ID: Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version:

Similar documents
ID: Cookbook: browseurl.jbs Time: 13:58:58 Date: 09/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:09:48 Date: 05/02/2018 Version:

ID: Cookbook: browseurl.jbs Time: 22:02:15 Date: 20/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 17:13:23 Date: 27/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 15:01:22 Date: 30/11/2017 Version:

ID: Cookbook: browseurl.jbs Time: 03:47:54 Date: 05/05/2018 Version:

ID: Cookbook: browseurl.jbs Time: 23:25:27 Date: 29/08/2018 Version:

ID: Cookbook: browseurl.jbs Time: 16:29:51 Date: 17/11/2018 Version: Fire Opal

ID: Cookbook: browseurl.jbs Time: 17:28:58 Date: 31/08/2018 Version:

Visa Smart Debit/Credit Certificate Authority Public Keys

ID: Sample Name: OVERDUE_INVOICES qrypted.jar Cookbook: defaultwindowsfilecookbook.jbs Time: 11:58:04 Date: 14/05/2018 Version: 22.0.

ID: Cookbook: browseurl.jbs Time: 01:36:57 Date: 12/11/2018 Version: Fire Opal

Secret Key Systems (block encoding) Encrypting a small block of text (say 128 bits) General considerations for cipher design:

C Mono Camera Module with UART Interface. User Manual

ID: Cookbook: browseurl.jbs Time: 21:43:32 Date: 28/11/2018 Version: Fire Opal

ETSI TS V ( )

Audit Attestation for SwissSign AG. This is to confirm that TUV AUSTRIA CERT has successfully audited the CAs of SwissSign without critical findings.

Audit Attestation Microsec ETSI Assessment 2017 No. AA

Perú (Peru): Digital Certificate Services Providers Official Register (ROPS)

8WD4 Signaling Columns

A Wrench in the Cogwheels of P2P Botnets. Werner, Senior Virus Analyst, Kaspersky Lab 23 Annual FIRST Conference Vienna, 13th June 2011

Internet Engineering Task Force (IETF) ISSN: May 2013

ID: Sample Name: xnyjv5cbuw Cookbook: default.jbs Time: 07:26:31 Date: 02/07/2018 Version:

CSci 127: Introduction to Computer Science

UBN Universal Power Meter. MODBUS Protocol English 1UNMUP3K1004

IEEE C802.16e-05/179r1

Function Block DIGITAL PLL. Within +/- 5ppm / 10 years (Internal TCXO Stability) 1 External Reference Frequency Range: 10MHz +/- 100Hz

Digital Lighting Systems, Inc. PD804-DMX. Eight Channel DMX Pack. (includes information for PD804-DMX-S) USER'S MANUAL. PD804-DMX-UM Rev.

Computer Simulation and DSP Implementation of Data Mappers of V.90 Digital Modem in Theaid of IT

ID: Sample Name: CCS Projects.pdf Cookbook: defaultwindowspdfcookbook.jbs Time: 19:48:41 Date: 14/06/2018 Version:

MOBY-D Family Matrix

CooLink Programmers Reference Manual (PRM)

showtech 9th May.txt

! 1F8B0 " 1F8B1 ARROW POINTING UPWARDS THEN NORTH WEST ARROW POINTING RIGHTWARDS THEN CURVING SOUTH WEST. 18 (M4b)

Document # Logos: Purch-11B Purchasing Use ONLY: How to Change a Vendor in Logos Original Author Karrie Revolinski Date 5/10/13 Updated Author Date

Supplier s declaration of conformity

Recommendation ITU-R BT.1577 (06/2002)

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals

Ansible Tower Quick Setup Guide

Installation and configuration manual DXCa Modbus RTU CAN Gateway V1.2

Ansible Tower Quick Setup Guide

Rotel RSX-1056 RS232 HEX Protocol

SIREC D MP SIREC D200 SIREC D300 SIREC D400 : MP , CA 01. : E86060-D4001-A110-C (CD-ROM) E86060-D4001-A510-C (DVD) SIREC D

Figure 2. Another example from Teun Spaans Domino Plaza web site.

DEGEN DE1103 FM / MW / SW RECEIVER FM / AM / SSB / CW MODES OPERATING MANUAL

Generation of AES Key Dependent S-Boxes using RC4 Algorithm

H ~ 580 mm Paper used: 0,26 mm gr ("cardstock") 0,15 mm gr Glue: PVA

745 Transformer Protection System Communications Guide

MATHCOUNTS. 100 Classroom Lessons. August Prepared by

Using the 2975 to perform Control Channel Logging

N4115 an alternative encoding for geometric shapes

NOTICE OF REQUEST FOR PROPOSALS (RFP) RFP ADDENDUM 1 NORTH SAN JOSE STREET LIGHT CONVERSION TO LED

INTERNATIONAL TELECOMMUNICATION UNION. SERIES V: DATA COMMUNICATION OVER THE TELEPHONE NETWORK Simultaneous transmission of data and other signals

POWER ANALYZER CVM-MINI SERIES INSTRUCTION MANUAL M A CIRCUTOR, SA

DATA SHEET. BZX884 series Voltage regulator diodes DISCRETE SEMICONDUCTORS. Product data sheet Supersedes data of 2003 May Mar 26 BOTTOM VIEW

March 1, Courtney Wilton Portland Public Schools 501 North Dixon Portland, OR 97227

Name Date Class Period. 5.2 Exploring Properties of Perpendicular Bisectors

POINTAX 6000L2 Point Recorder

MADEinUSA OPERATOR S MANUAL. RS232 Interface Rev. A

G.SRT.B.5: Quadrilateral Proofs

Live Agent for Administrators

Application Note AN_437. FT602_I2C_User Guide

!"#$%& '()#"#-#"*+,(-# «!"#$% " $&'()*+,$)& -."/01*&$"2 3' $+ 8'$/"$+». -(/+% &'*"%0 (1'#&# 2*'(0,.#-%'3 % #"*+,(-#

Delta Din-rail Power Meter DPM-D520I User Manual.

ACOUSTIC NOISE AND VIBRATIONS DUE TO MAGNETIC FORCES IN ROTATING ELECTRICAL MACHINES

BlinkRC User Manual. 21 December Hardware Version 1.1. Manual Version 2.0. Copyright 2010, Blink Gear LLC. All rights reserved.

SRA Life, Earth, and Physical Science Laboratories correlation to Illinois Learning Standards: Science Grades 6-8

PERFORMANCE SPECIFICATION SHEET ELECTRON TUBE, MAGNETRON TYPE 6410A

G.SRT.B.5: Quadrilateral Proofs

Fuzed. Erlang and Rails, Sittin in a Tree. Dave Fayram & Tom Preston-Werner

Placing the OU logo on products not listed above constitutes an unauthorized use of the OU symbol, which is a federally registered trademark.

Parameter Value Unit Notes

Debouncing Switches. The non-ideal behavior of the contacts that creates multiple electrical transitions for a single user input.

Power Analyzer CVM-NRG96. User manual Extended version

Exploring Special Lines (Pappus, Desargues, Pascal s Mystic Hexagram)

C E R A M I C S. Mo t i f

Live Agent for Administrators

General regulation functions ElectroStatic Discharge (ESD) ultra high-speed switching High-frequency applications

APC 2M-14 Quick Installation Guide

Mark Scheme (Results) January 2011

Osmium. Integration Guide Revision 1.2. Osmium Integration Guide

PTN-1B/PTH-1B HG 3 HG 2 PTN-1B/PTH-1B. Type. Standard. Power supply. Semi-standard. Bore 24 V DC 2V 0.05A. f50 f63 f80 f100 f125 to f160 f180 to f250

Version 9.2. SmartPTT PLUS. Capacity Max Configuration Guide

Live Agent for Support Supervisors

HEXAGON NOTATION. (1) Salmon, in the "Notes" at the end of his Conic Sections designates by. the point of intersection of the lines ab,

Inscription Area/Color Labeling Accessories W H Order No. Price Packing Illustration Description mm mm 1 Pkg. 1 Pkg.

Live Agent for Administrators

Level instruments. Continuous level measurement - Radar transmitters SITRANS LR300. 5/180 Siemens FI Overview

overhead storage M O U N T I N G A P P L I C A B I L I T Y U N I V E R S A L O V E R H E A D B A S I C S

LD ma very low quiescent current linear regulator IC. applications. Description. Features SOT23-5L. DFN4 1x1

Power Distribution Module 54.05

Ansible Tower Quick Install

Live Agent for Support Supervisors

Live Agent for Support Supervisors

Carls-MacBook-Pro:Desktop carl$ exiftool -a -G1 EMMANUEL-MACRON-PORTRAIT-OFFICIEL.jpg [ExifTool] ExifTool Version Number : [System] File Name :

Wireless systems. how radio works radio spectrum allocation examples. tradeoffs. non-technical issues

HT1100 Satellite Modem User Guide

OSPF Version 3 for IPv6

Medlab GmbH EG04000 User Manual. medlab. Four Lead ECG OEM board EG Technical Manual. Copyright Medlab Version Version 1.

6ES BE30-0XB0 6ES AE30-0XB0 6ES HE30-0XB0

Transcription:

ID: 66102 Cookbook: browseurl.jbs Time: 02:09:04 Date: 29/06/2018 Version: 23.0.0

Table of Contents Table of Contents Analysis Report Overview Information Detection Classification Analysis Advice Signature Overview Networking: System Summary: Behavior Graph Yara Overview Initial Sample PCAP (Network Traffic) Dropped Files Memory Dumps Unpacked PEs Antivirus Detection Initial Sample Dropped Files Unpacked PE Files Domains URLs Screenshots Startup Created / dropped Files Contacted Domains/Contacted IPs Contacted Domains Contacted URLs Contacted IPs Public Static File Info No static file info Network Behavior Network Distribution TCP Packets UDP Packets DNS Queries DNS Answers HTTP Request Dependency Graph HTTP Packets HTTPS Packets System Behavior Analysis Process: exo-helper-1 PID: 13200 Parent PID: 12442 File Activities File Read Directory Created Analysis Process: exo-helper-1 PID: 13204 Parent PID: 13200 Analysis Process: sensible-browser PID: 13204 Parent PID: 13200 File Activities Copyright Joe Security LLC 2018 Page 2 of 65 2 4 4 4 4 4 5 5 6 6 6 7 7 7 7 7 7 7 7 8 8 8 8 8 9 9 12 12 13 13 13 14 14 14 14 14 14 14 15 18 18 19 60 60 60 60 60 60 60 60 60 60 60

File Read Analysis Process: x-www-browser PID: 13204 Parent PID: 13200 File Activities File Read Analysis Process: x-www-browser PID: 13208 Parent PID: 13204 Analysis Process: which PID: 13208 Parent PID: 13204 File Activities File Read Analysis Process: firefox PID: 13204 Parent PID: 13200 File Activities File Deleted File Read File Written File Moved Directory Created Directory Deleted Symbolic Link Created Owner / Group Modified Permission Modified Analysis Process: firefox PID: 13211 Parent PID: 13204 Analysis Process: firefox PID: 13245 Parent PID: 13204 File Activities File Read Analysis Process: firefox PID: 13258 Parent PID: 13204 Analysis Process: dbus-launch PID: 13258 Parent PID: 13204 File Activities File Read Analysis Process: firefox PID: 13268 Parent PID: 13204 Analysis Process: lsb_release PID: 13268 Parent PID: 13204 File Activities File Read Analysis Process: firefox PID: 13287 Parent PID: 13204 Analysis Process: dbus-launch PID: 13287 Parent PID: 13204 File Activities File Read Analysis Process: firefox PID: 13315 Parent PID: 13204 Analysis Process: firefox PID: 13315 Parent PID: 13204 File Activities File Deleted File Read Analysis Process: firefox PID: 13377 Parent PID: 13204 Analysis Process: firefox PID: 13377 Parent PID: 13204 File Activities File Deleted File Read 60 60 60 61 61 61 61 61 61 61 61 61 61 61 61 61 61 61 62 62 62 62 62 62 62 62 62 62 62 62 62 62 62 63 63 63 63 63 63 63 63 63 63 63 63 64 64 64 64 64 64 64 64 64 64 64 65 65 65 65 65 Copyright Joe Security LLC 2018 Page 3 of 65

Analysis Report Overview Information Joe Sandbox Version: 23.0.0 Analysis ID: 66102 Start time: 02:09:04 Joe Sandbox Product: CloudBasic Start date: 29.06.2018 Overall analysis duration: Hypervisor based Inspection enabled: Report type: Cookbook file name: Sample URL: 0h 3m 25s false light browseurl.jbs http://204.48.24.72/ Analysis system description: Ubuntu Linux 16.04 x64 (Kernel 4.4.0-116, Firefox 59.0, Document Viewer 3.18.2, LibreOffice 5.1.6.2, OpenJDK 1.8.0_171) Detection: Classification: CLEAN clean0.lin@0/14@16/0 Detection Strategy Score Range Reporting Detection Threshold 0 0-100 Report FP / FN Classification Copyright Joe Security LLC 2018 Page 4 of 65

Ransomware Miner Spreading malicious malicious malicious Evader Phishing suspicious suspicious suspicious clean clean clean Exploiter Banker Spyware Trojan / Bot Adware Analysis Advice Sample HTTP request are all non existing, likely the sample is no longer working Signature Overview Networking System Summary Copyright Joe Security LLC 2018 Page 5 of 65

Click to jump to signature section Networking: Downloads files from webservers via HTTP Performs DNS lookups Tries to download non-existing http data (HTTP/1.1 404 Found) Uses HTTPS System Summary: Classification label Behavior Graph Copyright Joe Security LLC 2018 Page 6 of 65

Behavior Graph ID: 66102 URL: http://204.48.24.72/ Startdate: 29/06/2018 Architecture: LINUX Score: 0 Legend: Process Signature Created File DNS/IP Info Is Dropped Hide Legend Number of created Files Is malicious 204.48.24.72, 41740, 41780, 80 PRIMUS-AS6407-PrimusTelecommunicationsCanadaIncCA United States transfer.sh 185.216.24.82, 41180, 41184, 41186 NETRIX-ASNetrixFR France 19 other IPs or domains started exo-helper-1 started exo-helper-1 sensible-browser x-www-browser firefox started started started firefox dbus-launch firefox dbus-launch firefox lsb_release 5 other processes Yara Overview Initial Sample No yara matches PCAP (Network Traffic) No yara matches Dropped Files No yara matches Memory Dumps No yara matches Unpacked PEs No yara matches Antivirus Detection Initial Sample Copyright Joe Security LLC 2018 Page 7 of 65

Detection Scanner Label Link http://204.48.24.72/ 1% virustotal Browse Dropped Files No Antivirus matches Unpacked PE Files No Antivirus matches Domains Detection Scanner Label Link transfer.sh 0% virustotal Browse pipeline-edge-prod-25-561439127.us-west-2.elb.amazonaws.com 0% virustotal Browse ghbtns.com 0% virustotal Browse balrog-aus5.r53-2.services.mozilla.com 0% virustotal Browse api.github.com 0% virustotal Browse www-google-analytics.l.google.com 0% virustotal Browse googleadapis.l.google.com 0% virustotal Browse a19.dscg10.akamai.net 0% virustotal Browse search.r53-2.services.mozilla.com 0% virustotal Browse gstaticadssl.l.google.com 0% virustotal Browse github.map.fastly.net 0% virustotal Browse widget.uservoice.com 0% virustotal Browse locprod1-elb-eu-west-1.prod.mozaws.net 0% virustotal Browse by2.uservoice.com 0% virustotal Browse camo.githubusercontent.com 0% virustotal Browse fonts.googleapis.com 0% virustotal Browse fonts.gstatic.com 0% virustotal Browse URLs Detection Scanner Label Link http://204.48.24.72/ 1% virustotal Browse Screenshots Copyright Joe Security LLC 2018 Page 8 of 65

Startup system is lnxubuntu1 exo-helper-1 (PID: 13200, Parent: 12442, MD5: c27a648e34ba5ce625d064af015be147) exo-helper-1 New Fork (PID: 13204, Parent: 13200) sensible-browser (PID: 13204, Parent: 13200, MD5: a5909f49ad9c97574d2b4c49cc24905d) x-www-browser (PID: 13204, Parent: 13200, MD5: 42b33a4578e4a51d8a5d1010c466a9d7) x-www-browser New Fork (PID: 13208, Parent: 13204) which (PID: 13208, Parent: 13204, MD5: unknown) firefox (PID: 13204, Parent: 13200, MD5: a4440256f73e7450b27eeb48d0d5f804) firefox New Fork (PID: 13211, Parent: 13204) firefox New Fork (PID: 13245, Parent: 13204) firefox New Fork (PID: 13258, Parent: 13204) dbus-launch (PID: 13258, Parent: 13204, MD5: e4a469f27d130d783c21ce9c1c4456c3) firefox New Fork (PID: 13268, Parent: 13204) lsb_release (PID: 13268, Parent: 13204, MD5: 18cba7de7bfedd0d9f027bd1c54cc2b2) firefox New Fork (PID: 13287, Parent: 13204) dbus-launch (PID: 13287, Parent: 13204, MD5: e4a469f27d130d783c21ce9c1c4456c3) firefox New Fork (PID: 13315, Parent: 13204) firefox (PID: 13315, Parent: 13204, MD5: a4440256f73e7450b27eeb48d0d5f804) firefox New Fork (PID: 13377, Parent: 13204) firefox (PID: 13377, Parent: 13204, MD5: a4440256f73e7450b27eeb48d0d5f804) cleanup Created / dropped Files /home/user/.cache/dconf/user Process: /usr/lib/firefox/firefox File Type: very short file (no magic) Size (bytes): 1 Copyright Joe Security LLC 2018 Page 9 of 65

/home/user/.cache/dconf/user Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 93B885ADFE0DA089CDF634904FD59F71 5BA93C9DB0CFF93F52B521D7420E43F6EDA2784F 6E340B9CFFB37A989CA544E6BB780A2C78901D3FB33738768511A30617AFA01D B8244D028981D693AF7B456AF8EFA4CAD63D282E19FF14942C246E50D9351D22704A802A71C3580B6370DE4CEB2 93C324A8423342557D4E5C38438F0E36910EE false low /home/user/.cache/mozilla/firefox/v9nzj3nw.default/activity-stream.tippytop.json.tmp Process: File Type: Size (bytes): 97960 /usr/lib/firefox/firefox Entropy (8bit): 5.065798215540501 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: ASCII text, with very long lines, with no line terminators false 99D2ED2F9CD4EE0B112A7D49BB48FF07 57667126FCC58F4CA5E93B43C433432E9C3070F8 57FF8AE76A8F86FF4BD30A5B651FF50764CE785E17485303166B1EB778987F73 93D1BFF48F46A38A6980DEF4D91CF33580B35751675AFF18565DCBE815072D43B3FA97A89587F22EA5237FDF918 D3AFB051F0C211EE0AA6F4F74F5664E0F91A4 false low /home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/28000c1d9bde7e5af0447bfa15917868b610769f Process: File Type: Size (bytes): 1975 /usr/lib/firefox/firefox gzip compressed data, from Unix Entropy (8bit): 7.565928568376037 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 45399B711C2418E99C12C30325C3BD46 98E2B55A6DCFE9B3CE19124F3B3B802485B26F63 6F258E1FFF378A8F6E29211744A4F7DE21A6D732C7D7993D990BE11DF50689F7 65AAD2C1FBC390D0EBFCCCBA2D2BEE6C529CD1426C534C57E84E73EB66F059994AC22EF7A17B429CF8223BC7 09FA366570F25B137B9CFE22D03002182A8E2296 false low /home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/85d679d5a35c7b886b0327ecef8a5fe0396a358e Process: File Type: /usr/lib/firefox/firefox data Size (bytes): 104719 Entropy (8bit): 5.478539465304002 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 5F89D497A67E1B7224C014579366C727 6B565492D2884E5215DBE342D80B5BB542E51051 28AF49C56D9BBECA0C40F712390B8172ED209AEDC588B4EB2C9B339266C173BA B45CB5F9A6185A0C3DFDE0EA719F118CDEBA48D2276436212CC1492111146AA0043552EFEE46322330538B80DA4 B10A8EBF1BE3FD940D27B9F5753DDE1B640F4 false low /home/user/.cache/mozilla/firefox/v9nzj3nw.default/cache2/entries/fdc728d7c79370d9c6f7e4f5148d414fe09e3e61 Process: File Type: /usr/lib/firefox/firefox data Size (bytes): 32464 Entropy (8bit): 4.983710943211799 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false 288CD4ABE67D311BE26F627E010D1849 7630FED1F9ECB9923F1C6F8F127898F4076CF26F 1A93B173FBF876E022F3DA54316AC619903FC40E9923499C4029CD70669C7520 157577662F211513CF2D3466F761DB33E3A8EA9C26A9397438A5D7A996DCD82D94E773B570E8BF765E6DA3040DE 4FB6C806CC35477975B300128B1DA0DA99775 false low Copyright Joe Security LLC 2018 Page 10 of 65

/home/user/.mozilla/firefox/v9nzj3nw.default/cookies.sqlite-shm Process: File Type: Size (bytes): 16 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 4AE71336E44BF9BF79D2752E234818A5 E129F27C5103BC5CC44BCDF0A15E160D445066FF 374708FFF7719DD5979EC875D56CD2286F6D3CF7EC317A3B25632AAB28EC37BB 0B6CBAC838DFE7F47EA1BD0DF00EC282FDF45510C92161072CCFB84035390C4DA743D9C3B954EAA1B0F86FC98 61B23CC6C8667AB232C11C686432EBB5C8C3F27 false low /home/user/.mozilla/firefox/v9nzj3nw.default/favicons.sqlite-shm Process: File Type: Size (bytes): 8 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 7DEA362B3FAC8E00956A4952A3D4F474 05FE405753166F125559E7C9AC558654F107C7E9 AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC 1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC4 7EF0D9E2C924130E5BCC5F0D94937852C42F1B false low /home/user/.mozilla/firefox/v9nzj3nw.default/places.sqlite-shm Process: File Type: Size (bytes): 8 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 7DEA362B3FAC8E00956A4952A3D4F474 05FE405753166F125559E7C9AC558654F107C7E9 AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC 1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC4 7EF0D9E2C924130E5BCC5F0D94937852C42F1B false low /home/user/.mozilla/firefox/v9nzj3nw.default/places.sqlite-wal Process: File Type: /usr/lib/firefox/firefox data Size (bytes): 426328 Entropy (8bit): 0.13413250505390978 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false C2D00BEC52CBFF987AA88580C477E7C9 B68271EEFCCDF8368DFD32D088F3BF8E49379F1E 2ACAB44951F6D03EAFA15D10858D2FAF27102014CCF3E80496A4839CE2733BFB 3B3243CBAFDD7AB9257C0D23B14BED73F060FE61A034FB74AA580D041EC7C5546C66482AA0A4F2C828261FCD5 DC5CF9EF1DD2FAB42757BA4CD2AC8304F659B85 false low /home/user/.mozilla/firefox/v9nzj3nw.default/prefs-1.js Process: File Type: Size (bytes): 6823 /usr/lib/firefox/firefox ASCII text, with very long lines Entropy (8bit): 5.10851217113554 Encrypted: MD5: SHA1: SHA-256: SHA-512: false 50A02709EF4B2A8D96764F049AF2B5D3 C3ECD5F375499CA617DB4655E011E514B7DBB50E 271E3D070402A1DC481016A0465ECE21E3E76514EA14DAB83AB862A42432CA4A ABB78063AB9D7CE9EDE04B64CF4DEC71166A1E7A928EBD32F83FD05CBC2BB3FAE2982AFADB3A5135F60C0FB 00F35EC649C93D55670FA2E30D4499E3D119EA3E3 Copyright Joe Security LLC 2018 Page 11 of 65

/home/user/.mozilla/firefox/v9nzj3nw.default/prefs-1.js Malicious: Reputation: false low /home/user/.mozilla/firefox/v9nzj3nw.default/sessioncheckpoints.json.tmp Process: File Type: Size (bytes): 143 /usr/lib/firefox/firefox ASCII text, with no line terminators Entropy (8bit): 4.223691028533093 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: false C0E4C22C50DD21142F57714EF49B8713 06B77307DCA5C889EA279243E74730CBC10801BE 6FE46B65B76B3DF32D8392853740B35ED75B6E23F4FBD6F45F3EFA1D496E6717 A4516B4F15EDB429F7B8CE3EA709D3777BFCC590838B1E113147E6BFB4DF0F34F0F2B24F6185D4E4277A77F7571 1BB470461B86AA507921AF037A6D22DF9278E false low /home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/2918063365piupsah.sqlite-shm Process: File Type: Size (bytes): 16 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 4AE71336E44BF9BF79D2752E234818A5 E129F27C5103BC5CC44BCDF0A15E160D445066FF 374708FFF7719DD5979EC875D56CD2286F6D3CF7EC317A3B25632AAB28EC37BB 0B6CBAC838DFE7F47EA1BD0DF00EC282FDF45510C92161072CCFB84035390C4DA743D9C3B954EAA1B0F86FC98 61B23CC6C8667AB232C11C686432EBB5C8C3F27 false low /home/user/.mozilla/firefox/v9nzj3nw.default/storage/permanent/chrome/idb/3561288849sdhlie.sqlite-shm Process: File Type: Size (bytes): 16 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 4AE71336E44BF9BF79D2752E234818A5 E129F27C5103BC5CC44BCDF0A15E160D445066FF 374708FFF7719DD5979EC875D56CD2286F6D3CF7EC317A3B25632AAB28EC37BB 0B6CBAC838DFE7F47EA1BD0DF00EC282FDF45510C92161072CCFB84035390C4DA743D9C3B954EAA1B0F86FC98 61B23CC6C8667AB232C11C686432EBB5C8C3F27 false low /home/user/.mozilla/firefox/v9nzj3nw.default/webappsstore.sqlite-shm Process: File Type: Size (bytes): 8 Entropy (8bit): 0.0 Encrypted: MD5: SHA1: SHA-256: SHA-512: Malicious: Reputation: /usr/lib/firefox/firefox data false 7DEA362B3FAC8E00956A4952A3D4F474 05FE405753166F125559E7C9AC558654F107C7E9 AF5570F5A1810B7AF78CAF4BC70A660F0DF51E42BAF91D4DE5B2328DE0E83DFC 1B7409CCF0D5A34D3A77EAABFA9FE27427655BE9297127EE9522AA1BF4046D4F945983678169CB1A7348EDCAC4 7EF0D9E2C924130E5BCC5F0D94937852C42F1B false low Contacted Domains/Contacted IPs Contacted Domains Copyright Joe Security LLC 2018 Page 12 of 65

Name IP Active Malicious Antivirus Detection Reputation transfer.sh 185.216.24.82 true false 0%, virustotal, Browse high pipeline-edge-prod-25-561439127.us-west- 2.elb.amazonaws.com 34.212.55.103 true false 0%, virustotal, Browse high ghbtns.com 104.27.137.111 true false 0%, virustotal, Browse high balrog-aus5.r53-2.services.mozilla.com 35.162.46.217 true false 0%, virustotal, Browse high api.github.com 192.30.253.116 true false 0%, virustotal, Browse high www-google-analytics.l.google.com 216.58.210.14 true false 0%, virustotal, Browse high googleadapis.l.google.com 216.58.210.10 true false 0%, virustotal, Browse high a19.dscg10.akamai.net 95.101.72.200 true false 0%, virustotal, Browse high search.r53-2.services.mozilla.com 54.148.43.57 true false 0%, virustotal, Browse high gstaticadssl.l.google.com 216.58.210.3 true false 0%, virustotal, Browse high github.map.fastly.net 151.101.0.133 true false 0%, virustotal, Browse low widget.uservoice.com 104.16.95.65 true false 0%, virustotal, Browse high locprod1-elb-eu-west-1.prod.mozaws.net 34.252.164.43 true false 0%, virustotal, Browse high by2.uservoice.com 104.16.95.65 true false 0%, virustotal, Browse high camo.githubusercontent.com unknown unknown false 0%, virustotal, Browse unknown fonts.googleapis.com unknown unknown false 0%, virustotal, Browse high fonts.gstatic.com unknown unknown false 0%, virustotal, Browse high Contacted URLs Name http://204.48.24.72/favicon.ico http://204.48.24.72/ Process unknown unknown Contacted IPs No. of IPs < 25% 25% < No. of IPs < 50% 50% < No. of IPs < 75% 75% < No. of IPs Public IP Country Flag ASN ASN Name Malicious 104.27.137.111 United States 13335 CLOUDFLARENET- CloudFlareIncUS false 151.101.0.133 United States 54113 FASTLY-FastlyUS false 192.30.253.116 United States 36459 GITHUB-GitHubIncUS false 185.216.24.82 France 62000 NETRIX-ASNetrixFR false 34.212.55.103 United States 16509 AMAZON-02-AmazoncomIncUS false 35.162.46.217 United States 16509 AMAZON-02-AmazoncomIncUS false Copyright Joe Security LLC 2018 Page 13 of 65

IP Country Flag ASN ASN Name Malicious 54.148.43.57 United States 16509 AMAZON-02-AmazoncomIncUS false 34.252.164.43 United States 16509 AMAZON-02-AmazoncomIncUS false 216.58.210.10 United States 15169 GOOGLE-GoogleIncUS false 216.58.210.3 United States 15169 GOOGLE-GoogleIncUS false 204.48.24.72 United States 6407 PRIMUS-AS6407- PrimusTelecommunicationsCanad aincca 216.58.210.14 United States 15169 GOOGLE-GoogleIncUS false false 104.16.95.65 United States 13335 CLOUDFLARENET- CloudFlareIncUS false Static File Info No static file info Network Behavior Network Distribution Total Packets: 596 443 (HTTPS) 53 (DNS) 80 (HTTP) TCP Packets UDP Packets DNS Queries IP IP Trans ID OP Code Name Type Class 02:10:08.080713034 192.168.2.20 8.8.8.8 0x42c4 Standard query (0) 02:10:08.080821991 192.168.2.20 8.8.8.8 0x4a2a Standard query (0) 02:10:08.230505943 192.168.2.20 8.8.8.8 0x33a3 Standard query (0) 02:10:08.230568886 192.168.2.20 8.8.8.8 0x567f Standard query (0) 02:10:08.261473894 192.168.2.20 8.8.8.8 0x1740 Standard query (0) 02:10:08.262123108 192.168.2.20 8.8.8.8 0xc40e Standard query (0) 02:10:08.498558998 192.168.2.20 8.8.8.8 0x70a0 Standard query (0) 02:10:08.498711109 192.168.2.20 8.8.8.8 0xc11b Standard query (0) 02:10:08.624162912 192.168.2.20 8.8.8.8 0xe539 Standard query (0) transfer.sh A (IP address) IN (0x0001) transfer.sh 28 IN (0x0001) fonts.goog leapis.com fonts.goog leapis.com A (IP address) camo.githu A (IP address) busercontent.com IN (0x0001) 28 IN (0x0001) IN (0x0001) camo.githu 28 IN (0x0001) busercontent.com fonts.gstatic.com A (IP address) IN (0x0001) fonts.gstatic.com 28 IN (0x0001) ghbtns.com A (IP address) IN (0x0001) Copyright Joe Security LLC 2018 Page 14 of 65

IP IP Trans ID OP Code Name Type Class 02:10:08.624226093 192.168.2.20 8.8.8.8 0xfc70 Standard query (0) 02:10:08.625160933 192.168.2.20 8.8.8.8 0x989a Standard query (0) 02:10:08.625299931 192.168.2.20 8.8.8.8 0xb61f Standard query (0) 02:10:09.639359951 192.168.2.20 8.8.8.8 0x92c4 Standard query (0) 02:10:09.639511108 192.168.2.20 8.8.8.8 0x7841 Standard query (0) 02:10:10.108684063 192.168.2.20 8.8.8.8 0xf807 Standard query (0) 02:10:10.108820915 192.168.2.20 8.8.8.8 0x1117 Standard query (0) ghbtns.com 28 IN (0x0001) widget.use rvoice.com widget.use rvoice.com A (IP address) IN (0x0001) 28 IN (0x0001) api.github.com A (IP address) IN (0x0001) api.github.com 28 IN (0x0001) by2.uservo ice.com by2.uservo ice.com A (IP address) IN (0x0001) 28 IN (0x0001) DNS Answers IP IP Trans ID Replay Code Name CName Address Type Class 02:10:07.668515921 02:10:07.668515921 02:10:07.668515921 8.8.8.8 192.168.2.20 0xffd6 No error (0) locprod1-elb-euwest-1.prod.mo zaws.net 8.8.8.8 192.168.2.20 0xffd6 No error (0) locprod1-elb-euwest-1.prod.mo zaws.net 8.8.8.8 192.168.2.20 0xffd6 No error (0) locprod1-elb-euwest-1.prod.mo zaws.net 8.8.8.8 192.168.2.20 0x74 No error (0) search.r53-02:10:08.049761057 2.service s.mozilla.com 8.8.8.8 192.168.2.20 0x74 No error (0) search.r53-02:10:08.049761057 2.service s.mozilla.com 8.8.8.8 192.168.2.20 0x74 No error (0) search.r53-02:10:08.049761057 2.service s.mozilla.com 34.252.164.43 A (IP address) IN (0x0001) 52.17.111.251 A (IP address) IN (0x0001) 54.171.37.43 A (IP address) IN (0x0001) 54.148.43.57 A (IP address) IN (0x0001) 52.37.53.20 A (IP address) IN (0x0001) 52.24.130.228 A (IP address) IN (0x0001) 8.8.8.8 192.168.2.20 0x42c4 No error (0) transfer.sh 185.216.24.82 A (IP address) IN (0x0001) 02:10:08.107378006 8.8.8.8 192.168.2.20 0x567f No error (0) fonts.goog 02:10:08.258502960 leapis.com 8.8.8.8 192.168.2.20 0x567f No error (0) googleadap 02:10:08.258502960 is.l.google.com 8.8.8.8 192.168.2.20 0x33a3 No error (0) fonts.goog 02:10:08.259057045 leapis.com 8.8.8.8 192.168.2.20 0x33a3 No error (0) googleadap 02:10:08.259057045 is.l.google.com 02:10:08.297400951 8.8.8.8 192.168.2.20 0x1740 No error (0) camo.githu buserconte nt.com 8.8.8.8 192.168.2.20 0x1740 No error (0) github.map 02:10:08.297400951.fastly.net 8.8.8.8 192.168.2.20 0x1740 No error (0) github.map 02:10:08.297400951.fastly.net 8.8.8.8 192.168.2.20 0x1740 No error (0) github.map 02:10:08.297400951.fastly.net 8.8.8.8 192.168.2.20 0x1740 No error (0) github.map 02:10:08.297400951.fastly.net 02:10:08.297427893 02:10:08.526416063 8.8.8.8 192.168.2.20 0xc40e No error (0) camo.githu buserconte nt.com googleadapis.l.google.co m googleadapis.l.google.co m github.map.fastly.net github.map.fastly.net CNAME (Canonical name) IN (0x0001) 28 IN (0x0001) CNAME (Canonical name) IN (0x0001) 216.58.210.10 A (IP address) IN (0x0001) CNAME (Canonical name) IN (0x0001) 151.101.0.133 A (IP address) IN (0x0001) 151.101.64.133 A (IP address) IN (0x0001) 151.101.128.133 A (IP address) IN (0x0001) 151.101.192.133 A (IP address) IN (0x0001) CNAME (Canonical name) 8.8.8.8 192.168.2.20 0x70a0 No error (0) fonts.gstatic.com gstaticadssl.l.google.com CNAME (Canonical name) 8.8.8.8 192.168.2.20 0x70a0 No error (0) gstaticads 02:10:08.526416063 sl.l.google.com IN (0x0001) IN (0x0001) 216.58.210.3 A (IP address) IN (0x0001) Copyright Joe Security LLC 2018 Page 15 of 65

IP IP Trans ID Replay Code Name CName Address Type Class 02:10:08.526547909 8.8.8.8 192.168.2.20 0xc11b No error (0) fonts.gstatic.com gstaticadssl.l.google.com CNAME (Canonical name) 8.8.8.8 192.168.2.20 0xc11b No error (0) gstaticads 02:10:08.526547909 sl.l.google.com IN (0x0001) 28 IN (0x0001) 8.8.8.8 192.168.2.20 0xfc70 No error (0) ghbtns.com 28 IN (0x0001) 02:10:08.657274961 8.8.8.8 192.168.2.20 0xfc70 No error (0) ghbtns.com 28 IN (0x0001) 02:10:08.657274961 8.8.8.8 192.168.2.20 0x989a No error (0) widget.use 02:10:08.657313108 rvoice.com 8.8.8.8 192.168.2.20 0x989a No error (0) widget.use 02:10:08.657313108 rvoice.com 8.8.8.8 192.168.2.20 0x989a No error (0) widget.use 02:10:08.657313108 rvoice.com 8.8.8.8 192.168.2.20 0x989a No error (0) widget.use 02:10:08.657313108 rvoice.com 8.8.8.8 192.168.2.20 0x989a No error (0) widget.use 02:10:08.657313108 rvoice.com 8.8.8.8 192.168.2.20 0xb61f No error (0) widget.use 02:10:08.657799959 rvoice.com 8.8.8.8 192.168.2.20 0xb61f No error (0) widget.use 02:10:08.657799959 rvoice.com 8.8.8.8 192.168.2.20 0xb61f No error (0) widget.use 02:10:08.657799959 rvoice.com 8.8.8.8 192.168.2.20 0xb61f No error (0) widget.use 02:10:08.657799959 rvoice.com 8.8.8.8 192.168.2.20 0xb61f No error (0) widget.use 02:10:08.657799959 rvoice.com 104.16.95.65 A (IP address) IN (0x0001) 104.16.96.65 A (IP address) IN (0x0001) 104.16.92.65 A (IP address) IN (0x0001) 104.16.93.65 A (IP address) IN (0x0001) 104.16.94.65 A (IP address) IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 8.8.8.8 192.168.2.20 0xe539 No error (0) ghbtns.com 104.27.137.111 A (IP address) IN (0x0001) 02:10:08.657830000 8.8.8.8 192.168.2.20 0xe539 No error (0) ghbtns.com 104.27.136.111 A (IP address) IN (0x0001) 02:10:08.657830000 02:10:08.658691883 02:10:08.660429955 8.8.8.8 192.168.2.20 0xf400 No error (0) www-googleanalytics.l.google.com 8.8.8.8 192.168.2.20 0x9fd5 No error (0) www-googleanalytics.l.google.com 216.58.210.14 A (IP address) IN (0x0001) 28 IN (0x0001) 8.8.8.8 192.168.2.20 0x92c4 No error (0) api.github.com 192.30.253.116 A (IP address) IN (0x0001) 02:10:09.677877903 8.8.8.8 192.168.2.20 0x92c4 No error (0) api.github.com 192.30.253.117 A (IP address) IN (0x0001) 02:10:09.677877903 8.8.8.8 192.168.2.20 0x1117 No error (0) by2.uservo 02:10:10.142795086 ice.com 8.8.8.8 192.168.2.20 0x1117 No error (0) by2.uservo 02:10:10.142795086 ice.com 8.8.8.8 192.168.2.20 0x1117 No error (0) by2.uservo 02:10:10.142795086 ice.com 8.8.8.8 192.168.2.20 0x1117 No error (0) by2.uservo 02:10:10.142795086 ice.com 8.8.8.8 192.168.2.20 0x1117 No error (0) by2.uservo 02:10:10.142795086 ice.com 8.8.8.8 192.168.2.20 0xf807 No error (0) by2.uservo 02:10:10.142858028 ice.com 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) 104.16.95.65 A (IP address) IN (0x0001) Copyright Joe Security LLC 2018 Page 16 of 65

IP IP Trans ID Replay Code Name CName Address Type Class 8.8.8.8 192.168.2.20 0xf807 No error (0) by2.uservo 02:10:10.142858028 ice.com 8.8.8.8 192.168.2.20 0xf807 No error (0) by2.uservo 02:10:10.142858028 ice.com 8.8.8.8 192.168.2.20 0xf807 No error (0) by2.uservo 02:10:10.142858028 ice.com 8.8.8.8 192.168.2.20 0xf807 No error (0) by2.uservo 02:10:10.142858028 ice.com 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:27.402220011 02:10:28.022608995 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x114e No error (0) balrog-aus5.r53-2.services.moz illa.com 8.8.8.8 192.168.2.20 0x3872 No error (0) a21ed24aed de648804e7-228765c84 088fef4ff5 e70f271039 8e9.r17.cf 1.rackcdn.com 8.8.8.8 192.168.2.20 0x3872 No error (0) a17.rackcd 02:10:28.022608995 n.com 8.8.8.8 192.168.2.20 0x3872 No error (0) a19.dscg10 02:10:28.022608995.akamai.net 8.8.8.8 192.168.2.20 0x3872 No error (0) a19.dscg10 02:10:28.022608995.akamai.net 02:10:28.028049946 8.8.8.8 192.168.2.20 0x1dcc No error (0) a21ed24aed de648804e7-228765c84 088fef4ff5 e70f271039 8e9.r17.cf 1.rackcdn.com 8.8.8.8 192.168.2.20 0x1dcc No error (0) a17.rackcd 02:10:28.028049946 n.com 8.8.8.8 192.168.2.20 0x1dcc No error (0) a19.dscg10 02:10:28.028049946.akamai.net 8.8.8.8 192.168.2.20 0x1dcc No error (0) a19.dscg10 02:10:28.028049946.akamai.net 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) telemetry- incoming.r53-2.services.mozill a.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com a17.rackcdn.com a17.rackcdn.com.mdc.ed gesuite.net a17.rackcdn.com a17.rackcdn.com.mdc.ed gesuite.net pipeline-edge-prod-25-561439127.us-west- 2.elb.amazonaws.com 104.16.94.65 A (IP address) IN (0x0001) 104.16.96.65 A (IP address) IN (0x0001) 104.16.93.65 A (IP address) IN (0x0001) 104.16.92.65 A (IP address) IN (0x0001) 35.162.46.217 A (IP address) IN (0x0001) 52.27.206.225 A (IP address) IN (0x0001) 54.148.132.67 A (IP address) IN (0x0001) 34.208.7.8 A (IP address) IN (0x0001) 34.208.65.55 A (IP address) IN (0x0001) 35.166.207.87 A (IP address) IN (0x0001) 52.37.241.214 A (IP address) IN (0x0001) 34.210.48.174 A (IP address) IN (0x0001) CNAME (Canonical name) CNAME (Canonical name) IN (0x0001) IN (0x0001) 28 IN (0x0001) 28 IN (0x0001) CNAME (Canonical name) CNAME (Canonical name) IN (0x0001) IN (0x0001) 95.101.72.200 A (IP address) IN (0x0001) 95.101.72.218 A (IP address) IN (0x0001) CNAME (Canonical name) IN (0x0001) 34.212.55.103 A (IP address) IN (0x0001) Copyright Joe Security LLC 2018 Page 17 of 65

IP IP Trans ID Replay Code Name CName Address Type Class 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 02:11:06.442424059 8.8.8.8 192.168.2.20 0x1fa No error (0) pipeline-edge- prod-25-561439127.uswest-2.elb.amaz onaws.com 54.149.52.189 A (IP address) IN (0x0001) 54.68.141.132 A (IP address) IN (0x0001) 52.36.71.24 A (IP address) IN (0x0001) 52.89.179.237 A (IP address) IN (0x0001) 34.217.184.213 A (IP address) IN (0x0001) 54.191.241.246 A (IP address) IN (0x0001) 52.38.149.111 A (IP address) IN (0x0001) 02:11:06.443092108 8.8.8.8 192.168.2.20 0x97f8 No error (0) telemetry- incoming.r53-2.services.mozill a.com pipeline-edge-prod-25-561439127.us-west- 2.elb.amazonaws.com CNAME (Canonical name) IN (0x0001) HTTP Request Dependency Graph 204.48.24.72 HTTP Packets Session ID IP ination IP ination 0 192.168.2.20 41740 204.48.24.72 80 kbytes transferred Direction Data 02:10:07.585344076 0 OUT GET / HTTP/1.1 Host: 204.48.24.72 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive Upgrade-Insecure-Requests: 1 Copyright Joe Security LLC 2018 Page 18 of 65

kbytes transferred Direction Data 02:10:07.682708025 2 IN HTTP/1.1 200 OK Server: nginx/1.10.3 (Ubuntu) Date: Fri, 29 Jun 2018 00:10:07 GMT Content-Type: text/html Last-Modified: Tue, 26 Jun 2018 03:57:07 GMT Transfer-Encoding: chunked Connection: keep-alive ETag: W/"5b31b993-a8a" Content-Encoding: gzip Data Raw: 35 31 66 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ad 56 59 7f d3 48 0c 7f f7 a7 10 c6 e0 04 70 12 a7 a5 a5 71 5d 68 cb d2 83 1e bb 5c 0b a5 fc 5c c7 1e 8f a7 f1 31 8c 27 71 d2 6c f6 b3 af 7c 24 69 d8 76 e1 61 f3 12 8d a4 19 49 7f 49 96 1e 6e 3f 30 0c c5 0b dd 34 b3 dd be e7 93 80 86 ec 7a 10 c5 49 ca cd ee da fa f3 8d cd 17 5b 9d dd bd fd d7 bf bd 39 38 3c 3a 7e 7b 72 7a 76 fe bb 42 12 29 52 3e b1 bb 9b ad f5 6e eb c5 7a 6b bd d3 55 82 61 e2 49 96 26 e0 b3 cc 4b 85 df 68 c2 14 82 54 00 03 96 c0 d4 6c b5 36 66 60 81 9f 02 f1 c2 14 8c 04 b4 69 69 b9 f7 6e f7 ec f5 f9 e9 23 6d fa b0 3c cf 7a e6 ac d0 4b 88 05 33 25 21 b9 d3 77 b3 d0 d6 1a f5 c3 4d cb e9 db 44 5a ce b5 cd c3 52 ee a7 74 45 4c 6d 19 5a 0e b3 25 2f c5 03 16 45 fd 54 ae a8 78 b6 88 2c 27 b0 d3 44 49 63 12 11 29 c9 8a 9c d8 7c 62 39 ae 9d d3 f2 09 3a 74 85 bf a2 10 da 21 ba e0 db de d0 72 06 36 57 08 a5 99 dd d0 37 e2 71 eb 9a 53 1d 90 9a 13 74 c1 a2 35 6b 6d c1 5a ab 58 4d c5 13 69 22 dd 3e 18 42 c9 b9 dd 50 db 32 e6 2a a8 ed 91 2b 2a f2 8a e7 fe 55 53 29 11 e5 05 a4 da 34 e7 5f 5f 7d 9b 29 7e aa 78 3e 68 8c 2b 22 c6 fb 01 c8 74 e8 85 10 4f 32 12 05 8a c7 e1 ca 4b e3 d8 4d 7c 30 46 95 ec 0a 5a ed 52 49 a9 ff f1 5c ab b3 00 be c2 03 30 82 05 0b be 59 20 43 92 28 1e 7a c8 92 21 51 48 94 91 3b 6d f5 05 71 07 4a c0 d0 a5 84 14 ae 36 1a cc ee 58 6c 1b 73 5b 17 cd cc 62 4f 9f 36 9b 65 21 84 e9 30 23 39 0b 88 ad 6a 0b 5a 9b d6 9a bd bf 19 56 82 5a 95 c2 dc 5c 81 45 9b e3 eb 2d ce 7c 98 a3 b3 e4 cc 45 e8 04 c6 3b 97 83 41 c6 c4 1b 22 be 11 01 43 4e 38 81 a0 e2 41 01 59 00 d3 19 5c 5a f0 b8 be 85 36 7e fd 06 56 38 e6 be 4a 48 51 04 f3 94 d4 b9 d0 e6 e5 a5 94 c8 6a 8d 5b b9 d0 1c 57 73 fa f0 17 e4 1e 18 51 13 6d 7e 07 73 01 77 2d d5 9c 50 73 58 af dd 5e 42 d4 d6 0a 8b c6 39 a6 68 f9 3c 89 ee 30 e0 6b de fd cf fb 9a e3 c1 fd cf a7 3f 7f de 21 9a 43 35 27 b8 cf 46 ed 91 b6 d0 33 3e 41 77 e7 b1 89 fa 19 f1 41 cf da ad 27 70 d9 f8 da 31 b6 be 5d 36 5b 4b ea 49 fb d2 bc ec b6 75 c4 24 92 a0 ae 75 d4 5b b0 cc 8d 1a 1e a8 81 48 63 18 8a 28 62 7d 60 31 4f 85 2c 4e 82 48 c1 c8 08 3f 20 b7 0e 0d fd be 58 f5 67 a0 df 82 52 6f aa 55 89 df f2 7b d5 54 4b 90 ef 43 92 c9 ff d5 24 b6 cd 9d 39 74 ae 35 67 70 1f c2 5a 25 35 04 42 c1 22 e2 f0 a1 74 8a 3e c5 1e ca 1a 2b 41 3d c3 8f 31 27 c9 7f a3 20 74 6c 4d b5 e8 60 2f 8c 53 1f 36 37 37 57 aa 20 49 c3 21 5f e1 64 11 21 1c 4c fc 90 2c 4b b1 e2 ad 29 3c 83 31 3a 4e 05 6a 18 6f 40 6f b7 db fa e2 3c 2a f9 75 57 bc fc a1 f6 57 3f 35 ab 9f 95 72 7c a8 95 8d ae 85 6d a6 ea 5a 47 57 c1 ca 43 44 00 a4 18 12 0b a7 4c a5 f0 dc 82 5f f0 c2 2a 0b 15 df 79 89 ef ac 74 21 dc 89 83 f5 Data Ascii: 51fVYHpq]h\\1'ql $ivaiin?04zi[98<:~{rzvb)r>nzkuai&khtl6f`iin#m<zk3%!wmdzrtelmz%/etx,'dic) b9:t!r6w 7qSt5kmZXMi">BP2*+*US)4 })~x>h+"to2km 0FZRI\0Y C(z!QH;mqJ6Xls[bO6e!0#9jZVZ\E- E;A"CN8AY\Z6~V8JHQj[W sqm~sw-psx^b9h<0k?!c5'f3>awa'p1]6[kiu$u[hc(b}`1o,nh? XgRoU{TKC$9t5gpZ%5B"t>+A=1' tlm`/s677w I!_d!L,K) <1:Njo@o<*uWW?5r mzgwcdl_*yt! 02:10:10.125053883 695 OUT GET /favicon.ico HTTP/1.1 Host: 204.48.24.72 User-Agent: Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:59.0) Gecko/20100101 Firefox/59.0 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8 Accept-Language: en-us,en;q=0.5 Accept-Encoding: gzip, deflate Connection: keep-alive 02:10:10.222352982 700 IN HTTP/1.1 404 Found Server: nginx/1.10.3 (Ubuntu) Date: Fri, 29 Jun 2018 00:10:10 GMT Content-Type: text/html Transfer-Encoding: chunked Connection: keep-alive Content-Encoding: gzip Data Raw: 38 64 0d 0a 1f 8b 08 00 00 00 00 00 00 03 b3 c9 28 c9 cd b1 e3 e5 b2 c9 48 4d 4c b1 b3 29 c9 2c c9 49 b5 33 31 30 51 f0 cb 2f 51 70 cb 2f cd 4b b1 d1 87 08 da e8 83 95 00 95 26 e5 a7 54 2a 24 a5 27 e7 e7 e4 17 d9 2a 95 67 64 96 a4 2a 81 8c 48 4e cd 2b 49 2d b2 b3 c9 30 44 37 01 28 62 a3 0f 95 06 d9 05 54 04 e5 e5 a5 67 e6 55 e8 1b ea 19 1a e8 19 2b 68 84 26 95 e6 95 94 6a 22 ab d5 07 d9 06 32 5d 1f ea 52 00 65 bb 71 b5 b2 00 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: 8d(HML),I310Q/Qp/K&T*$'*gd*HN+I-0D7(bTgU+h&j"2]Req0 HTTPS Packets 02:10:08.160612106 IP IP Subject Issuer 443 41180 185.216.24.82 192.168.2.20 CN=transfer.sh CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US Thu Jun 21 08:48:20 2018 Wed Sep 19 08:48:20 2018 Raw [[ Version: V3 Subject: CN=transfer.sh Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: SunPKCS11- NSS EC public key, 256 bits (id 1, session object) public x coord: 450506519940434243984658165006260523040 44002992669650529747967013314795010610 public y coord: 921347677037849404178973819854154138833 14810483776120865712268396382066384537 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Thu Jun 21 08:48:20 2018, To: Wed Sep 19 08:48:20 2018] Issuer: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US SerialNumber: [ 045d75cc 2440e219 b7dacb2c fc5013fc 9b53]Certificate Extensions: 9[1]: ObjectId: 1.3.6.1.4.1.11129.2.4.2 Criticality=falseExtension unknown: DER encoded OCTET string =0000: 04 81 F4 04 81 F1 00 EF 00 75 00 55 81 D4 C2 16...u.U...0010: 90 36 01 4A EA 0B 9B 57 3C 53 F0 C0 E4 38 78 70 Copyright Joe Security LLC 2018 Page 19 of 65

IP IP Subject Issuer.6.J...W<S...8xp0020: 25 08 17 2F A3 AA 1D 07 Raw13 D3 0C 00 00 01 64 21 %../...d!0030: 50 CB D7 00 00 04 03 00 46 30 44 02 20 5D E5 B4 P...F0D. ]..0040: AE 4B 25 CB A2 31 19 C2 72 38 19 F2 65 1F 8C 73.K%..1..r8..e..s0050: 20 B4 B5 18 67 9A 12 80 10 9C 8F 18 2A 02 20 7B...g...*..0060: 86 E6 96 56 AE E1 FF AE 83 2F DE 24 14 26 1C CE...V.../.$.&..0070: AB 0B 82 83 4C 51 D8 28 07 CF F8 02 D8 D8 24 00...LQ.(...$.0080: 76 00 29 3C 51 96 54 C8 39 65 BA AA 50 FC 58 07 v.) <Q.T.9e..P.X.0090: D4 B7 6F BF 58 7A 29 72 DC A4 C3 0C F4 E5 45 47..o.Xz)r...EG00A0: F4 78 00 00 01 64 21 50 CB C3 00 00 04 03 00 47.x...d!P...G00B0: 30 45 02 20 41 7E 90 40 1F CE 6C 0D D7 2D AE 8B 0E. A..@..l..-..00C0: 3B 09 8A 03 09 D6 C5 80 B5 1E F3 D2 CE 01 F0 D2 ;...00D0: 1E 7F B4 89 02 21 00 E3 0B 03 B9 A4 60 D4 47 FF...!...`.G.00E0: 71 21 E1 11 DD 15 78 DA 03 7F EF 0D C5 B4 CF E2 q!...x...00f0: C8 8B 99 D0 DF 53 5B...S[[2]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessmethod: ocsp accesslocation: URIName: http://ocsp.int-x3.letsencrypt.org, accessmethod: caissuers accesslocation: URIName: http://cert.int-x3.letsencrypt.org/]][3]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: A8 4A 6A 63 04 7D DD BA E6 D1 39 B7 A6 45 65 EF.Jjc...9..Ee.0010: F3 A8 EC A1...]][4]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.1][] ] [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1] [PolicyQualifierInfo: [ qualifierid: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1A 68 74 74 70 3A 2F 2F 63 70 73 2E 6C 65 74..http://cps.let0010: 73 65 6E 63 72 79 70 74 2E 6F 72 67 sencrypt.org], PolicyQualifierInfo: [ qualifierid: 1.3.6.1.5.5.7.2.2 qualifier: 0000: 30 81 9E 0C 81 9B 54 68 69 73 20 43 65 72 74 69 0...This Certi0010: 66 69 63 61 74 65 20 6D 61 79 20 6F 6E 6C 79 20 ficate may only 0020: 62 65 20 72 65 6C 69 65 64 20 75 70 6F 6E 20 62 be relied upon b0030: 79 20 52 65 6C 79 69 6E 67 20 50 61 72 74 69 65 y Relying Partie0040: 73 20 61 6E 64 20 6F 6E 6C 79 20 69 6E 20 61 63 s and only in ac0050: 63 6F 72 64 61 6E 63 65 20 77 69 74 68 20 74 68 cordance with th0060: 65 20 43 65 72 74 69 66 69 63 61 74 65 20 50 6F e Certificate Po0070: 6C 69 63 79 20 66 6F 75 6E 64 20 61 74 20 68 74 licy found at ht0080: 74 70 73 3A 2F 2F 6C 65 74 73 65 6E 63 72 79 70 tps://letsencryp0090: 74 2E 6F 72 67 2F 72 65 70 6F 73 69 74 6F 72 79 t.org/repository00a0: 2F /]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverauth clientauth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: transfer.sh][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 57 69 3B CF 36 76 EF C9 96 07 E0 36 53 75 FA 0F Wi;.6v...6Su..0010: 73 0D 17 D1 s...]]] Algorithm: [SHA256withRSA] Signature:0000: 4C E1 A2 BC 99 EC E9 71 97 65 0E 15 A2 62 EA AB L...q.e...b..0010: F8 9C E8 9C 95 7C 41 EF 87 A1 48 3D 94 8C 49 1F...A...H=..I.0020: 5E 6C 3F 6F 12 AA 3F 6D C2 70 01 20 07 8E 41 91 ^l?o..?m.p...a.0030: 28 08 4A 34 55 F2 C4 C2 FE 25 4F 91 67 FA 4D A2 (.J4U...%O.g.M.0040: 33 D0 70 EA BB 9B 01 48 BD 8E CA E1 57 F7 2E AE 3.p...H...W...0050: BE BB CE AC C7 62 48 50 0C 14 2F 92 A8 DB B5 C0...bHP../...0060: AD 47 06 A9 C3 E0 8F DE 35 40 90 0B 89 CB 2E 61.G...5@...a0070: 7F 38 84 19 D2 3C 9A B8 1F 13 FC A9 78 22 29 CB.8... <...x").0080: D2 D7 2A 46 E0 BE E0 CF A7 Copyright Joe Security LLC 2018 Page 20 of 65

IP IP Subject Issuer EF 7A BE F0 71 51 63..*F...z..qQc0090: 30 B8 Raw7C 89 13 8D A9 B4 3E C2 EF 97 C4 2F 5B BE 0...>.../[.00A0: 85 35 9E EB 5C 7C 3D 1C 1E 37 29 42 6A D8 5D FA.5..\.=..7)Bj.].00B0: 19 CB 2F AC CB 47 65 66 38 1C DD D9 A3 23 BA 4E../..Gef8...#.N00C0: D6 10 C3 9B C2 6B 33 F5 13 C0 40 83 AC 8B 3A 96...k3...@...:.00D0: 84 45 AF 76 C3 FA B9 C0 76 BB B8 8B F2 29 44 7F.E.v...v...)D.00E0: 0A 1C 80 A0 49 DF A3 C2 07 F8 90 12 5B FD E4 81...I... [...00F0: 1F 32 9B BD 35 F2 B2 20 8D A6 A8 88 88 1E 05 4C.2..5.....L] Copyright Joe Security LLC 2018 Page 21 of 65

02:10:08.160612106 IP IP Subject Issuer 443 41180 185.216.24.82 192.168.2.20 CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US CN=DST Root CA X3, O=Digital Signature Trust Co. Thu Mar 17 17:40:46 CET 2016 Wed Mar 17 17:40:46 CET 2021 Raw [[ Version: V3 Subject: CN=Let's Encrypt Authority X3, O=Let's Encrypt, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 197972484760754376823558522464922271829 250252098945276463898633062572721623277 174384760969607515298944131379237828072 588282376267579469535502237432586560593 519482114277991142639484992321217385902 217742141319838905563914363362702142666 564471692778009714168844326286422885056 278781761381014397557521964849722906414 994890768463523904542010287359819602756 474820143593700412380106077286118283455 345721526352801721555980359598786593709 290229664134020971298575055685094532684 670657661563111362968020464381836979809 089778659995004057602267068934154834607 475037057926690604061820221814413169674 15301631965711690685520847684499 public exponent: 65537 Validity: [From: Thu Mar 17 17:40:46 CET 2016, To: Wed Mar 17 17:40:46 CET 2021] Issuer: CN=DST Root CA X3, O=Digital Signature Trust Co. SerialNumber: [ 0a014142 00000153 85736a0b 85eca708]Certificate Extensions: 7[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessmethod: ocsp accesslocation: URIName: http://isrg.trustid.ocsp.identrust.com, accessmethod: caissuers accesslocation: URIName: http://apps.identrust.com/roots/dstrootcax3.p7c] ][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: C4 A7 B1 A4 7B 2C 71 FA DB E1 4B 90 75 FF C4 15...,q...K.u...0010: 60 85 89 10 `...]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.identrust.com/dstrootcax3crl.crl ]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.1][] ] [CertificatePolicyId: [1.3.6.1.4.1.44947.1.1.1] [PolicyQualifierInfo: [ qualifierid: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 22 68 74 74 70 3A 2F 2F 63 70 73 2E 72 6F 6F."http://cps.roo0010: 74 2D 78 31 2E 6C 65 74 73 65 6E 63 72 79 70 74 t-x1.letsencrypt0020: 2E 6F 72 67.org]] ]] [6]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][7]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: A8 4A 6A 63 04 7D DD BA E6 D1 39 B7 A6 45 65 EF.Jjc...9..Ee.0010: F3 A8 EC A1...]]] Algorithm: [SHA256withRSA] Signature:0000: DD 33 D7 11 F3 63 58 38 DD 18 15 FB 09 55 BE 76.3...cX8...U.v0010: 56 B9 70 48 A5 69 47 27 7B C2 24 08 92 F1 5A 1F V.pH.iG'..$...Z.0020: 4A 12 29 37 24 74 51 1C 62 68 B8 CD 95 70 67 E5 J.)7$tQ.bh...pg.0030: F7 A4 BC 4E 28 51 CD 9B E8 AE 87 9D EA D8 BA 5A...N(Q...Z0040: A1 01 9A DC F0 DD 6A 1D 6A D8 3E 57 23 9E A6 1E...j.j.>W#...0050: 04 62 9A FF D7 05 CA B7 1F 3F C0 0A 48 BC 94 B0.b...?..H...0060: B6 65 62 E0 C1 54 E5 A3 2A AD 20 C4 E9 E6 BB DC.eb..T..*....0070: C8 F6 B5 C3 32 A3 98 CC 77 A8 E6 79 65 07 2B CB...2...w..ye.+.0080: 28 FE 3A 16 52 81 CE 52 0C 2E 5F 83 E8 D5 06 33 (.:.R..R.._...30090: FB 77 6C CE 40 EA 32 9E 1F 92 5C 41 C1 74 6C 5B.wl.@.2...\A.tl[00A0: 5D 0A 5F 33 CC 4D 9F AC 38 F0 2F 7B 2C 62 9D D9 ]._3.M..8./.,b..00B0: A3 91 6F 25 1B 2F 90 B1 19 46 3D F6 7E 1B A6 7A..o%./...F=...z00C0: 87 B9 A3 7A 6D 18 FA 25 A5 91 87 15 E0 F2 16 2F...zm..%.../00D0: 58 B0 06 2F 2C 68 26 C6 4B 98 CD DA 9F 0C F9 7F X../,h&.K...00E0: 90 ED 43 4A 12 44 4E 6F 73 7A 28 EA A4 AA 6E 7B Copyright Joe Security LLC 2018 Page 22 of 65

IP IP Subject Issuer 02:10:08.313493013 443 54894 216.58.210.10 192.168.2.20 CN=*.googleapis.com, O=Google LLC, L=Mountain View, ST=California, C=US CN=Google Internet Authority G3, O=Google Trust Services, C=US Tue Jun 12 15:19:51 2018 Tue Aug 21 14:13:00 2018..CJ.DNosz(...n.00F0: 4C 7D 87 DD E0 C9 02 44 RawA7 87 AF C3 34 5B B4 42 L...D...4[.B] [[ Version: V3 Subject: CN=*.googleapis.com, O=Google LLC, L=Mountain View, ST=California, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: SunPKCS11-NSS EC public key, 256 bits (id 2, session object) public x coord: 342256751089633130336937458584319232604 29394233602470048040210064674944159396 public y coord: 552513892225765107243768471096047076478 48149373218657403393129221241379532093 parameters: secp256r1 [NIST P-256, X9.62 prime256v1] (1.2.840.10045.3.1.7) Validity: [From: Tue Jun 12 15:19:51 2018, To: Tue Aug 21 14:13:00 2018] Issuer: CN=Google Internet Authority G3, O=Google Trust Services, C=US SerialNumber: [ 735ee34f f7193eaa]certificate Extensions: 9[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessmethod: caissuers accesslocation: URIName: http://pki.goog/gsr2/gtsgiag3.crt, accessmethod: ocsp accesslocation: URIName: http://ocsp.pki.goog/gtsgiag3]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..p.gvv.-...0010: A6 7E BA 4B...K]] [3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:false PathLen: undefined][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/gtsgiag3.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [1.3.6.1.4.1.11129.2.5.3][] ] [CertificatePolicyId: [2.23.140.1.2.2][] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverauth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature][8]: ObjectId: 2.5.29.17 Criticality=falseSubjectAlternativeName [ DNSName: *.googleapis.com DNSName: *.clients6.google.com DNSName: *.cloudendpointsapis.com DNSName: cloudendpointsapis.com DNSName: googleapis.com][9]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: C8 D0 18 16 A1 E2 DE 78 61 8C 1B 3F 01 2E 26 7B...xa..?..&.0010: 2A 87 B6 F1 *...]]] Algorithm: [SHA256withRSA] Signature:0000: 88 2D 46 4F 18 60 69 E9 8C 09 76 15 87 70 2B 83.-FO.`i...v..p+.0010: 2A AE 82 B0 D1 19 4A 5A 15 2B 2C 6D 60 2D FD 0A *...JZ.+,m`-..0020: 34 42 A0 AB D8 7E 0B BE C2 DE E1 AE CF F3 9C AF 4B...0030: BA C9 2C CC AE 28 E8 35 CC E4 97 06 80 D1 F6 26..,..(.5...&0040: D6 5F 14 A4 0D 86 D5 93 63 23 2A 83 43 F5 5D 0F._...c#*.C.].0050: D4 40 0A B6 E1 F3 2E 6A 30 C7 C6 97 31 94 8C 25.@...j0...1..%0060: 7A 8F 49 32 74 8E F8 9E CE 38 63 8E 05 2C FE D0 z.i2t...8c..,..0070: F6 04 73 68 5B 42 C5 33 FB BA 5E 2A 0B 4C AE 80..sh[B.3..^*.L..0080: E0 29 69 B6 C5 55 90 08 5E 11 47 7D 84 B5 00 A6.)i..U..^.G...0090: B5 84 D4 25 4E 5A 9F AE F3 FB FC 3F 9D E7 74 34...%NZ...?..t400A0: E3 10 33 E6 15 BA D5 82 F7 09 76 EA C4 35 58 63..3...v..5Xc00B0: B6 11 97 11 95 C5 A7 1D CA 7C FD 6D 2E A9 1F 4D...m...M00C0: 99 C5 5E 54 7E 62 D7 79 8F 07 12 0D 1D 29 CE 56..^T.b.y...).V00D0: A4 94 10 FF 38 E0 50 D5 F3 CB 91 6E F9 C4 64 AE...8.P...n..d.00E0: 58 92 D4 09 91 DA 74 83 FC F0 4C 5D 49 DD C0 EE X...t...L]I...00F0: F3 D6 B3 01 7E D3 2E 5B 50 D6 CB C2 DC 60 F7 5A...[P...`.Z] Copyright Joe Security LLC 2018 Page 23 of 65

IP IP Subject Issuer 443 54894 216.58.210.10 192.168.2.20 CN=Google Internet 02:10:08.313493013 Authority G3, O=Google Trust Services, C=US CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 Thu Jun 15 02:00:42 2017 Wed Dec 15 01:00:42 CET 2021 Raw [[ Version: V3 Subject: CN=Google Internet Authority G3, O=Google Trust Services, C=US Signature Algorithm: SHA256withRSA, OID = 1.2.840.113549.1.1.11 Key: Sun RSA public key, 2048 bits modulus: 255407195400965498019675322156223880280 573409785920806091417323821641546468162 965260831217416696791123852378338653849 184876993542325627751183681468582935957 359275257415481999215807055267903855778 461062389214391034923924796183358570287 469549304966487664722360396218759199704 877098396735765094202994237760772741463 966256839213249359842979370243553127122 147698396089067265488572252748206448557 353854443613187834943352597389823621372 652824862770747905154992226828911216165 632340426372638915592490113617348531444 922419924335280664111563179913554058304 104646735959978491669145733540174916573 53926030969623191808378512203827 public exponent: 65537 Validity: [From: Thu Jun 15 02:00:42 2017, To: Wed Dec 15 01:00:42 CET 2021] Issuer: CN=GlobalSign, O=GlobalSign, OU=GlobalSign Root CA - R2 SerialNumber: [ 01e3a930 1cfc7206 383f9a53 1d]Certificate Extensions: 8[1]: ObjectId: 1.3.6.1.5.5.7.1.1 Criticality=falseAuthorityInfoAccess [ [ accessmethod: ocsp accesslocation: URIName: http://ocsp.pki.goog/gsr2]][2]: ObjectId: 2.5.29.35 Criticality=falseAuthorityKeyIdentifier [KeyIdentifier [0000: 9B E2 07 57 67 1C 1E C0 6A 06 DE 59 B4 9A 2D DF...Wg...j..Y..-.0010: DC 19 86 2E...]][3]: ObjectId: 2.5.29.19 Criticality=trueBasicConstraints:[ CA:true PathLen:0][4]: ObjectId: 2.5.29.31 Criticality=falseCRLDistributionPoints [ [DistributionPoint: [URIName: http://crl.pki.goog/gsr2/gsr2.crl]]][5]: ObjectId: 2.5.29.32 Criticality=falseCertificatePolicies [ [CertificatePolicyId: [2.23.140.1.2.2] [PolicyQualifierInfo: [ qualifierid: 1.3.6.1.5.5.7.2.1 qualifier: 0000: 16 1C 68 74 74 70 73 3A 2F 2F 70 6B 69 2E 67 6F..https://pki.go0010: 6F 67 2F 72 65 70 6F 73 69 74 6F 72 79 2F og/repository/]] ]][6]: ObjectId: 2.5.29.37 Criticality=falseExtendedKeyUsages [ serverauth clientauth][7]: ObjectId: 2.5.29.15 Criticality=trueKeyUsage [ DigitalSignature Key_CertSign Crl_Sign][8]: ObjectId: 2.5.29.14 Criticality=falseSubjectKeyIdentifier [KeyIdentifier [0000: 77 C2 B8 50 9A 67 76 76 B1 2D C2 86 D0 83 A0 7E w..p.gvv.-...0010: A6 7E BA 4B...K]]] Algorithm: [SHA256withRSA] Signature:0000: 1C B7 89 96 E4 53 ED BB EC DB A8 32 01 9F 2C A3...S...2..,.0010: CD 6D AD 42 12 77 B3 B8 E6 C9 03 52 60 20 7B 57.m.B.w...R`.W0020: 27 C6 11 B5 3F 67 0D 99 2C 5B 5A CA 22 0A DD 9E '...?g..,[z."...0030: BB 1F 4B 48 3F 8F 02 3D 8B 21 84 45 1D 6D F5 FF..KH?..=.!.E.m..0040: AC 68 89 CD 64 E2 D6 D6 5E 40 C2 8E 2A F7 EF 14.h..d...^@..*...0050: D3 36 A4 40 30 F5 32 15 15 92 76 FB 7E 9E 53 EA.6.@0.2...v...S.0060: C2 76 FC 39 AD 88 FE 66 92 26 E9 1C C4 38 CD 49.v.9...f.&...8.I0070: FA 43 87 F0 5D D6 56 4D 81 D7 7F F1 C2 DD B0 4D.C..].VM...M0080: FE C3 2A 6E 7C 9F 6E 5C ED 62 42 99 E1 F7 36 EE..*n..n\.bB...6.0090: 14 8C 2C 20 E3 46 97 5A 77 03 C0 A0 C6 4A 88 FD..,.F.Zw...J..00A0: 40 22 87 72 5A 18 EA 9C A5 C7 5A 08 8C E4 05 A4 @".rz...z...00b0: 7D B9 84 35 5F 89 36 56 0E 40 3D 12 E8 BB 35 72...5_.6V.@=...5r00C0: ED AF 08 56 4E B0 BB 2E A9 9B E4 FB 1D 3E 0B 63...VN...>.c00D0: C8 9B 4B 91 44 66 57 C0 14 B4 96 F0 DC 2C 57 3F..K.DfW...,W? 00E0: 52 04 AD 95 AA 7D 4D D0 F2 0C 9F 9C 40 E8 D6 55 R...M...@..U00F0: 73 BA 3C DF 90 CB 00 5B 21 11 67 C2 ED 32 1E DE s.<...[!.g..2..] Copyright Joe Security LLC 2018 Page 24 of 65

2024 © hobbydocbox.com Privacy Policy | Terms of Service | Feedback