 s.cpx.to United States 16509 AMAZON-02US false
52.94.232.32 s.amazon-adsystem.com United States 16509 AMAZON-02US false
178.250.2.146 gum.am5.vip.prod.criteo.com
France 44788 ASN-CRITEO-EUROPEFR false
37.139.1.159 api.openweathermap.org Netherlands 14061 DIGITALOCEAN-ASNUS false
52.71.60.78 web.adblade.com United States 14618 AMAZON-AESUS false
157.240.17.15 scontent.xx.fbcdn.net United States 32934 FACEBOOKUS false
172.217.168.67 www.google.ch United States 15169 GOOGLEUS false
172.67.145.176 siteimproveanalytics.com United States 13335 CLOUDFLARENETUS false
3.121.49.210 elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
185.64.189.114 spug22000nf.pubmatic.com
United Kingdom 62713 AS-PUBMATICUS false
13.224.89.139 dap2y8k6nefku.cloudfront.net
United States 16509 AMAZON-02US false
104.22.56.245 cdn.inspectlet.com United States 13335 CLOUDFLARENETUS false
13.224.99.86 emailhelper.org United States 16509 AMAZON-02US false
116.202.46.88 servedbyadbutler.com Germany 24940 HETZNER-ASDE false
13.224.99.40 sb.scorecardresearch.com United States 16509 AMAZON-02US false
151.101.130.166 kinja-img.com United States 54113 FASTLYUS false
34.249.226.229 nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
United States 16509 AMAZON-02US false
91.228.74.133 global.px.quantserve.com United Kingdom 27281 QUANTCASTUS false
13.224.89.12 d3ff8olul1r3ot.cloudfront.net
United States 16509 AMAZON-02US false
91.228.74.134 unknown United Kingdom 27281 QUANTCASTUS false
54.235.238.142 search.usa.gov United States 14618 AMAZON-AESUS false
IP Domain Country Flag ASN ASN Name Malicious
Copyright Joe Security LLC 2021 Page 9 of 74
General Information
Joe Sandbox Version: 32.0.0 Black Diamond
Analysis ID: 446685
Start date: 10.07.2021
Start time: 07:50:30
Joe Sandbox Product: CloudBasic
Overall analysis duration: 0h 5m 49s
Hypervisor based Inspection enabled: false
Report type: light
Cookbook file name: browseurl.jbs
Sample URL: search.hfindingformspro.com
Analysis system description: Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Number of analysed new started processes analysed:
14
Number of new started drivers analysed: 0
Number of existing processes analysed: 0
Number of existing drivers analysed: 0
Number of injected processes analysed: 0
Technologies: HCA enabledEGA enabledAMSI enabled
Analysis Mode: default
Analysis stop reason: Timeout
Detection: SUS
Classification: sus20.phis.win@3/441@93/73
13.224.99.5 d2fashanjl7d9f.cloudfront.net
United States 16509 AMAZON-02US false
66.155.71.25 pixel-a.sitescout.com Canada 13768 COGECO-PEER1CA false
104.18.226.52 cdn.onesignal.com United States 13335 CLOUDFLARENETUS false
35.241.40.233 dmp.brand-display.com United States 15169 GOOGLEUS false
104.18.11.207 netdna.bootstrapcdn.com United States 13335 CLOUDFLARENETUS false
51.89.9.253 onetag-sys.com France 16276 OVHFR false
34.197.235.204 www.popularvpn.net United States 14618 AMAZON-AESUS false
13.224.99.106 detrlmfafe7oz.cloudfront.net
United States 16509 AMAZON-02US false
172.217.168.34 cm.g.doubleclick.net United States 15169 GOOGLEUS false
13.224.99.55 static-cdn.adblade.com United States 16509 AMAZON-02US false
104.22.50.93 cdn.datatables.net United States 13335 CLOUDFLARENETUS false
67.202.110.24 pixel.33across.com United States 32748 STEADFASTUS false
13.224.99.16 d1rt4thgsoin5q.cloudfront.net
United States 16509 AMAZON-02US false
52.207.141.143 nep.advangelists.com United States 14618 AMAZON-AESUS false
151.139.128.11 s9i8s5e7.stackpathcdn.com
United States 20446 HIGHWINDS3US false
3.229.12.229 findmyforms.com United States 14618 AMAZON-AESUS false
208.100.17.185 de.tynt.com United States 32748 STEADFASTUS false
13.224.99.53 d20skogma9ce2j.cloudfront.net
United States 16509 AMAZON-02US false
13.224.99.95 d27f3qgc9anoq2.cloudfront.net
United States 16509 AMAZON-02US false
IP Domain Country Flag ASN ASN Name Malicious
IP
192.168.2.1
Private
Copyright Joe Security LLC 2021 Page 10 of 74
Cookbook Comments: Adjust boot timeEnable AMSIBrowsing link: https://search.hfindingformspro.com/home/click?uc=17700101&ap=&source=&uid=0b91f9e9-318a-4c69-a4bd-4c43a380a1de&i_id=&cid=&url=%2fHome%2fContactUs%3fuc%3d17700101%26ap%3d%26source%3d%26uid%3d0b91f9e9-318a-4c69-a4bd-4c43a380a1de%26i_id%3d%26cid%3d&value= contactBrowsing link: https://thenewscorner.org/Browsing link: https://emailhelper.org/?ap=&source=&utm_content=forms_&utm_term=tbrBrowsing link: https://findmyforms.com/?ap=&source=&utm_content=forms_&utm_term=tbrBrowsing link: https://www.usa.gov/benefits-grants-loansBrowsing link: https://www.benefits.gov/benefit-finder#benefits&qc=cat_1Browsing link: https://www.irs.gov/newsroom/economic-impact-payments-what-you-need-to-knowBrowsing link: https://www.sba.gov/disaster-assistance/coronavirus-covid-19#section-header-3Browsing link: https://covid19relief.sba.gov/#/Browsing link: https://www.lifelinesupport.org/how-to-get-lifeline/Browsing link: https://nationalverifier.servicenowservices.com/lifeline
Warnings:
No simulations
No context
No context
No context
No context
No context
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1VVRD93S\findmyforms[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: dropped
Size (bytes): 791
Entropy (8bit): 5.1578619732989734
Encrypted: false
SSDEEP: 24:WUxMb0UOxv5mjubUOxv5mjuV8eDMmjubUOxv5mjuV8eDMmjuZ:LuROh0jugOh0juVbdjugOh0juVbdjuZ
MD5: 2D0DCF6C595B878189C57A43EEEFA7BD
SHA1: 9C09854FAEFC6243990AC34DFD25A36043933FC4
SHA-256: 56AB3BADDF91A05F2BD1C1315911A0D154B090D8EC8EDD9D850E30E9D9946EF2
SHA-512: 607BCA94F681B00E4B164A06909A8DAC8DD91534CC3AC764C7979BE8205E2F9A421F0DBF1E34D7BAE4C98041027815DAA11C8C307105166F9EA99D47D5B1400A
Show All
Simulations
Behavior and APIs
Joe Sandbox View / Context
IPs
Domains
ASN
JA3 Fingerprints
Dropped Files
Created / dropped Files
Copyright Joe Security LLC 2021 Page 11 of 74
Malicious: false
Reputation: low
Preview:<root></root><root><item name="modernizr" value="modernizr" ltime="583730352" htime="30897563" /></root><root></root><root><item name="il_cuid" value="4e8ed8dd-037b-4712-ab7b-0c41fa56cc88" ltime="587780352" htime="30897563" /></root><root><item name="il_cuid" value="4e8ed8dd-037b-4712-ab7b-0c41fa56cc88" ltime="587780352" htime="30897563" /><item name="Zm5tZnJzY20" value="{"d":1625928719912,"vc":1,"pi":1,"ed":1628520719912}" ltime="587780352" htime="30897563" /></root><root><item name="il_cuid" value="4e8ed8dd-037b-4712-ab7b-0c41fa56cc88" ltime="587780352" htime="30897563" /><item name="Zm5tZnJzY20" value="{"d":1625928719912,"vc":1,"pi":1,"ed":1628520719912}" ltime="587780352" htime="30897563" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1VVRD93S\findmyforms[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\1VVRD93S\search.hfindingformspro[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 13
Entropy (8bit): 2.469670487371862
Encrypted: false
SSDEEP: 3:D90aKb:JFKb
MD5: C1DDEA3EF6BBEF3E7060A1A9AD89E4C5
SHA1: 35E3224FCBD3E1AF306F2B6A2C6BBEA9B0867966
SHA-256: B71E4D17274636B97179BA2D97C742735B6510EB54F22893D3A2DAFF2CEB28DB
SHA-512: 6BE8CEC7C862AFAE5B37AA32DC5BB45912881A3276606DA41BF808A4EF92C318B355E616BF45A257B995520D72B7C08752C0BE445DCEADE5CF79F73480910FED
Malicious: false
Reputation: low
Preview:<root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\4PP0YMBU\emailhelper[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 292
Entropy (8bit): 5.227887376741781
Encrypted: false
SSDEEP: 6:JFK1rUFYqqRA0vxRvdgIDiejZQ3OcpVAqOJ2IYCUyxK+05gIDiejZub:JsrUO7RDvx75iMcpOJqCUNt5iZ
MD5: 9920DC2565F986F4573D75A91AB6E557
SHA1: 1CAED5A28F3D75490F1747CBA5619C9326122D4B
SHA-256: 0BF167839994E4D8D776D10FEFD2497F044D06290AEC4C39CFE9C37D2FCF0FBD
SHA-512: A8B4A6DAADF113632288E81EC328EE38664BBEFBEBF769E03E5A9F1AACE4755B9D4A6FB5CC8C121FC0C879BC15C5ADA10B0738DF7CB76C4100AD566E04AF7362
Malicious: false
Reputation: low
Preview:<root></root><root><item name="il_cuid" value="4e8ed8dd-037b-4712-ab7b-0c41fa56cc88" ltime="509710352" htime="30897563" /><item name="ZWFsZXByb2c" value="{"d":1625928712084,"vc":1,"pi":1,"ed":1628520712084}" ltime="509710352" htime="30897563" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\8GAIP2V3\cdn.intergient[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 201
Entropy (8bit): 5.174073597627073
Encrypted: false
SSDEEP: 6:JFK1rUFLbqXfwEkM4EDUVUpjJYWqsWBFSniejZub:JsrUFWXojMNUVUqWkiiZ
MD5: CF4282D18DF49DB45A9E213FD93F6F67
SHA1: 863815960ED30634DB638C27B2F85B3909EB5F04
SHA-256: FFDFDE3172D174B2C3A3A8DFFA36B92CCA0C37C145A30FD0ED5A16535621FECF
SHA-512: A9C065DD81B41AC613B02CF551ED1C650B275FAB443553D870476E57031266019B0F3E3B2051079F4C5FBEE4DDD6B52F1D1055DEB2743414821303391A5B0B4C
Malicious: false
Reputation: low
Preview:<root></root><root><item name="pw_uuid" value="{"PII":false,"data":"user_ec93e922-bd5d-4b8f-a3a2-9ee1ac0a7b1a_1625928708496"}" ltime="479720352" htime="30897563" /></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K9C7AIJ\thenewscorner[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Copyright Joe Security LLC 2021 Page 12 of 74
Category: dropped
Size (bytes): 3230
Entropy (8bit): 5.315081530666829
Encrypted: false
SSDEEP: 96:5dlocloclocKYrY0locKYrY0OplocKYrY0locKYrY0p9VlocKYrY0Z:q7
MD5: 3E8DCDD0D48C043FF9585712B150CA68
SHA1: A81B31F34A77986CC9D86A127AC3957B17B5DE3D
SHA-256: E2D493AF6D80E6B30540CE53BB166025EF03EB3CB38DC44425FDD2FE51BF44FE
SHA-512: 3E1CDC4994C1F1E49F7AA2D5CD1E482B8B1165EC93CD945004DFD3424FE5954A45C1AFEDFA4FE272B650F9EF0AACDA74CD81D55E132311A54F8D865CDE99FD23
Malicious: false
Reputation: low
Preview:<root></root><root></root><root><item name="PageOS_Session" value="{"UUID":"session_b5b6cab3-77d6-4039-8a73-fd57c4031d6c_1625928706144","firstVisit":1625928706145}" ltime="450230352" htime="30897563" /></root><root><item name="PageOS_Session" value="{"UUID":"session_b5b6cab3-77d6-4039-8a73-fd57c4031d6c_1625928706144","firstVisit":1625928706145,"pageNumber":1,"lastVisit":1625928706145}" ltime="450230352" htime="30897563" /></root><root><item name="PageOS_Session" value="{"UUID":"session_b5b6cab3-77d6-4039-8a73-fd57c4031d6c_1625928706144","firstVisit":1625928706145,"pageNumber":1,"lastVisit":1625928706145}" ltime="450230352" htime="30897563" /></root><root><item name="PageOS_Session" value="{"UUID":"session_b5b6cab3-77d6-4039-8a73-fd57c4031d6c_1625928706144","firstVisit":1625928706145,"pageNumber":1,"lastVisit"
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K9C7AIJ\thenewscorner[1].xml
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\DOMStore\9K9C7AIJ\www.usa[1].xmlProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: dropped
Size (bytes): 39
Entropy (8bit): 2.469670487371862
Encrypted: false
SSDEEP: 3:D90aK1r0aK1r0aKb:JFK1rFK1rFKb
MD5: B9C5EB570521110110BB7DFF12AF780D
SHA1: 27F5BEBC2200FD8D0B51A93D1357EA954BE44079
SHA-256: 90171F10A6467C9DC31143859BAB69D045B67B39E2E49D92BB7168B383C4D1AB
SHA-512: BC81539E62D643808CBDA3D86050058F379B2F0347CE65CBBA9797D386401C886B22AC4C0B2BE68197AE10C83A1E22A14232CD531C8D139DD3C031DB423EA355
Malicious: false
Reputation: low
Preview:<root></root><root></root><root></root>
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\RecoveryStore.{4871FE7D-E18E-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 48360
Entropy (8bit): 2.0383388568575627
Encrypted: false
SSDEEP: 192:rsZzZy2uWPtrfdRMH9BfIcrdUdYFWdmdmQ9:rsVxFVrYH9xN+XkIC
MD5: 44BB1E9CD998C7253B65FB26B7D5F626
SHA1: F1FEAA995A2D1E85FA30B263DB4C551A6B877593
SHA-256: D3408603DC4CA948B7939C69DBD6BFA73DB9F4DD04C8EA58EA10BA7A751F174E
SHA-512: 80038115B2874E75B35E461B3980C7BB6D5916A1B5D620B5C2C5B4011DDFE59353519F8BDD039F4B1B83347FE5923A083B2EC336B57A592EC6E40372B82032B2
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4871FE7F-E18E-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 260124
Entropy (8bit): 2.7857874071291056
Encrypted: false
SSDEEP: 384:rfndtpgUgDyz0YY0NwJsOzH+/vLGvbEciK1JGMltm0IyICGKBKacgk7j9EwxiO+3:abyKnICGKBKa5
MD5: 05CBDDF15BDE5E15FF6060DBC0E943FD
SHA1: 0957B0BE03BE53592F9F02B3B7C695A4CD1121FB
Copyright Joe Security LLC 2021 Page 13 of 74
SHA-256: 35F295750149C6CA876FDD3208E522B6BEAEA148F0FF7E97C8E64EB9E80B6054
SHA-512: 20BB729E917540812C3A6E6048585D7B9DDCC6CEF9B6E33E6E84511D06E33FD5DB6D5FBB3B708AFB87EE2ED411CF87AF83A9292004B85A5C05E8D895673FE774
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4871FE7F-E18E-11EB-90E4-ECF4BB862DED}.dat
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{4EF39DA4-E18E-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 16984
Entropy (8bit): 1.5635949127426874
Encrypted: false
SSDEEP: 48:IwFGcprsGwpa9G4pQZGrapbSVcGQpKXUG7HpRuTGIpG:rbZEQ/65BSGAvTKA
MD5: FBC26A4E9A73B2EE38129A10EF0B0213
SHA1: 31993DA629602661D466B547CAB85B7EA96FE498
SHA-256: F9A67E97D9EB7BDC82D50F3E516CC4B57B582101DE4460388E56E1FCD27679AD
SHA-512: 33516E6BFA148076BB305C648CC24019B8B6DDFA086E9CCC357A70AC273DE24C9AD4FF2FDEABF0F1477BF0F552B4B26A77051D9CF57968899A116C2B07C04A5B
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\High\Active\{550D403A-E18E-11EB-90E4-ECF4BB862DED}.datProcess: C:\Program Files\internet explorer\iexplore.exe
File Type: Microsoft Word Document
Category: dropped
Size (bytes): 31258
Entropy (8bit): 2.0323181039005864
Encrypted: false
SSDEEP: 96:rQZDQG6IBS2j92tWSMGaIZs8XZNHWaWLHGdOH1HDHmHO9dN2:rQZDQG6Ik2j92tWSMGa/8p7dYN2
MD5: 702B98414B5F6C2C40ABE646BD1583B3
SHA1: 5295D510F774FC371C82278EDA889E4614F2811F
SHA-256: 409813E9245BEBF8A7F134B8DDFA9F4D01720E6C578079200BBEE5780D579E88
SHA-512: 20707DAFBE2C53AF8A6BCF042F451BBDB968F0FE3B55DBB48D0F2EACD80B2B81E17D69254F424C84C14A3C32589E348BFC7513B0F5C9B973E76325AC9740A2E4
Malicious: false
Reputation: low
Preview:................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................R.o.o.t. .E.n.t.r.y.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.datProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: data
Category: dropped
Size (bytes): 259840
Entropy (8bit): 3.607007830144438
Encrypted: false
SSDEEP: 3072:B3tRwXjPdMQL7T3tbwrjPdOQL7Qry9lls:B3tR2jPdMW7T3tbCjPdOW7Ykl2
MD5: 5583DEE79215B205F0AEB0F74AB7EC46
SHA1: 5CCAE53FBA9FA9BEEA739AC1D6AD317F51267015
SHA-256: 47C17273653C2E1B668CD152182D1C7F972083096680EFAE9DEE92716853EB97
SHA-512: A58C324925840B9CB0A747F85B950209E900A42B2B5DE685F9F378FC72D39C7C0663AC9981CF27A5106BFB2DBCCD8E8F49BF43D76E0266BAA3EE538AB7E2C0CD
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 14 of 74
Preview:/.h.t.t.p.s.:././.s.e.a.r.c.h...h.f.i.n.d.i.n.g.f.o.r.m.s.p.r.o...c.o.m./.f.a.v.i.c.o.n...i.c.o.~............... .h.......(....... ..... .........................................................................................................................................M<,.P=,.L?&.................................................M<,.O>+.Q=*kQ;+/........................_?..N:-'U?*.........M<,.O>+.O?+]Q=,[....................MB,.O>,.P>+.iO0jZC-qP>,.P?+iP=,.O?+]O>-Z....................Q=(.O=,..9L.<D.<*.<7.9GpQ0dO?*.P?*Y........................P=+..9L.8..................<D]F.sR?,(....................Q9..VA-|.<?.........................8HP>,.....................N=->.d3h.5..........................9>O>,.....................Q>+5vW.i.7 .........................<?P>,.....................HH$.P=+..<H.....................E..|6PO=,g........................N<*q.l4R.:4.............?..:NO>,.EE..............................O>+.w[.b.<D.;@.:A..5LQ?,.Q?.,..........................
C:\Users\user\AppData\Local\Microsoft\Internet Explorer\imagestore\ynfz0jx\imagestore.dat
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\03d[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 2565
Entropy (8bit): 6.88008372841342
Encrypted: false
SSDEEP: 48:p/6lcvrHvyh/MU9sEvee7ZkI8bw637n6HT9CqOC1ZZEC1Nmx51eiGuHtMs:pS8ah/MUqOZkI8bwg6HJH1zmx5IiB1
MD5: BEEB7BBDE37CD163AA8077B8ADFEBDC6
SHA1: 75993533DC8B6A5AB905B766F5849AF45691C307
SHA-256: C0ADC613F9CAD2EAEE357CAB8C9F69271A5AF62AB8D39341190EAF3351EB4774
SHA-512: F1E891DE1E88DBE204ACB0AF76E94A64FA02B8D10CE9EDE41A2321BEC985F7A1D391C144ABCC5AD848930752B1C736D01A806F0B9FDEB57BDE25991A1339AA86
Malicious: false
Reputation: low
IE Cache URL: https://openweathermap.org/img/w/03d.png
Preview:.PNG........IHDR...2...2......?......pHYs................LiTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 5.1.2">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/">. <xmp:ModifyDate>2012-07-27T13:07:69</xmp:ModifyDate>. <xmp:CreatorTool>Pixelmator 2.0.5</xmp:CreatorTool>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/">. <tiff:Orientation>1</tiff:Orientation>. <tiff:YResolution>72</tiff:YResolution>. <tiff:Compression>5</tiff:Compression>. <tiff:ResolutionUnit>1</tiff:ResolutionUnit>. <tiff:XResolution>72</tiff:XResolution>. </rdf:Description>. <rdf:Description rdf:about="". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <exif:PixelXDimension>50</exif:PixelXDimension>. <exif:ColorSpace>65535</
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\11.1.316[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 65419
Entropy (8bit): 5.470093334366558
Encrypted: false
SSDEEP: 1536:sv1WXqGi7dyURf3CZgBSck1oVQDkhllnltbn+iLWj6zHnIBmfStf:UyUNTSd1oVQDkd+ibHnIL
MD5: C0109D2F2EF41BDADAD8C71601252677
SHA1: 66527BA6420B5ED6DF46617DF75B24BE0013E50C
SHA-256: 883108C823814C1E6894480A10F719187B16B86B3A27F8FA21A7F63D54F61642
SHA-512: C7B94E25267AF0D65E035606170D0F711F80C515FCF2ED226C83D6A1B9B27B8A5A36898B08F7B4DBBC051328F92C306FE05817E7EB566F93A040B8DF3F115A1A
Malicious: false
Reputation: low
IE Cache URL: https://script.crazyegg.com/pages/versioned/common-scripts/11.1.316.js
Preview:/**. * @license. *. * This file contains works from many authors under various (but compatible). * licenses. Please check the /versionnumber-licenses.js url for more information.. *.**/.if("undefined"==typeof CE2&&(CE2={}),CE2.userDataToJs=function(e){for(var t=[["uid","uid"],["snapshots","snapshots"],["status","status"],["flows","flows"],["pageEdits","page_edits"],["sites","sites"],["USER_SCRIPT_VERSION","updated_at"],["__CE_HOST__","ce_app_url"],["COMMON_SCRIPT","common_script_url"],["COMMON_SCRIPT_SECURE","common_script_url"],["TRACKING_SCRIPT","tracking_script_url"],["TRACKING_SCRIPT_SECURE","tracking_script_url"],["AUTH_KEY","hud_auth_key"],["HUD","hud"],["GLOBAL_IP_BLOCK_LIST","global_ip_block_list"],["IS_USING_IP_BLOCKING","is_using_ip_blocking"],["TRACKING_DEST_NEW","v6_tracking_dest"],["TRACKING_DEST_NEW_SECURE","v6_secure_tracking_dest"],["DEST_V11","v11_tracking_dest"],["FT_DEST","flow_tracking_dest"],["PAGE_VIEWS_LIMIT_REACHED","page_views_limit_reached"],["NUMBER_OF_R
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\143031-featured-320x165[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, baseline, precision 8, 320x165, frames 3
Category: downloaded
Size (bytes): 4020
Entropy (8bit): 7.878103777074903
Encrypted: false
SSDEEP: 96:T/qpUqAU3geHQgLiH/Tz96u+e7CfJqD0iRtUb:TypUjmQg2/T8u+AXm
MD5: 3B8F01E6F959AC827626D0071DE872A8
SHA1: B8639547065C5ACC2DCA4D24AAF11B5030D774A3
SHA-256: 2C8C4B1B2B46E9DAC614E7118E4B0D92B652CD039C998E02EF07B5143B99A15A
SHA-512: 0F04DEF3F9C83A2D9AD6DE9F9171C6EF20221DB54A0AA7D9D9CC3ACC80BA95399C5E696132E535FBD0D775D4EFBD51943CAA165446A43A2E0E2FD80917CD0A05
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 15 of 74
IE Cache URL: https://thenewscorner.org/wp-content/uploads/wordpress-popular-posts/143031-featured-320x165.jpg
Preview:......JFIF.....`.`.....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........@.."......................................../........................!1.A.Qa..".2q#b...$......................................................!1.A............?.....X..:.....1kX...v....<..g...jX...P..5g|^.B6#x.....Kk..8.1.TX.N..S.4U....\.....U...-:.G|1.P.+...C....#8E$.(..f...TT.....X....D.....(..].y..R.)...=...{H..,.e..Q...b=.%H...kp,Y..D.U.>.%n.;J.l...4)Q...g...up........{..o"[email protected].%T1.r..A.#/.\......N_....z.\._d....O=.E.C.'.?...9..i.d.....9..... .ko....6Q.1C<v]B..S.U...U.&..p.4.j..h.<|...e9t.!..~..N.0.2lO.c..4..d`...~.'A.....K..nT....6.....)Ge>..A.x....h...9.i...~.<..o...s..R....6z.4p...).........p...[1j....%m}....3%,...|..<9..q.=..NT)...%.,[email protected]>@d_#[..)....F...3K.1..Jve.i..!.|...."l.m.t:M.|....y3(.c._.MS.~.*\..6E.V.d.P..5vi...6..x....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\143031-featured-320x165[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\143098-featured-320x165[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 320x165, frames 3
Category: downloaded
Size (bytes): 19228
Entropy (8bit): 7.965420193537873
Encrypted: false
SSDEEP: 384:RhGMKMOtQZo9wI/aOC0dieGOR/f7gF7jEod7tVes9rJ16XajvILLDyQ:RoDtQZo9wI/ax0zRH8FjEsDdmajvMDyQ
MD5: 35A53DFF14653CDC89A7527FA89A0148
SHA1: 5D66891C63A83641FC539D36FBCA556FE05E76C6
SHA-256: 7C690A9D1DFF6D0AEE031164603D00B3161B07DEC988A2A2E53E49982209ADA8
SHA-512: 9DA0497C36F21F0020334B9DC421602FC8AE54AF05E4A438E4F21F2E8EDFD5A1C46A95E2B5ADD5C51552D4718E049A743FBF5F4D2E8466C95876F8B2BD307355
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-content/uploads/wordpress-popular-posts/143098-featured-320x165.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........@.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..s....+.Pn%.Ps...n.^t....1..!6....g"..+V..r"V.U.2}.AI.$a.T.X9lm...s..BeH p...v...=...5.op...Wr.[hl..N.....8H...#`..=j.u. @..e.W..........$...?6..[...*..'....q.h....x.9..d<..K(B.aE;q.:I.LH...P(......!(.,MU7}t"g..%......l....V.u..Xms..P...+.*.......Q(W..'*.f ~<.....U.=....j2..13.+..&_..Gy....n.q,.'.t#..5..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\143114-featured-320x165[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 96x96, segment length 16, progressive, precision 8, 320x165, frames 3
Category: downloaded
Size (bytes): 13872
Entropy (8bit): 7.942704475078238
Encrypted: false
SSDEEP: 384:XHcD7iWFcgN0JvjK5gz7rHSZpy2oLtkh9cu:siWFcoWUgzShoLt0cu
MD5: 5AC895ECAACC905490EC1ED351AC4522
SHA1: 7285A1E739DF6C8F2B03F9D88A7CE95B87970C89
SHA-256: CF3341142E2276E549FC09F4F866EDE5C7F2DBF2C86EF32CE3CB66B5D643598C
SHA-512: A210FADD5C68B524E7E46647ADEF5C950FDFF47C51BB96449EBB4BB9DBD2BE284B7AE95F6454D21D182391792AB4B92F1408196CFF70E311F450F5291F478A7D
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-content/uploads/wordpress-popular-posts/143114-featured-320x165.jpg
Preview:......JFIF.....`.`.....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........@.."..............................................................................3..........5........W...X.>.....]M@..*.4..^.X..;.V.Q.R-.-.O)%...v......AO'..S....E...]e..%..ZarEI.lb..H..DY..w..~sb2.....z....FA.6.i.......bS|].~...h.Y.+]......)l.B=.....O(.r.^5..X{\.y.g../\-.....K.Th.Ki*..hw......U. ......p.s"...#.s3@v....{M..RF*......\.m.|c&."6..Lq..p..%........J.J+).k..:....::...i....g,c.DX....Q0...+Q.Po8.Tp.).m0...v.F.L..;[email protected];..zg......Pz..f.....m...iz.......}.qc...A....nR.Btv.F.S..h....M.......z.[;e...[VF`5J...'P....XtP..,pC5....7....7...[on$.f.jy...Xj:.L.S.^=$M..b...G.3.....hE..G..s.`<...T.+S.idu..!up...O..i.C...n_..6.V\.....fk^.......FU.Z....../yH.J.i,yC.l.D.QCc7..`6.....E..."!&.5...:..GF.y.)....{.\....&.,+.e..n....-+..%-We-qNN..6$i#.p..y-.n.0....AcjM.m..h.dv.G.....,
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGaV2Q[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 13972, version 1.1
Category: downloaded
Size (bytes): 13972
Entropy (8bit): 7.963760464589582
Encrypted: false
SSDEEP: 384:eZ8zfWInjIB6aUU3kulozoK9GIaLI0fKAzCPtIw0cayAJ:e+bWaCJFmvghfKqw0ry+
MD5: 7AD9A3BB774C98A7E4AB3B69E7F093F9
SHA1: 15B0539EE5A09ED9B259B68852921C96C9BF0B83
SHA-256: 3FCE04BB36081CC1B1A54E0A220662A2E4487790B48129A026741391D316C189
SHA-512: 8FD68B976D59766C687B19EE195D4F4D44E1CAC72CFA57C9DB84F240EE68E5CDC961BC6ADBB664EF7AE3884CE07D123E80F0E7437D75B822CD448CD8F9227D9A
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 16 of 74
IE Cache URL: https://fonts.gstatic.com/s/assistant/v7/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGaV2Q.woff
Preview:wOFF......6.......`.........................GDEF...l...-...6...PGPOS.......o....@.].GSUB.......z.....u.5OS/2.......O...`b-.eSTAT.......,...2y.p.cmap...........T=..<gasp................glyf......# ..8f..].head..0....6...6.v.Zhhea..0........$....hmtx..1............Sloca..2.........`.n&maxp..4........ ....name..4.........q(}.post..6x....... ...2prep..6.........h...x...... ..0.+E.....1..>.(..)..E7..v..^..B......x.T...&[...{o.|.m.m.f...;6.d..mDk.....lg..9Uu....y..k....6g....r.._..+7.....XHb<.o.....</..@*.I.+.......C......}....PJ%ut....<.Mu.Nz..../[..&M...w...%.1.I...~..$Z.'.2..*.5....f...*!e.....).z...B.;g.;*.gnOw.j.V.YM...>.;q6..O....+..~..0Qx....w......s.[.v.(A...../.....a......&.....b.....5.t=.n..B.N..'.3<.......(:?.5u9.Sqd....}.gs2.s..+.....9..x..x]x.w..y..x.....r....O..>#E.......L..... .]%f..-.E#..c..y.3y.+.n.>..$.RN.....W.A".Z.Ib6.9f....b+.V..`...|.iU..>b.J_k.ze...1.l.>.uO"o..,...).%.0igk..q.i.7Hi.[.........J...{..l....]K.....=.c.'.3M....d.O...v....S
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtgFgIGaV2Q[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtmZgIGaV2Q[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 13188, version 1.1
Category: downloaded
Size (bytes): 13188
Entropy (8bit): 7.96123175665422
Encrypted: false
SSDEEP: 384:FWEg0K6TQ0F6Hn1DEbLMDNUJsh0u0eLKQa7TNf:QEQEZgHGbLMDS290gKhTNf
MD5: D390094C9A933DF1456238AC3B03EAA4
SHA1: DC62B11450EA650791077154F61923EF26F25513
SHA-256: AC07D30B17017F926D25BC0CC9564465F103E3602F2513EA2DEECCFED64CC544
SHA-512: 1AC80A3CD91938DD79E135ECD1DD469CFD336AB15D10ADFC8ACCAD238B78EE7A6D3234A6AD49EF1861D176E941799F473F7883278007EF9806EBB5AC7F971087
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/assistant/v7/2sDPZGJYnIjSi6H75xkZZE1I0yCmYzzQtmZgIGaV2Q.woff
Preview:wOFF......3.......`.........................GDEF...l...-...6...PGPOS............<.V.GSUB...X...z.....u.5OS/2.......O...`b...STAT...$...+...2y.q.cmap...P.......T=..<gasp................glyf......!...8`X12,head..-....6...6.u.Zhhea..-........$....hmtx.............Y..loca../.........^Ik.maxp..1........ ....name..1........h....post..3h....... ...2prep..3|........h...x...... ..0.+E.....1..>.(..)..E7..v..^..B......x.T....A.E...gm.m...Q..F.6.2(.a.7(.no^&....8;8...,%..>v*UW.[...k.m]O[..4.A.v9...,....wm...`1..1.b=...R.*.$..og..G..8.!.q..\.....I.s".cO:..X.....R`.l...x.,..+}.Y..$.w...8.......Z..sX$....s\..."pEx.....&w...=....,'..`9..#...._J......t..s1.w...Yy..z.u_...d......+.....................6..z.....I(..ft.C.........I.}AC<.q..%...U)K].IoD.*...`....D../3.F?...9...8!.sF,..=.u......y....A.g).x.'....^SJ!...B}.Q.K...%.e.J.cU.Ky/....^..K.VT.b.R..l.:.MQ..[.y.G.}Q..$..*Z]..k=.r......&..T......K....$..{l?R....b4y....KSM...R..u[*jx....T..u..E........H.L.L.:{..lWq
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\332720671379986[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 266561
Entropy (8bit): 5.472740784248164
Encrypted: false
SSDEEP: 6144:Rk1HgCSntDV/HaK8V/Ha8NEPjQHguH3HpQrwz8GW4:kNE72
MD5: 98DD115117B4D88741EC5F1A5290BAAB
SHA1: 38C4877B2D6C419D510BD3239894EDB2A75F9AC1
SHA-256: F68A29AB39D31446401E64C3EF734D3032D80F5DC8E54AB37B7DA8510D66E667
SHA-512: 725C78961DD0D174D4924B250B8B815E2C92893FD7BB186BAE16CC428011FF2A396B4751765C12EDC751820CF7096C43128A26392ABB049896E96D8EA24C2356
Malicious: false
Reputation: low
IE Cache URL: https://connect.facebook.net/signals/config/332720671379986?v=2.9.43&r=stable
Preview:/**.* Copyright (c) 2017-present, Facebook, Inc. All rights reserved..*.* You are hereby granted a non-exclusive, worldwide, royalty-free license to use,.* copy, modify, and distribute this software in source code or binary form for use.* in connection with the web services and APIs provided by Facebook..*.* As with any software that integrates with the Facebook platform, your use of.* this software is subject to the Facebook Platform Policy.* [http://developers.facebook.com/policy/]. This copyright notice shall be.* included in all copies or substantial portions of the software..*.* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR.* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS.* FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR.* COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER.* IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN.* CONNECTION WI
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\56528_5fb3ea78d36ef[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: [TIFF image data, big-endian, direntries=1], baseline, precision 8, 298x224, frames 3
Category: downloaded
Size (bytes): 78931
Entropy (8bit): 7.907089483171219
Encrypted: false
SSDEEP: 1536:Nwoi4rKBqAWcIzZAC8PG7lijth/jlFiWCah+cNnHtcyNdqY1gCqqwsxnT4sVSuOB:uoisKsA7kmTjzZVhXNnmSdb1osxT+p
MD5: 38E4698B5B6151230139D9703CFF817B
SHA1: CF769B7B2E38C4B20E0026FEB1E2B4794DCEA4E2
SHA-256: F9EDA024EA0E6B9D66C1B3EB7D14194C36A0C4B8213ABECDD6DF099C09D95B71
SHA-512: 987770E827ECAE5F7D4B991F9F8CA64786C270F56F1F8D417AAAC600BE0D3CB5E9DB563092542EA2AF8A3BA90C951717A0210A812ED930932DB86BCB2EDE6F71
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 17 of 74
IE Cache URL: https://static-cdn.adblade.com/banners/images/298x224/56528_5fb3ea78d36ef.jpg
Preview:......JFIF.....H.H.....LExif..MM.*.......i.......................................*...................8Photoshop 3.0.8BIM........8BIM.%..................B~........*...............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz...........................................................................C....................................................................C......................................................................&............?...?..(......(......(......(......(......(......(......(......(......(....o.....e4.3...jR..o.N. H....O...9^.+....,..|..V..........2.\.n|-...o......Q...._.7...eF.?....3..|F..c..?.Q...|..A....\....V...z...S....'.9..Xg.I.....}....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\56528_5fb3ea78d36ef[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\56528_5fe1fbdc4233f[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 298x224, frames 3
Category: downloaded
Size (bytes): 56937
Entropy (8bit): 7.970481122033517
Encrypted: false
SSDEEP: 1536:EVw0JL+ENQw/z3LUSpr9HbOyn3yZc49itoJQyES7g54hVtV:VlENQw/DoWHHn3ytitoJ57gE
MD5: DB53FE2965B19F1C11D4697BE1A257E4
SHA1: F7CF24C9F536E048E7A0A1850D3030896E8113C7
SHA-256: 099F71C419C42395C8FD050957EA39572817A545A2656A4C1BD185B772426F6B
SHA-512: 7DAFD2740528D390A1D409AA446CBCF76F517D18EA709005E729C58D83B068C0B8B8C05E1AFD64AAE84ECE1A85AFDA06F93A75723CA172DA09C156E05A8440E2
Malicious: false
Reputation: low
IE Cache URL: https://static-cdn.adblade.com/banners/images/298x224/56528_5fe1fbdc4233f.jpg
Preview:......JFIF.............C....................................................................C.........................................................................*..............................................[.........................!..1A..Qa.q.".....X........#2...(8BR.$'3HWbh.7Gr....&4CETgw........................................G.......................!1..A.Q"aq.....2.....B....#R.3br$%S....4.CD...............?..... ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ...8 ......u........<.~.\P.2@....]<u.#..t...<.~.\V.?%..W.......Os..H....?%..W...?.3..}..`. ..\.u...A.....'..............y.O{....>.._.t........<.g...\.B~K....7............~K....7....<..g....../.x..c_.g......O.u........'....l=.pA..D..]|[email protected]_.3.....8"..........q.F....I.O.x..........y.O?x..!?%..S8..c8...k....?.........]<uONF....g.....A...0A...:.........A...:....]..Lr{...`}. ..]<u.1..3.............y.O.....x .~...........g..........~:.9.k...&y<.=q.............._......~..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5712a44d-c792-423e-a2c1-1746c8b0dad4-80x80[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 80x80, frames 3
Category: downloaded
Size (bytes): 1826
Entropy (8bit): 7.729774939993233
Encrypted: false
SSDEEP: 48:Uf3oOSKRFuERACZomb+DoXNtVDhAa7NjNHPQ:3SMENompxdLNjxI
MD5: 0A6A2A730F6E1105350638BBA36C3488
SHA1: E0123A4D0B4A3D011C18BDCEFB21FDDB9849EA5C
SHA-256: 02620E04132D38C5E98BC8BE40E3278F022300180D9DD20ECE2583D3014E999D
SHA-512: 3ED44E0E10A8623019B81B1E8EBD92729D7EE7F9570460FE5E05F999AD221E4CC0F5BB5688954F273486F3524DED43BBBF1F9CC66232CBDE5BCCEE089BA2F561
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09131515/5712a44d-c792-423e-a2c1-1746c8b0dad4-80x80.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......P.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...i.).".hs..JV...I.=h.4..uDR......W.h>.M........a...\.,..^Fe.B. .L.....^.5...S.p....z.m(..._#....=y.I,q...q.W...I.c_F....q^.."]r...72D....3^.;.4..T...lV...m.a...mb..1...n...9;.:IE....*.5EH.....-..p.......jo......N..w.&...W.x6..:...6\{.#.c....Q...~..f....@].}N:/NMy...Ok./.z.....o.H........S.t..oo....A...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5f3583b3b7d280-57659548[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 150x150, segment length 16, baseline, precision 8, 300x225, frames 3
Category: dropped
Size (bytes): 8383
Entropy (8bit): 7.943566223060589
Encrypted: false
SSDEEP: 192:5PktGUkDuUCceWLz4HLIL3vG5Ow7zRV0GZiuVKNc2PbK+huXZ5YB:lKGUkDuUpvdvgOyzb0kiiKNc2+gYa
MD5: E1AD0466FCE7404AB3073D8BBE04C988
SHA1: FA142B8231BF486368CCF864F30A8CF8742A08D2
SHA-256: 973E8FC9EFEE1A0AB62C263942C39045FDE5D8A9D00C7887997752D1D3249B87
SHA-512: A6A68D5B90CC40C4A68BA5C381A685E8F201DDF3BC126BBC4C4CF80859C48FD2790B58EB3FBFABFCD5F737AD3190DBC89D6884BF57071344743CD354686E5AA5
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 18 of 74
Preview:......JFIF.............C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc........,.."......................................<........................!1.A."Qa2q......#3BR..C...$br4D.................................'......................!.1.A."Qaq2.B..............?...B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B..B.....u$:..D)J.IL._a.M\:.[%k..}.N...!A.*.B]B...R.P.J..B..B..B..B..B..B..B....P. .. .. .. .)B..B..y&'.2'H.,.h}./6,..y.!....%.{AsMn;.=...$.8.~....V.^....Xrs.0..M-.............bl,...y.c..G`W8.k..zV..e.p..\..'.+..Q4.E.q.....I#...........~.....g].39....q.QK<.;\Ma...^..+k.u......d...j-....../W..92.w...9.....g0....].r.'.p...g.Jm.x..KZ..K.9.9.....x".0....O..'lG.y..f.NL...l...<H..gB.i...~.i....36'...[.l.W..D....P.p.. ...>3Nd....E..H.e.....t9..4c...M_..x0.q.eF....o.wO.K.........\>..%.#?.Ts.y...'~|.h..s..~....p=.....A...i. .${.....g.$t.|d..q.^v<.....Z.+".o.].i'~(.v.`.y..P.5u>?.y
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\5f3583b3b7d280-57659548[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\682b2419dac6a805e4888c683f06f3a9[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 225x150, frames 3
Category: dropped
Size (bytes): 5317
Entropy (8bit): 7.900140997241109
Encrypted: false
SSDEEP: 96:6ogI7AbYwpaFhrc/H6WmsRcfSPksLnmVzpO6LEPn9P3miv06PF/Btbs:6b9bYwpiWHQW7mVz4aA9Pbv06PFJW
MD5: 8EA6F565D303CE7D9A9D7A321ADD576D
SHA1: CB3D0F70CF236CC1285FB02B71148D815C995CFF
SHA-256: 160979A3B113A0A371A23FD961951F99B17B3089C378957D0899070D67AD6CAC
SHA-512: 6120BAD56B840C5AB968AFB77A3A18E505EB16E6756357B175D14C3B1A58B5430F1A4904026F3A3217C84CE5D12B934BC00FB28C4EA1AEAC78AB62B7300AE89D
Malicious: false
Reputation: low
Preview:......JFIF...........................................%......%!(!.!(!;/))/;E:7:ESJJSici................................%......%!(!.!(!;/))/;E:7:ESJJSici.............."..........4.................................................................%.e9..U...EN.X.....l(.t.....3.y..Ke.0{j..]mX.v..S..*=n#d..2G^.......n+g..z.t.....YJ..>..Y.1mo2.C5..>..'[......u...j..or~.|...}Lh.g....dr........`F..6.v>r$......x.._$.f2....gi..f..-..i*.p.~U.1...d..W.d..f...=...J.|.E.W".8..e!.w2...MXc.....u#...q`..ei.;.........7A..p.r...s...5..o..Q...:.gB.;pc".....{y\.F..I.6vv-m....Nw.b...jj..B......,.....5...g.......o.4J..y.oL.'..p.r..[v(8..~r..:..N ...de.f.<Q.).D.~.$..N..Bh.:.....a/UD...,_P.'..)...l.>.=aWI.b#\.o....E!..!...*.....K.+...d`[email protected].}r....Vh...f.*.(.|."....R.r....k,W..F.I..wk#.:.......s[%..0..L.y..^=....`.#._aj....gs.......)`..-..t]./.. ...X.]W.@p......)..~.b;.G.*X.66.3C...>^5....k....A...0......R.....O8...(B..B........4...........................!1Q...AR"B.3CDS.2a#4T
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\7[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 137635
Entropy (8bit): 5.359857140446013
Encrypted: false
SSDEEP: 3072:cElGYhxXIT8Nm+08sIw3+nVTEz61rmhGd8zhm:cElGkxXIAm+AIw3aIz61rJD
MD5: C29D6FDB91EAFEFAA7EF2F875094C784
SHA1: 4438CE2DD55AFEE1DAEA0B3363E14AE58E977580
SHA-256: 77C777B9761E01F29A3ECF3927EA8EDADEE982718839F7971FCCD76F463E7B54
SHA-512: 20E93AE5A7D4E4BACF3653252C0BE876F09684367C4343D614A90C56A652AD2ACCD4891A3D6B1A8A8FD952E414D53001F3177F40BFE9B9A27CA9EAAC122BF7E2
Malicious: false
Reputation: low
IE Cache URL: https://cdn.playwire.com/bolt4/js/zeus/releases/4.3.55/7.js
Preview:(window.webpackJsonpBolt4=window.webpackJsonpBolt4||[]).push([[7],{100:function(e,t,n){./*!.* screenfull.* v4.2.0 - 2019-04-01.* (c) Sindre Sorhus; MIT License.*/.!function(){"use strict";var t="undefined"!=typeof window&&void 0!==window.document?window.document:{},n=e.exports,i="undefined"!=typeof Element&&"ALLOW_KEYBOARD_INPUT"in Element,o=function(){for(var e,n=[["requestFullscreen","exitFullscreen","fullscreenElement","fullscreenEnabled","fullscreenchange","fullscreenerror"],["webkitRequestFullscreen","webkitExitFullscreen","webkitFullscreenElement","webkitFullscreenEnabled","webkitfullscreenchange","webkitfullscreenerror"],["webkitRequestFullScreen","webkitCancelFullScreen","webkitCurrentFullScreenElement","webkitCancelFullScreen","webkitfullscreenchange","webkitfullscreenerror"],["mozRequestFullScreen","mozCancelFullScreen","mozFullScreenElement","mozFullScreenEnabled","mozfullscreenchange","mozfullscreenerror"],["msRequestFullscreen","msExitFullscreen","msFullscreenElement","msF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8490c5d3f3ae029804f6b4517ffd951c[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, resolution (DPI), density 72x72, segment length 16, baseline, precision 8, 300x225, frames 3
Category: dropped
Size (bytes): 7931
Entropy (8bit): 7.946018841968214
Encrypted: false
SSDEEP: 192:/26l8fiLDi16si2iixBrzVCsOrJQoJdLNRgz7Xz/PkP8ry:/26lvLDitFBrZDiLbwv3kP8ry
MD5: 4E520824F3926F03AA1193726BABD6CF
SHA1: A6996B45D3F6324B3916013807EB14C2EAC1C24A
SHA-256: B236D5B0875D799913FDFF2212B0DDE72A25D2A53C3D2A07CBC2E04E177E3A1F
SHA-512: E7CFF29C69AC9E1DDCD195B780BD4BDEED68F2FF1E1C69BD9754D734FB409DD2520B9DFDDE9DBF94DA66A580969040389D9CE941C7ECD2F9D9ACB976E135458D
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 19 of 74
Preview:......JFIF.....H.H.....C................(.....1#%.(:3=<9387@H\N@DWE78PmQW_bghg>Mqypdx\egc...C......./../cB8Bcccccccccccccccccccccccccccccccccccccccccccccccccc........,..".......................................:........................!1.A."Qaq2.....3BR...#4b..r..$.5...............................(......................1.!.A2Q3."a.BCq.............?.}.R.".....i...=.jh,.. .][email protected]'.][.U.s.dm4....>C`.[..1.%.t.wq..)E...$.R...:.....kC.-.)...*.....p......rH..N..~../.......A.?.T..Q...A=....0...q..P...-m.........^..h;...}?...Ls.9..x;..p...E....W]......2.%.(........f.. .=.<x~..<.O..A.S.!..[..H.. F..?_..rm...tOt.'.G.g`l.I....G.3.9.fv..?..g.W....@..`....:.o...>955.......8X...f.........`.pz.......k<....F.u...l..E.o$&]+...x.:..O.\.G...a$.%y.a.yZ58..=S+F/..T..k..x."...n.7..>..?...4.....<..HE..#. .....%...=..\/....o_......y..C._G.../......m...[.av..;wF.(>1n...E...Pe=..l9...!...5.=..Q..7P.Gd.H...3...+p.0....J/S.....1.l.. ..|...lN...M....WH...q...@..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\8490c5d3f3ae029804f6b4517ffd951c[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\9651[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 4863
Entropy (8bit): 5.560051209107115
Encrypted: false
SSDEEP: 96:C/MkkLbbNvCl26UQy4RMiK7bfCY4QAQliyCLCPUyYOU0huB6:C/MF9vCl20K/fCY4QAQBMyP46
MD5: 67861D9ADBF6D424A5E5A141CB837602
SHA1: A8B03A3CFF3E3DD769333F7415995058D8A009BB
SHA-256: AEA29E5F59DFB2FD662A46C75A575440E9CBBEA7FD0E1A86B15FEF20DEC350BE
SHA-512: 8C9B776E4FE705A1A9B200AB8422213E39198E8FDBF295917D900523EBF33521193EC6C8CB0A444FCE57B9495F22628818FF910698D0738441E7B55B5A9C62B2
Malicious: false
Reputation: low
IE Cache URL: https://script.crazyegg.com/pages/scripts/0007/9651.js?451646
Preview:if(CE_USER_SCRIPT=!0,"object"==typeof CE2&&(CE2.uid||CE2.data))throw Error("CE: multiple userscripts installed");"undefined"==typeof CE2&&(CE2={}),CE2.userDataToJs=function(t){for(var e=[["uid","uid"],["snapshots","snapshots"],["status","status"],["flows","flows"],["pageEdits","page_edits"],["sites","sites"],["USER_SCRIPT_VERSION","updated_at"],["__CE_HOST__","ce_app_url"],["COMMON_SCRIPT","common_script_url"],["COMMON_SCRIPT_SECURE","common_script_url"],["TRACKING_SCRIPT","tracking_script_url"],["TRACKING_SCRIPT_SECURE","tracking_script_url"],["AUTH_KEY","hud_auth_key"],["HUD","hud"],["GLOBAL_IP_BLOCK_LIST","global_ip_block_list"],["IS_USING_IP_BLOCKING","is_using_ip_blocking"],["TRACKING_DEST_NEW","v6_tracking_dest"],["TRACKING_DEST_NEW_SECURE","v6_secure_tracking_dest"],["DEST_V11","v11_tracking_dest"],["FT_DEST","flow_tracking_dest"],["PAGE_VIEWS_LIMIT_REACHED","page_views_limit_reached"],["NUMBER_OF_RECORDINGS","recordings_number"],["RECORDINGS_ACTIVATION","recordings_activation"]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Adil-Teli-has-been-a-professional-cyclist-since-2014-and-has-been-representing-Jammu-and-Kashmir-at-local-and-national-events.-Adil-Teli-1000x600[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1000x600, frames 3
Category: downloaded
Size (bytes): 123434
Entropy (8bit): 7.977180017018211
Encrypted: false
SSDEEP: 1536:0nyRzGSxVgruNQKhwQnB9tAnzLdE7qZgZuYBbfDvu9qZYDsMKRL:kyNZQKhwYB9tAnfdglZuYBbLv88YQpRL
MD5: F8FC4CA20B4A95AAE812FFA5D7785D4C
SHA1: A4663FDBB8707BE318E3B9564D8BB98D92CAA250
SHA-256: 841EE36CBCD44E832DFC90DCD2385A42083B506FEB7DB84E3C8265865D641465
SHA-512: 798CB07F3D114F2CD4E65AD7A1667AD7B966E8E3C4D5599C8A2BED46E959895BECA10CD6B4D8ACA8DC5FDA78D846F40C7542019ABB360B63B7947709921D72B3
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/04/20130009/Adil-Teli-has-been-a-professional-cyclist-since-2014-and-has-been-representing-Jammu-and-Kashmir-at-local-and-national-events.-Adil-Teli-1000x600.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......X...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..h^...9X.p..=.(.e....^5+...Wl...,.1...%3.i%..A..5\I....Q)...u.......M.t,|..x&...Tu{...a[..)[email protected]..;....&T.\....Z..E.....R\F....Ui.Ks..6.9.V..5..LU..b......m./+......'.0.9..b..%...ym.>.4.c...c...\..=...I<.|....U...5.(..rX/$..2.am.M.0Q.cM..W....I..2.....L.. .....p..$e_.g...g......D........
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\DZViLQ8Q-scaled-e1613545497389-1000x576[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1000x576, frames 3
Category: downloaded
Size (bytes): 96660
Entropy (8bit): 7.974354355270064
Encrypted: false
SSDEEP: 1536:Mnz4A0cPWUmHHik7t7LlBQgZaWgdyshnuVY2GgIQkBXDv/1S5t8mjtVDQCg:80cDeCE7LHQ+aWg7oY2GgYr/1S5imf8J
MD5: B984A47AAB728CCB806F46CDD48C346B
SHA1: ECD1C16CCAD73F5384907764E11593C4DF90F9FF
SHA-256: 3572F13EDE48D2AFCB2B34D58A83C52DD5D2B0806F3EF4CBACAD9265DC277EB9
SHA-512: 91A508CD45E9CC11B3CA635BA51657ACC78479489448C4FCE6E2C475C77B90320004AF223A8E52C957D0DF9DA262C424E7203ABABC27EF473B202A3019156F2C
Malicious: false
Copyright Joe Security LLC 2021 Page 20 of 74
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/02/17124526/DZViLQ8Q-scaled-e1613545497389-1000x576.jpeg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......@...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..z6.q.o...E>...,[email protected].%.q?..}....L.x.r..g...sm.......z...J$f. .sSh..].S.Sy..N.I..}j"k#{..7q.T.rS..u5.x.]B........=F..q.H.k}i...u.J..#S....*h$*..A./.u.j....S%nV...d.&....+w[.......g9..%.....^[email protected];.MC....*.....M....!2.J..y.../.l....U).u..r..q.Z....Y.(...........[.8..l.....Q..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\DZViLQ8Q-scaled-e1613545497389-1000x576[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\F-Master-patrol-officer-Jesse-Madsen-receives-a-police-escort-after-he-was-killed-by-a-car-travelling-the-wrong-way-down-a-busy-road.-TampaPD-.-Clipzilla-1000x600[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1000x600, frames 3
Category: downloaded
Size (bytes): 85330
Entropy (8bit): 7.962165139991358
Encrypted: false
SSDEEP: 1536:0eEMP0iiRDfUSkLwS/DKGzLILTI3+l/Txv5yWDlGtf6TvowlOGYY5cE:LXi7USA/DF/IYORTxjMRE5GE
MD5: 5AE734CCD82CA7DC9A8C5528D55712F4
SHA1: 3CE469DF330C9BB0A37F08FB4F43E35A3AC64385
SHA-256: 41D3C6E979F19A532E67DDE73D2FE91442F5C18306A252A18D978CC93E2E685D
SHA-512: 928EB5E6E1DEECE9BE7D0E8D9CA416AD0F2F306EA112624A832242BB367E06BBEF4A3E937EEA139D4E503D0851CC4FB33F008F079536FD38DEA9A6DAB1D69B68
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/03/16124545/F-Master-patrol-officer-Jesse-Madsen-receives-a-police-escort-after-he-was-killed-by-a-car-travelling-the-wrong-way-down-a-busy-road.-TampaPD-.-Clipzilla-1000x600.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......X...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...-.|...'.....q...g..0.[.3......I&.4....h.^...y....I.[..kYD...0F..-...E.ws.Z.........@.t.x.jXi..BD...f....rT.7..Z...0.3(.F...75k_RUH7e..F.><d.2.5b.....V...!.,`.)m./f.k(.....r.Z)..T.vn.lm5.GP.yS......R.x._.k.6..W....[......u..Eu..;y..%..F.w&.J5..rD.Zi.s.m..Q^.v.y.]....x..."..m..r....M'..cI...H......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\GettyImages-1302002799-e1613755906494-1000x576[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 1000x576, frames 3
Category: downloaded
Size (bytes): 100204
Entropy (8bit): 7.963576622742462
Encrypted: false
SSDEEP: 1536:MqO9NphxUhR0iZ9l3vTA4zqu0Fkb0b9pILQ2pqgqJNqhT39QN6E36V7QUxgh2jDl:p0iZ0kskb0b9cQcMyTUSBxgMG5WX
MD5: 59CA8A37E28BBD5B0C6F23D5634984EB
SHA1: 10EF199053470A9C418E3642DD74D963DE062EA4
SHA-256: 7402A022656450169C28BCF39E424DD456B254D981F89E31E0583A0D8A02BD00
SHA-512: 26A2F3A6CE9836ADB7E09525D2ABAC3B3D3BBAEB93D8B5BA8940379559F1258E48DF58CB188BB9DBCC6C75E607C196B21797F0507C52D09C1EC3EE82E2BDB4F1
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/02/22124532/GettyImages-1302002799-e1613755906494-1000x576.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......@...."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....P6.) 8.....y.....y......... :mZ.nA5..|.Po.rI...+x..D.jg.K.Q..Z>:.gB...7....B.2. m..z.{..0..2...QEP..(....(.4.....(...(...(...Z\T..\.~H..h..Z0kn..SHG.&.p..[......P...M;09..f..8..+R.........u............4.E..a..i..B..P.....8.-..aU@..|g4....G...b.j..g..........P...}...F.;..N.Z.X.I..&...I.3H....P..z..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Icon_Connect_Twitter[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 16006
Entropy (8bit): 2.228572848133401
Encrypted: false
SSDEEP: 96:wSP8kEWmgjYzuxNXrNGsGvsc5ZzBDe/3Nha:wSEk6gjYz05g9M9ha
MD5: 1598C2B943D4A4E8230323871F76BC58
SHA1: FC33F5D8C460B9556321721A47652E730CD9B92C
SHA-256: FB088BC4C344A79622175057F55C9F05A8C2186A2D1C3A8FE744E2857079166C
Copyright Joe Security LLC 2021 Page 21 of 74
SHA-512: 29046BB8F1D1FFE8853395F6CF830A2B6455F883A5BCC5102C8BB1A965DADEC364B174F98C46C2AB31E515F8988C1CDF059FA276E697B991928E27731D29B68F
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/sites/all/themes/usa/images/Icon_Connect_Twitter.png
Preview:.PNG........IHDR.............;0......pHYs...............:giTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2014 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-07-28T15:34:45-04:00</xmp:CreateDate>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Icon_Connect_Twitter[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Icon_Connect_Twitter[2].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 16006
Entropy (8bit): 2.228572848133401
Encrypted: false
SSDEEP: 96:wSP8kEWmgjYzuxNXrNGsGvsc5ZzBDe/3Nha:wSEk6gjYz05g9M9ha
MD5: 1598C2B943D4A4E8230323871F76BC58
SHA1: FC33F5D8C460B9556321721A47652E730CD9B92C
SHA-256: FB088BC4C344A79622175057F55C9F05A8C2186A2D1C3A8FE744E2857079166C
SHA-512: 29046BB8F1D1FFE8853395F6CF830A2B6455F883A5BCC5102C8BB1A965DADEC364B174F98C46C2AB31E515F8988C1CDF059FA276E697B991928E27731D29B68F
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/images/Icon_Connect_Twitter.png
Preview:.PNG........IHDR.............;0......pHYs...............:giTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2014 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-07-28T15:34:45-04:00</xmp:CreateDate>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Icon_Connect_Youtube[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 30 x 30, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 16404
Entropy (8bit): 2.4429151871659425
Encrypted: false
SSDEEP: 96:wSP8kEWmnxNXrNGNGvsc5ZhHusO3MKQq0:wSEk6x53OsmM20
MD5: 65802E5D55F5B6B6985CCFCD045E4765
SHA1: B13E2FC0E0C7EF94C2E3D9D63BE00200F5D82798
SHA-256: 19DEE6377CAD0C4592453CE87F052CB72100F69E673662A3BBFFDFC3B7D74B84
SHA-512: B9923BE67C53FE850B2F0DB69DF20AFD48F04EC385B13ACA30BF0106DEF92481B59C603DBDF93ACB33AFD0F29CD8A7DF5F437D9D5866FE14C608D3051370B534
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/sites/all/themes/usa/images/Icon_Connect_Youtube.png
Preview:.PNG........IHDR.............;0......pHYs...............:giTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?>.<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 5.5-c021 79.155772, 2014/01/13-19:44:00 ">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:xmp="http://ns.adobe.com/xap/1.0/". xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/". xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#". xmlns:stEvt="http://ns.adobe.com/xap/1.0/sType/ResourceEvent#". xmlns:dc="http://purl.org/dc/elements/1.1/". xmlns:photoshop="http://ns.adobe.com/photoshop/1.0/". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <xmp:CreatorTool>Adobe Photoshop CC 2014 (Macintosh)</xmp:CreatorTool>. <xmp:CreateDate>2017-07-28T15:34:38-04:00</xmp:CreateDate>.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\JTURjIg1_i6t8kCHKm45_epG3gnD-A[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 23764, version 1.1
Category: downloaded
Size (bytes): 23764
Entropy (8bit): 7.978500586551931
Encrypted: false
SSDEEP: 384:4KIACx6AjGTJO8hB7wiraQlDvAnccLaDmU3hE5PeFcOm/IYdJnVtnwV:4KIh6AjF8hB7wiRceDmGhExUZ0nwV
MD5: 26D42C9428780E545A540BBB50C84BCE
SHA1: DF9971D19E6F6C354DC0FA8FEC2E0EC899114726
SHA-256: F0D96992E292218F917A5544A2CFF615C935494DBA791CB3E0E3D910A5F2EB34
Copyright Joe Security LLC 2021 Page 22 of 74
SHA-512: 464C9ACC575AAFBCA8086581F412850AD35DB4F171E9DEF87086AFBE740536586B06623ECE28CE7A5ADC894E202657E82E19B9161179A1B2AEE96F83CE84EFFF
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/montserrat/v15/JTURjIg1_i6t8kCHKm45_epG3gnD-A.woff
Preview:wOFF......\.................................GDEF.......G...X.g.^GPOS.......|../...A.GSUB...D.........,.OS/2.......O...`U...cmap...X..........h.cvt .......e....6..Xfpgm.......F...mM$.|gasp................glyf......6...l.7...head..S....6...6....hhea..S.... ...$....hmtx..S.... ...>F..loca..V....$...(A.[.maxp..X4... ... .\.Pname..XT........([email protected]..\..........K..x.%....P......@:D...$.. ]!....h.....2/.$.....D.^.F..ua.].N....%>./...x...p#...?..6...im..w...........a.....|.M.H.#.(...._.M...(...Vw.kxo...'[email protected].~+.......m....Z...T.{....v......K_U.O..../....<d..\O..,&.....4.&!.%.%U...Uk..TM..$...M.m.T.89N3].D*_d.b.{...:..~..[_mB......N..F.l..'....yM^O....b.-N-.m.{..(..M...d............I..2T."..r.*.](HGZ.6>-..................|Q..K.(_.f..0./....W..k!.o.-..N(.(.9L..pa.#.a..(J.-.8F..Xa...,'.YN.&[email protected]...)....#..{. .k.Yj..Y...E...+l....wJ......S-.*|.Q..!Y..Br.e......g..'U.....W...18.....s.Z...2........=A.w.j.UzS.)...N]g..\..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\JTURjIg1_i6t8kCHKm45_epG3gnD-A[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOjCnqEu92Fr1Mu51TLBCc6CsI[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 22360, version 1.1
Category: downloaded
Size (bytes): 22360
Entropy (8bit): 7.975733480737877
Encrypted: false
SSDEEP: 384:afBIIA0zhsqLW3UAI+x+VH9cxS8XwZtyOOCiKCu5s7YRKWIrfu/oiQfTO4TPg:aG0zhsqLSUAI+xi2s8XwZtuKJzE6/qfg
MD5: C2E42D1EAC2DE2B58A2358686E6ED73C
SHA1: 24760369053031DF1F2BE831E067E3D9E37F0B3A
SHA-256: B31B421BAFE532F6B6BDBB6F680FB11BD3968F23C7FE09A29B1A22F4C8DD2A7E
SHA-512: BFB71B0B6DE51CD1E643733A14B5CD4342F4E93A1732E9AAF6F3A6012DD85EEC5F660F409474C55751B28D122BA202875A325D72F0B7CF327660577C7C1DC9D7
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v27/KFOjCnqEu92Fr1Mu51TLBCc6CsI.woff
Preview:wOFF......WX.......h........................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...O...`v...cmap...............#cvt .......Z...Z...=fpgm...4...3......#.gasp...h............glyf...t..C...t..,..hdmx..O....n....25$8head..Pl...6...6.G.Whhea..P....#...$.H..hmtx..P..........B(Cloca..Sd............maxp..Ud... ... .4..name..U...........>.post..Vd....... .a.dprep..V|[email protected])..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....|......DT..N....Hy.F.Jez......._?7.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOkCnqEu92Fr1MmgVxIIzQ[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20424, version 1.1
Category: downloaded
Size (bytes): 20424
Entropy (8bit): 7.973322748597765
Encrypted: false
SSDEEP: 384:UaoO8n3eceZ+fUC1WCz8P+IgjhYSHA/fFb4+hQC:Bl8nOcBfUqT/jOgAiC
MD5: 04B7FD97F88B82DCCCE5EC446CCC29E6
SHA1: 9A3C1CE2EAB659A91AF7016570287428CC82C458
SHA-256: A38AD0B609E4D2039D18B0F9DC89E9060F2E2E05F2F42764A6A93354346A6C37
SHA-512: 4B71614F447F4E250AB8060026BA002F3F0DAA9286F207AA4B0652201D9053BD72865C09D1AB90155CF932E17D5897D7A1F659C98F1B1AACFDF6397D6DB47DA8
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v27/KFOkCnqEu92Fr1MmgVxIIzQ.woff
Preview:wOFF......O.................................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t..{cmap...............#cvt .......H...H.2..fpgm.......3...._...gasp...0............glyf...<..<...q....Lhdmx..H....q...."&.([email protected]... ...$...whmtx..I....y......lCloca..L.........X.;.maxp..N.... ... .4..name..N4.......x..9.post..O........ [email protected])..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...a*j.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).....*....e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20532, version 1.1
Category: downloaded
Size (bytes): 20532
Entropy (8bit): 7.966425322589798
Encrypted: false
SSDEEP: 384:tfEIIA0zhnegvIQxhXmqd8lpP/FwL0cV8yP1JSRHbNHlZL7qwZkoEu3HTbpXcyKd:tr0zhnewHxRmqd8PdwLLeR/ZLGwZLbTA
MD5: DA2721C68B4BC80DB8D4C404F76B118C
SHA1: 3A32E8B7EFBC9DFB52F024D657B8C8C0A80E5804
SHA-256: BD811625271ACCA47F7DAC48B460F13E08EE947B2A8E17E278C4D5CCB5D9323C
SHA-512: 5110656E41A261BD2A06F8B5B2A362FF8836B4289E1DE0777D83DB8E9D709C4C4248B67653A28FA47AD4AE823021ADBFC587900E142BF6887C2A7C936F7F4C33
Copyright Joe Security LLC 2021 Page 23 of 74
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmEU9fBBc-.woff
Preview:wOFF......P4.......l........................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...Q...`t...cmap...............#cvt .......\...\1..Kfpgm...8...2......$.gasp...l............glyf...x..<e..n..W..hdmx..H....m....+1.3head..IP...6...6...rhhea..I.... ...$....hmtx..I...........S.loca..L8...........maxp..N4... ... .4..name..NT..........:.post..O0....... .m.dprep..OD.......S...)[email protected])..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....|......DT..N....Hy.F.Jez......._?7.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmEU9fBBc-[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmSU5fBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20404, version 1.1
Category: downloaded
Size (bytes): 20404
Entropy (8bit): 7.970248785137973
Encrypted: false
SSDEEP: 384:8uFoOxqigBacqKz8RGLv6K5a+jZ/rFSyeM5B8r/WjRy0BsM16t/PJ:PFlIvUKz8R+t5N53eGar/gY0Bv6tp
MD5: BF0F407102FAF3A0B521D3B545F547A5
SHA1: CA357CD0DE5DD0242E8EFACFB8D24AB60FDC86AB
SHA-256: 855A06974032BB69157D469ABA6F63440E8BE47C421F45C3F396F4E0B87B6DE8
SHA-512: 85359028F7FE49B1DF90B72E48DC7DE4B21F1B65E8BF109595705A3F4EAF9FA79854B5AEF060FE266291C5ECE9D04FCEAD1DE09BAA2C5E20601E1579212520C8
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmSU5fBBc-.woff
Preview:wOFF......O........x........................GDEF.......G...d....GPOS...............!GSUB................OS/2...L...P...`t6..cmap...............#cvt .......X...X/...fpgm.......4......"[email protected]..<'..m..]5Yhdmx..Ht...m....),..head..H....6...6.Y.ihhea..I.... ...$....hmtx..I<.........Dd.loca..K............maxp..M.... ... .4.\name..M........|..9.post..N........ .m.dprep..N........:z/[email protected])..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x...l\..F..3...N..q)..a|.....^..33..c......p"y.iT....<Gg...!.3...T1...{.g0.u.y........m.|.k..NF......mox.;...7&.Y..C.R_[.T.c..-.=...9:...a*j.G...............O.Q".6...>...(?...~...._.2:..K4....S%...jbr).....*....e.U..-..X.3.ILQ....z..!.f:...<.W.#...e.c=...&6...lc;;..3<.s<....H.i2..N..t..)Ns...#`..".).[...._.T..T.....+l..=..O.....Z..F...r..eM.f.Y.....-...r.\.s6.r..,...:.<$..#.l..F.$.2#.e..].[.....yR...e.|{..O..`)..U.0.e.50.Z.b../cM..i.&O._..+.Y.W...;z....j.p._.o..[CL.)n'.UGx..>).X..MJ..Fr..v
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\KFOlCnqEu92Fr1MmWUlfBBc-[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 20396, version 1.1
Category: downloaded
Size (bytes): 20396
Entropy (8bit): 7.974131663185347
Encrypted: false
SSDEEP: 384:SfXdUIIA0zhyKR28ePpAwxZ5M3py8wtshtdf45DEVTGdYb7H2Q/VEgm:Svdj0zhbRmjIQ8wtsV4lEVGdY3/i/
MD5: 68D6DABFE54E245E7D5D5C16C3C4B1A9
SHA1: 7FDAB895EAEBECEDB3FB5473EAB94A1B292CEF19
SHA-256: A01A632E56731A854F35701AA8C3A6A19A113290D9032FF9048F8064C45383BD
SHA-512: 44EB151F85178A2F9600E85AD43FAE470FABE0F247C9A03E67931B36028E600C7550D9DE2D69B3576A06577A5DEAF54822EE4BDC9DCBB47588D1972C8A959D43
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/roboto/v27/KFOlCnqEu92Fr1MmWUlfBBc-.woff
Preview:wOFF......O.................................GDEF.......G...d....GPOS..............oGSUB................OS/2...p...Q...`u...cmap...............#cvt .......H...H+~..fpgm...$...3...._...gasp...X............glyf...d..< ..l..C^]hdmx..H....m....03#7head..H....6...6...\hhea..I,... ...$.&..hmtx..IL........".J.loca..K.............maxp..M.... ... .4..name..M........~..9.post..N........ .m.dprep..N........)*[email protected])..N4C.\.51.3.......q.q.qu.O...OjC.cA......R.x....%Y....Wm=..mo..k.m....rl...m.g"^..../..[.}.S...\.mD...1..G>..giz...=C..}.y....|o..c.x.R.r"B........m....../.&./6..5D.AGX.....)<'.)....?.... .Y4>|1...ES.Gc...FO.>$.../...}RCl..T.zD..uZ4~D.._OK.$.Z.(..JR...\..\..\..\.\......*'n..6:x...b,..$...?.g:./y.iLg.3..l.0.y.g..X..V...d.#O...0....b7{..>.n.iD.V....." e.\A..OR.kwp.].....6p..."ZE..%...e.u3..L..V...W.7b..L.3.L1K...Ts..$6.-b.......9...b@..!1,...v.C....{...dox.G(...|a%E:.Fn.Nn.^n.........Sf..E)...k....<g..){....|......DT..N....Hy.F.Jez......._?7.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: dropped
Size (bytes): 3224
Entropy (8bit): 4.869554560514657
Encrypted: false
SSDEEP: 48:5m73jcJqQep89TEw7UxkZCm73jcJqQep89TEw7Uxkk:5nqrehEw7U6ZCnqrehEw7U6k
MD5: 3A35614D9A6156057F7D30C91C1ED4F2
SHA1: 7DDE5D14A15F465C9BFD0B0C0B3416175E69D1BC
SHA-256: D544FAC44B7B2CD937726C401B5C9C726F900CEF22980A7B39F8756581901B73
SHA-512: 8A31C0C90EF443E3B7AC5B930466CD8CEF1D540D2D436A7DC4D12F38686368303882A9610A57B2A1CF9AB973DB684FDA0B1831B116EAEB4D86BE816FDD627C28
Copyright Joe Security LLC 2021 Page 24 of 74
Malicious: false
Reputation: low
Preview:.body..{.. background-repeat: repeat-x;.. background-color: white;.. font-family: "Segoe UI", "verdana", "arial";.. margin: 0em;.. color: #1f1f1f;..}.....mainContent..{.. margin-top:80px;.. width: 700px;.. margin-left: 120px;.. margin-right: 120px;..}.....title..{.. color: #54b0f7;.. font-size: 36px;.. font-weight: 300;.. line-height: 40px;.. margin-bottom: 24px;.. font-family: "Segoe UI", "verdana";.. position: relative;..}.....errorExplanation..{.. color: #000000;.. font-size: 12pt;.. font-family: "Segoe UI", "verdana", "arial";.. text-decoration: none;..}.....taskSection..{.. margin-top: 20px;.. margin-bottom: 28px;.. position: relative; ..}.....tasks..{.. color: #000000;.. font-family: "Segoe UI", "verdana";.. font-weight:200;.. font-size: 12pt;..}....li..{.. margin-top: 8px;..}.....diagnoseButton..{.. outline: none;.. font-size: 9pt;..}.....launchInternetOptionsButton..{.. outline: none;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\NewErrorPageTemplate[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nWBi8JoA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 30820, version 1.1
Category: downloaded
Size (bytes): 30820
Entropy (8bit): 7.984362198659814
Encrypted: false
SSDEEP: 768:MlZe+uwulOczIJpwJeAMihp80kg41cvkFTiCmzLhHHfh9uTTHA3:0c+uwuyfqZp8n/1qkBLMdnZ9ufS
MD5: 1B577746CF6AA7DA9F8E353D260E4AAE
SHA1: 47ABB3D318820EC825534C3FF844D560A2B539C4
SHA-256: 70FAA961A159BCED510855D16F3392F8AE64CF398AFE62CE1EA92C897BB61331
SHA-512: FD3B4F96581B32D5AEE9C8504B6FADFFB8B4F1AEC87D7C701B1C2A2034A6CF08C5BE35802F22999A566A41804AE6C7AE45688BAFB199F65B20776F6191C82B80
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/worksans/v9/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K0nWBi8JoA.woff
Preview:wOFF......xd...............................GDEF.......*...8...xGPOS.......C..E..M[LGSUB...........tn.K.OS/2.......P...`[W'.STAT.. ....7...D...cmap.. @........z..Scvt .."....X....&..gfpgm.."`.........6..gasp..)$............glyf..),..G[....0U..head..p....6...6.F..hhea..p.... ...$....hmtx..p........J..?'loca..s......... ...maxp..v$... ... .$.rname..vD...C....C.e.post..w........ ...2prep..w.........8.1px.=... ..0.S'0.sC..tX.(?`*M|.[b;J4.7\@..q..x.T..p%A....6N....{...m_.l.p.m...p.m.v...o.n0..0Q.R.F-:@..c.P......0.lP..C..d.hO.............,..H..{.,.P....NUv.|..J>U|:Qo..Y.3.w._..h.T.......@6...'..NV....1.Z. G1-Q....:.Q,...z.^M.4...z.J6..o.^o.......A..g.....I..9g....\............U..'..|/...uY/...w.7.#1^O&oH.Q.g|.......f.?....2z{..+....9...i.....yc....h...N...c..,..b.X-...qM.....E.I.:@B$.....Q_..Q..I-.#...AgR.].....L.zl....!..9....r\&+.......*..[:.............iL...dN.e:3p.E3.'XQV..X.L..*.#m.p.8...C..A..r.....q........=.!..08..C..t....\.TO..........vI..j.!..^O:'.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K8nXBi8JoA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 31532, version 1.1
Category: downloaded
Size (bytes): 31532
Entropy (8bit): 7.983868853498388
Encrypted: false
SSDEEP: 768:ST8oSIlbo2vKN137GE7AM/QVYKEy7wmJsVRffTID5h3qkv3:SoAfvKN137GkQVVEhXkWk/
MD5: CC5B802F0BA7A6DA2B5F2F105044A5E4
SHA1: 3B17EBD0B9411A0AA4404CC953AF2CFF42E3B167
SHA-256: 9EEB2383A072B428FFE826AAA258500D98FED87CB66D350CE6AE64A805522AF4
SHA-512: CC6A4B6F7CDE218A14A2198D0A247F8ADD480A1680D49D04FF597E01B0560923904F047F8FD9E7A95E915E0F753C118A228E7FE5FEA85D18AEFBB89D463D6B3E
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/worksans/v9/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32K8nXBi8JoA.woff
Preview:wOFF......{,.......(........................GDEF.......*...8...xGPOS.......N..E."i.GSUB...........tn.K.OS/2.. ....P...`[W'.STAT..!....8...D....cmap..!L........z..Scvt ..#....Z....'...fpgm..#p.........6..gasp..*4............glyf..*<..I........\head..sH...6...6.F..hhea..s.... ...$....hmtx..s........J..?.loca..vD........&...maxp..x.... ... .$.rname..y....I....ISj.post..zP....... ...2prep..zd........8.1px.=... ..0.S'0.sC..tX.(?`*M|.[b;J4.7\@..q..x.T....P.....w.,.<.Am.m.m...mwP.').|.<....)...d.5!tl.3......k.uh.3\..6ppQ..s..j..i.b:....e.2..^.....}...IV...^.z./........~u.s;.......S..F....t2......O......G..ZSh+t.......C...RnQ......$.........M.f..@\.j`............Rn.{...+k...Zi.tQz-....j...Y.)..U.L"Hf...;<!.{d..Quc..s.._M|....MY...:8ue......i}.7....W.(.4....n...\}.q.K...zeR....X0..D..J!.*..N...).:...a6.c....X.aX.-...d....8Af.*.....9..Gt...c)^.=V.#.`.....,....d.`?.g)8.t..0......r...I.]E.md...j6dm'i..<1c....]3c.0...53N..6L...a.C'...[..........T..R...].n.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 31588, version 1.1
Category: downloaded
Size (bytes): 31588
Entropy (8bit): 7.985612325374105
Encrypted: false
SSDEEP: 768:pUPZKUN4aGRlVWSAMDqN9nPUzX9WmXvDwHt1fNFX3:GZ+aGYRN9nPUzXIEvDknjn
MD5: A27A916B0A0065E1735AA62EB3AB6668
SHA1: 5C8558F79C958129DC44C43D0FFFF0CB15C42049
SHA-256: 8AD0FDA010D1845D0A13B30830753D391877CF0FF3F381A7AF6A24BB4FD2AF0B
SHA-512: 0D926E4DE8C465A0A871B4D19A3DC9D810D16BB207B3AA2466E668B9B36BDBAF0C15B8086CB074E1E74B876C0FD151BF5D4E23029FB66BE347AA408EFF353089
Malicious: false
Copyright Joe Security LLC 2021 Page 25 of 74
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/worksans/v9/QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoA.woff
Preview:wOFF......{d................................GDEF.......*...8...xGPOS.......Y..E..i.GSUB...........tn.K.OS/2.. ....N...`[.'.STAT..! ...8...D.J..cmap..!X........z..Scvt ..# ...\....(...fpgm..#|.........6..gasp..*@............glyf..*H..I7...&....head..s....6...6.F..hhea..s.... ...$....hmtx..s........J..>.loca..v.........)w..maxp..y$... ... .$.rname..yD...D....B.g.post..z........ ...2prep..z.........8.1px.=... ..0.S'0.sC..tX.(?`*M|.[b;J4.7\@..q..x.T....A......l,b.b.m.m.....m;..?...W.M0.Z."7...*..C...`...8..Y...:[email protected]./Y...a.H.,.>[email protected].>.I...e...}.Q.m.._j.&.-.w.G.....'.F.}.'....../.....6.Nf._........g.....v..t.^[email protected].?X.-U,.,7......Ym.$..>.{H..+#e.}.}.....#..s.q.r.q|s.F..gv.I.;.8{E$F..jDW...k...p,.J.d....M..Ai+..G..J.#....(}.+.~.N......:.z.z...j..].S..uc ....&.......<).j.0j.".M...f...!X....U..8D......d&..Y..;..{xH.......>a..0-.2.3a..0..2.sb.K`.8.<.C,...,......8.,..H..!Pd.9EAQRT.5....5.......7...RB<.b.......;6R....&...)......>>....
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\QGY_z_wNahGAdqQ43RhVcIgYT2Xz5u32KxfXBi8JoA[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6u8w4BMUTPHh30AXC-s[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 27044, version 1.1
Category: downloaded
Size (bytes): 27044
Entropy (8bit): 7.982336340644287
Encrypted: false
SSDEEP: 768:Ntwu4EXBwTWreTeqhgWfp33NHJ/GDxP9me680hrK:7wuVBwhTeqXNp/OPme68/
MD5: 4DFDD1C035C641ACCC4F3FEDB7B73055
SHA1: 2703F9FB45385BA6635BE0828B8C83D78FE44F47
SHA-256: D1A65395B03789FDA2E68D482198AC05508B7BC6686BEF0444184615B46C42A4
SHA-512: 02C97265C55D9E4776A84D8754FB9C3132730FBCDAC34AAA1698A350A731AF8504CEBE10BBF12D982CC09DA1072E97021234092F8AB71D9CD03C19668F3029AB
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/lato/v17/S6u8w4BMUTPHh30AXC-s.woff
Preview:wOFF......i.................................GPOS...........z....GSUB.......S...p.:.|OS/2.......Z...`xm].VDMX...8.../....s~z.cmap...h...........cvt .............r..fpgm...........s.Y.7gasp................glyf......Io....YR!hdmx..X..........%,|head..bx...6...6...hhea..b........$.).5hmtx..b........hY,m.loca..d...........g.maxp..f.... ... ....name..f....;....=.T(post..g....Q......:Yprep..i8...i...r9.2.x.T..l%..E.W1...`m.m.m...k....Fl..A.g......P.C.....v......`....7.f...(..\.xq.6......^W.+...9.e5........T...S..9...v....|)...v.].;...2u.zY..X............Ra....]..+......e....SMR.CrW....W...&.$....h."..5....Q.....MiN.Z..t.3].J7z.^...}.G..0.a.d.c..D&1.)Lc....\.ul`#...6v.....0G8.1.s.S\.*...nr....>.x.c..g<../y.....|.....W...".$.hb.%.x.H".4:.h.E5...d.....;.....3...._..K..'1-..1..d D.........AH.d!.s`..&.3H.da6..B.X.n...y.>..M.S..f.Z..>...WU.^Uu=s.... .8..jR/.Z.x..C....X|.3z.....b.euWXe.u6x....6;..+.^...5.?.[?.'."..k...:..T"(P.."J(.^.%(."5.T.J^..1...z.4..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6u9w4BMUTPHh50XSwiPHw[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 27524, version 1.1
Category: downloaded
Size (bytes): 27524
Entropy (8bit): 7.981057931878512
Encrypted: false
SSDEEP: 768:zzAiDCpYbY5aqoCp71Q19fHbqjJjqBGBRnwjK+5qmsQCns:zz7I5ltp7U9fHbqjMBeRnwmAqB/s
MD5: A82FF6AC9208656F9A21A65DFACBCAE3
SHA1: 80F8216F458F74EBB649641FA617195DFC8BF836
SHA-256: 7831E273F41FEF8485564286F3578D2847754DB375BEFDB48B8CE37E1E1F3A57
SHA-512: F119CD55C01A595D216E61F7CCBE77E1D28190E383457E089347161D0E6B97A33958E290D974B9C0F016E05A767559FD59CF0FE25F297248B7A873EE11FF5A1D
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh50XSwiPHw.woff
Preview:wOFF......k.................................GPOS...l.......z.a.RGSUB...\...S...p.:.|OS/2.......[...`{0f.cmap...............cvt .............y..fpgm............rZr@gasp...H............glyf...P..U.....6.x.head..d$...6...6...ghhea..d\.......$.1..hmtx..d|.......v..5.loca..f..........Y.maxp..hL... ... ....name..hl...2....8.Q.post..i........EX...prep..k8...K...K....x.T..l Q.EO....m.m.m;X...Fl..?us..p.$z3......G.f.N...`Yv...p.a.N.*."b.3...]p..`...l,.5...]=.%U..D...[)v?.xX.w...;.w>.....mt?....+......]..G.>]:(.JO.+.J.R.=.k.....@9.+........:(.UP.k.bZ...B..a....U....6\..Q.10....H'...../.....1.!.e....HF1..Lf...l.0.y,`.KY.rV....b7{....p...,.8...r.+..>.x.#....%.x.[...|.....7.._.........$.H..&.X.'.D.I!.^xX...=...........$...........i.%..p.....X.a.h&n4..R........9rS.p.z. .....x.3. .r.(7...?...n..?...........vp+(......k..1.4...Oy.K...g.A..&.....[.f..v.c..o8.-.H.2....>..?.<.)0.z).o..$...PF9..S.Ax?x(V..A..&|..RG.1...f...n.n;...4...Wb..^...G.c..&.bF_+.]e.u6.b.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6u9w4BMUTPHh7USSwiPHw[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 30024, version 1.1
Category: downloaded
Size (bytes): 30024
Entropy (8bit): 7.98341417708702
Encrypted: false
SSDEEP: 768:Bxk6hFMXBOJ5Wuln1Hczrm+CwYHAtP9BN6abu5oHhDxht4JwhJzcja7:BxSBOJ5DlnqbCwSAtPHnNHmwhJzcja7
MD5: 656963C4BEB814E754E38478FCAA0439
SHA1: B316CB67F50354A2B934C51E7EB86D003F4E9E39
SHA-256: 0BD12C73F8DBABEAB3E723111D08140CDDED5C22BA6AFACA174373A72A819DA2
SHA-512: 72EF110C286D22F2D8EA0C790704DBC236E9BE81D939C4A039A59C9612D1E61989168163E475C1439A6E93A097AEF9761A42A7983062BCE36FE60253ECD5294B
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/lato/v17/S6u9w4BMUTPHh7USSwiPHw.woff
Copyright Joe Security LLC 2021 Page 26 of 74
Preview:wOFF......uH................................GPOS...........z.4..GSUB...x...S...p.:.|OS/2.......[...`x._.VDMX...(........s.z.cmap...X...........cvt ................fpgm...........s.Y.7gasp............."..glyf......S....P....hdmx..c....6......A.head..m....6...6.O..hhea..n........$.i.>hmtx..n$.......vkh`.loca..p8.........2..maxp..q.... ... ....name..r....;....<.RNpost..sX.......EW..Dprep..t....\...r_.78x.T..l Q.EO....m.m.m;X...Fl..?us..p.$z3......G.f.N...`Yv...p.a.N.*."b.3...]p..`...l,.5...]=.%U..D...[)v?.xX.w...;.w>.....mt?....+......]..G.>]:(.JO.+.J.R.=.k.....@9.+........:(.UP.k.bZ...B..a....U....6\..Q.10....H'...../.....1.!.e....HF1..Lf...l.0.y,`.KY.rV....b7{....p...,.8...r.+..>.x.#....%.x.[...|.....7.._.........$.H..&.X.'.D.I!.^xX7..=..........{X=.h.aRE.u...y...+4.6vW[.B......D0.55..&..ug.5...r(.h.Q9..r..W.!.[.0;..G.......H[..P.G)G.....m..c....}....'=\p."..dL^.W..>qf.e.y...v...$Iq_...%G....{.#.STw`.G.<.....j9e.OG..N...!.(4.L...EW../...C{.Z.P.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6u9w4BMUTPHh7USSwiPHw[1].woff
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\S6uyw4BMUTPHjx4wWA[1].woffProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Web Open Font Format, TrueType, length 28660, version 1.1
Category: downloaded
Size (bytes): 28660
Entropy (8bit): 7.986798426962959
Encrypted: false
SSDEEP: 768:Rr8uuUMtVCqVsUnrZAT9vaxw9pi95vSVc+Dfpy:R9uZV9VnndAJvaCGPvwDhy
MD5: B8EE546ACD6CC0C49F42AD3D48EF244F
SHA1: 7D8BFF4143A36AA9CC1C2801F60FA0E99969E3F6
SHA-256: 04050BAE4CC3B9CCD20D3C7F57F5B1BA249D4A54D6EFF75A1E4DF504362E8C00
SHA-512: 700D04F4CAF24A20919C2136DD3700BBE07F509F5BD0045084063B78EA8B6FD72BFEA6BBF2A94A5865A75CD6C7197DAB500B809122AA5A3910F46E1D9816D00C
Malicious: false
Reputation: low
IE Cache URL: https://fonts.gstatic.com/s/lato/v17/S6uyw4BMUTPHjx4wWA.woff
Preview:wOFF......o........l........................GPOS...l.......z....GSUB...<...S...p.:.|OS/2.......Z...`y$aycmap...............cvt ...x...+........fpgm............rZr@[email protected]...#hhea..h........$...whmtx..h........v}.O7loca..j............9maxp..l.... ... ....name..l....8....:.TApost..n........EW..xprep..o....K...K....x.T..l Q.EO....m.m.m;X...Fl..?us..p.$z3......G.f.N...`Yv...p.a.N.*."b.3...]p..`...l,.5...]=.%U..D...[)v?.xX.w...;.w>.....mt?....+......]..G.>]:(.JO.+.J.R.=.k.....@9.+........:(.UP.k.bZ...B..a....U....6\..Q.10....H'...../.....1.!.e....HF1..Lf...l.0.y,`.KY.rV....b7{....p...,.8...r.+..>.x.#....%.x.[...|.....7.._.........$.H..&.X.'.D.I!.^xX...=..........{XC.hySQy....p...n)..h..M.(..f)"..)..j...L.qw..R`).E..8..1*.X..7...\..9(q(..32.PJ)K).....#)I(.X...{.....7.g..\s.:..7dL...K.>..0H.!.Y.v.U.Xg...m.-..a.=.:...<!..c.9~....?B...w...-..l(.>..TQM...X..5...G.J..P.\..=4.H31Z....q.j.6........v.#..z.G..e.q
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\Topic_Icon_Immigration_White[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 1189
Entropy (8bit): 5.4517129881533615
Encrypted: false
SSDEEP: 24:2dI5AXxGvO1YLfE5/bdC4XDbMtv/kbdCYMqYyDbdCYiUfHc382:coAXQCYfE5lXHMhKmdyHH3fHcd
MD5: F566D7183510096CDC91D15FD1F65DAC
SHA1: CD25861FE3F69A34BE5988BAD522AB1303946F2E
SHA-256: 3C4958B0F45802CED5C66E61221D910D8935E9D1554A4F3356B20057757B62E0
SHA-512: 19AAD596527185696FB8AD46C76BB869580EB7B1ECBFC26948B99664A35C83BFED2C46B9EA8D0A3D972BFF51CDCB2A040A5A0E259100FAF7E3CD20DFCC305642
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/images/Topic_Icon_Immigration_White.svg
Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 18.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Layer_2" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 110 110" enable-background="new 0 0 110 110" xml:space="preserve">..<g>...<g>....<path fill="#FFFFFF" d="M55,89.4C36,89.4,20.6,74,20.6,55C20.6,36,36,20.6,55,20.6C74,20.6,89.4,36,89.4,55.....C89.4,74,74,89.4,55,89.4z M55,25.1c-16.5,0-29.9,13.4-29.9,29.9c0,16.5,13.4,29.9,29.9,29.9c16.5,0,29.9-13.4,29.9-29.9.....C84.9,38.5,71.5,25.1,55,25.1z"/>...</g>...<g>....<rect x="22.8" y="52.8" fill="#FFFFFF" width="64.4" height="4.5"/>...</g>...<g>....<path fill="#FFFFFF" d="M52,88.4c-0.5-0.5-11.6-12.5-11.6-32.9c0-20.5,11.8-33.2,12.3-33.7l3.3,3.1c-0.1,0.1-11.1,12-11.1,30.6.....c0,18.6,10.3,29.7,10.4,29.8L52,88.4z"/>...</g>...<g
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\USA_Fav_Icon16[1].icoProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: MS Windows icon resource - 1 icon, 16x16, 24 bits/pixel
Category: downloaded
Size (bytes): 894
Entropy (8bit): 4.524217744314186
Encrypted: false
SSDEEP: 24:tXIX4mZB7zimmmmmlB7vpimuj7ul7M7nmV7Mm3jMZyMlErbWR7LmmHIR7LmN7LmO:Ra9xdHczrMRfGdT
MD5: A947729F20DB42A673475CE8B90B85A7
SHA1: B0E3189E0090B807E579DE5558B79E6D47505FBC
SHA-256: 30D88804AB8F6F596B28025889FE7AF689ABC57E836E260DC866DB692F87C106
SHA-512: 711E0CD5EBA87C1AF4ED04A9F90F32C2C58F8770C79EEC78078F881336C2D6BAF7B86B091614AE06B825A4795EC28145BC0C64FDB417D1A3177673ABEB441E65
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/images/USA_Fav_Icon16.ico
Copyright Joe Security LLC 2021 Page 27 of 74
Preview:..............h.......(....... ...........@..................................................................................................................................vZ[8.[8.[8.[8..jJ...........................[8.[8.[8.[8.[8.[8.[8.[8......................eD.pQ,[8.[8.[8.[8.cA.[8.[8.[8..................i[8.z];....jJ[8..k..}.[8.[8.[8..vZ............[8.[8.[8...w.......F.}.[8.[8.[8.[8.............[8.[8.[8.[8...........eD.[8.[8.[8.............[8.[8.[8..................vY[8.[8.............eD.[8.pQ,....................z];[8...............i[8.[8.[8.[8.[8...#..%[8.[8.[8...i...............eD.[8.[8.[8.[8.cA...#[8.[8.eD......................eD.[8.[8.[8.[8.cA.[8.eD............................ieD.[8.[8.eD...i.................................................................................................................................................4.......K...............U...A.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\USA_Fav_Icon16[1].ico
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\arrow-right-darkgray[1].svgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: SVG Scalable Vector Graphics image
Category: downloaded
Size (bytes): 734
Entropy (8bit): 5.476465460709822
Encrypted: false
SSDEEP: 12:TMHdwz5i/nzVNIMu5E4BLvO7/KYf3Uk0yjRQPkCTubaF2baOwCGXssD8JaEEz:2dI5AXxGvO7LfEkJj2MCTKaAaOwCGXBj
MD5: 30CDFEC855926868D43502C77CB4CFEE
SHA1: 22F91163CDCB40858C9C2F63FD837034AAF01392
SHA-256: B9C682B2DE8E89B99E302D1361FFDE6C033A7E43B8D8C47AC33C76DF64E2B4A6
SHA-512: 6D6FD99B80064D688F0942FF8B23ACCFB5A4FF8FDFEC1EAC6F9B1F22C0CCB1456CB20992D87518A39ECFBDD46619E2E34105814620F1F1C864E73AA00EF79A53
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/images/arrow-right-darkgray.svg
Preview:<?xml version="1.0" encoding="utf-8"?>.. Generator: Adobe Illustrator 18.0.0, SVG Export Plug-In . SVG Version: 6.00 Build 0) -->..<!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd">..<svg version="1.1" id="Layer_1" xmlns="http://www.w3.org/2000/svg" xmlns:xlink="http://www.w3.org/1999/xlink" x="0px" y="0px"... viewBox="0 0 650 125" enable-background="new 0 0 650 125" xml:space="preserve">..<path fill="#212121" d="M361.4,55.3L309.1,3c-1.9-2-4.3-3-7.2-3s-5.3,1-7.2,3l-6.1,6c-2,2-3,4.4-3,7.2c0,2.8,1,5.2,3,7.3l39,38.9...l-39,39c-2,2-3,4.4-3,7.2c0,2.8,1,5.2,3,7.3l6.1,6c2,2,4.4,3,7.2,3c2.8,0,5.3-1,7.2-3l52.3-52.2c2-2.1,3-4.5,3-7.3...C364.4,59.7,363.4,57.3,361.4,55.3z"/>..</svg>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\benefits-grants-loans[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode text, with very long lines, with CRLF, LF line terminators
Category: downloaded
Size (bytes): 104774
Entropy (8bit): 4.022473128422736
Encrypted: false
SSDEEP: 768:VLJamajQ3dkZvxaYcU6F/woztEGH/cMNcMIXBnEglcZBaXtaNa3ajcf0J8UH:VLDdkZvEYcU6F/REGH/ckcXaWwJ8UH
MD5: ADD7E35071CC91C1B76C6AD011A84CC8
SHA1: B6EE56DEC50F988F74B010F6234F95730D799F61
SHA-256: 7C92853F74EB249390CA86FA7AA86232E32574D4B8A2B2DC8D2E98F463FD0659
SHA-512: 90ABBFB1F148097D96C421F101C3BE9F42B30C41710A064EBAE301910BC02B096C91E3E479070207462958AFF9D7862EBB1D964A0B23849C9DAD5ABC6AF2BE5E
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/benefits-grants-loans
Preview:<!DOCTYPE html>..... ..... .<html lang="en" xml:lang="en">..<head>...<script>. dataLayer = [ {. "pageType": "generic-navigation-page",. "assetIDs": "213488",. "TaxLevel1": "USA.gov",. "TaxLevel2": "Benefits, Grants, Loans",. "TaxLevel3": "Benefits, Grants, Loans",. "TaxLevel4": "Benefits, Grants, Loans",. "TaxLevel5": "Benefits, Grants, Loans",. "TaxLevel6": "Benefits, Grants, Loans",. "PageTermId": "10722",. "TaxLevel2termID": "10722",. "TaxLevel3termID": null.} ];. </script>.. Google Tag Manager -->.<script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start':. new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0],. j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src=. 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f);. })(window,document,'script','dataLayer','GTM-KV4BZFD');</script>. End Google Tag Manager -->.. Global site tag (gtag
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 159515
Entropy (8bit): 5.07932870649894
Encrypted: false
SSDEEP: 1536:a7OIJNT48SyEIA1pDEBi8INcuSEFO//uKFq3SYiLENM6HN26F:a7Za4GMq3SYiLENM6HN26F
MD5: 7CC40C199D128AF6B01E74A28C5900B0
SHA1: D305110FB79113A961394B433D851A3410342B8C
SHA-256: 2FF5B959FA9F6B4B1D04D20A37D706E90039176AB1E2A202994D9580BAEEBFD6
SHA-512: CE79937F81CDA05F54EA67C1E8A96101285B46F6EDE02BC2687A0D574832B2C7D3A0D43FF40D1E35D51BBEC4B038852825D323146DA7752BEBD0BA37669B13A9
Malicious: false
Reputation: low
IE Cache URL: https://stackpath.bootstrapcdn.com/bootstrap/4.4.1/css/bootstrap.min.css
Copyright Joe Security LLC 2021 Page 28 of 74
Preview:/*!. * Bootstrap v4.4.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\bootstrap.min[2].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 155758
Entropy (8bit): 5.06621719317054
Encrypted: false
SSDEEP: 1536:b/xImT+IcCQYYDnDEBi83NcuSEk/ekX/uKiq3SYiLENM6HN26F:b/Riz7G3q3SYiLENM6HN26F
MD5: A15C2AC3234AA8F6064EF9C1F7383C37
SHA1: 6E10354828454898FDA80F55F3DECB347FD9ED21
SHA-256: 60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
SHA-512: B435CF71A9AE66C59677A3AC285C87EA702A87F32367FE5893CF13E68F9A31FCA0A8D14F6A7D692F23C5027751CE63961CA4FE8D20F35A926FF24AE3EB1D4B30
Malicious: false
Reputation: low
IE Cache URL: https://stackpath.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css
Preview:/*!. * Bootstrap v4.3.1 (https://getbootstrap.com/). * Copyright 2011-2019 The Bootstrap Authors. * Copyright 2011-2019 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). */:root{--blue:#007bff;--indigo:#6610f2;--purple:#6f42c1;--pink:#e83e8c;--red:#dc3545;--orange:#fd7e14;--yellow:#ffc107;--green:#28a745;--teal:#20c997;--cyan:#17a2b8;--white:#fff;--gray:#6c757d;--gray-dark:#343a40;--primary:#007bff;--secondary:#6c757d;--success:#28a745;--info:#17a2b8;--warning:#ffc107;--danger:#dc3545;--light:#f8f9fa;--dark:#343a40;--breakpoint-xs:0;--breakpoint-sm:576px;--breakpoint-md:768px;--breakpoint-lg:992px;--breakpoint-xl:1200px;--font-family-sans-serif:-apple-system,BlinkMacSystemFont,"Segoe UI",Roboto,"Helvetica Neue",Arial,"Noto Sans",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji";--font-family-monospace:SFMono-Regular,Menlo,Monaco,Consolas,"Liberation Mono","Courier New",monospace}*,::after,::before{box-sizing:
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\casale[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 89a, 1 x 1
Category: dropped
Size (bytes): 70
Entropy (8bit): 3.577769619550495
Encrypted: false
SSDEEP: 3:CUul/Re/FemxhkYltxlzeze:E07ize
MD5: 58A7930CD4577FC33C35828C271EAB8F
SHA1: 406E57F86DC101E10F3A57BE1E2F7B93C4580474
SHA-256: 8D70B3E6BADB6973663B398D297BB32EAEDD08826A1AF98D0A1CFCE5324FFCE0
SHA-512: F7A5F748F4C0D3096A3CA972886FE9A9DFF5DCE7792779EC6FFC42FA880B3815E2E4C3BDEA452352F3844B81864C9BFB7861F66AC961CFA66CB9CB4FEBE568E8
Malicious: false
Reputation: low
Preview:GIF89a...................!..NETSCAPE2.0.....!.......,................;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cnet_logo[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 250 x 250, 8-bit/color RGBA, non-interlaced
Category: downloaded
Size (bytes): 42836
Entropy (8bit): 7.989510047072558
Encrypted: false
SSDEEP: 768:p9A7Nr87PTgquzXuJaIaVtFW/QlnpPfziHHy5MQGEmXjp33R97okatUFY3ng:p9A7V2PTgTbukrVW/QldofJz7oSY3ng
MD5: 9CF60F262A5D026855459112F31977FE
SHA1: 4B09BB260B056C2A9A1B4B5548BCB6DEB3B43574
SHA-256: A4710992AB3C8B1F799BA1FB80172F7B11B7628DD89B4AD44558B908EF20CBF8
SHA-512: EF370A725816F1EE1DC0B1B162B1FEADD67C1CC362EB92F24C3799287EC7227F7C2E6AC95A4A2C3F0F0EA0B15FCDD4405F83F0B07A4789B726D0B5A924489E53
Malicious: false
Reputation: low
IE Cache URL: https://www.popularvpn.net/Content/Landing/srcAssets/popularVPN/images/vpn_logos/cnet_logo.png
Copyright Joe Security LLC 2021 Page 29 of 74
Preview:.PNG........IHDR...............Z=....tEXtSoftware.Adobe ImageReadyq.e<...#iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 6.0-c002 79.164460, 2020/05/12-16:04:17 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 21.2 (Windows)" xmpMM:InstanceID="xmp.iid:D6235C8708D911EB9B5EB481B7A772E7" xmpMM:DocumentID="xmp.did:D6235C8808D911EB9B5EB481B7A772E7"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:D6235C8508D911EB9B5EB481B7A772E7" stRef:documentID="xmp.did:D6235C8608D911EB9B5EB481B7A772E7"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.......IDATx....]WY/....s..rs36i.$mJ[.tn..P......LE..W.?D..S.AP,.........>.....(......4..!i.$7...{Z.}...g...;%i.Jw
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\cnet_logo[1].png
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\comment-reply.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 2949
Entropy (8bit): 5.16300916589338
Encrypted: false
SSDEEP: 48:z9/XN5NjJE2aAOuRQLKfTnwAuw5BJFVhl2qFqycynUPzm6uuPkSEwE/ZGkrXybkw:Z31HfUAJ5F/FqyPUC6uBIkrXyAESyO16
MD5: 0904A9EDC9E65FC61DF7E92E1C773672
SHA1: 721F02A2C97C06AEBADFC7BEB355BC1A3925683E
SHA-256: FA767F1B7EF78185F4BBACD066A74724FCE97575C80303444932C885350AE54E
SHA-512: 755B7ADCD7F7E38D05AF9B37F4A42002866A1D60272AB60477C9EDBD11D96F8DE40FC5B6A1CFCDB12EEC89706D1F69D9467B63A05884E2CBDF1AD4ACDD01BD90
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-includes/js/comment-reply.min.js?ver=5.6.4
Preview:window.addComment=function(v){var I,C,h,E=v.document,b={commentReplyClass:"comment-reply-link",commentReplyTitleId:"reply-title",cancelReplyId:"cancel-comment-reply-link",commentFormId:"commentform",temporaryFormId:"wp-temp-form-div",parentIdFieldId:"comment_parent",postIdFieldId:"comment_post_ID"},e=v.MutationObserver||v.WebKitMutationObserver||v.MozMutationObserver,r="querySelector"in E&&"addEventListener"in v,n=!!E.documentElement.dataset;function t(){d(),e&&new e(o).observe(E.body,{childList:!0,subtree:!0})}function d(e){if(r&&(I=g(b.cancelReplyId),C=g(b.commentFormId),I)){I.addEventListener("touchstart",l),I.addEventListener("click",l);var t=function(e){if((e.metaKey||e.ctrlKey)&&13===e.keyCode)return C.removeEventListener("keydown",t),e.preventDefault(),C.submit.click(),!1};C&&C.addEventListener("keydown",t);for(var n,d=function(e){var t=b.commentReplyClass;e&&e.childNodes||(e=E);t=E.getElementsByClassName?e.getElementsByClassName(t):e.querySelectorAll("."+t);return t}(e),o=0,i=d
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\deb[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text, with no line terminators
Category: dropped
Size (bytes): 75
Entropy (8bit): 4.1410627771807675
Encrypted: false
SSDEEP: 3:qTkIDZxQXbZ6ih9PyIM79F4:qTjxO96OzII
MD5: 1CA09ED98F39D2ADB7FAB3878D13C0CB
SHA1: DA2A6F2431A34DFCC99B6F4500833F783F149D19
SHA-256: E170D20DBBD5A22F50118E25FA2EEFB1E85D2AD780E5477ED3A9643186090442
SHA-512: 85D1881923D04FBDFA5F70BD591C83D731E49B3958E2A6FA7CC1A08095E3A9858C1AA4637553CD0571D48540E4ED7A996C0ECE53241F8B25BCCEFD6FD473ED48
Malicious: false
Reputation: low
Preview:<!doctype html><html><head></head><body><script>/**/</script></body></html>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\delivery[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 19348
Entropy (8bit): 6.07248900621537
Encrypted: false
SSDEEP: 384:MJeDW5Bho5lbGaqGapXNNOqNOv0az8L3s0az8Ly/Q/e:MJeDWtomXrOOOv0VLc0VLGoe
MD5: 32BB38F72FBA6C5413B17E7FB685B15A
SHA1: 0D750AC3648A0343787C25D3750C5D5374D010FA
SHA-256: A764FEB55314B678694AAF8B6034ECD1BA6084A4C64DDBB049ACE3F9A858991A
SHA-512: 57BCED0A5FCDC2B959EF2BBA08E2552A2EA550EB946E2CF72968CB7DB51D21D985ADC900EC2B649C120255EE7AEE9EA59244734242B198F5B1282AD96DD284A7
Malicious: false
Reputation: low
IE Cache URL: https://trends.revcontent.com/api/delivery/?is_blocked=false&w=114950&width=1280&rev_allow_cookies=1&site_url=https%3A%2F%2Femailhelper.org%2F%3Fap%3D%26source%3D%26utm_content%3Dforms_%26utm_term%3Dtbr&icr_url=&va=0&user_uuid=2d584641-6fb4-4b49-ac84-aea480bda993&time=1625928714118&up=pc&bn=msie&bv=11&widget_width=1140
Copyright Joe Security LLC 2021 Page 30 of 74
Preview:{"widget_type":1,"pub_id":44178,"split_test":false,"show_descriptions":false,"direct_sell":0,"rioc":null,"exco_id":null,"show_provider":true,"weather_enabled":false,"beacons":[],"device_class":"rc-g-dl","image_ratio":"4:3","adchoices":null,"css":".rc-uid-114950 .rc-headline{\n font-family: Lato,'helvetica neue',helvetica,arial!important;\n font-size: 16px!important;\n font-weight: 700!important;\n color: #000!important;\n line-height: 24px!important;\n}\n.rc-uid-114950 .rc-provider{\n font-family: Merriweather!important;\n}\n.rc-uid-114950 .rc-branding{\n font-family: Lato,'helvetica neue',helvetica,arial!important;\n top: 0px!important;\n}\n.rc-uid-114950 .rc-photo{\n min-height: 200px!important;\n}","header":"","scroll_settings":"","grid":{"rows":"1","columns":"4"},"generic_token":"VJ%2BPLU84yJMIThTfoJKeqP2Z43888MjPOtm%2FK8092tpjGW8PH2M110XDGu%2BkEvaP1bvB1JnYUfQlbb0MNJP%2BJ3IqbsOeNSG0LjK2afGzIuw%3D","grid_settings":null,"impression":"","original_load":"eyJzcG9uc29yZWQiOls1Mz
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\delivery[1].htm
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\dnserror[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: dropped
Size (bytes): 5994
Entropy (8bit): 4.4885437940628465
Encrypted: false
SSDEEP: 48:u7u5V4VyhhV2lFUW29vj0RkpNc7KpAP8RrN7u5V4VyhhV2lFUW29vj0RkpNc7KpS:vIlJ6G7Ao8RiIlJ6G7Ao8Ra
MD5: 713ADD0E98C772CE39C7B2452806602B
SHA1: 7888DE86275AE869D6E82EE4D392C71EB9BCCD25
SHA-256: 6DE0370BA485689D411FF66EEA6EBCC577A1D19CFD489FA4DC7E22BD91F65806
SHA-512: ABFB3EF6B1EA2A12B9A1E425BD94F807A4CE1C8FCE8CC618FBC700222CE573CFAB47BA9FCDCDE7157142F43CD3349014AAD1DC720EB8C327000B9211BAB3339F
Malicious: false
Reputation: low
Preview:.<!DOCTYPE HTML>..<html>.. <head>.. <link rel="stylesheet" type="text/css" href="NewErrorPageTemplate.css" >.. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">.. <title>Can’t reach this page</title>.. <script src="errorPageStrings.js" language="javascript" type="text/javascript">.. </script>.. <script src="httpErrorPagesScripts.js" language="javascript" type="text/javascript">.. </script>.. </head>.... <body onLoad="getInfo(); initMoreInfo('infoBlockID');">.. <div id="contentContainer" class="mainContent">.. <div id="mainTitle" class="title">Can’t reach this page</div>.. <div class="taskSection" id="taskSection">.. <ul id="cantDisplayTasks" class="tasks">.. <li id="task1-1">Make sure the web address <span id="webpage" class="webpageURL"></span>is correct</li>.. <li id="task1-2">Search for this site on Bing</li>..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\down[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 15 x 15, 8-bit colormap, non-interlaced
Category: dropped
Size (bytes): 1496
Entropy (8bit): 7.249606135668305
Encrypted: false
SSDEEP: 24:GeZ6oLiqkbDuU4fqzTrvMeBBlreZ6oLiqkbDuU4fqzTrvMeBBlE:pDeqkbiU6MTrFFMDeqkbiU6MTrFFE
MD5: D86D65C9C03C6696B6FAE4916E60D34C
SHA1: 40C0C486CCEA1A0E5E09D66BCE1A89FF257119BF
SHA-256: 6BA4914CFDA51106B82FA239C69920E64C53422AE8EE30B469045395110564A6
SHA-512: 0A76905CCE651D50C0E81B62F2B7E3F56831D6F63847F16AF89835A70E956796D59780C77E066FECB701FCAC6B3A493CAAFBDE1F00022D76F8B635B3E0E3B80F
Malicious: false
Reputation: low
Preview:.PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.............................................................................................................................................................................................................$..s...7tRNS.a.o(,.s....e......q*...................................F.Z....IDATx^%[email protected].?|;.y..S....F.t...,.......D.>..LpX=f.M...H4........=...=..xy.[h..7....7.....<.q.kH....#+....I..z.....'.ksC...X<.+..J>....%3BmqaV...h..Z._.:<.Y_jG...vN^.<>[email protected]....?...1D.m~)s8..&....IEND.B`..PNG........IHDR...............ex....PLTE....W..W..W..W..W..W..W..W..W..W..W..W..W.U..............W..W.!Y.#Z.$\.'].<r.=s.P..Q..Q..U..o..p..r..x..z..~.............................................b.....................................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e4596a5f2ba98ef1f0e097bf016cb191[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 225x150, frames 3
Category: dropped
Size (bytes): 4601
Entropy (8bit): 7.888530565903238
Encrypted: false
SSDEEP: 96:lH1F5EaqpB/ew10pys5whVZ6/Tz/1uvhHakJVdPIBBOICCqQ3:9aaqpB2I0pyBhETz/oHakSBBOlCqI
MD5: 8C25B43478452DD609EEBF5D73B7513F
SHA1: 8D2C5B4CEEE2EDE162DD14EA3E03B4DDFDFC1A04
SHA-256: 722DC271DC48953427126B71F9704A58B10C84576F011A170371FA2DB624BB16
SHA-512: 66884BD39D98BECD77CEA84CA45F080C9B3221BFBCA8FDD4FBA18C929178802AA699B5DE81D79878E88E6C34C3915381A66CE4D43EFBBA07BE7D65838BD7313D
Malicious: false
Reputation: low
Copyright Joe Security LLC 2021 Page 31 of 74
Preview:......JFIF...........................................,. .. .,'/&$&/'F7117FQD@DQbXXb|v|................................,. .. .,'/&$&/'F7117FQD@DQbXXb|v|.............."..........3...................................................................^t...q2.'..R..8.~....T\@b.8:^..;J/O.l..7L.....f.Zlw.......`....:.ug...-..J......Tol^.jT....]).b`...U......Z.....c....U.dDV.....8T.?..F...ey.g....#.%3...8.T/...P..F.Uyv.!'[email protected]".!Vk....._.{.[I.#..#.L....ez.BH.....N...zPWC...e..u.o*.;G.m..`yu...Ve.b....G(nb.t.j........=4...')R...4.....-.....W.r..R.$.....(EQS...#*Y<..B.sv6j..O....l....F..._.Q...k.D.o.FD..m...._;...N.3.E......N..I.$.*.'c5mY..-.f.....9(.Z...Zp.......,.N}.f.[..1h....S.-!cCx.|.......!......Z..b.Zfe1..........qh...fPt(.........Ni.u....u,..*.Z^..=f."H..\..a.'..V.>...0..Oy.O(.g.Zz.us....b..b.1...e..uX...:f.....9U[.\.~..M.zJ4/z...(.&...q5xQ0..'...Y.e..&..4.8u.4.Ul..$d......l.1c|......t..*...\....JS........./...........................!1."2..Q.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\e4596a5f2ba98ef1f0e097bf016cb191[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\embed[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 13100
Entropy (8bit): 5.372135352544717
Encrypted: false
SSDEEP: 384:cGTR5C4QCqY9cUWKFmqHlRsyv8Lat5ZYb6jwq:ck5C4Q0VHlRVv8Lat0Sl
MD5: B2BDCCAE8408B77EE38F644EC97C3FD1
SHA1: 36E6091C9AAD0BEC8AD347ED735C6E3516CF9FCA
SHA-256: BD4B373671CEED14E4142BBE48A1BC9E5D81A611386D32236D70EFF46973BAD0
SHA-512: 8E1DD6FB82D7CB80934A38FF2CCC8F96C517FC1497964E6EB1A02346046A3E228BFB36B0E6597D44541F31B8250F50F96B5334F9F9BFBA4FAFC2ED1366E383AF
Malicious: false
Reputation: low
IE Cache URL: https://cdn.playwire.com/bolt/js/zeus/embed.js
Preview:window._pwBoltAB={name:'na',type:'A'};;window.pwKinesisCreds={"AccessKeyId":"ASIA44GIABD55SOX2F56","SecretAccessKey":"QtLW/fvl+hR9q7W8iAYfQQz4Ddq+umkP98svNJvG","SessionToken":"FwoGZXIvYXdzEMf//////////wEaDOz42dzsJk25LUiQ7CKBAeX9OnX/mm8ii6DiC1+EZgl8g4oSUYJij96+a3BcUFmegkECz8n3mKE8AburmIALZNQxYvn6ZKSZ12zQwxohITlfbWuAIIwtTtJ3NNIODbiymVsaE2fZDKENFb3RcOGrYLBohJ3kP0JCuOGM47pliJsZnYSlKZs98D4wUN+JtUbXnCjt5aSHBjIo2steoBE+zZL0aDdCbaQlLq4bstNCbBNoXvJLmQ+fG7fmi6B4dO2MMg==","Expiration":"2021-07-10T06:41:01.000Z"};window.boltSampling=true;window.boltSamplingRate=0.1;window.__pwSpotxServerSampleRate=false;window.BoltBaseURL='//cdn.playwire.com/bolt4/js/zeus/releases/4.3.55';window._pageViewSR=0.1;window._pageViewSampling=true;window._pwLogger={"pageos":{"rate":0.001,"level":"DEBUG","sampling":true},"bolt":{"rate":0.001,"level":"DEBUG","sampling":true},"tyche":{"rate":0.001,"level":"DEBUG","sampling":true},"PAGEOS_HEAVY_AD":{"rate":1,"level":"DEBUG","sampling":false}};window.pwKruxEnabled=false;windo
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\errorPageStrings[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: dropped
Size (bytes): 9440
Entropy (8bit): 5.164796203267696
Encrypted: false
SSDEEP: 192:JsUOG1yNlX6ZzWpHOWLia16Cb7b4sUOG1yNlX6ZzWpHOWLia16Cb7bk:JsDhpNOWLiIb7b4sDhpNOWLiIb7bk
MD5: 9FDEE838E7C036092E81A4E7CC949643
SHA1: 364FC6C36972FFD803E5999AD501F3D7A2216FDF
SHA-256: C6BF586821E13F7F6D6EF75AA82E69BD5E3E1336615C85AE513C70704F5C0787
SHA-512: 622BC3BD9F0615C191B03F2E8D018867C9D9ADCF1015DA5FB4D3462D71512B72558B32CA9F74A925C150B57FD232ABD48AFFC8D32128C50540DF02FCA8ECBB2B
Malicious: false
Reputation: low
Preview:.//Split out for localization...var L_GOBACK_TEXT = "Go back to the previous page.";..var L_REFRESH_TEXT = "Refresh the page.";..var L_MOREINFO_TEXT = "More information";..var L_OFFLINE_USERS_TEXT = "For offline users";..var L_RELOAD_TEXT = "Retype the address.";..var L_HIDE_HOTKEYS_TEXT = "Hide tab shortcuts";..var L_SHOW_HOTKEYS_TEXT = "Show more tab shortcuts";..var L_CONNECTION_OFF_TEXT = "You are not connected to the Internet. Check your Internet connection.";..var L_CONNECTION_ON_TEXT = "It appears you are connected to the Internet, but you might want to try to reconnect to the Internet.";....//used by invalidcert.js and hstscerterror.js..var L_CertUnknownCA_TEXT = "Your PC doesn\u2019t trust this website\u2019s security certificate.";..var L_CertExpired_TEXT = "The website\u2019s security certificate is not yet valid or has expired.";..var L_CertCNMismatch_TEXT = "The hostname in the website\u2019s security certificate differs from the website you are trying to visit.";..var L
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\everything_email[1].jsonProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 9035
Entropy (8bit): 5.175552944482074
Encrypted: false
SSDEEP: 192:ITvQBvhmTQOlGVBGbA6SpAAvj5H7Kn8awqF:cvQBvhm8fuuFH7XawqF
MD5: 1B3C4227705D5746DDD28544FA0F0224
SHA1: 5DB643BEF2066A9A890F68119E3EC696C83911C9
SHA-256: 7F84409BCDB73ED0D3B127C4430311E32FB84BDCAEF9EC5FEC2A08890CA11552
SHA-512: 998278521692A59F8835CBE9F56BB6318A4D434453E59C94F8FB30B977A83B9844C73AF6BCE8065AEDE87D7946AB29617B8BDFFFB69212117B0358D49AD0BD53
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/news/everything_email.json
Copyright Joe Security LLC 2021 Page 32 of 74
Preview:{"status":"ok","totalResults":96375,"articles":[{"source":{"id":null,"name":"Lifehacker.com"},"author":"David Murphy","title":"How to Make a Fake Facebook Account","description":"Creating multiple Facebook accounts was easy back in the day. You might have needed a secondary email from a legitimate educational institution, but that.s typically not difficult to come by.especially if you get a new .alumni. email address tied to a univers.","url":"https://lifehacker.com/how-to-make-a-fake-facebook-account-1845484112","urlToImage":"https://i.kinja-img.com/gawker-media/image/upload/c_fill,f_auto,fl_progressive,g_center,h_675,pg_1,q_80,w_1200/jbdoe2stm6wzxnelkprv.jpg","publishedAt":"2020-10-27T13:30:00Z","content":"Creating multiple Facebook accounts was easy back in the day. You might have needed a secondary email from a legitimate educational institution, but thats typically not difficult to come byespecially. [+8456 chars]"},{"source":{"id":"mashable","name":"Mashable"},"author
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\everything_email[1].json
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\eyeglass[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 20 x 20, 4-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 454
Entropy (8bit): 6.433392156260066
Encrypted: false
SSDEEP: 12:6v/73UGHPwV31SVOqa3cOMpZiKvffzS4VcFEMwoc8:dMaTF3cOUZ1vffzgEMwo
MD5: B8D40BE2B96517793BBACE68C694FF2E
SHA1: 35A5209C3700764F38E8330644FD4B1E1D743A63
SHA-256: 695CA556D8B90727BCF6B48952D81AFD32071E62E8D8846FF23611F204D32667
SHA-512: EDB20C569C512887769DDD6BA02EE6C5A528DDB00B6A2018961B7FCC370CFF551BEBC8F9BD8D7A5BFEBF2E9C2B7229ACCA3A517F46F03A569CDAC5ADF3019A4A
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/quicklinkicons/eyeglass.png
Preview:.PNG........IHDR................>....gAMA......a.... cHRM..z&..............u0...`..:....p..Q<...*PLTE............................................l'....tRNS.&...._|?..R/....bKGD...a.....tIME.....!1.)......IDAT..c``..Z....L.w....fF....A.7..[.n.2.w+00..^[email protected]&..$mR..Xvo..a.{9...&......+A."6..Yw..`.....aL..aLF.=.p.....4vp.#....%tEXtdate:create.2020-03-06T18:33:43+00:00. r....%tEXtdate:modify.2020-03-06T18:33:43+00:00.}.}....IEND.B`.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feat_bf89e8c3-9176-4398-af3c-60371897cccb-80x80[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 80x80, frames 3
Category: downloaded
Size (bytes): 2883
Entropy (8bit): 7.8388663486970405
Encrypted: false
SSDEEP: 48:Uf3oOSKRFuERAIKt0oTaJ2pOWLgcK1/yCwf8sNV2b/ynhNqo5ov1Q7ZvXqsguCYb:3SMElE0dcsWLcKlUsW/ohQLtQ71CYSTU
MD5: 9466BCFEEFCEB480D7F1F58F1C9D859D
SHA1: C8C96794BE6118CC9BA4968E010705FA6DF80997
SHA-256: 9E0DABFCEBFBB21339E025C7E63A6475BFC12BD80C334DF93A6C49CFEAEB4C40
SHA-512: 1A47F4DEEDD00136B2082D28B572DDDD566DAE5A01416C2D1562ED27FE1CDB43F4EC33A19F1FF4DD73396FB26548952547ACA4AC29896FC6BA7A0394BC856F24
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/10001513/feat_bf89e8c3-9176-4398-af3c-60371897cccb-80x80.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......P.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...mr..V.Q..Re...^.N...2.#..r..]0.dI#.Nij.....wf.K.TuZ.cw{..2y......9R0.YT....4.k.t..Cr9.OZj].a.....U;...y.8.>k2G...9....O%..Q...Y. ...q.$..u$..q:..../H..R......d.....FG...UQ.Q.gG.x.D.$.w.t..t.>O..?.k..\.v3%.....7....b....k....24.D*3.1..;pq..N.X[m.-J5.D./.\|..=.`~u.*..%.....o.'y<..I.A`U.W.}.....#..".K....n.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feat_df6e9684-d1d9-4bb5-80b6-57e5bd6b7f36-300x180[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 300x180, frames 3
Category: downloaded
Size (bytes): 15160
Entropy (8bit): 7.95959868577267
Encrypted: false
SSDEEP: 384:kS6Ow58gZt2Z5m4p0j3DVEIXxXhHVgVXt2GxAL1l2cRSq0:kSa5BmHm4yjTmIXeV9DM2cRY
MD5: 946134D5C2B5BD496CB98E8ADE3A5264
SHA1: 9FF9329060F23CBFD31D43BB35081E318688A869
SHA-256: 059B914BA1FBCF5A920C7EDD4C1410C0C99B57280D00BABEA2A64C5D9720BCE0
SHA-512: 29DA6B66785191F5CEE14A517FBB867846E4F17B4F95683579B30B9C499854A22B0EB83E8FE0E0F65144874D2F60930B2E3F29753A91C30DFAA805CD0A776144
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09121514/feat_df6e9684-d1d9-4bb5-80b6-57e5bd6b7f36-300x180.jpg
Copyright Joe Security LLC 2021 Page 33 of 74
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..'..g..........&V.7.F........5..i....Fy..1....A.(.......A...y.....$.u.X.VB.@=..s.~...'.).qZ.[....o~)X.m.......1.4`.Ic(...[........5..\.....;..w.R... ....jH.~..:.Jq.$.4..^D...<.k..t6..?<...,.....u.....`.L..y.O.W..#_.I...ukYU..)X.K.m.;.f#.....F.Z..Z. ..@./.c.5f..[!....=J..~f$u8....9.+$h.z.l.....'.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feat_df6e9684-d1d9-4bb5-80b6-57e5bd6b7f36-300x180[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feat_e87d8be4-41c2-4aa1-b13e-8cfc960a1af3-300x180[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 300x180, frames 3
Category: downloaded
Size (bytes): 13484
Entropy (8bit): 7.935755897804352
Encrypted: false
SSDEEP: 384:kjX/yiyu6JDD+IH3Fc77u746hGRUOF2piEU2D:kWYG3H3Fuu746h+FUU2D
MD5: BA904F6A0960C6431AF153905C231942
SHA1: 1F04769FEF6B6A3123E78F6A0AF7309F34AAF8AA
SHA-256: 7452B6C0FD4FA606ED245605A0B40D1C96998C6915BE710C1B0774DADBE34E15
SHA-512: B92D411490ACE3A47E342BDB043E96AD82FD8A53609C539F390102A87A291661425E238B3FFFEF97DF2068E5D580791C0A12A31AB756849D4BAA6937C14C5076
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/10001510/feat_e87d8be4-41c2-4aa1-b13e-8cfc960a1af3-300x180.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?....LS.HF*.n).T.))..^[email protected]).F:PE.%*..B....@.>.i..X[..P9...H..==.k....4.GE....I....\..r:.v..[.cF.(b.-C.x....sI^...]ONUi..N........i.....K&.u..#.......u..|>....G..26...\....A]..f.u.tQ.;Ur.'...<.Y..1X..!K.x..M4.7:....Gd...0O.^!.m......Fr.t......n1..]@......Zs.M.7"......c..B ...(.-4..yf.....:NM.6vR.Z...|.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\feat_e87d8be4-41c2-4aa1-b13e-8cfc960a1af3-80x80[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 80x80, frames 3
Category: downloaded
Size (bytes): 2735
Entropy (8bit): 7.8357164737681275
Encrypted: false
SSDEEP: 48:Uf3oOSKRFuERAt9yg4RsFdlf7jxhslrOEF4adGN9Md+B6/fgPbeC:3SMEkMgbDlvx2lrybzB6/YPbeC
MD5: E2FC08D6F564ACA589D8C57956EB739F
SHA1: 471A5516639EB183909371DA2D4F7FAA0562BE20
SHA-256: A6F11BFF72DD74212C3C2B974E0073938BA2AD4B6F61FF77CA8A15203406D27F
SHA-512: AE63038A7D38AF9570328F54D6A3AED24681476FB328A7D122C76374AD60FD9A89117D05334EA652E5783E3B3D40BED3561B7D299CACCE84092449BA06542CBE
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/10001510/feat_e87d8be4-41c2-4aa1-b13e-8cfc960a1af3-80x80.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......P.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...W5.xw..wc..&...8%w.H.*s...r!s]o.|.'..7wd..~v....z........N..L.k.}.D/...*F8P3.}=j.......H67W........{E.=K..(...E.J..^6"....)5..7._.&.|M...-...i%../.........B..){...z...5/..=.h..z........?.z...'.m"..KS...X)9..x..|U%..t.`.]_.b.}.dTU..S#=+...x>.V.{...4W..O=.=.K.:\.]^..G.j..S.e.....!...n/.?z1.D....O.x
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), FontAwesome family
Category: downloaded
Size (bytes): 165742
Entropy (8bit): 6.705073372195656
Encrypted: false
SSDEEP: 3072:qbhEnD+IzsU9z9QJ6/P3Xe2iEiEPGFCMW1JVJG6wVTDsk6BmG6S1yKshojskO+b2:qenD+IzsU9z9QJ6/PO2FiEP2C/DVJG6I
MD5: 674F50D287A8C48DC19BA404D20FE713
SHA1: D980C2CE873DC43AF460D4D572D441304499F400
SHA-256: 7BFCAB6DB99D5CFBF1705CA0536DDC78585432CC5FA41BBD7AD0F009033B2979
SHA-512: C160D3D77E67EFF986043461693B2A831E1175F579490D7F0B411005EA81BD4F5850FF534F6721B727C002973F3F9027EA960FAC4317D37DB1D4CB53EC9D343A
Malicious: false
Reputation: low
IE Cache URL: https://netdna.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.eot?
Copyright Joe Security LLC 2021 Page 34 of 74
Preview:n.................................LP........................Yx.....................F.o.n.t.A.w.e.s.o.m.e.....R.e.g.u.l.a.r...$.V.e.r.s.i.o.n. .4...7...0. .2.0.1.6.....F.o.n.t.A.w.e.s.o.m.e................PFFTMk.G.........GDEF.......p... OS/[email protected]...`cmap..:.........gasp.......h....glyf...M......L.head...-.......6hhea...........$hmtxEy..........loca...\........maxp.,.....8... name....gh....post......k....u.........xY_.<..........3.2.....3.2.................................................................'...............@.........i.........3.......3...s................................pyrs.@. ........................... .....p.....U.............................................]...............................................y...n.......................................2.......................................@...................................................................................................................................................z..............................
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\fontawesome-webfont[1].eot
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\forms_tiles_test-uniqex[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with very long lines, with CRLF line terminators
Category: downloaded
Size (bytes): 38721
Entropy (8bit): 5.309409597002413
Encrypted: false
SSDEEP: 384:8kDZESrZrAYTZMVcI9k9scbJTzrj/vnIETd6R8KNKXtWBU9w:nkYTZMVcI9k9lTzrj/vnIETcocCw
MD5: 5929BAC38459059496AF251997C4918F
SHA1: 7ADA981A86E4C77E5CE15B3761910C4F7FFC92F0
SHA-256: 8785941A6DF0199B245F03566986F20FC689B3A4F67A2E0D011F1D6AA252BAEF
SHA-512: 9883FB91D147CE00EA5FF0D220BD805658E51A2B1DD4B439ADFF5D0FF1C1D05F04D7BDE7AB005D945075B7394A7BCAF38157ACD987306CE185997EC50F475342
Malicious: false
Reputation: low
IE Cache URL: https://search.hfindingformspro.com/Content/Home/Forms/CSS/forms_tiles_test-uniqex.css
Preview:..clear,...clearfix:after,...container-fluid:after,...container:after,...modal-footer:after,...modal-header:after,...row:after {.. clear: both;..}....button,..html input[type=button],..input[type=reset],..input[type=submit] {.. -webkit-appearance: button;.. cursor: pointer;..}....:after,..:before {.. -moz-box-sizing: border-box;.. -webkit-box-sizing: border-box;.. box-sizing: border-box;..}.....hidden,...visible-lg,...visible-lg-block,...visible-lg-inline,...visible-lg-inline-block,...visible-md,...visible-md-block,...visible-md-inline,...visible-md-inline-block,...visible-sm,...visible-sm-block,...visible-sm-inline,...visible-sm-inline-block,...visible-xs,...visible-xs-block,...visible-xs-inline,...visible-xs-inline-block {.. display: none !important;..}....html {.. -ms-text-size-adjust: 100%;.. -webkit-text-size-adjust: 100%;.. -moz-text-size-adjust: 100%;.. text-size-adjust: 100%;.. -webkit-tap-highlight-color: transparent;..}....article,..aside
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free-v4-font-face.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 2956
Entropy (8bit): 5.125371670429057
Encrypted: false
SSDEEP: 48:tvPioG2d9OtPw90tH89ytnDHCpnwt3jyTwJ9ctlZCLH3fsBAM:dP6WOtP+0tHiytnDXTfjctlZCj3o
MD5: 22BE82A519CEAFC43258D8F58A37FCF5
SHA1: 27E62338ADCE50811F60E7A7194ECF7392367D31
SHA-256: BC39FAECA56080DDF58D15275B2FE0CFA3BC1EC8AFD82508555B25555EC95086
SHA-512: 407E40A074C2697210DDE36EB3E89BE240557A1F19E987A3FD9EF9977D6FBEF0A74316568CB4D2A9B33AC1D65CE4E967F5D59AF86100B04607F895F6FB066984
Malicious: false
Reputation: low
IE Cache URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-font-face.min.css?token=2dad37a30b
Preview:/*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-solid-900.eot);src:url(../webfonts/free-fa-solid-900.eot?#iefix) format("embedded-opentype"),url(../webfonts/free-fa-solid-900.woff2) format("woff2"),url(../webfonts/free-fa-solid-900.woff) format("woff"),url(../webfonts/free-fa-solid-900.ttf) format("truetype"),url(../webfonts/free-fa-solid-900.svg#fontawesome) format("svg")}@font-face{font-family:"FontAwesome";font-display:block;src:url(../webfonts/free-fa-brands-400.eot);src:url(../webfonts/free-fa-brands-400.eot?#iefix) format("embedded-opentype"),url(../webfonts/free-fa-brands-400.woff2) format("woff2"),url(../webfonts/free-fa-brands-400.woff) format("woff"),url(../webfonts/free-fa-brands-400.ttf) format("truetype"),url(../webfonts/free-fa-brands-400.svg#fontawesome)
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free-v4-shims.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 26701
Entropy (8bit): 4.829823522211244
Encrypted: false
SSDEEP: 192:dP6hT1bIl4w0QUmQ10PwKLaAu5CwWavpHo4O6wgLPbJVR8XD7mycP:0hal4w0QK+PwK05eavpmgPPeXD7mycP
MD5: 8A99CE81EC2F89FBCA03F2C8CF1A3679
SHA1: 58F9EF32D12A5DA52CBAB7BD518BCC998FC59EF9
SHA-256: 362DAEAF1F7E05FEE9A609E549F148AACBE518C166FBD96EAD69057E295742AF
SHA-512: 930F28449365FAED13718BB8F332625DB110ABB08C3778DC632FDF00A0187A61A086B5EB4765FFC1923B64E2584C02592A213914B024DE6890FF3DBFC3A12FE5
Malicious: false
Reputation: low
IE Cache URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free-v4-shims.min.css?token=2dad37a30b
Copyright Joe Security LLC 2021 Page 35 of 74
Preview:/*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa.fa-glass:before{content:"\f000"}.fa.fa-meetup{font-family:"Font Awesome 5 Brands";font-weight:400}.fa.fa-star-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-star-o:before{content:"\f005"}.fa.fa-close:before,.fa.fa-remove:before{content:"\f00d"}.fa.fa-gear:before{content:"\f013"}.fa.fa-trash-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-trash-o:before{content:"\f2ed"}.fa.fa-file-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-file-o:before{content:"\f15b"}.fa.fa-clock-o{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-clock-o:before{content:"\f017"}.fa.fa-arrow-circle-o-down{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arrow-circle-o-down:before{content:"\f358"}.fa.fa-arrow-circle-o-up{font-family:"Font Awesome 5 Free";font-weight:400}.fa.fa-arro
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free-v4-shims.min[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\free.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 60351
Entropy (8bit): 4.728641238865369
Encrypted: false
SSDEEP: 768:0Uh31IPiyXNq4YxBowbgJlkwF//zMQyYJYX9Bft6VSz8:0U0PxXE4YXJgndFTfy9lt5Q
MD5: 390B4210E10C744C3C597500BCF0B31A
SHA1: 2600C7C2F25D7DBCBC668231601E426010DC6489
SHA-256: C2819CA1F7AD1AF7BA53C4EDFDFD395C547BCB16D29892A234D7860C689ED929
SHA-512: E8A7E466BE8CC092E12994B51A6A8A39E2FBB66DD48221BCF499BB89365B4004D73C1909F8FE0BBBBF13907D5901D76FFE127D92FDD7493853646F83F5985CBE
Malicious: false
Reputation: low
IE Cache URL: https://ka-f.fontawesome.com/releases/v5.15.3/css/free.min.css?token=2dad37a30b
Preview:/*!. * Font Awesome Free 5.15.3 by @fontawesome - https://fontawesome.com. * License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License). */.fa,.fab,.fad,.fal,.far,.fas{-moz-osx-font-smoothing:grayscale;-webkit-font-smoothing:antialiased;display:inline-block;font-style:normal;font-variant:normal;text-rendering:auto;line-height:1}.fa-lg{font-size:1.33333em;line-height:.75em;vertical-align:-.0667em}.fa-xs{font-size:.75em}.fa-sm{font-size:.875em}.fa-1x{font-size:1em}.fa-2x{font-size:2em}.fa-3x{font-size:3em}.fa-4x{font-size:4em}.fa-5x{font-size:5em}.fa-6x{font-size:6em}.fa-7x{font-size:7em}.fa-8x{font-size:8em}.fa-9x{font-size:9em}.fa-10x{font-size:10em}.fa-fw{text-align:center;width:1.25em}.fa-ul{list-style-type:none;margin-left:2.5em;padding-left:0}.fa-ul>li{position:relative}.fa-li{left:-2em;position:absolute;text-align:center;width:2em;line-height:inherit}.fa-border{border:.08em solid #eee;border-radius:.1em;padding:.2em .25em .15em}.fa-pul
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\frontend.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 7694
Entropy (8bit): 4.534963516269418
Encrypted: false
SSDEEP: 24:WIfIjkIl7IfIjkIWIfIjkIW/IfIj/I+wjIfIj/IEIWC2ByIfIj/IEINBQWnIfIjs:skPmTKctOqaD2CHMa3Z3yMKM3OM9O
MD5: 130B8B1439F82EAEE32D300E561922CE
SHA1: 231CCFC4A721E97ECF378DBE99E26668A68D8FB6
SHA-256: F5C115BFE71BBAC4561ADE512DCF1264961D14A68838C3EF56505F86370ED211
SHA-512: 921482E2234816BA44A06B9970674F4F0D1EABE9F9B4276014CAA515E223F401285433A85BF82EF63BDBCFD5FFA505E7AB7401B6570488157D143FDEEAEF2C73
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-content/plugins/google-analytics-for-wordpress/assets/css/frontend.min.css?ver=7.15.1
Preview:.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled a.monsterinsights-inline-popular-posts-title{text-decoration:none;box-shadow:none;font-style:normal;font-weight:bold;border:none}.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled a.monsterinsights-inline-popular-posts-title:hover,.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled a.monsterinsights-inline-popular-posts-title:focus{text-decoration:underline}.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled.monsterinsights-inline-popular-posts-alpha{padding:24px 27px;margin-bottom:24px;background:#f0f2f4}.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled.monsterinsights-inline-popular-posts-alpha .monsterinsights-inline-popular-posts-label{font-size:18px;line-height:1;display:block;margin-bottom:6px;color:#eb5757}.monsterinsights-inline-popular-posts.monsterinsights-popular-posts-styled.monsterinsights-inline-popular-p
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\frontend[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with no line terminators
Category: downloaded
Size (bytes): 216
Entropy (8bit): 4.674800736627238
Encrypted: false
SSDEEP: 6:RBaK43iUKNjaK43RwTqYmWQYnRi83ym2Y33n:RX435wF43oJQnmL3
MD5: F3E37D2ACD180139B806DD8A8E285547
SHA1: 78117EFDDD34A6AA47CD7625F814EC4BDCCB5B8E
SHA-256: 96335AF720AC1FB6480C34CA8CB951E2B432DFEDD5F96FD46D66563DC1BA5801
SHA-512: 95E94453B384E0911AAB5982B32332EF0B10ACBE191982A8CC072488F3DCDDB030A35C19825EDFA70C960C168FB1F59C20663AC31406A8DC3F5064CC65D09DA3
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-content/plugins/post-views-counter/css/frontend.css?ver=1.3.3
Copyright Joe Security LLC 2021 Page 36 of 74
Preview:.post-views.entry-meta>span{margin-right:0!important;font: 16px/1}.post-views.entry-meta>span.post-views-icon.dashicons{display:inline-block;font-size:16px;line-height:1;text-decoration:inherit;vertical-align:middle}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\frontend[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\header_common[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines, with no line terminators
Category: downloaded
Size (bytes): 560
Entropy (8bit): 4.909833167336314
Encrypted: false
SSDEEP: 12:N8oPTEo3e1UEotEohJ4XEo6jyMAXDRWg1uSuuI068057obVaf:zIo0o2otoNRWg1uSuuFEcBaf
MD5: 7395E64D793177BD26A720124703786F
SHA1: B9F729EAB19CC67739366AF5ECC8A4CC90C012A4
SHA-256: E593503A6F74A91B7CA6D5EF4BE3BF2A0FC2B5D45D615E6D9788512BBFEC2AA4
SHA-512: 32F599D4A207E2559CB2916AA8C2DD6A788A48995DF39B9071CECEF162710ECB1FE5F86E426FB0A812D2DE9B2BA04ACADC49AC34B5548D83437A12BAE4B0D83F
Malicious: false
Reputation: low
IE Cache URL: https://search.hfindingformspro.com/scripts/home/header_common?v=AAAAH_DbLIleWj0eIMkM9tOvY9PBuu50aQKW3Tf5CW81
Preview:var clockobj,showtb;try{if(clockobj=clockobj||{},clockobj.military=localStorage.getItem("24hourclock")=="true",clockobj.utc=localStorage.getItem("utc")=="true",clockobj.show=!(localStorage.getItem("showclock")=="false"),showtb=localStorage.getItem("toolbar")=="false",showtb){var css="header { display:none;}",head=document.head||document.getElementsByTagName("head")[0],style=document.createElement("style");style.type="text/css",style.styleSheet?style.styleSheet.cssText=css:style.appendChild(document.createTextNode(css)),head.appendChild(style)}}catch(e){}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\homepage[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 2446
Entropy (8bit): 4.938265352496991
Encrypted: false
SSDEEP: 48:ipM/XcaX9v/Yz7HkFgHkFiZcvZXA2LXmQ5DNbwMj6:DcaN3YcbaqXAAWQ5DNbwa6
MD5: 0AB8178EEBB2694185E1F283A3B05F22
SHA1: 3BA14CD1E9013D7700BC5197D04567D5CF2F7C16
SHA-256: A90140E6DD9C262CCF1BD4F2FD37131D0BF493B73CF53F593C8E934A8F885396
SHA-512: A2BF31DCA7D8C52C3DDD879903B5F8BBC14875CC7A23D4260D46A3CB6AD09DDF17B6066D2C396F1E0A3D90E2F459792990876DF54FF0A87792334D238B7B71AE
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/js/homepage.js
Preview:var tabletBreakpoint = 991; // width where the page switches between mobile/desktop.var width, prevWidth; // width and prevWidth determine current breakpoint and if a change is needed..var LEFT=37,. UP=38,. RIGHT=39,. DOWN=40,. SPACE=32,. TAB=9,. SHIFT=16;..$(function(){. width=prevWidth=viewportWidth();. if(width<tabletBreakpoint){. goMobileHP();. }else{. goDesktopHP();. }. . // $('.slick').slick({. // arrows: false,. // fade: true,. // speed: 500. // });. // $('.slick-list').removeAttr('tabindex');.. $('#trending a').attr('tabindex','-1');. $('#trending .expanded a').removeAttr('tabindex');. . $('#trending button').click(function(){. if($(this).parent().parent().hasClass('expanded')){. $('#trending .inner').removeClass('expanded');. $('#trending .topic').removeClass('expanded');. $('#trending a').attr('tabindex','-1');. }else{. $('#trending .inner').removeClass('expanded');. $('#trending .topic').removeClass(
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]Process: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode (with BOM) text, with CRLF line terminators
Category: downloaded
Size (bytes): 24210
Entropy (8bit): 5.451485481468043
Encrypted: false
SSDEEP: 384:xPini/i+1Btvjy815ZVUwiki3ayimi5eqBG1fm304Pini/i+1Btvjy815ZVUwik5:8i6+1B1y815PUNZ3ab3fBK9i6+1B1y8d
MD5: 7B6C8BD51E49F7F56E2B21311D0EA59B
SHA1: EDB0F7D21BCEC6C48DEDC14E9ED41383740BAE37
SHA-256: 620BD33A4E0358498D9429FE2DBA00F85A86D6059FA796B482E2A9F6B0794F2D
SHA-512: DD1D524872EE165D230BE5B3872DEE108B806AB684AACFA955F07B7A87C1ACA63FA3B59210442E1E3C9A2D33409583E0AC3B1A6A0D4EB91BBEEF62D311FD1BC4
Malicious: false
Reputation: low
IE Cache URL: res://ieframe.dll/httpErrorPagesScripts.js
Copyright Joe Security LLC 2021 Page 37 of 74
Preview:...function isExternalUrlSafeForNavigation(urlStr)..{..var regEx = new RegExp("^(http(s?)|ftp|file)://", "i");..return regEx.exec(urlStr);..}..function clickRefresh()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..window.location.replace(location.substring(poundIndex+1));..}..}..function navCancelInit()..{..var location = window.location.href;..var poundIndex = location.indexOf('#');..if (poundIndex != -1 && poundIndex+1 < location.length && isExternalUrlSafeForNavigation(location.substring(poundIndex+1)))..{..var bElement = document.createElement("A");..bElement.innerText = L_REFRESH_TEXT;..bElement.href = 'javascript:clickRefresh()';..navCancelContainer.appendChild(bElement);..}..else..{..var textNode = document.createTextNode(L_RELOAD_TEXT);..navCancelContainer.appendChild(textNode);..}..}..function getDisplayValue(elem
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpErrorPagesScripts[1]
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpscdn.vox-cdn.comthumborjKeJm21Ya5cuN7aAlFi4UYM-hPk0x391000x563fit-in1200x630cdn.vox-cdn.comuploadschorus_assetfile22709358TV_Plus_main1.-300x180[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 300x180, frames 3
Category: downloaded
Size (bytes): 14189
Entropy (8bit): 7.925969156262562
Encrypted: false
SSDEEP: 384:klxeNQt/uZKvxVkdEbAnEQaHvT7xGOJwmLYXfCvfuLGQnc:kzey1v7kduAnF05GOJ5mCOLGQc
MD5: 5232F396619E1ED84FF7517F1EFD869C
SHA1: 9B6FB74348B5BF9EC4B6971BB14F928B9DE8C3F2
SHA-256: AE72A38C14395CAD19E56F0D841E02A95A5EFB476136D2269A7C25D2CFECECEB
SHA-512: 542E2798DA98D5AC90927D98E4581F9C7B8E393D11FD846F1B6B8F0A0931E22CA6FD189A92E031E45DF933DBCA1ADEE7BF7C08E82636BD4D29A71B9BF7266431
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/10001557/httpscdn.vox-cdn.comthumborjKeJm21Ya5cuN7aAlFi4UYM-hPk0x391000x563fit-in1200x630cdn.vox-cdn.comuploadschorus_assetfile22709358TV_Plus_main1.-300x180.jpeg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?......[.2....W1..8..9.iy.$..........G.kr..Us...MIXu....W...........H.w.@.S..h.T..G3f.......Y.....j.i..c.NSH..Q...].. S&..0....\.....5..=.E....n.%..I.ndX...:.{..[.9.Md.(..%.-.V.D....m.H..`.b.U77......$.T....@..'..k.e.i#...@..~.gS.\...T. .j...e.m.I....TJ].Q.Vf...3n.&....'.>.,.S...|.......>..p.Lo..1FF
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpsstatic.foxnews.comfoxnews.comcontentuploads202006056ad996-UN-Human-Rights-Council.-300x180[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 300x180, frames 3
Category: downloaded
Size (bytes): 17876
Entropy (8bit): 7.964455475232507
Encrypted: false
SSDEEP: 384:k7qBpOTl5oKmbKhIH0MIyPhLSoicVpBBvrm6zthrZvzTHkQ0KcXsJIRa1:k7qbO5xquo0PyP0dcVpBBD3LdvzTHkX0
MD5: 79D008E087602B2B64C3ECC57C96383A
SHA1: 3854941BE2DB25C260AA610812ECF1AFE8C09A9C
SHA-256: ABB1BA2F6638EC87286231C36DF40E19FF22E44A93635740101BEA83C177E0BC
SHA-512: 9D45753B0323AB600EAD547A7E6BC5712D2472EE6FA84F3525F669FE78FFCC2D1AA493BF7CB229C45D69C048920A5D501C14D40ADEFB483ED681F6DDD607F894
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09221529/httpsstatic.foxnews.comfoxnews.comcontentuploads202006056ad996-UN-Human-Rights-Council.-300x180.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..K.<...|..A.5".Zw.....S...:r..c...>......?j.9...O.v..s...)....,.......O.....=....c..Y.]@..y..'..Y.."......G..c\.)r..FpA...h.........y..y.|.@..>....\.1......8.mY.T,.....9.O.[.Z.......|......}...<...~m.....>..z..`......p....x...AV...........x.."b.G.g... .9...Y...,?....4X...A..?.B.e...JGRg....C...5U..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpsstatic.foxnews.comfoxnews.comcontentuploads202006056ad996-UN-Human-Rights-Council.-80x80[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 80x80, frames 3
Category: downloaded
Size (bytes): 3195
Entropy (8bit): 7.853007996010455
Encrypted: false
SSDEEP: 48:Uf3oOSKRFuERANun5CBPeWj5NW9U7EbiLylq+NzLB7T5k1jhwLCtMkah1s585Ali:3SMEtn5CJ1iq+BB7TSjhwLkMLjs5gA4
MD5: 8DDD10D6011AA6B41CAE11FD07307CDD
SHA1: 56D9151AA9311C3153E06158A37DD2BFE7A37F21
SHA-256: DA5A1CE6FA64E34B00EFE49D246AA1C95DAB2D1F7830DA08F20D23D06023431B
Copyright Joe Security LLC 2021 Page 38 of 74
SHA-512: C7FAD2A5592E0420B7BDBD6C24DDC68D54F82060E6CEB51F4E55CE4249CE08F6BDA153F85307CD331288B4DEAF16933C551A21FEEC50F2728AE06C065869A0FF
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09221529/httpsstatic.foxnews.comfoxnews.comcontentuploads202006056ad996-UN-Human-Rights-Council.-80x80.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......P.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?.H..... |..jF.../....a.qk>.lt....%e.".QA$.r9.........'v..9C.DWm..............>.5..7..r))....>.e..<d......S..k.*$...8.'h,2.....C....2....fUfs..$.c.OL..j..sKDk..u..4>.!.~/....X.[....&..+... ...z..k$..EOk...e..w...E.@..`g.$....C..b.m..|..(.:...m2..;..8.?....d)'...(......x>..A.:....#H.Uw.7.(...}n...e.v.[..
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpsstatic.foxnews.comfoxnews.comcontentuploads202006056ad996-UN-Human-Rights-Council.-80x80[1].jpg
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpsstatic01.nyt_.comimages20210709sports09wimbledon-men-semifinal1merlin_190609092_9e78bd6a-5bb6-4486-8e4c-6d5a9924a9a3-facebookJumbo.-300x180[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 300x180, frames 3
Category: downloaded
Size (bytes): 12414
Entropy (8bit): 7.958260659348152
Encrypted: false
SSDEEP: 384:kGUQEkBlLK/JDUK/sCv7bkE50o808NcgLFskFbFf9:kGUBALKgK0GoE5N8fLy6bFf9
MD5: 84E125D99BB70B894C3A918A87A04DBC
SHA1: A66DD2428982B2C3B2BDE8F8069142A71ED94F13
SHA-256: A78948965E11E94444AF7C95637A5209094F4C34E979C462CC4550EF0395E774
SHA-512: BAC38057C788861AC71F4E70B95081100F7B3DE3CC39CFDA7EF76188D0BDD5E91FDE45BB0946D74423DE117B73DBF71B1F0682AED27D88734F0051E1C48EB22B
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09181502/httpsstatic01.nyt_.comimages20210709sports09wimbledon-men-semifinal1merlin_190609092_9e78bd6a-5bb6-4486-8e4c-6d5a9924a9a3-facebookJumbo.-300x180.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$........,.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?..k.[.>.....q.:....?.|<..W..E.1.#.z......U[.-#y..%kwT.m.7....U^..i..m.J.=.Q.|W.m....Z..o...d0.!V.|`f.F......b...>#y.".;m...w.;.m*$D..g..XW.j>dmA.x..oz.j.....p=k....?c....%.%...+.>.5.....r>Q.k.]OP.t....4.}..\....O&.R.C.mN)....ga...]M...)..7`....?...U....jn.+,=.)....y.....V.M4.......6.V.....nq.O.> ..d...cv
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\httpswww.cnet_.comaimgKR2_pnTnNUd5ZpmAQq7VXkv97gA1200x63020210709eb0ccf60-43a6-4088-a00e-74994de38fbagettyimages-1233893905-1.-80x80[1].jpgProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82", baseline, precision 8, 80x80, frames 3
Category: downloaded
Size (bytes): 2851
Entropy (8bit): 7.857509139993422
Encrypted: false
SSDEEP: 48:Uf3oOSKRFuERADZEQmY1HvJ/NlAcwrtLuyP7/7u3/QyVtFvGAhuFhSFruTIc:3SMEUZ0oHX853j0oSghSor
MD5: 465FCD2EB17E0F78B852DB118FF37501
SHA1: F971BD475F2E261DC0965637603574889B4545E9
SHA-256: 0B7592594C6FE1273DC0523EB8A684F04FBC9F26018500AFCEC1B4E2A6E4A18A
SHA-512: E30DE39D380DE6168360E8015DD638DCBE9F535FD1BB26B247C178DCAFEF251D357BF344FB40DDC307FFD17A154A392C7F5ED16B04157455BAE541F0FD10DE02
Malicious: false
Reputation: low
IE Cache URL: https://autosuggest-files.s3.amazonaws.com/thenewscorner/wp-content/uploads/2021/07/09181523/httpswww.cnet_.comaimgKR2_pnTnNUd5ZpmAQq7VXkv97gA1200x63020210709eb0ccf60-43a6-4088-a00e-74994de38fbagettyimages-1233893905-1.-80x80.jpg
Preview:......JFIF.....`.`.....;CREATOR: gd-jpeg v1.0 (using IJG JPEG v80), quality = 82....C.....................................!........'.."#%%%..),($+!$%$...C...........$...$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$$......P.P.."............................................................}........!1A..Qa."q.2....#B...R..$3br........%&'()*456789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz..............................................................................................................................w.......!1..AQ.aq."2...B.....#3R..br...$4.%.....&'()*56789:CDEFGHIJSTUVWXYZcdefghijstuvwxyz....................................................................................?...Q..lc.v.L..]h.O...~l?..R......."...P.....B....g.+.....a.:+......N..?..]/............C..(........f.E.....]......mu....K./.c4. ....%.).Ke..M...%..N.;.j.....Y*..1..A.^..N.c...xn...e.a......y..\D.=.bR....=O..%...c..F..........J...*J)-B..t...1co....W.....U.'..;..d.........g.....V.....j...b.?.'.Vr......'L.
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ice[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 602473
Copyright Joe Security LLC 2021 Page 39 of 74
Entropy (8bit): 5.814484739206751
Encrypted: false
SSDEEP: 12288:9yswqbJ6mF5wmpywGCoW24iOV+cOpwVRcKxVMiWjdEtP9qWl7:EswqbJ6mF5wmpywGCoWAXpWpxFWjdEtL
MD5: F4B71B995159BEA40F904C5C164ED1EA
SHA1: AAC74EF9F202E1456023C0F024F059A1A59C53C8
SHA-256: D0A148678AE2F22A7342589A75E3A0CE665CAEC896C62C9E60B0F30D3E046BF1
SHA-512: F4904568F082FA15035F108DCDDF28CBD16821F40A8233544E28A7797F98C1B64343A4E204B351F01D85E2D36A81B1BF8F43DDB0F0A7174E389FCBD194AC6415
Malicious: false
Reputation: low
IE Cache URL: https://resources.infolinks.com/js/1750.007-3.025/ice.js
Preview:var _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t};!function(){"use strict";try{var uuid=function(){return"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(t){var e=16*Math.random()|0,i="x"==t?e:3&e|8;return i.toString(16)})},LogglyTracker=function(){this.key=!1,this.sendConsoleErrors=!1,this.tag="jslogger",this.useDomainProxy=!1},setKey=function(t,e){t.key=e,t.setSession(),setInputUrl(t)},setTag=function(t,e){t.tag=e},setDomainProxy=function(t,e){t.useDomainProxy=e,setInputUrl(t)},setSendConsoleError=function(t,e){if(t.sendConsoleErrors=e,t.sendConsoleErrors===!0){var i=window.onerror;window.onerror=function(e,o,n,r){t.push({category:"BrowserJsException",exception:{message:e,url:o,lineno:n,colno:r}}),i&&"function"==typeof i&&i.apply(window,arguments)}}},setInputUrl=function(t){1==t.useDomainProxy?t.inputUrl=LOG
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ice[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ice[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 602413
Entropy (8bit): 5.814550912247052
Encrypted: false
SSDEEP: 12288:9yswqbnSm45wspywGCSW24iOb+cOpwVRcKxVMiWjdEtP9qWl7:EswqbnSm45wspywGCSWCXpWpxFWjdEtL
MD5: F1512E9581ACD5C50D27AC24CC120D78
SHA1: 3EF5262A25EC1671F991D55D3FACC53F9574FA3E
SHA-256: FFA811FF2834D53F32832C8B70D7DF7208264E144629487BBD91179CA13A5ECA
SHA-512: 092C9308A43249233428E05BA788380613973E0092914D8754EAD50E46420F6E32673163205D6A8F080D856798B79D5CCE7CE2DF3882CBFE777F017D9FE95012
Malicious: false
Reputation: low
IE Cache URL: https://resources.infolinks.com/js/1744.004-3.012.ab.1750.007-3.025/ice.js
Preview:var _typeof="function"==typeof Symbol&&"symbol"==typeof Symbol.iterator?function(t){return typeof t}:function(t){return t&&"function"==typeof Symbol&&t.constructor===Symbol&&t!==Symbol.prototype?"symbol":typeof t};!function(){"use strict";try{var uuid=function(){return"xxxxxxxx-xxxx-4xxx-yxxx-xxxxxxxxxxxx".replace(/[xy]/g,function(t){var e=16*Math.random()|0,i="x"==t?e:3&e|8;return i.toString(16)})},LogglyTracker=function(){this.key=!1,this.sendConsoleErrors=!1,this.tag="jslogger",this.useDomainProxy=!1},setKey=function(t,e){t.key=e,t.setSession(),setInputUrl(t)},setTag=function(t,e){t.tag=e},setDomainProxy=function(t,e){t.useDomainProxy=e,setInputUrl(t)},setSendConsoleError=function(t,e){if(t.sendConsoleErrors=e,t.sendConsoleErrors===!0){var i=window.onerror;window.onerror=function(e,o,n,r){t.push({category:"BrowserJsException",exception:{message:e,url:o,lineno:n,colno:r}}),i&&"function"==typeof i&&i.apply(window,arguments)}}},setInputUrl=function(t){1==t.useDomainProxy?t.inputUrl=LOG
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\iframe[1].htmProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: HTML document, ASCII text
Category: downloaded
Size (bytes): 542
Entropy (8bit): 4.715976121614738
Encrypted: false
SSDEEP: 12:hYv7wO+0Nc3WMwxvqQfsZPEdjoqJmW77lwRNVb:hYv8O+0Nc3WMwxvsZ8FHRiNVb
MD5: 05472FC18A9844E601004D2F70FDF1F2
SHA1: 561D1370D28B7D151F93758365BCA963C5DB2B28
SHA-256: 87F3E9DBF56610D04471B5C18958280E2ED41E98FEC4599254F0273E946FE843
SHA-512: EECDC10F20A75CEEAD71E0B25B66EC2746B3B91C0D9E97107DCB18CF6908E8B56A0AF023BBA3C0EC1ECC394D2EF519161F1DA660C1136D465C044E6F1445EB75
Malicious: false
Reputation: low
IE Cache URL: https://cdn.intergient.com/pageos/1.6.17/iframe/iframe.html
Preview:<!DOCTYPE html>.<html>..<head lang="en">...<meta charset="UTF-8">...<meta http-equiv="X-UA-Compatible" content="IE=Edge">...<meta name="viewport" content="width=device-width, initial-scale=1">...<style>....html,body {. display:none;. width:0;. height:0;. position:fixed;. left:-999;. bottom:-999;. }. </style>. </head>.</html>.<script type="text/javascript" src="https://cdn.intergient.com/pageos/1.6.17/iframe/iframe.js"></script>
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\infolinks_main[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 3473
Copyright Joe Security LLC 2021 Page 40 of 74
Entropy (8bit): 5.8114381592602875
Encrypted: false
SSDEEP: 96:LEq+powwpQnPEiGgVf9BM3IPOCaYW41ms3:X+s+lzSYPOCae0g
MD5: AAE1E47F20C1A9EF7FE0B284901D4A6C
SHA1: 14DB9D166D3AAB533A281541952D9948D0960EF1
SHA-256: AD9F5ECCA3E469C709AC793EFE7EBEC0C218427A1BE41F6EC9A0DA01BE7D440B
SHA-512: 415C6955C8A9E38A871CF00793763B456281A06E7C3326231E0426F0538B53904F83D57971717DC5AB5F6862671D4441B0A4D0C25D83B4B28E5E772A5CC1E7CB
Malicious: false
Reputation: low
IE Cache URL: https://resources.infolinks.com/js/infolinks_main.js
Preview:eval(function(p,a,c,k,e,d){e=function(c){return(c<a?"":e(parseInt(c/a)))+((c=c%a)>35?String.fromCharCode(c+29):c.toString(36))};if(!''.replace(/^/,String)){while(c--){d[e(c)]=k[c]||e(c)}k=[function(e){return d[e]}];e=function(){return'\\w+'};c=1};while(c--){if(k[c]){p=p.replace(new RegExp('\\b'+e(c)+'\\b','g'),k[c])}}return p}('(13(){6 L=9.1w("2b");6 V=M("2d");7(V&&V===2f&&18.1l()>=0.4){z}6 X=5;16{7(5.10&&5.10.1b&&5.10.9&&5.10.9.1e&&5.1A!==5.10){X=5.10}}17(n){1r.1p("1q 1U 2P 1c 2g 2T 2J 2i 1U 2H 2k.")}6 g=2l.2n.2U(),Y=13(p){12(6 q=0,e=p.w;q<e;q++){7(g.1k(p[q])!=-1){z 1z}}z 2E},S=Y(["2F","2s","2t","2u","2o 2r","2w 2x","2m"])?"2y":"",Z="1K"+S+".19",C=5["2j"];6 o=M("2z");7(o&&S){z}6 B=M("2B");7(B&&!S){z}13 b(){16{z 5.1A!==5.10}17(i){z 1z}}13 M(e){z 5[C+"2K"+e]||5["1O"+e]||5["2L"+e]||1j}13 Q(s){6 r=s.1L(/[&]/);12(6 q=0;q<r.w;q++){6 e=r[q].1L("=");7(!e||e.w!=2){2Q}6 p=1C(e[0]);6 t=1C(e[1]);5["1O"+p]=t}}6 f=5["$2V"]={};5["34"]={2W:f};6 A=f.2X={"2Y.2Z-3.1u.30.1P.1Q-3.1R":1S,"1P.1Q-3.1R":1S};6
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\infolinks_main[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\inspectlet[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 200241
Entropy (8bit): 5.3556377289368315
Encrypted: false
SSDEEP: 3072:5zZjuNi1N+x6lIyVSfdydvmecv62gkNhGsjfbaf:5zluNiCx6lINkdv/cv6c7bo
MD5: B6D831764403250B8696C41319EB5468
SHA1: 0938691AEC82558E32AED1C26685B2E2838951AA
SHA-256: 292F0D3FC70FA9CBB49A720D30AF0634F2C52BFBC4E78580503FC02C966F5F9D
SHA-512: FEFBF21913FCA68B3FBBBDF3B1B7C72EAF990BD7DC372662C9BA90BD60FE7CF4EE27A8EE3115D3E9F56F0E19D6B734E0BB2910DE81167591BC1E05A5165AAAF6
Malicious: false
Reputation: low
IE Cache URL: https://cdn.inspectlet.com/inspectlet.js?wid=1809232855&r=451646
Preview:if(!window.__insp || typeof window.__insp.loaded != 'boolean'){..!function(e,t){"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(e,t){var n=[],r=e.document,i=n.slice,o=n.concat,s=n.push,a=n.indexOf,u={},l=u.toString,c=u.hasOwnProperty,f={},p=function(e,t){return new p.fn.init(e,t)},d=/^[\s\uFEFF\xA0]+|[\s\uFEFF\xA0]+$/g,h=/^-ms-/,g=/-([\da-z])/gi,v=function(e,t){return t.toUpperCase()};function m(e){var t=!!e&&"length"in e&&e.length,n=p.type(e);return"function"!==n&&!p.isWindow(e)&&("array"===n||0===t||"number"==typeof t&&t>0&&t-1 in e)}p.fn=p.prototype={jquery:"2.2.4",constructor:p,selector:"",length:0,toArray:function(){return i.call(this)},get:function(e){return null!=e?e<0?this[e+this.length]:this[e]:i.call(this)},pushStack:function(e){var t=p.merge(this.constructor(),e);return t.prevObjec
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\ix-usync[1].gifProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: GIF image data, version 87a, 1 x 1
Category: dropped
Size (bytes): 35
Entropy (8bit): 3.270045936554562
Encrypted: false
SSDEEP: 3:M3Sit/k6h/:+1kK/
MD5: C0A97B478925284BD94E3271F6197C08
SHA1: 543E1556715B858C654397C62C0894DD6F294703
SHA-256: 16957A3BB9422D4BA380BE3B630DB7A310E87E65F224E2BE865DD64DD0B5664D
SHA-512: 86E26B31F505F66F9C7C04A34115AB3F860261E1BDF817F2A4DF243C09AB673F6BA89508673D05F696BD7376A40E1E22134864F7A5A533D6BD936E34D103BDF1
Malicious: false
Reputation: low
Preview:GIF87a.............,...........D..;
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.dataTables.min[1].cssProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 14180
Entropy (8bit): 4.888542495211502
Encrypted: false
SSDEEP: 384:Uv+clL5DJNLoCiBBXaOtCJ2jvb2xLt6s28Hbi9W6Ov1x:iaWZ
MD5: CC9A9D68EE3A2E239A0104D0E06BC576
Copyright Joe Security LLC 2021 Page 41 of 74
SHA1: A07664EE48E4421035F0817A7C574F35F1AC43CC
SHA-256: A08FC55705326080AEE8D88D41A19815ACD16C0D40D529E73929ECD94AE692B6
SHA-512: CC18BA34099ADC894362468E692AC4E2B71AB9CB23BC8678EDE1593D1ED2469A87EF6A4CD61BE6B0AE189038C8F990579782F85D462929CD2DA6F7091B37352A
Malicious: false
Reputation: low
IE Cache URL: https://cdn.datatables.net/1.10.23/css/jquery.dataTables.min.css
Preview:table.dataTable{width:100%;margin:0 auto;clear:both;border-collapse:separate;border-spacing:0}table.dataTable thead th,table.dataTable tfoot th{font-weight:bold}table.dataTable thead th,table.dataTable thead td{padding:10px 18px;border-bottom:1px solid #111}table.dataTable thead th:active,table.dataTable thead td:active{outline:none}table.dataTable tfoot th,table.dataTable tfoot td{padding:10px 18px 6px 18px;border-top:1px solid #111}table.dataTable thead .sorting,table.dataTable thead .sorting_asc,table.dataTable thead .sorting_desc,table.dataTable thead .sorting_asc_disabled,table.dataTable thead .sorting_desc_disabled{cursor:pointer;*cursor:hand;background-repeat:no-repeat;background-position:center right}table.dataTable thead .sorting{background-image:url("../images/sort_both.png")}table.dataTable thead .sorting_asc{background-image:url("../images/sort_asc.png")}table.dataTable thead .sorting_desc{background-image:url("../images/sort_desc.png")}table.dataTable thead .sorting_asc_di
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.dataTables.min[1].css
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\jquery.dataTables.min[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: UTF-8 Unicode text, with very long lines
Category: downloaded
Size (bytes): 86533
Entropy (8bit): 5.436671619471907
Encrypted: false
SSDEEP: 1536:FFjCjD2i6Tythf9Sa86IGMTH/ia5IQEugeW7Zhe+Aiv4Exb4mBhsKpkCRG6iXA:r2jD2im4tZwaa5fgeW7ZrMK/iw
MD5: 7F42914055401131FF0A7E8E98FCBD25
SHA1: 60B6F461C3F5BF3CA69E92F63A3DEC3ABB573670
SHA-256: 3831C301AD77DD07DC4CCEA4BBBA4324F83D743709AFA5EC450F902502C871D3
SHA-512: B09D3A9DB1EFCF0B80A03FE19F09A7E5FA4BA2DA98C7D8E50D8522F0FA6FCE3E95D09C2439F5095F32720DF119D287D732F35DF6F05A9130222E1ECE04D82FBA
Malicious: false
Reputation: low
IE Cache URL: https://cdn.datatables.net/1.10.23/js/jquery.dataTables.min.js
Preview:/*!. Copyright 2008-2020 SpryMedia Ltd... This source file is free software, available under the following license:. MIT license - http://datatables.net/license.. This source file is distributed in the hope that it will be useful, but. WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY. or FITNESS FOR A PARTICULAR PURPOSE. See the license files for details... For details please refer to: http://www.datatables.net. DataTables 1.10.23. .2008-2020 SpryMedia Ltd - datatables.net/license.*/.var $jscomp=$jscomp||{};$jscomp.scope={};$jscomp.findInternal=function(k,y,z){k instanceof String&&(k=String(k));for(var q=k.length,G=0;G<q;G++){var O=k[G];if(y.call(z,O,G,k))return{i:G,v:O}}return{i:-1,v:void 0}};$jscomp.ASSUME_ES5=!1;$jscomp.ASSUME_NO_NATIVE_MAP=!1;$jscomp.ASSUME_NO_NATIVE_SET=!1;$jscomp.SIMPLE_FROUND_POLYFILL=!1;$jscomp.ISOLATE_POLYFILLS=!1;.$jscomp.defineProperty=$jscomp.ASSUME_ES5||"function"==typeof Object.defineProperties?Object.defineProperty:function
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 90864
Entropy (8bit): 5.510690019756444
Encrypted: false
SSDEEP: 1536:Jv+8meNbwB900GfIgeqtb/zWrv/Z2QO+JlOry/PY9JM+a1h9KnZLWo11:Jv5meNbR0LqFWAfvr3s+h1
MD5: 3E52B27EB73016F1F46EC934F3A97B5F
SHA1: B4C45EE52FD88949DDF5B09F6C9559D5A8F7ABB8
SHA-256: 9843D2D69A6765588B3031106E934EF1261D524E8466A6F2B1DE3C838384601C
SHA-512: 3847954F302AA033E82BC073F4565AFE9901A4E3A83D7583B0DC3F29C40289123CED3CD8DBCE32848AE5BA1EB3537E21AEB47725EF0150F6D7E6D4D9100E6115
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtag/js?id=AW-713545727&l=dataLayer&cx=c
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};.../*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},da=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},ea="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},fa;.if("function"==typeof Object.setPrototypeOf)fa=Object.setPrototypeOf;else{var ha;a:{var ia={a:!0},ka={}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js[2].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 92689
Entropy (8bit): 5.510861422873029
Encrypted: false
Copyright Joe Security LLC 2021 Page 42 of 74
SSDEEP: 1536:Jv+8meNWwB900GfIgegtb/zWrv/Z2QO7JlOZvk7Fy/PY9JM+a1h9PnZL52C1:Jv5meNWR0LgFWAfSAF3s+Q1
MD5: E7088DEB3D3FB0D81743E2B9CE4681FD
SHA1: 7987E03FD7716EAED0C807E33714BFC0B3BC6CFC
SHA-256: 9D8E888C9C6ACACD7830107FF4397FC4F2C73D3B9FC23C20D0119F1F26A9E547
SHA-512: AFC5B724EFA338E75849C59CCF820D2AB070F7B3ACB2F8B9EF92E7D5567DCAA1E5CE41EC13552B6098496A73E44B89C3425E6B4FF2F60CE438DC7B16FA75823E
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtag/js?id=UA-150785323-21
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};.../*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},da=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},ea="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},fa;.if("function"==typeof Object.setPrototypeOf)fa=Object.setPrototypeOf;else{var ha;a:{var ia={a:!0},ka={}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js[2].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\js[3].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text, with very long lines
Category: downloaded
Size (bytes): 92691
Entropy (8bit): 5.510671376510279
Encrypted: false
SSDEEP: 1536:Jv+8meNWwB900GfIgebtb/zWrv/Z2QO7JlOZvk7Fy/PY9JM+a1h9PnZL52C1:Jv5meNWR0LbFWAfSAF3s+Q1
MD5: 49ACB2CF2D5589BEF54630CA1CC2517B
SHA1: 9190BAA7A5B09A341C00B909FE163FCA1BEE1890
SHA-256: 31E02D609C30C47C21F2F60D2C94B3301AF20B3EC4EB272984975D932D91EA82
SHA-512: BDEE933BC52FFFF5D9AD61590CB0E765B1F3559206B6D29EC60CB19484C79B89F1D9711FFB8B75F65DA4838CFEA57E48C9ACE28EA585C3FAB9FBD95964CFF7F3
Malicious: false
Reputation: low
IE Cache URL: https://www.googletagmanager.com/gtag/js?id=UA-147142618-1
Preview:.// Copyright 2012 Google Inc. All rights reserved..(function(){..var data = {."resource": {. "version":"1",. . "macros":[{. "function":"__e". },{. "function":"__cid". }],. "tags":[{. "function":"__rep",. "once_per_event":true,. "vtp_containerId":["macro",1],. "tag_id":1. }],. "predicates":[{. "function":"_eq",. "arg0":["macro",0],. "arg1":"gtm.js". }],. "rules":[. [["if",0],["add",0]]].},."runtime":[].....};.../*.. Copyright The Closure Library Authors.. SPDX-License-Identifier: Apache-2.0.*/.var aa,ba=function(a){var b=0;return function(){return b<a.length?{done:!1,value:a[b++]}:{done:!0}}},da=function(a){var b="undefined"!=typeof Symbol&&Symbol.iterator&&a[Symbol.iterator];return b?b.call(a):{next:ba(a)}},ea="function"==typeof Object.create?Object.create:function(a){var b=function(){};b.prototype=a;return new b},fa;.if("function"==typeof Object.setPrototypeOf)fa=Object.setPrototypeOf;else{var ha;a:{var ia={a:!0},ka={}
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\logoV3-8[1].pngProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: PNG image data, 350 x 75, 8-bit colormap, non-interlaced
Category: downloaded
Size (bytes): 2606
Entropy (8bit): 7.834725889649577
Encrypted: false
SSDEEP: 48:TiZWoqfqqEXCAZ9btcVOylvjN1cPF+rB9BFHoft1nkqAnh2:TiZWxuXNZ9pOOAvjNcF2BJoftdtAnh2
MD5: 5DE2F4A7FFF235430B9D7CA2BEFABD5A
SHA1: D68793C7D1785D6AF4D448C6128860DBD994A089
SHA-256: 227DBC8259EE5F96319549CDE0643CBD1DBB64C4FB1BF5D8AC468FF5E5BCF098
SHA-512: AC9538E3F713605096C39469B1E43C7AF3878212F5A592EB999D2584A95CE1D5DAB60FA0F1144AE15A73264C2952173F58EAC9759E0B486820FDACDE00F932E4
Malicious: false
Reputation: low
IE Cache URL: https://thenewscorner.org/wp-content/uploads/2019/12/logoV3-8.png
Preview:.PNG........IHDR...^...K............3PLTE...........................................................tRNS..."3DUfw...............IDATx..\.v.8..I.v.....W./...C,........%....!4.@*..v.{..(................._...s$"z..on....?p.q.Dt[&...{".i......<[email protected];...UM.k...BD.o.O.3.........1...{x..v.g......|fb*:@.dh.=..^"...in....XT.FB....~.x..=..:.9.1|,E'.....E.....4.).=D..J.=..U....(|,.../wv..r`.....7..G>./.....U.H.......,m>.KD..s.H.b/.\.X.._.g|.|.r..S.%:4... 2...........4.h...0./o=8.%..z..+............+9o..g.1....OC).aG6z}.#n....:Z.).=...........re..)....w..#..-..h.Dx...~..^/.. ..5..#X;=.w...!S.A{.zE.M.].!.Q{...s..r.;...&.....1>F...F.M..L.fKw.]z.g.Cz#7.0.Q..h.....e.n.v.sr.W.pN..p7.L....W.7../K/.ve...L."<.C.J..g:GR..Og..=.<........1.f...q....51..`.|>I...Q..\.8"4..x.,.!..G.KeF}..Z.. ..K...[.j... B.@.}.*.=.%...bo\.2..79.Z.....a..5|'=:l@[email protected][email protected]......,....res........[R...........6~.....{K~E..Y.C......."..h.......
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\menu[1].jsProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: ASCII text
Category: downloaded
Size (bytes): 10999
Entropy (8bit): 5.0505474524526095
Copyright Joe Security LLC 2021 Page 43 of 74
Static File Info
No static file info
Encrypted: false
SSDEEP: 192:mjRxkHcbYXeRzkXpLYa4aklSc+xtJFKNGusHYm68aJJu0WrgPWou/n0miz5Zlom+:mjvkH2gUzkXpLE3y1KNjCY/8aJJu0Wrp
MD5: 31F47ACFDCD210CB346D1B8DDD0C6D81
SHA1: F9645A8D651746B46D0CDFBEAC3B076A1B9F4D35
SHA-256: CDF74299B97492EE6A64A5BA9DD31EF92B908046518857B907DFA0D4849C0952
SHA-512: 4AA649505CE3CB62E08A3D4B4CE09889DCB3CE67394887360676606607FE79B27E3868D7307F6B2A0A80F7CC6D578890DA81297685E0084F28AC9B4AF895BD29
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/js/menu.js
Preview:.window.onpageshow = function (event) {. if (event.persisted) {. closeNav();. }.};...var tabletBreakpoint = 991; // width where the page switches between mobile/desktop.var mobileBreakpoint = 768;.var width, prevWidth, mobile; // width and prevWidth determine current breakpoint and if a change is needed.var toggles;...jQuery(function(){..// Vidoe Transcript. jQuery('#fea-container h3').bind('click', function(){acordionNav2(this);}); //Video Transcript Box. function acordionNav2(este){..jQuery('.transcript').slideToggle(300, function(){...var transcriptIcon = jQuery(this).prev().find('span');...if(transcriptIcon.attr('class')=='arrowUp'){....transcriptIcon.removeClass('arrowUp');....transcriptIcon.text(jQuery('html').attr('lang')=="en" ? "Show Video Transcript" : "Mostrar la transcripci\u00F3n del video");...}else{....transcriptIcon.addClass('arrowUp');....transcriptIcon.text(jQuery('html').attr('lang')=="en" ? "Hide Video Transcript" : "Ocultar la transcripci\u00F3n del video")
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\menu[1].js
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\merriweather-light-webfont[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), Merriweather family
Category: downloaded
Size (bytes): 29810
Entropy (8bit): 7.972279213758713
Encrypted: false
SSDEEP: 768:zovD4FC07zqVL2i5jifMUTrKpzi8A8yN+:zoDd2zqVL2i5jifMUPoibZN+
MD5: F423E689E0BDAA0F7B0587785F334E56
SHA1: CDB3D37D9CBAFA57C790C7B70A7BEAFFA9D3E086
SHA-256: 4A71376A3FAA446367E3E530F793E6296242A4268D3BE26C9897264E46B9C04D
SHA-512: 517E7DE2F2E6D83AA5B11F55E06B06D58814935909E896BC0B7ED75D60299EBE27ED14F5698476589450D2CBC693E82E2349A094874CC15129CEDC19E79073B5
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/fonts/merriweather-light-webfont.eot?
Preview:rt...s............................LP.......P.................6.....................M.e.r.r.i.w.e.a.t.h.e.r.....L.i.g.h.t.....V.e.r.s.i.o.n. .1...0.0.3...$.M.e.r.r.i.w.e.a.t.h.e.r. .L.i.g.h.t.....BSGP...................L.F4.F:.@&....xZg.icyR..&c..4o4F..w....[.oM...R.W.\.Vb...Lhn...........%(../I..-U4..K.....-.Mo.)...#...!.u.3..v@y"Lc..>....c.&.m.V.Q.'[email protected]....;.q.....b..(9..d.?..(.T..o.pf..D!.N..(z...s..d.a........&...Av..T...k..H.J~f.S.$..v.w..#.g.........v....'.$d...v&......o.....*.`>f:...8...T-6...R,Y.... .!."*.-DtQ.hp..;.FE.....ml9/.%y.%k..".^0(......E..C...>.....wRE:.h........P.~....C...V0a../.h.'cH..\f7nZ. ...P~#,.......m..L~.7.g[.<.&.eG..&...O.qa+.....P..!r.H-..?.N....d.,9)....k.<.(..l..Z.........{.r1..`.YS.~..D..((xW.......lZ.. .....71...iLF..2fb......O..o)..+...52)hA.6...u.CSQaP#.}[email protected]:.(.`.....<......... ..5...\..}..WRu......TU.:U........b.5.....K..9..u.'..h.P....N.`...u..eH..82.p..9..P.p......d..".....yF..n...
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\0W10PBUV\merriweather-regular-webfont[1].eotProcess: C:\Program Files (x86)\Internet Explorer\iexplore.exe
File Type: Embedded OpenType (EOT), Merriweather family
Category: downloaded
Size (bytes): 27962
Entropy (8bit): 7.973550721012268
Encrypted: false
SSDEEP: 768:jX9xIJJMAoh1D/dVLHJNrVUaqD29Cg69OEmbih6aodq8f12gP:jX9xIJJMpndJJNc9OEmWVoH1V
MD5: A1E02AF03345E22EA9F0C3C56CF1B932
SHA1: 37BE930845BE0DF1711193CA026C23F36331174E
SHA-256: 52D8297B8FF22CFCEDE44F74CB7868FF9A7C6FB30F59A98CFFF8A433FFF8571B
SHA-512: 637DE1B55D8DCFA5F2AA4056E06306A28F28BCF782D56657BA84F76ACAB95E0DD63278B9D155E7B39FBDFFE188A11D5F0AB151F8665C0B38A68257DCE539C7B5
Malicious: false
Reputation: low
IE Cache URL: https://www.usa.gov/fonts/merriweather-regular-webfont.eot?
Preview::m..Zl............................LP.......P..................\.....................M.e.r.r.i.w.e.a.t.h.e.r.....R.e.g.u.l.a.r.....V.e.r.s.i.o.n. .1...0.0.3...(.M.e.r.r.i.w.e.a.t.h.e.r. .R.e.g.u.l.a.r.....BSGP.....................A(.A..?t....xZW.h[qJ.x"c.r,g,E.&..C...._E{z~J.S.YlT`...Jh............#&...A..,T3......,.Ln.4eZ0B2..ED..&e-...]4....IOr..y..0.N....d...W.' QR.. `j:.5......Z...&..dX.+............z...N.dB...LS.7...lH.'.'.0x..9u........43r..&....p..).9y{b..p....(........K.X...i.fC..I.qE............H..A..@+.N.q..Px..`.].l.IH...................H......B..K..r...l.:.../.......SBj5 +....H...{.`....8W.g.."...'.(:. +..*M+.xt..6...{Q#,...Jh.UDy.z....x6..f1.q".Lr=.z..mh.P0..q,..T.+....Z..s..L.R.j..<*..l)].kUhm.k...r@.%......d%*...RDY7.`..[pkR. .V~.....QR.DY.Ib..F.>[email protected]...[yom-eB.?..X>4%~.7.z.9........j.7....9.=c.......e.)YG..I.8..&/.w..'F..D..RT.r.F.jA..yO.F.....X.t&X.1j..j..P....).d...1BlD1 Lo.....b.Y.8x.-L.-DfDS..+.LJlX...0P6..Ej..d"b.&.!A..F(`F.!
Copyright Joe Security LLC 2021 Page 44 of 74
Network Port Distribution
Network Behavior
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Jul 10, 2021 07:51:12.056396961 CEST 192.168.2.3 8.8.8.8 0xc4fa Standard query (0)
clientconfig.passport.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:20.522051096 CEST 192.168.2.3 8.8.8.8 0x3b03 Standard query (0)
search.hfindingformspro.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.521239996 CEST 192.168.2.3 8.8.8.8 0x2d63 Standard query (0)
cdn.onesignal.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.905498028 CEST 192.168.2.3 8.8.8.8 0x48d9 Standard query (0)
d3ff8olul1r3ot.cloudfront.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.930948973 CEST 192.168.2.3 8.8.8.8 0x2646 Standard query (0)
connect.facebook.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.437001944 CEST 192.168.2.3 8.8.8.8 0xbf84 Standard query (0)
imp.onesearch.org
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.641284943 CEST 192.168.2.3 8.8.8.8 0xb68c Standard query (0)
dap2y8k6nefku.cloudfront.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.739451885 CEST 192.168.2.3 8.8.8.8 0xc2e5 Standard query (0)
api.openweathermap.org
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.835922003 CEST 192.168.2.3 8.8.8.8 0x72cc Standard query (0)
internal_banner.tiles.ampfeed.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.986727953 CEST 192.168.2.3 8.8.8.8 0x6bad Standard query (0)
openweathermap.org
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.095608950 CEST 192.168.2.3 8.8.8.8 0x8e38 Standard query (0)
googleads.g.doubleclick.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.106472969 CEST 192.168.2.3 8.8.8.8 0xd622 Standard query (0)
stats.g.doubleclick.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.224411011 CEST 192.168.2.3 8.8.8.8 0x852e Standard query (0)
www.google.ch A (IP address) IN (0x0001)
Jul 10, 2021 07:51:37.533572912 CEST 192.168.2.3 8.8.8.8 0x3b53 Standard query (0)
search.hfindingformspro.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:40.655004978 CEST 192.168.2.3 8.8.8.8 0xcedb Standard query (0)
www.popularvpn.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.068063021 CEST 192.168.2.3 8.8.8.8 0x348 Standard query (0)
code.jquery.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.073282957 CEST 192.168.2.3 8.8.8.8 0xa0be Standard query (0)
stackpath.bootstrapcdn.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.077948093 CEST 192.168.2.3 8.8.8.8 0x1071 Standard query (0)
kit.fontawesome.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.298242092 CEST 192.168.2.3 8.8.8.8 0x6e8c Standard query (0)
ka-f.fontawesome.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:43.357078075 CEST 192.168.2.3 8.8.8.8 0x6e3b Standard query (0)
thenewscorner.org
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.670404911 CEST 192.168.2.3 8.8.8.8 0x54c8 Standard query (0)
netdna.bootstrapcdn.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.734347105 CEST 192.168.2.3 8.8.8.8 0xc1c1 Standard query (0)
cdn.intergient.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.780895948 CEST 192.168.2.3 8.8.8.8 0x147d Standard query (0)
autosuggest-files.s3.amazonaws.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:45.158263922 CEST 192.168.2.3 8.8.8.8 0x16a3 Standard query (0)
assets.revcontent.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.264571905 CEST 192.168.2.3 8.8.8.8 0x13e9 Standard query (0)
config.playwire.com
A (IP address) IN (0x0001)
TCP Packets
UDP Packets
DNS Queries
Copyright Joe Security LLC 2021 Page 45 of 74
Jul 10, 2021 07:51:46.281037092 CEST 192.168.2.3 8.8.8.8 0x58b1 Standard query (0)
z.moatads.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.394856930 CEST 192.168.2.3 8.8.8.8 0xc0c2 Standard query (0)
cdn.intergi.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.601461887 CEST 192.168.2.3 8.8.8.8 0xa72d Standard query (0)
mb.moatads.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.606758118 CEST 192.168.2.3 8.8.8.8 0x7442 Standard query (0)
px.moatads.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.793924093 CEST 192.168.2.3 8.8.8.8 0x4b90 Standard query (0)
cdn.inspectlet.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.112656116 CEST 192.168.2.3 8.8.8.8 0x187a Standard query (0)
trends.revcontent.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.375304937 CEST 192.168.2.3 8.8.8.8 0xa980 Standard query (0)
gum.criteo.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.589941025 CEST 192.168.2.3 8.8.8.8 0xcf77 Standard query (0)
hn.inspectlet.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.596549034 CEST 192.168.2.3 8.8.8.8 0x549e Standard query (0)
cdn.playwire.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.667820930 CEST 192.168.2.3 8.8.8.8 0x95b3 Standard query (0)
x.bidswitch.net A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.671855927 CEST 192.168.2.3 8.8.8.8 0xf09b Standard query (0)
rtb.mfadsrvr.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.697763920 CEST 192.168.2.3 8.8.8.8 0x8118 Standard query (0)
cdn.revcontent.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.939378977 CEST 192.168.2.3 8.8.8.8 0x820a Standard query (0)
odr.mookie1.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:49.317945957 CEST 192.168.2.3 8.8.8.8 0x4914 Standard query (0)
images.revcontent.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.393965006 CEST 192.168.2.3 8.8.8.8 0x52f Standard query (0)
emailhelper.org A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.552894115 CEST 192.168.2.3 8.8.8.8 0x6c70 Standard query (0)
web.adblade.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.610726118 CEST 192.168.2.3 8.8.8.8 0x4c89 Standard query (0)
cdnjs.cloudflare.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.672442913 CEST 192.168.2.3 8.8.8.8 0xd57c Standard query (0)
resources.infolinks.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.680176020 CEST 192.168.2.3 8.8.8.8 0xcb8b Standard query (0)
labs-cdn.revcontent.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.096512079 CEST 192.168.2.3 8.8.8.8 0xd39b Standard query (0)
servedbyadbutler.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.687899113 CEST 192.168.2.3 8.8.8.8 0x239a Standard query (0)
router.infolinks.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.741942883 CEST 192.168.2.3 8.8.8.8 0x4102 Standard query (0)
static-cdn.adblade.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.752634048 CEST 192.168.2.3 8.8.8.8 0x1add Standard query (0)
secure.quantserve.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.800606966 CEST 192.168.2.3 8.8.8.8 0x512 Standard query (0)
sb.scorecardresearch.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.860842943 CEST 192.168.2.3 8.8.8.8 0x9dd5 Standard query (0)
i.kinja-img.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.004977942 CEST 192.168.2.3 8.8.8.8 0x981e Standard query (0)
rules.quantcount.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.065876961 CEST 192.168.2.3 8.8.8.8 0x5dff Standard query (0)
rt3044.infolinks.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.774025917 CEST 192.168.2.3 8.8.8.8 0xd7df Standard query (0)
pixel.quantserve.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.799065113 CEST 192.168.2.3 8.8.8.8 0x6fb9 Standard query (0)
image8.pubmatic.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.813714027 CEST 192.168.2.3 8.8.8.8 0x7081 Standard query (0)
ib.adnxs.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829435110 CEST 192.168.2.3 8.8.8.8 0xaab1 Standard query (0)
ups.analytics.yahoo.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.094074965 CEST 192.168.2.3 8.8.8.8 0x73e4 Standard query (0)
sync.1rx.io A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.096151114 CEST 192.168.2.3 8.8.8.8 0x58aa Standard query (0)
b1sync.zemanta.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.185862064 CEST 192.168.2.3 8.8.8.8 0x64f8 Standard query (0)
sync.go.sonobi.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.209135056 CEST 192.168.2.3 8.8.8.8 0x513b Standard query (0)
cm.g.doubleclick.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.258254051 CEST 192.168.2.3 8.8.8.8 0x60ef Standard query (0)
de.tynt.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.320450068 CEST 192.168.2.3 8.8.8.8 0xfe0e Standard query (0)
dsp.adkernel.com A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Copyright Joe Security LLC 2021 Page 46 of 74
Jul 10, 2021 07:51:53.326525927 CEST 192.168.2.3 8.8.8.8 0x436f Standard query (0)
s.cpx.to A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.331254005 CEST 192.168.2.3 8.8.8.8 0xa967 Standard query (0)
pixel.advertising.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.417571068 CEST 192.168.2.3 8.8.8.8 0xc79d Standard query (0)
match.adsrvr.org A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.426778078 CEST 192.168.2.3 8.8.8.8 0x662f Standard query (0)
match.bnmla.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.484477043 CEST 192.168.2.3 8.8.8.8 0xe2c8 Standard query (0)
image2.pubmatic.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.488179922 CEST 192.168.2.3 8.8.8.8 0xd17c Standard query (0)
ap.lijit.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.626775026 CEST 192.168.2.3 8.8.8.8 0x6f31 Standard query (0)
image4.pubmatic.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.722150087 CEST 192.168.2.3 8.8.8.8 0x7114 Standard query (0)
ssum-sec.casalemedia.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.929485083 CEST 192.168.2.3 8.8.8.8 0x67f Standard query (0)
onetag-sys.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.944720030 CEST 192.168.2.3 8.8.8.8 0xec1a Standard query (0)
p.rfihub.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.965503931 CEST 192.168.2.3 8.8.8.8 0xa41c Standard query (0)
ssc-cms.33across.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.096179008 CEST 192.168.2.3 8.8.8.8 0x11eb Standard query (0)
sync.targeting.unrulymedia.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.128758907 CEST 192.168.2.3 8.8.8.8 0x347e Standard query (0)
dsum-sec.casalemedia.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.143086910 CEST 192.168.2.3 8.8.8.8 0x878b Standard query (0)
s.amazon-adsystem.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.159071922 CEST 192.168.2.3 8.8.8.8 0x2cb6 Standard query (0)
pixel-sync.sitescout.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.181427956 CEST 192.168.2.3 8.8.8.8 0x9414 Standard query (0)
dmp.brand-display.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.512783051 CEST 192.168.2.3 8.8.8.8 0xffd4 Standard query (0)
nep.advangelists.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.512969017 CEST 192.168.2.3 8.8.8.8 0x46c4 Standard query (0)
dsum.casalemedia.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:55.544816017 CEST 192.168.2.3 8.8.8.8 0x1514 Standard query (0)
loadm.exelator.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:55.992355108 CEST 192.168.2.3 8.8.8.8 0x3c13 Standard query (0)
pixel.tapad.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:57.207243919 CEST 192.168.2.3 8.8.8.8 0x8f1b Standard query (0)
findmyforms.com A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.220568895 CEST 192.168.2.3 8.8.8.8 0x7d2 Standard query (0)
findmyforms.s3.amazonaws.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.287261009 CEST 192.168.2.3 8.8.8.8 0xd02a Standard query (0)
thenewscentral.s3.amazonaws.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.332493067 CEST 192.168.2.3 8.8.8.8 0x9adb Standard query (0)
cdn.datatables.net
A (IP address) IN (0x0001)
Jul 10, 2021 07:51:59.850411892 CEST 192.168.2.3 8.8.8.8 0x22cd Standard query (0)
rt3016.infolinks.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.202296972 CEST 192.168.2.3 8.8.8.8 0x3af7 Standard query (0)
www.usa.gov A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.580108881 CEST 192.168.2.3 8.8.8.8 0x7ac8 Standard query (0)
script.crazyegg.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.716034889 CEST 192.168.2.3 8.8.8.8 0x74f1 Standard query (0)
app-usa-modeast-prod-a01239f-ecas.s3.amazonaws.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.920475960 CEST 192.168.2.3 8.8.8.8 0x2c52 Standard query (0)
search.usa.gov A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.924791098 CEST 192.168.2.3 8.8.8.8 0xd082 Standard query (0)
siteimproveanalytics.com
A (IP address) IN (0x0001)
Jul 10, 2021 07:52:02.132013083 CEST 192.168.2.3 8.8.8.8 0xfbcb Standard query (0)
dap.digitalgov.gov
A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID OP Code Name Type Class
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Jul 10, 2021 07:51:12.079350948 CEST
8.8.8.8 192.168.2.3 0xc4fa No error (0) clientconfig.passport.net
authgfx.msa.akadns6.net CNAME (Canonical name)
IN (0x0001)
DNS Answers
Copyright Joe Security LLC 2021 Page 47 of 74
Jul 10, 2021 07:51:20.540070057 CEST
8.8.8.8 192.168.2.3 0x3b03 No error (0) search.hfindingformspro.com
54.156.222.111 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:20.540070057 CEST
8.8.8.8 192.168.2.3 0x3b03 No error (0) search.hfindingformspro.com
35.172.207.214 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.540478945 CEST
8.8.8.8 192.168.2.3 0x2d63 No error (0) cdn.onesignal.com
104.18.226.52 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.540478945 CEST
8.8.8.8 192.168.2.3 0x2d63 No error (0) cdn.onesignal.com
104.18.225.52 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.921402931 CEST
8.8.8.8 192.168.2.3 0x48d9 No error (0) d3ff8olul1r3ot.cloudfront.net
13.224.89.12 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.921402931 CEST
8.8.8.8 192.168.2.3 0x48d9 No error (0) d3ff8olul1r3ot.cloudfront.net
13.224.89.117 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.921402931 CEST
8.8.8.8 192.168.2.3 0x48d9 No error (0) d3ff8olul1r3ot.cloudfront.net
13.224.89.94 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.921402931 CEST
8.8.8.8 192.168.2.3 0x48d9 No error (0) d3ff8olul1r3ot.cloudfront.net
13.224.89.54 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:21.952557087 CEST
8.8.8.8 192.168.2.3 0x2646 No error (0) connect.facebook.net
scontent.xx.fbcdn.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:21.952557087 CEST
8.8.8.8 192.168.2.3 0x2646 No error (0) scontent.xx.fbcdn.net
157.240.17.15 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.453315973 CEST
8.8.8.8 192.168.2.3 0xbf84 No error (0) imp.onesearch.org
34.232.40.183 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.453315973 CEST
8.8.8.8 192.168.2.3 0xbf84 No error (0) imp.onesearch.org
34.196.190.195 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.666536093 CEST
8.8.8.8 192.168.2.3 0xb68c No error (0) dap2y8k6nefku.cloudfront.net
13.224.89.139 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.666536093 CEST
8.8.8.8 192.168.2.3 0xb68c No error (0) dap2y8k6nefku.cloudfront.net
13.224.89.19 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.666536093 CEST
8.8.8.8 192.168.2.3 0xb68c No error (0) dap2y8k6nefku.cloudfront.net
13.224.89.210 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.666536093 CEST
8.8.8.8 192.168.2.3 0xb68c No error (0) dap2y8k6nefku.cloudfront.net
13.224.89.163 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.757642984 CEST
8.8.8.8 192.168.2.3 0xc2e5 No error (0) api.openweathermap.org
37.139.1.159 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.757642984 CEST
8.8.8.8 192.168.2.3 0xc2e5 No error (0) api.openweathermap.org
188.166.16.132 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.757642984 CEST
8.8.8.8 192.168.2.3 0xc2e5 No error (0) api.openweathermap.org
82.196.7.246 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.757642984 CEST
8.8.8.8 192.168.2.3 0xc2e5 No error (0) api.openweathermap.org
37.139.20.5 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:23.867003918 CEST
8.8.8.8 192.168.2.3 0x72cc No error (0) internal_banner.tiles.ampfeed.com
tiles.ampfeed.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:23.999716997 CEST
8.8.8.8 192.168.2.3 0x6bad No error (0) openweathermap.org
138.201.197.100 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.122603893 CEST
8.8.8.8 192.168.2.3 0x8e38 No error (0) googleads.g.doubleclick.net
172.217.168.66 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.133714914 CEST
8.8.8.8 192.168.2.3 0xd622 No error (0) stats.g.doubleclick.net
stats.l.doubleclick.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:24.133714914 CEST
8.8.8.8 192.168.2.3 0xd622 No error (0) stats.l.doubleclick.net
108.177.127.154 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.133714914 CEST
8.8.8.8 192.168.2.3 0xd622 No error (0) stats.l.doubleclick.net
108.177.127.155 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 48 of 74
Jul 10, 2021 07:51:24.133714914 CEST
8.8.8.8 192.168.2.3 0xd622 No error (0) stats.l.doubleclick.net
108.177.127.156 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.133714914 CEST
8.8.8.8 192.168.2.3 0xd622 No error (0) stats.l.doubleclick.net
108.177.127.157 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:24.237931967 CEST
8.8.8.8 192.168.2.3 0x852e No error (0) www.google.ch 172.217.168.67 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:37.546540022 CEST
8.8.8.8 192.168.2.3 0x3b53 No error (0) search.hfindingformspro.com
54.156.222.111 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:37.546540022 CEST
8.8.8.8 192.168.2.3 0x3b53 No error (0) search.hfindingformspro.com
35.172.207.214 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:40.676830053 CEST
8.8.8.8 192.168.2.3 0xcedb No error (0) www.popularvpn.net
34.197.235.204 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:40.676830053 CEST
8.8.8.8 192.168.2.3 0xcedb No error (0) www.popularvpn.net
34.227.175.119 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.082696915 CEST
8.8.8.8 192.168.2.3 0x348 No error (0) code.jquery.com cds.s5x3j6q5.hwcdn.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:41.094557047 CEST
8.8.8.8 192.168.2.3 0xa0be No error (0) stackpath.bootstrapcdn.com
104.18.10.207 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.094557047 CEST
8.8.8.8 192.168.2.3 0xa0be No error (0) stackpath.bootstrapcdn.com
104.18.11.207 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:41.100481987 CEST
8.8.8.8 192.168.2.3 0x1071 No error (0) kit.fontawesome.com
kit.fontawesome.com.cdn.cloudflare.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:41.321365118 CEST
8.8.8.8 192.168.2.3 0x6e8c No error (0) ka-f.fontawesome.com
ka-f.fontawesome.com.cdn.cloudflare.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:43.377588987 CEST
8.8.8.8 192.168.2.3 0x6e3b No error (0) thenewscorner.org
34.236.18.233 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:43.377588987 CEST
8.8.8.8 192.168.2.3 0x6e3b No error (0) thenewscorner.org
54.236.194.112 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.693876982 CEST
8.8.8.8 192.168.2.3 0x54c8 No error (0) netdna.bootstrapcdn.com
104.18.11.207 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.693876982 CEST
8.8.8.8 192.168.2.3 0x54c8 No error (0) netdna.bootstrapcdn.com
104.18.10.207 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.754143000 CEST
8.8.8.8 192.168.2.3 0xc1c1 No error (0) cdn.intergient.com
d2n8ih7naru1ql.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:44.754143000 CEST
8.8.8.8 192.168.2.3 0xc1c1 No error (0) d2n8ih7naru1ql.cloudfront.net
13.224.99.68 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.754143000 CEST
8.8.8.8 192.168.2.3 0xc1c1 No error (0) d2n8ih7naru1ql.cloudfront.net
13.224.99.129 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.754143000 CEST
8.8.8.8 192.168.2.3 0xc1c1 No error (0) d2n8ih7naru1ql.cloudfront.net
13.224.99.26 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.754143000 CEST
8.8.8.8 192.168.2.3 0xc1c1 No error (0) d2n8ih7naru1ql.cloudfront.net
13.224.99.43 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:44.800841093 CEST
8.8.8.8 192.168.2.3 0x147d No error (0) autosuggest-files.s3.amazonaws.com
s3-1-w.amazonaws.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:44.800841093 CEST
8.8.8.8 192.168.2.3 0x147d No error (0) s3-1-w.amazonaws.com
s3-w.us-east-1.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:44.800841093 CEST
8.8.8.8 192.168.2.3 0x147d No error (0) s3-w.us-east-1.amazonaws.com
52.217.194.145 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:45.174673080 CEST
8.8.8.8 192.168.2.3 0x16a3 No error (0) assets.revcontent.com
q6u9q8s3.stackpathcdn.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:45.174673080 CEST
8.8.8.8 192.168.2.3 0x16a3 No error (0) q6u9q8s3.stackpathcdn.com
151.139.128.11 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 49 of 74
Jul 10, 2021 07:51:46.288340092 CEST
8.8.8.8 192.168.2.3 0x13e9 No error (0) config.playwire.com
detrlmfafe7oz.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:46.288340092 CEST
8.8.8.8 192.168.2.3 0x13e9 No error (0) detrlmfafe7oz.cloudfront.net
13.224.99.106 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.288340092 CEST
8.8.8.8 192.168.2.3 0x13e9 No error (0) detrlmfafe7oz.cloudfront.net
13.224.99.51 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.288340092 CEST
8.8.8.8 192.168.2.3 0x13e9 No error (0) detrlmfafe7oz.cloudfront.net
13.224.99.100 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.288340092 CEST
8.8.8.8 192.168.2.3 0x13e9 No error (0) detrlmfafe7oz.cloudfront.net
13.224.99.57 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.299376011 CEST
8.8.8.8 192.168.2.3 0x58b1 No error (0) z.moatads.com wildcard.moatads.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:46.410574913 CEST
8.8.8.8 192.168.2.3 0xc0c2 No error (0) cdn.intergi.com d11iqv7gybc2be.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:46.410574913 CEST
8.8.8.8 192.168.2.3 0xc0c2 No error (0) d11iqv7gybc2be.cloudfront.net
13.224.99.76 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.410574913 CEST
8.8.8.8 192.168.2.3 0xc0c2 No error (0) d11iqv7gybc2be.cloudfront.net
13.224.99.85 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.410574913 CEST
8.8.8.8 192.168.2.3 0xc0c2 No error (0) d11iqv7gybc2be.cloudfront.net
13.224.99.34 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:46.410574913 CEST
8.8.8.8 192.168.2.3 0xc0c2 No error (0) d11iqv7gybc2be.cloudfront.net
13.224.99.45 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) mb.moatads.com
ecs.mb.moatads.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) ecs.mb.moatads.com
eu-west-2.ecs.mb.moatads.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) eu-west-2.ecs.mb.moatads.com
nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
34.249.226.229 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
52.208.32.237 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
54.155.137.141 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
52.31.222.185 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
52.214.0.210 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.617942095 CEST
8.8.8.8 192.168.2.3 0xa72d No error (0) nado-ecs-lb-eu-west-1-587487851.eu-west-1.elb.amazonaws.com
34.252.133.182 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.627279997 CEST
8.8.8.8 192.168.2.3 0x7442 No error (0) px.moatads.com wildcard.moatads.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:47.832879066 CEST
8.8.8.8 192.168.2.3 0x4b90 No error (0) cdn.inspectlet.com
104.22.56.245 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 50 of 74
Jul 10, 2021 07:51:47.832879066 CEST
8.8.8.8 192.168.2.3 0x4b90 No error (0) cdn.inspectlet.com
172.67.10.172 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:47.832879066 CEST
8.8.8.8 192.168.2.3 0x4b90 No error (0) cdn.inspectlet.com
104.22.57.245 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.137751102 CEST
8.8.8.8 192.168.2.3 0x187a No error (0) trends.revcontent.com
34.253.168.234 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.137751102 CEST
8.8.8.8 192.168.2.3 0x187a No error (0) trends.revcontent.com
52.49.67.234 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.137751102 CEST
8.8.8.8 192.168.2.3 0x187a No error (0) trends.revcontent.com
54.229.178.248 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.389298916 CEST
8.8.8.8 192.168.2.3 0xa980 No error (0) gum.criteo.com gum.am5.vip.prod.criteo.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.389298916 CEST
8.8.8.8 192.168.2.3 0xa980 No error (0) gum.am5.vip.prod.criteo.com
178.250.2.146 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.609658003 CEST
8.8.8.8 192.168.2.3 0xcf77 No error (0) hn.inspectlet.com
104.22.56.245 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.609658003 CEST
8.8.8.8 192.168.2.3 0xcf77 No error (0) hn.inspectlet.com
172.67.10.172 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.609658003 CEST
8.8.8.8 192.168.2.3 0xcf77 No error (0) hn.inspectlet.com
104.22.57.245 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.615422964 CEST
8.8.8.8 192.168.2.3 0x549e No error (0) cdn.playwire.com
d20skogma9ce2j.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.615422964 CEST
8.8.8.8 192.168.2.3 0x549e No error (0) d20skogma9ce2j.cloudfront.net
13.224.99.53 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.615422964 CEST
8.8.8.8 192.168.2.3 0x549e No error (0) d20skogma9ce2j.cloudfront.net
13.224.99.24 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.615422964 CEST
8.8.8.8 192.168.2.3 0x549e No error (0) d20skogma9ce2j.cloudfront.net
13.224.99.61 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.615422964 CEST
8.8.8.8 192.168.2.3 0x549e No error (0) d20skogma9ce2j.cloudfront.net
13.224.99.117 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) x.bidswitch.net alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
18.184.94.176 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
52.29.191.126 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
52.28.196.155 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
18.184.169.195 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
35.157.221.90 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
35.158.179.12 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 51 of 74
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
3.120.52.76 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.684039116 CEST
8.8.8.8 192.168.2.3 0x95b3 No error (0) alb-aws-fr-bswx-3-1125904451.eu-central-1.elb.amazonaws.com
3.126.158.103 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) rtb.mfadsrvr.com pool.dorpat.iponweb.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) pool.dorpat.iponweb.net
dorpat.geo.iponweb.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) dorpat.geo.iponweb.net
elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
3.121.49.210 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.156.12.32 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.196.123.190 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.159.8.206 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.185.197.81 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.197.127.76 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.687365055 CEST
8.8.8.8 192.168.2.3 0xf09b No error (0) elb-aws-fr-dorpat-283474803.eu-central-1.elb.amazonaws.com
18.195.240.234 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.713839054 CEST
8.8.8.8 192.168.2.3 0x8118 No error (0) cdn.revcontent.com
x7b3f6n8.stackpathcdn.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.713839054 CEST
8.8.8.8 192.168.2.3 0x8118 No error (0) x7b3f6n8.stackpathcdn.com
151.139.128.11 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:48.952342987 CEST
8.8.8.8 192.168.2.3 0x820a No error (0) odr.mookie1.com
tagr-gcp-odr-euw4.mookie1.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:48.952342987 CEST
8.8.8.8 192.168.2.3 0x820a No error (0) tagr-gcp-odr-euw4.mookie1.com
34.98.67.61 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:49.330638885 CEST
8.8.8.8 192.168.2.3 0x4914 No error (0) images.revcontent.com
s9i8s5e7.stackpathcdn.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:49.330638885 CEST
8.8.8.8 192.168.2.3 0x4914 No error (0) s9i8s5e7.stackpathcdn.com
151.139.128.11 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.409806967 CEST
8.8.8.8 192.168.2.3 0x52f No error (0) emailhelper.org 13.224.99.86 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 52 of 74
Jul 10, 2021 07:51:50.409806967 CEST
8.8.8.8 192.168.2.3 0x52f No error (0) emailhelper.org 13.224.99.25 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.409806967 CEST
8.8.8.8 192.168.2.3 0x52f No error (0) emailhelper.org 13.224.99.103 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.409806967 CEST
8.8.8.8 192.168.2.3 0x52f No error (0) emailhelper.org 13.224.99.41 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.568449974 CEST
8.8.8.8 192.168.2.3 0x6c70 No error (0) web.adblade.com
52.71.60.78 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.568449974 CEST
8.8.8.8 192.168.2.3 0x6c70 No error (0) web.adblade.com
54.88.106.17 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.568449974 CEST
8.8.8.8 192.168.2.3 0x6c70 No error (0) web.adblade.com
34.234.54.128 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.568449974 CEST
8.8.8.8 192.168.2.3 0x6c70 No error (0) web.adblade.com
3.214.237.192 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.630418062 CEST
8.8.8.8 192.168.2.3 0x4c89 No error (0) cdnjs.cloudflare.com
104.16.18.94 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.630418062 CEST
8.8.8.8 192.168.2.3 0x4c89 No error (0) cdnjs.cloudflare.com
104.16.19.94 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.691874027 CEST
8.8.8.8 192.168.2.3 0xd57c No error (0) resources.infolinks.com
104.22.3.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.691874027 CEST
8.8.8.8 192.168.2.3 0xd57c No error (0) resources.infolinks.com
172.67.39.17 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.691874027 CEST
8.8.8.8 192.168.2.3 0xd57c No error (0) resources.infolinks.com
104.22.2.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:50.692653894 CEST
8.8.8.8 192.168.2.3 0xcb8b No error (0) labs-cdn.revcontent.com
n6e2v6p8.stackpathcdn.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:50.692653894 CEST
8.8.8.8 192.168.2.3 0xcb8b No error (0) n6e2v6p8.stackpathcdn.com
151.139.128.11 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.114022970 CEST
8.8.8.8 192.168.2.3 0xd39b No error (0) servedbyadbutler.com
116.202.46.88 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.707359076 CEST
8.8.8.8 192.168.2.3 0x239a No error (0) router.infolinks.com
172.67.39.17 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.707359076 CEST
8.8.8.8 192.168.2.3 0x239a No error (0) router.infolinks.com
104.22.3.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.707359076 CEST
8.8.8.8 192.168.2.3 0x239a No error (0) router.infolinks.com
104.22.2.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.758661032 CEST
8.8.8.8 192.168.2.3 0x4102 No error (0) static-cdn.adblade.com
13.224.99.55 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.758661032 CEST
8.8.8.8 192.168.2.3 0x4102 No error (0) static-cdn.adblade.com
13.224.99.63 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.758661032 CEST
8.8.8.8 192.168.2.3 0x4102 No error (0) static-cdn.adblade.com
13.224.99.27 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.758661032 CEST
8.8.8.8 192.168.2.3 0x4102 No error (0) static-cdn.adblade.com
13.224.99.52 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) secure.quantserve.com
2kpixel.quantserve.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) 2kpixel.quantserve.com
global.px.quantserve.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) global.px.quantserve.com
91.228.74.133 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) global.px.quantserve.com
91.228.74.189 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 53 of 74
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) global.px.quantserve.com
91.228.74.134 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) global.px.quantserve.com
91.228.74.198 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.773277998 CEST
8.8.8.8 192.168.2.3 0x1add No error (0) global.px.quantserve.com
91.228.74.226 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.825014114 CEST
8.8.8.8 192.168.2.3 0x512 No error (0) sb.scorecardresearch.com
13.224.99.40 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.825014114 CEST
8.8.8.8 192.168.2.3 0x512 No error (0) sb.scorecardresearch.com
13.224.99.12 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.825014114 CEST
8.8.8.8 192.168.2.3 0x512 No error (0) sb.scorecardresearch.com
13.224.99.39 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.825014114 CEST
8.8.8.8 192.168.2.3 0x512 No error (0) sb.scorecardresearch.com
13.224.99.14 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.876468897 CEST
8.8.8.8 192.168.2.3 0x9dd5 No error (0) i.kinja-img.com kinja-img.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:51.876468897 CEST
8.8.8.8 192.168.2.3 0x9dd5 No error (0) kinja-img.com 151.101.130.166 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.876468897 CEST
8.8.8.8 192.168.2.3 0x9dd5 No error (0) kinja-img.com 151.101.66.166 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.876468897 CEST
8.8.8.8 192.168.2.3 0x9dd5 No error (0) kinja-img.com 151.101.194.166 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:51.876468897 CEST
8.8.8.8 192.168.2.3 0x9dd5 No error (0) kinja-img.com 151.101.2.166 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.027400017 CEST
8.8.8.8 192.168.2.3 0x981e No error (0) rules.quantcount.com
d2fashanjl7d9f.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.027400017 CEST
8.8.8.8 192.168.2.3 0x981e No error (0) d2fashanjl7d9f.cloudfront.net
13.224.99.5 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.027400017 CEST
8.8.8.8 192.168.2.3 0x981e No error (0) d2fashanjl7d9f.cloudfront.net
13.224.99.26 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.027400017 CEST
8.8.8.8 192.168.2.3 0x981e No error (0) d2fashanjl7d9f.cloudfront.net
13.224.99.112 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.027400017 CEST
8.8.8.8 192.168.2.3 0x981e No error (0) d2fashanjl7d9f.cloudfront.net
13.224.99.16 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.105140924 CEST
8.8.8.8 192.168.2.3 0x5dff No error (0) rt3044.infolinks.com
172.67.39.17 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.105140924 CEST
8.8.8.8 192.168.2.3 0x5dff No error (0) rt3044.infolinks.com
104.22.3.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.105140924 CEST
8.8.8.8 192.168.2.3 0x5dff No error (0) rt3044.infolinks.com
104.22.2.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) pixel.quantserve.com
global.px.quantserve.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) global.px.quantserve.com
91.228.74.134 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) global.px.quantserve.com
91.228.74.226 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) global.px.quantserve.com
91.228.74.198 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) global.px.quantserve.com
91.228.74.133 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.792148113 CEST
8.8.8.8 192.168.2.3 0xd7df No error (0) global.px.quantserve.com
91.228.74.189 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 54 of 74
Jul 10, 2021 07:51:52.813947916 CEST
8.8.8.8 192.168.2.3 0x6fb9 No error (0) image8.pubmatic.com
imagesync22000nfc.pubmatic.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.813947916 CEST
8.8.8.8 192.168.2.3 0x6fb9 No error (0) imagesync22000nfc.pubmatic.com
imagesync22000nf.pubmatic.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.813947916 CEST
8.8.8.8 192.168.2.3 0x6fb9 No error (0) imagesync22000nf.pubmatic.com
185.64.189.216 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.adnxs.com g.geogslb.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) g.geogslb.com ib.anycast.adnxs.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.220.244 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.220.243 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.221.52 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.221.90 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.220.241 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.221.14 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.221.88 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.829963923 CEST
8.8.8.8 192.168.2.3 0x7081 No error (0) ib.anycast.adnxs.com
185.33.221.13 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.843704939 CEST
8.8.8.8 192.168.2.3 0xaab1 No error (0) ups.analytics.yahoo.com
prod.ups-ats.aolp-ds-prd.aws.oath.cloud
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.843704939 CEST
8.8.8.8 192.168.2.3 0xaab1 No error (0) prod.ups-ats.aolp-ds-prd.aws.oath.cloud
prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:52.843704939 CEST
8.8.8.8 192.168.2.3 0xaab1 No error (0) prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
18.156.0.31 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:52.843704939 CEST
8.8.8.8 192.168.2.3 0xaab1 No error (0) prod.ups-ats.eu-central-1.aolp-ds-prd.aws.oath.cloud
3.126.56.137 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.114717960 CEST
8.8.8.8 192.168.2.3 0x58aa No error (0) b1sync.zemanta.com
zemanta-ny.outbrain.org CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.114717960 CEST
8.8.8.8 192.168.2.3 0x58aa No error (0) zemanta-ny.outbrain.org
nydc1.outbrain.org CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.114717960 CEST
8.8.8.8 192.168.2.3 0x58aa No error (0) nydc1.outbrain.org
64.202.112.95 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.116462946 CEST
8.8.8.8 192.168.2.3 0x73e4 No error (0) sync.1rx.io 213.19.147.45 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.198429108 CEST
8.8.8.8 192.168.2.3 0x64f8 No error (0) sync.go.sonobi.com
ams-1-sync.go.sonobi.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.198429108 CEST
8.8.8.8 192.168.2.3 0x64f8 No error (0) ams-1-sync.go.sonobi.com
178.162.133.149 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.236670017 CEST
8.8.8.8 192.168.2.3 0x513b No error (0) cm.g.doubleclick.net
172.217.168.34 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.273051023 CEST
8.8.8.8 192.168.2.3 0x60ef No error (0) de.tynt.com 208.100.17.185 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 55 of 74
Jul 10, 2021 07:51:53.332587957 CEST
8.8.8.8 192.168.2.3 0xfe0e No error (0) dsp.adkernel.com
174.137.133.49 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.339302063 CEST
8.8.8.8 192.168.2.3 0x436f No error (0) s.cpx.to 54.194.137.128 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.339302063 CEST
8.8.8.8 192.168.2.3 0x436f No error (0) s.cpx.to 52.31.127.39 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.339302063 CEST
8.8.8.8 192.168.2.3 0x436f No error (0) s.cpx.to 52.19.63.112 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.339302063 CEST
8.8.8.8 192.168.2.3 0x436f No error (0) s.cpx.to 54.77.182.98 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.339302063 CEST
8.8.8.8 192.168.2.3 0x436f No error (0) s.cpx.to 52.30.185.188 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) pixel.advertising.com
prod.ups-adcom.aolp-ds-prd.aws.oath.cloud
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-adcom.aolp-ds-prd.aws.oath.cloud
prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
35.156.153.71 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
3.126.63.176 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
52.28.254.214 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
18.184.153.186 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
52.59.102.119 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
35.156.106.231 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
52.57.10.248 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.346014023 CEST
8.8.8.8 192.168.2.3 0xa967 No error (0) prod.ups-eu-central-1.aolp-ds-prd.aws.oath.cloud
18.197.99.6 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.440021992 CEST
8.8.8.8 192.168.2.3 0xc79d No error (0) match.adsrvr.org match-aga.adsrvr.org CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.440021992 CEST
8.8.8.8 192.168.2.3 0xc79d No error (0) match-aga.adsrvr.org
a97adde81b00f2ca4.awsglobalaccelerator.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.440021992 CEST
8.8.8.8 192.168.2.3 0xc79d No error (0) a97adde81b00f2ca4.awsglobalaccelerator.com
76.223.111.131 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.440021992 CEST
8.8.8.8 192.168.2.3 0xc79d No error (0) a97adde81b00f2ca4.awsglobalaccelerator.com
13.248.242.197 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.440927029 CEST
8.8.8.8 192.168.2.3 0x662f No error (0) match.bnmla.com
38.27.122.158 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.497071028 CEST
8.8.8.8 192.168.2.3 0xe2c8 No error (0) image2.pubmatic.com
pug-lhrc.pubmatic.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.497071028 CEST
8.8.8.8 192.168.2.3 0xe2c8 No error (0) pug-lhrc.pubmatic.com
pug-lhr.pubmatic.com CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 56 of 74
Jul 10, 2021 07:51:53.497071028 CEST
8.8.8.8 192.168.2.3 0xe2c8 No error (0) pug-lhr.pubmatic.com
185.64.190.80 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) ap.lijit.com vap.lijit.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) vap.lijit.com emeas.vap.lijit.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) emeas.vap.lijit.com
oeu.vap.lijit.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 216.52.2.39 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 72.251.249.13 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 72.251.249.9 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 72.251.249.14 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 216.52.2.19 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 216.52.2.30 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.500966072 CEST
8.8.8.8 192.168.2.3 0xd17c No error (0) oeu.vap.lijit.com 216.52.2.48 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.641882896 CEST
8.8.8.8 192.168.2.3 0x6f31 No error (0) image4.pubmatic.com
spug22000nfc.pubmatic.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.641882896 CEST
8.8.8.8 192.168.2.3 0x6f31 No error (0) spug22000nfc.pubmatic.com
spug22000nf.pubmatic.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.641882896 CEST
8.8.8.8 192.168.2.3 0x6f31 No error (0) spug22000nf.pubmatic.com
185.64.189.114 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.743721962 CEST
8.8.8.8 192.168.2.3 0x7114 No error (0) ssum-sec.casalemedia.com
ssum-sec.casalemedia.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.942912102 CEST
8.8.8.8 192.168.2.3 0x67f No error (0) onetag-sys.com 51.89.9.253 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.942912102 CEST
8.8.8.8 192.168.2.3 0x67f No error (0) onetag-sys.com 51.89.9.254 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.942912102 CEST
8.8.8.8 192.168.2.3 0x67f No error (0) onetag-sys.com 51.89.9.252 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.942912102 CEST
8.8.8.8 192.168.2.3 0x67f No error (0) onetag-sys.com 51.38.120.206 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.942912102 CEST
8.8.8.8 192.168.2.3 0x67f No error (0) onetag-sys.com 51.89.9.251 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:53.979736090 CEST
8.8.8.8 192.168.2.3 0xa41c No error (0) ssc-cms.33across.com
pixel.33across.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:53.979736090 CEST
8.8.8.8 192.168.2.3 0xa41c No error (0) pixel.33across.com
67.202.110.24 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.006304979 CEST
8.8.8.8 192.168.2.3 0xec1a No error (0) p.rfihub.com a.rfihub.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:54.006304979 CEST
8.8.8.8 192.168.2.3 0xec1a No error (0) a.rfihub.com a.rfihub.com.akadns.net CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:54.123460054 CEST
8.8.8.8 192.168.2.3 0x11eb No error (0) sync.targeting.unrulymedia.com
sync.1rx.io CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:54.123460054 CEST
8.8.8.8 192.168.2.3 0x11eb No error (0) sync.1rx.io 213.19.147.45 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 57 of 74
Jul 10, 2021 07:51:54.159051895 CEST
8.8.8.8 192.168.2.3 0x878b No error (0) s.amazon-adsystem.com
52.94.232.32 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.184021950 CEST
8.8.8.8 192.168.2.3 0x2cb6 No error (0) pixel-sync.sitescout.com
pixel-a.sitescout.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:54.184021950 CEST
8.8.8.8 192.168.2.3 0x2cb6 No error (0) pixel-a.sitescout.com
66.155.71.25 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.192354918 CEST
8.8.8.8 192.168.2.3 0x347e No error (0) dsum-sec.casalemedia.com
dsum-sec.casalemedia.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:54.196265936 CEST
8.8.8.8 192.168.2.3 0x9414 No error (0) dmp.brand-display.com
35.241.40.233 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
52.207.141.143 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
54.82.140.85 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
52.2.89.95 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
34.197.43.243 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
34.199.94.111 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
34.197.167.170 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
52.203.5.125 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.529531002 CEST
8.8.8.8 192.168.2.3 0xffd4 No error (0) nep.advangelists.com
35.170.112.41 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:54.534457922 CEST
8.8.8.8 192.168.2.3 0x46c4 No error (0) dsum.casalemedia.com
dsum.casalemedia.com.edgekey.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:55.567934990 CEST
8.8.8.8 192.168.2.3 0x1514 No error (0) loadm.exelator.com
loadus.tm.ssl.exelator.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:55.567934990 CEST
8.8.8.8 192.168.2.3 0x1514 No error (0) loadus.tm.ssl.exelator.com
eu-west.load.exelator.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:55.567934990 CEST
8.8.8.8 192.168.2.3 0x1514 No error (0) eu-west.load.exelator.com
load-euw1.exelator.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:55.567934990 CEST
8.8.8.8 192.168.2.3 0x1514 No error (0) load-euw1.exelator.com
34.254.143.3 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:56.008950949 CEST
8.8.8.8 192.168.2.3 0x3c13 No error (0) pixel.tapad.com 35.227.248.159 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:57.223937988 CEST
8.8.8.8 192.168.2.3 0x8f1b No error (0) findmyforms.com
3.229.12.229 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:57.223937988 CEST
8.8.8.8 192.168.2.3 0x8f1b No error (0) findmyforms.com
18.204.242.58 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.243628979 CEST
8.8.8.8 192.168.2.3 0x7d2 No error (0) findmyforms.s3.amazonaws.com
s3-1-w.amazonaws.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:58.243628979 CEST
8.8.8.8 192.168.2.3 0x7d2 No error (0) s3-1-w.amazonaws.com
s3-w.us-east-1.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:58.243628979 CEST
8.8.8.8 192.168.2.3 0x7d2 No error (0) s3-w.us-east-1.amazonaws.com
52.217.8.140 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.302747011 CEST
8.8.8.8 192.168.2.3 0xd02a No error (0) thenewscentral.s3.amazonaws.com
s3-1-w.amazonaws.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:51:58.302747011 CEST
8.8.8.8 192.168.2.3 0xd02a No error (0) s3-1-w.amazonaws.com
s3-w.us-east-1.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 58 of 74
Jul 10, 2021 07:51:58.302747011 CEST
8.8.8.8 192.168.2.3 0xd02a No error (0) s3-w.us-east-1.amazonaws.com
52.216.83.88 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.351823092 CEST
8.8.8.8 192.168.2.3 0x9adb No error (0) cdn.datatables.net
104.22.50.93 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.351823092 CEST
8.8.8.8 192.168.2.3 0x9adb No error (0) cdn.datatables.net
172.67.14.139 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:58.351823092 CEST
8.8.8.8 192.168.2.3 0x9adb No error (0) cdn.datatables.net
104.22.51.93 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:59.871656895 CEST
8.8.8.8 192.168.2.3 0x22cd No error (0) rt3016.infolinks.com
172.67.39.17 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:59.871656895 CEST
8.8.8.8 192.168.2.3 0x22cd No error (0) rt3016.infolinks.com
104.22.3.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:51:59.871656895 CEST
8.8.8.8 192.168.2.3 0x22cd No error (0) rt3016.infolinks.com
104.22.2.144 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.403455973 CEST
8.8.8.8 192.168.2.3 0x3af7 No error (0) www.usa.gov d1rt4thgsoin5q.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:52:01.403455973 CEST
8.8.8.8 192.168.2.3 0x3af7 No error (0) d1rt4thgsoin5q.cloudfront.net
13.224.99.16 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.403455973 CEST
8.8.8.8 192.168.2.3 0x3af7 No error (0) d1rt4thgsoin5q.cloudfront.net
13.224.99.73 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.403455973 CEST
8.8.8.8 192.168.2.3 0x3af7 No error (0) d1rt4thgsoin5q.cloudfront.net
13.224.99.109 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.403455973 CEST
8.8.8.8 192.168.2.3 0x3af7 No error (0) d1rt4thgsoin5q.cloudfront.net
13.224.99.113 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.618633032 CEST
8.8.8.8 192.168.2.3 0x7ac8 No error (0) script.crazyegg.com
script.crazyegg.com.cdn.cloudflare.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:52:01.732950926 CEST
8.8.8.8 192.168.2.3 0x74f1 No error (0) app-usa-modeast-prod-a01239f-ecas.s3.amazonaws.com
s3-1-w.amazonaws.com CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:52:01.732950926 CEST
8.8.8.8 192.168.2.3 0x74f1 No error (0) s3-1-w.amazonaws.com
s3-w.us-east-1.amazonaws.com
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:52:01.732950926 CEST
8.8.8.8 192.168.2.3 0x74f1 No error (0) s3-w.us-east-1.amazonaws.com
52.216.137.28 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.941653967 CEST
8.8.8.8 192.168.2.3 0x2c52 No error (0) search.usa.gov 54.235.238.142 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.941653967 CEST
8.8.8.8 192.168.2.3 0x2c52 No error (0) search.usa.gov 50.17.25.25 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.941653967 CEST
8.8.8.8 192.168.2.3 0x2c52 No error (0) search.usa.gov 34.196.193.115 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.946775913 CEST
8.8.8.8 192.168.2.3 0xd082 No error (0) siteimproveanalytics.com
172.67.145.176 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:01.946775913 CEST
8.8.8.8 192.168.2.3 0xd082 No error (0) siteimproveanalytics.com
104.21.89.178 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:02.148046970 CEST
8.8.8.8 192.168.2.3 0xfbcb No error (0) dap.digitalgov.gov
d27f3qgc9anoq2.cloudfront.net
CNAME (Canonical name)
IN (0x0001)
Jul 10, 2021 07:52:02.148046970 CEST
8.8.8.8 192.168.2.3 0xfbcb No error (0) d27f3qgc9anoq2.cloudfront.net
13.224.99.95 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:02.148046970 CEST
8.8.8.8 192.168.2.3 0xfbcb No error (0) d27f3qgc9anoq2.cloudfront.net
13.224.99.13 A (IP address) IN (0x0001)
Jul 10, 2021 07:52:02.148046970 CEST
8.8.8.8 192.168.2.3 0xfbcb No error (0) d27f3qgc9anoq2.cloudfront.net
13.224.99.98 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
Copyright Joe Security LLC 2021 Page 59 of 74
Jul 10, 2021 07:52:02.148046970 CEST
8.8.8.8 192.168.2.3 0xfbcb No error (0) d27f3qgc9anoq2.cloudfront.net
13.224.99.78 A (IP address) IN (0x0001)
Timestamp Source IP Dest IP Trans ID Reply Code Name CName Address Type Class
search.hfindingformspro.com
findmyforms.s3.amazonaws.com
Session ID Source IP Source Port Destination IP Destination Port Process
0 192.168.2.3 49707 54.156.222.111 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Jul 10, 2021 07:51:20.652880907 CEST
442 OUT GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: search.hfindingformspro.comConnection: Keep-Alive
Jul 10, 2021 07:51:20.758073092 CEST
443 IN HTTP/1.1 302 FoundAccess-Control-Allow-Headers: Content-TypeAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSAccess-Control-Allow-Origin: *Cache-Control: privateContent-Type: text/html; charset=utf-8Date: Sat, 10 Jul 2021 05:51:04 GMTLocation: https://search.hfindingformspro.com/X-Content-Type-Options: nosniffContent-Length: 153Connection: keep-aliveData Raw: 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0d 0a 3c 68 32 3e 4f 62 6a 65 63 74 20 6d 6f 76 65 64 20 74 6f 20 3c 61 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 73 65 61 72 63 68 2e 68 66 69 6e 64 69 6e 67 66 6f 72 6d 73 70 72 6f 2e 63 6f 6d 2f 22 3e 68 65 72 65 3c 2f 61 3e 2e 3c 2f 68 32 3e 0d 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>Object moved</title></head><body><h2>Object moved to <a href="https://search.hfindingformspro.com/">here</a>.</h2></body></html>
Session ID Source IP Source Port Destination IP Destination Port Process
1 192.168.2.3 49936 52.217.8.140 80 C:\Program Files (x86)\Internet Explorer\iexplore.exe
TimestampkBytestransferred Direction Data
Jul 10, 2021 07:51:59.804451942 CEST
10003 OUT GET /wp-content/themes/it-solutions/images/mobile_nav_right.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: findmyforms.s3.amazonaws.comConnection: Keep-Alive
Jul 10, 2021 07:51:59.927691936 CEST
10327 IN HTTP/1.1 200 OKx-amz-id-2: t9tmssKn3SSaVrGb+8Dh53FcSFIxFJFGlIYj7+1DONyYEoJWP0Vn8FtIsmjzX6pfmog0F862cH0=x-amz-request-id: 7FE35JQS3D0JQG4QDate: Sat, 10 Jul 2021 05:52:00 GMTLast-Modified: Thu, 25 Feb 2021 17:37:07 GMTETag: "a98cda74ae2503c4d3d0c7b4128fa11b"Accept-Ranges: bytesContent-Type: image/pngServer: AmazonS3Content-Length: 118
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
HTTP Request Dependency Graph
HTTP Packets
HTTPS Packets
Copyright Joe Security LLC 2021 Page 60 of 74
Jul 10, 2021 07:51:20.988923073 CEST
54.156.222.111 443 192.168.2.3 49710 CN=findingformspro.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sat Aug 15 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Tue Sep 14 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:21.582329988 CEST
104.18.226.52 443 192.168.2.3 49718 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Jul 04 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020
Mon Jul 04 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Jul 10, 2021 07:51:21.583379030 CEST
104.18.226.52 443 192.168.2.3 49716 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Sun Jul 04 02:00:00 CEST 2021 Mon Jan 27 13:48:08 CET 2020
Mon Jul 04 01:59:59 CEST 2022 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 61 of 74
Jul 10, 2021 07:51:21.961334944 CEST
13.224.89.12 443 192.168.2.3 49721 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:21.961558104 CEST
13.224.89.12 443 192.168.2.3 49720 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 62 of 74
Jul 10, 2021 07:51:21.986041069 CEST
157.240.17.15 443 192.168.2.3 49722 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed May 26 02:00:00 CEST 2021 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 25 01:59:59 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jul 10, 2021 07:51:21.986382008 CEST
157.240.17.15 443 192.168.2.3 49723 CN=*.facebook.com, O="Facebook, Inc.", L=Menlo Park, ST=California, C=US CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Wed May 26 02:00:00 CEST 2021 Tue Oct 22 14:00:00 CEST 2013
Wed Aug 25 01:59:59 CEST 2021 Sun Oct 22 14:00:00 CEST 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=DigiCert SHA2 High Assurance Server CA, OU=www.digicert.com, O=DigiCert Inc, C=US
CN=DigiCert High Assurance EV Root CA, OU=www.digicert.com, O=DigiCert Inc, C=US
Tue Oct 22 14:00:00 CEST 2013
Sun Oct 22 14:00:00 CEST 2028
Jul 10, 2021 07:51:23.684638977 CEST
34.232.40.183 443 192.168.2.3 49724 CN=onesearch.org CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Mar 21 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Wed Apr 20 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 63 of 74
Jul 10, 2021 07:51:23.686058044 CEST
34.232.40.183 443 192.168.2.3 49725 CN=onesearch.org CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Mar 21 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Wed Apr 20 01:59:59 CEST 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:23.700640917 CEST
13.224.89.139 443 192.168.2.3 49726 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 64 of 74
Jul 10, 2021 07:51:23.702594995 CEST
13.224.89.139 443 192.168.2.3 49727 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:23.724014044 CEST
13.224.89.139 443 192.168.2.3 49728 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 65 of 74
Jul 10, 2021 07:51:23.724277020 CEST
13.224.89.139 443 192.168.2.3 49730 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:23.724932909 CEST
13.224.89.139 443 192.168.2.3 49731 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 66 of 74
Jul 10, 2021 07:51:23.725250006 CEST
13.224.89.139 443 192.168.2.3 49729 CN=*.cloudfront.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Fri Mar 19 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Fri Mar 18 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:23.846853018 CEST
37.139.1.159 443 192.168.2.3 49733 CN=*.openweathermap.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Mar 17 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010
Sun Jun 19 02:00:00 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Mon Feb 01 01:00:00 CET 2010
Tue Jan 19 00:59:59 CET 2038
Jul 10, 2021 07:51:23.851847887 CEST
37.139.1.159 443 192.168.2.3 49732 CN=*.openweathermap.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Mar 17 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010
Sun Jun 19 02:00:00 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 67 of 74
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Mon Feb 01 01:00:00 CET 2010
Tue Jan 19 00:59:59 CET 2038
Jul 10, 2021 07:51:24.059176922 CEST
138.201.197.100 443 192.168.2.3 49740 CN=*.openweathermap.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Mar 17 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010
Sun Jun 19 02:00:00 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Mon Feb 01 01:00:00 CET 2010
Tue Jan 19 00:59:59 CET 2038
Jul 10, 2021 07:51:24.062609911 CEST
138.201.197.100 443 192.168.2.3 49741 CN=*.openweathermap.org CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Tue Mar 17 01:00:00 CET 2020 Fri Nov 02 01:00:00 CET 2018 Mon Feb 01 01:00:00 CET 2010
Sun Jun 19 02:00:00 CEST 2022 Wed Jan 01 00:59:59 CET 2031 Tue Jan 19 00:59:59 CET 2038
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Sectigo RSA Domain Validation Secure Server CA, O=Sectigo Limited, L=Salford, ST=Greater Manchester, C=GB
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Fri Nov 02 01:00:00 CET 2018
Wed Jan 01 00:59:59 CET 2031
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
CN=USERTrust RSA Certification Authority, O=The USERTRUST Network, L=Jersey City, ST=New Jersey, C=US
Mon Feb 01 01:00:00 CET 2010
Tue Jan 19 00:59:59 CET 2038
Jul 10, 2021 07:51:24.186834097 CEST
108.177.127.154 443 192.168.2.3 49744 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jun 22 15:35:18 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Sep 14 15:35:17 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jul 10, 2021 07:51:24.188354015 CEST
108.177.127.154 443 192.168.2.3 49745 CN=*.g.doubleclick.net, O=Google LLC, L=Mountain View, ST=California, C=US CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GTS CA 1O1, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Tue Jun 22 15:35:18 CEST 2021 Thu Jun 15 02:00:42 CEST 2017
Tue Sep 14 15:35:17 CEST 2021 Wed Dec 15 01:00:42 CET 2021
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 68 of 74
CN=GTS CA 1O1, O=Google Trust Services, C=US
CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2
Thu Jun 15 02:00:42 CEST 2017
Wed Dec 15 01:00:42 CET 2021
Jul 10, 2021 07:51:24.289989948 CEST
172.217.168.67 443 192.168.2.3 49749 CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
Jul 10, 2021 07:51:24.292429924 CEST
172.217.168.67 443 192.168.2.3 49750 CN=*.google.ch CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US CN=GTS Root R1, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Tue Jun 22 18:40:01 CEST 2021 Thu Aug 13 02:00:42 CEST 2020 Fri Jun 19 02:00:42 CEST 2020
Tue Sep 14 18:40:00 CEST 2021 Thu Sep 30 02:00:42 CEST 2027 Fri Jan 28 01:00:42 CET 2028
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=GTS CA 1C3, O=Google Trust Services LLC, C=US
CN=GTS Root R1, O=Google Trust Services LLC, C=US
Thu Aug 13 02:00:42 CEST 2020
Thu Sep 30 02:00:42 CEST 2027
CN=GTS Root R1, O=Google Trust Services LLC, C=US
CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE
Fri Jun 19 02:00:42 CEST 2020
Fri Jan 28 01:00:42 CET 2028
Jul 10, 2021 07:51:37.754188061 CEST
54.156.222.111 443 192.168.2.3 49760 CN=findingformspro.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sat Aug 15 02:00:00 CEST 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Tue Sep 14 14:00:00 CEST 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-23-65281,29-23-24,0
37f463bf4616ecd445d4a1937da06e19
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 69 of 74
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:40.898689985 CEST
34.197.235.204 443 192.168.2.3 49765 CN=popularvpn.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Dec 13 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Wed Jan 12 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:40.900070906 CEST
34.197.235.204 443 192.168.2.3 49766 CN=popularvpn.net CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Sun Dec 13 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Wed Jan 12 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 70 of 74
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:41.128578901 CEST
104.18.10.207 443 192.168.2.3 49770 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020
Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Jul 10, 2021 07:51:43.588339090 CEST
34.236.18.233 443 192.168.2.3 49787 CN=thenewscorner.org CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Thu Nov 19 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Dec 19 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:43.589956045 CEST
34.236.18.233 443 192.168.2.3 49786 CN=thenewscorner.org CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Thu Nov 19 01:00:00 CET 2020 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sun Dec 19 00:59:59 CET 2021 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 71 of 74
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Jul 10, 2021 07:51:44.736078024 CEST
104.18.11.207 443 192.168.2.3 49789 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020
Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Jul 10, 2021 07:51:44.736098051 CEST
104.18.11.207 443 192.168.2.3 49788 CN=sni.cloudflaressl.com, O="Cloudflare, Inc.", L=San Francisco, ST=California, C=US CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Mar 01 01:00:00 CET 2021 Mon Jan 27 13:48:08 CET 2020
Tue Mar 01 00:59:59 CET 2022 Wed Jan 01 00:59:59 CET 2025
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Cloudflare Inc ECC CA-3, O="Cloudflare, Inc.", C=US
CN=Baltimore CyberTrust Root, OU=CyberTrust, O=Baltimore, C=IE
Mon Jan 27 13:48:08 CET 2020
Wed Jan 01 00:59:59 CET 2025
Jul 10, 2021 07:51:44.799976110 CEST
13.224.99.68 443 192.168.2.3 49791 CN=cdn.intergient.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Feb 03 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sat Mar 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Copyright Joe Security LLC 2021 Page 72 of 74
Code Manipulations
Statistics
Behavior
Click to jump to process
System Behavior
Jul 10, 2021 07:51:44.800034046 CEST
13.224.99.68 443 192.168.2.3 49790 CN=cdn.intergient.com CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US CN=Amazon Root CA 1, O=Amazon, C=US CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Feb 03 01:00:00 CET 2021 Thu Oct 22 02:00:00 CEST 2015 Mon May 25 14:00:00 CEST 2015 Wed Sep 02 02:00:00 CEST 2009
Sat Mar 05 00:59:59 CET 2022 Sun Oct 19 02:00:00 CEST 2025 Thu Dec 31 02:00:00 CET 2037 Wed Jun 28 19:39:16 CEST 2034
771,49196-49195-49200-49199-49188-49187-49192-49191-49162-49161-49172-49171-157-156-61-60-53-47-10,0-10-11-13-35-16-23-24-65281,29-23-24,0
9e10692f1b7f78228b2d4e424db3a98c
CN=Amazon, OU=Server CA 1B, O=Amazon, C=US
CN=Amazon Root CA 1, O=Amazon, C=US
Thu Oct 22 02:00:00 CEST 2015
Sun Oct 19 02:00:00 CEST 2025
CN=Amazon Root CA 1, O=Amazon, C=US
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
Mon May 25 14:00:00 CEST 2015
Thu Dec 31 02:00:00 CET 2037
CN=Starfield Services Root Certificate Authority - G2, O="Starfield Technologies, Inc.", L=Scottsdale, ST=Arizona, C=US
OU=Starfield Class 2 Certification Authority, O="Starfield Technologies, Inc.", C=US
Wed Sep 02 02:00:00 CEST 2009
Wed Jun 28 19:39:16 CEST 2034
Timestamp Source IPSourcePort Dest IP
DestPort Subject Issuer
NotBefore
NotAfter
JA3 SSL ClientFingerprint JA3 SSL Client Digest
Start time: 07:51:18
Start date: 10/07/2021
Path: C:\Program Files\internet explorer\iexplore.exe
Wow64 process (32bit): false
Commandline: 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Imagebase: 0x7ff729f10000
File size: 823560 bytes
MD5 hash: 6465CB92B25A7BC1DF8E01D8AC5E7596
Has elevated privileges: true
Has administrator privileges: true
Analysis Process: iexplore.exe PID: 5236 Parent PID: 792Analysis Process: iexplore.exe PID: 5236 Parent PID: 792
General
Copyright Joe Security LLC 2021 Page 73 of 74
Joe Sandbox Cloud Basic 32.0.0 Black Diamond
Disassembly
Copyright Joe Security LLC
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Programmed in: C, C++ or other language
Reputation: low
Show Windows behavior
Show Windows behavior
File ActivitiesFile Activities
Registry ActivitiesRegistry Activities
Start time: 07:51:19
Start date: 10/07/2021
Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Wow64 process (32bit): true
Commandline: 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:5236 CREDAT:17410 /prefetch:2
Imagebase: 0x210000
File size: 822536 bytes
MD5 hash: 071277CC2E3DF41EEEA8013E2AB58D5A
Has elevated privileges: true
Has administrator privileges: true
Programmed in: C, C++ or other language
Reputation: low
Show Windows behavior
Show Windows behavior
Analysis Process: iexplore.exe PID: 5400 Parent PID: 5236Analysis Process: iexplore.exe PID: 5400 Parent PID: 5236
General
Copyright Joe Security LLC 2021 Page 74 of 74