https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%252F%252Fmarketpowervaluation.com%252Fsaad%252FZS%252Fd7b47c3413b16e5ebbcfaae4211d29df%252Fenterpassword.php%253F7J7i19157652594419cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a%2526AP___%253Daa%2540ee.com%2526error%253D
This report is generated from a file or URL submitted to this webservice on December 16th 2019 20:11:57 (UTC) and action script Default browser analysis
Guest System: Windows 7 32 bit, Professional, 6.1 (build 7601), Service Pack 1
Report generated by
Falcon Sandbox v8.30 © Hybrid Analysis
Incident Response
Risk Assessment
- Network Behavior
- Contacts 1 domain and 3 hosts. View all details
MITRE ATT&CK™ Techniques Detection
Indicators
Not all malicious and suspicious indicators are displayed. Get your own cloud service or the full version to view all details.
-
Suspicious Indicators 5
-
Anti-Detection/Stealthyness
-
Possibly checks for the presence of an Antivirus engine
- details
-
"SymanTec" (Indicator: "symantec")
"symantec" (Indicator: "symantec")
"Symantec" (Indicator: "symantec") - source
- File/Memory
- relevance
- 3/10
- ATT&CK ID
- T1063 (Show technique in the MITRE ATT&CK™ matrix)
-
Possibly checks for the presence of an Antivirus engine
-
External Systems
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
- details
-
1/72 reputation engines marked "https://sitereview.bluecoat.com/" as malicious (1% detection rate)
1/72 reputation engines marked "http://sitereview.bluecoat.com" as malicious (1% detection rate)
1/72 reputation engines marked "https://sitereview.bluecoat.com" as malicious (1% detection rate) - source
- External System
- relevance
- 10/10
-
Found an IP/URL artifact that was identified as malicious by at least one reputation engine
-
Network Related
-
Malicious artifacts seen in the context of a contacted host
- details
-
Found malicious artifacts related to "205.185.216.42": ...
URL: https://cdn.flashtalking.com/113239/2845856/index.html (AV positives: 1/72 scanned on 12/16/2019 19:20:40)
URL: http://media-cdn.appiversal.cloud/ (AV positives: 1/72 scanned on 12/16/2019 18:25:07)
URL: http://static1.dongqiudi.com/web-new/static/game-new/html/games/2048.apk (AV positives: 2/72 scanned on 12/16/2019 16:57:10)
URL: http://js.wpncdn.com/ (AV positives: 2/72 scanned on 12/16/2019 16:01:39)
URL: http://kkcdn-static.kaskus.co.id/user/avatar/2009/01/26/ (AV positives: 2/72 scanned on 12/16/2019 15:32:18)
File SHA256: a5f9ee83df545f7f01b5f17bf1ecaded9bbe771eceb454e249c4790ef294e123 (Date: 12/16/2019 10:01:15)
File SHA256: c48d91091c3bb61c80c75c863b849b6610b2e4cfe621ddeb8cafd3dbcbb0006c (Date: 12/16/2019 09:49:46)
File SHA256: 5ed1227d31b71fefb9a51c5ffab0db20fd13fa6759c3c9f8c5e287dc51730c0b (Date: 12/16/2019 09:43:35)
File SHA256: 9d969e8a52ae275cb07c1164d9daa34d5409f8f655801cb34a3265582dfc8fcd (Date: 12/16/2019 09:32:58)
File SHA256: 4aa003e8bc331aaa5659c9ea64dc514f8db3d61231cbf7c36348962dac5a4a82 (Date: 12/16/2019 09:11:25)
File SHA256: 493be4db115e6469f68ac27d889f340ddf50641d02096fc25b7980ab74876753 (AV positives: 3/71 scanned on 12/11/2019 15:48:45)
File SHA256: 59cdf29a163c8b96f3ddf44b359a7495d13aecbd0d7321281f7c6a5e7beebff1 (AV positives: 18/69 scanned on 12/03/2019 18:50:42)
File SHA256: 0ab176ef98a1b23584fe661c810e4aedefd787c8965cd2a9727d9093d452cacc (AV positives: 1/71 scanned on 12/03/2019 10:43:25)
File SHA256: f307395dff49121e80b09343515c103a8187bacb118eb842e5cd62b980cda413 (AV positives: 2/72 scanned on 12/02/2019 10:36:46)
File SHA256: d8683d9c81665a8be58fffa102abb103b2704fc107d0d0f3c1d824cc6b90ab1f (AV positives: 9/70 scanned on 11/25/2019 12:25:22) - source
- Network Traffic
- relevance
- 10/10
-
Sends traffic on typical HTTP outbound port, but without HTTP header
- details
-
TCP traffic to 8.28.16.207 on port 443 is sent without HTTP header
TCP traffic to 205.185.216.42 on port 80 is sent without HTTP header
TCP traffic to 184.30.187.53 on port 443 is sent without HTTP header - source
- Network Traffic
- relevance
- 5/10
-
Malicious artifacts seen in the context of a contacted host
-
Spyware/Information Retrieval
-
Found an instant messenger related domain
- details
-
"{switch(t){case":enter":return"void => *";case":leave":return"* => void";case":increment":return function(t,e){return parseFloat(e)>parseFloat(t)};case":decrement":return function(t,e){return parseFloat(e)<parseFloat(t)};default:return e.push('The transition alias value "'+t+'" is not supported'),"* => *"}}(t,n);if("function"==typeof r)return void e.push(r);t=r}var i=t.match(/^(\*|[-\w]+)\s*(<?[=-]>)\s*(\*|[-\w]+)$/);if(null==i||i.length<4)return n.push('The provided transition expression "'+t+'" is not supported'),e;var o=i[1],l=i[2],s=i[3];e.push(pb(o,s)),"<"!=l[0]||o==ab&&s==ab||e.push(pb(s,o))}(t,i,r)}):i.push(n),i),animation:o,queryCount:e.queryCount,depCount:e.depCount,options:yb(t.options)}},t.prototype.visitSequence=function(t,e){var n=this;return{type:2,steps:t.steps.map(function(t){return lb(n,t,e)}),options:yb(t.options)}},t.prototype.visitGroup=function(t,e){var n=this,r=e.currentTime,i=0,o=t.steps.map(function(t){e.currentTime=r;var o=lb(n,t,e);return i=Math.max(i,e.currentTime),o});return e.currentTime=i,{type:3,steps:o,options:yb(t.options)}},t.prototype.visitAnimate=function(t,e){var n,r=function(t,e){var n=null;if(t.hasOwnProperty("duration"))n=t;else if("number"==typeof t)return vb(q_(t,e).duration,0,"");var r=t;if(r.split(/\s+/).some(function(t){return"{"==t.charAt(0)&&"{"==t.charAt(1)})){var i=vb(0,0,"");return i.dynamic=!0,i.strValue=r,i}return vb((n=n||q_(r,e)).duration,n.delay,n.easing)}(t.timings,e.errors);e.currentAnimateTimings=r;var i=t.styles?t.styles:Lm({});if(5==i.type)n=this.visitKeyframes(i,e);else{var o=t.styles,l=!1;if(!o){l=!0;var s={};r.easing&&(s.easing=r.easing),o=Lm(s)}e.currentTime+=r.duration+r.delay;var a=this.visitStyle(o,e);a.isEmptyStep=l,n=a}return e.currentAnimateTimings=null,{type:4,timings:r,style:n,options:null}},t.prototype.visitStyle=function(t,e){var n=this._makeStyleAst(t,e);return this._validateStyleAst(n,e),n},t.prototype._makeStyleAst=function(t,e){var n=[];Array.isArray(t.styles)?t.styles.forEach(function(t){"string"==typeof t?t==Rm?n.push(t):e.errors.push("The provided style string value "+t+" is not allowed."):n.push(t)}):n.push(t.styles);var r=!1,i=null;return n.forEach(function(t){if(mb(t)){var e=t,n=e.easing;if(n&&(i=n,delete e.easing),!r)for(var o in e)if(e[o].toString().indexOf("{{")>=0){r=!0;break}}}),{type:6,styles:n,easing:i,offset:t.offset,containsDynamicStyles:r,options:null}},t.prototype._validateStyleAst=function(t,e){var n=this,r=e.currentAnimateTimings,i=e.currentTime,o=e.currentTime;r&&o>0&&(o-=r.duration+r.delay),t.styles.forEach(function(t){"string"!=typeof t&&Object.keys(t).forEach(function(r){if(n._driver.validateStyleProperty(r)){var l,s,a,u=e.collectedStyles[e.currentQuerySelector],c=u[r],p=!0;c&&(o!=i&&o>=c.startTime&&i<=c.endTime&&(e.errors.push('The CSS property "'+r+'" that exists between the times of "'+c.startTime+'ms" and "'+c.endTime+'ms" is also being animated in a parallel animation between the times of "'+o+'ms" and "'+i+'ms"'),p=!1),o=c.startTime),p&&(u[r]={startTime:o,endTime:i}),e.options&&(l=e.errors,s=e.options.params||{},(a=J_(t[r])).length&&a.forEach(function(t){s.hasOwnProperty(t)||l.push("Unable to resolve the local animation param "+t+" in the given list of values")}))}else e.errors.push('The provided animation property "'+r+'" is not a supported CSS property for animations')})})},t.prototype.visitKeyframes=function(t,e){var n=this,r={type:5,styles:[],options:null};if(!e.currentAnimateTimings)return e.errors.push("keyframes() must be placed inside of a call to animate()"),r;var i=0,o=[],l=!1,s=!1,a=0,u=t.steps.map(function(t){var r=n._makeStyleAst(t,e),u=null!=r.offset?r.offset:function(t){if("string"==typeof t)return null;var e=null;if(Array.isArray(t))t.forEach(function(t){if(mb(t)&&t.hasOwnProperty("offset")){var n=t;e=parseFloat(n.offset),delete n.offset}});else if(mb(t)&&t.hasOwnProperty("offset")){var n=t;e=parseFloat(n.offset),delete n.offset}return e}(r.styles),c=0;return null!=u&&(i++,c=r.offset=u),s=s||c<0||c>1,l=l||c<a,a=c,o.push(c),r});s&&e.errors.push("Please ensure that all keyframe offsets are between 0 and 1"),l&&e.errors.push("Please ensure that all keyframe offsets are in order");var c=t.steps.length,p=0;i>0&&i<c?e.errors.push("Not all style() steps within the declared keyframes() contain offsets"):0==i&&(p=1/(c-1));var h=c-1,f=e.currentTime,d=e.currentAnimateTimings,g=d.duration;return u.forEach(function(t,i){var l=p>0?i==h?1:p*i:o[i],s=l*g;e.currentTime=f+d.delay+s,d.duration=s,n._validateStyleAst(t,e),t.offset=l,r.styles.push(t)}),r},t.prototype.visitReference=function(t,e){return{type:8,animation:lb(this,Y_(t.animation),e),options:yb(t.options)}},t.prototype.visitAnimateChild=function(t,e){return e.depCount++,{type:9,options:yb(t.options)}},t.prototype.visitAnimateRef=function(t,e){return{type:10,animation:this.visitReference(t.animation,e),options:yb(t.options)}},t.prototype.visitQuery=function(t,e){var n=e.currentQuerySelector,r=t.options||{};e.queryCount++,e.currentQuery=t;var i=u(function(t){var e=!!t.split(/\s*,\s*/).find(function(t){return":self"==t});return e&&(t=t.replace(hb,"")),[t=t.replace(/@\*/g,".ng-trigger").replace(/@\w+/g,function(t){return".ng-trigger-"+t.substr(1)}).replace(/:animating/g,".ng-animating"),e]}(t.selector),2),o=i[0],l=i[1];e.currentQuerySelector=n.length?n+" "+o:o,x_(e.collectedStyles,e.currentQuerySelector,{});var s=lb(this,Y_(t.animation),e);return e.currentQuery=null,e.currentQuerySelector=n,{type:11,selector:o,limit:r.limit||0,optional:!!r.optional,includeSelf:l,animation:s,originalSelector:t.selector,options:yb(t.options)}},t.prototype.visitStagger=function(t,e){e.currentQuery||e.errors.push("stagger() can only be used inside of query()");var n="full"===t.timings?{duration:0,delay:0,easing:"full"}:q_(t.timings,e.errors,!0);return{type:12,animation:lb(this,Y_(t.animation),e),timings:n,options:null}},t}(),gb=function(){return function(t){this.errors=t,this.queryCount=0,this.depCount=0,this.currentTransition=null,this.currentQuery=null,this.currentQuerySelector=null,this.currentAnimateTimings=null,this.currentTime=0,this.collectedStyles={},this.options=null}}();function mb(t){return!Array.isArray(t)&&"object"==typeof t}function yb(t){var e;return t?(t=W_(t)).params&&(t.params=(e=t.params)?W_(e):null):t={},t}function vb(t,e,n){return{duration:t,delay:e,easing:n}}function _b(t,e,n,r,i,o,l,s){return void 0===l&&(l=null),void 0===s&&(s=!1),{type:1,element:t,keyframes:e,preStyleProps:n,postStyleProps:r,duration:i,delay:o,totalTime:i+o,easing:l,subTimeline:s}}var bb=function(){function t(){this._map=new Map}return t.prototype.consume=function(t){var e=this._map.get(t);return e?this._map.delete(t):e=[],e},t.prototype.append=function(t,e){var n=this._map.get(t);n||this._map.set(t,n=[]),n.push.apply(n,c(e))},t.prototype.has=function(t){return this._map.has(t)},t.prototype.clear=function(){this._map.clear()},t}(),wb=new RegExp(":enter","g"),Cb=new RegExp(":leave","g");function Sb(t,e,n,r,i,o,l,s,a,u){return void 0===o&&(o={}),void 0===l&&(l={}),void 0===u&&(u=[]),(new xb).buildKeyframes(t,e,n,r,i,o,l,s,a,u)}var xb=function(){function t(){}return t.prototype.buildKeyframes=function(t,e,n,r,i,o,l,s,a,u){void 0===u&&(u=[]),a=a||new bb;var c=new kb(t,e,a,r,i,u,[]);c.options=s,c.currentTimeline.setStyles([o],null,c.errors,s),lb(this,n,c);var p=c.timelines.filter(function(t){return t.containsAnimation()});if(p.length&&Object.keys(l).length){var h=p[p.length-1];h.allowOnlyTimelineStyles()||h.setStyles([l],null,c.errors,s)}return p.length?p.map(function(t){return t.buildKeyframes()}):[_b(e,[],[],[],0,0,"",!1)]},t.prototype.visitTrigger=function(t,e){},t.prototype.visitState=function(t,e){},t.prototype.visitTransition=function(t,e){},t.prototype.visitAnimateChild=function(t,e){var n=e.subInstructions.consume(e.element);if(n){var r=e.createSubContext(t.options),i=e.currentTimeline.currentTime,o=this._visitSubInstructions(n,r,r.options);i!=o&&e.transformIntoNewTimeline(o)}e.previousNode=t},t.prototype.visitAnimateRef=function(t,e){var n=e.createSubContext(t.options);n.transformIntoNewTimeline(),this.visitReference(t.animation,n),e.transformIntoNewTimeline(n.currentTimeline.currentTime),e.previousNode=t},t.prototype._visitSubInstructions=function(t,e,n){var r=e.currentTimeline.currentTime,i=null!=n.duration?B_(n.duration):null,o=null!=n.delay?B_(n.delay):null;return 0!==i&&t.forEach(function(t){var n=e.appendInstructionToTimeline(t,i,o);r=Math.max(r,n.duration+n.delay)}),r},t.prototype.visitReference=function(t,e){e.updateOptions(t.options,!0),lb(this,t.animation,e),e.previousNode=t},t.prototype.visitSequence=function(t,e){var n=this,r=e.subContextCount,i=e,o=t.options;if(o&&(o.params||o.delay)&&((i=e.createSubContext(o)).transformIntoNewTimeline(),null!=o.delay)){6==i.previousNode.type&&(i.currentTimeline.snapshotCurrentStyles(),i.previousNode=Eb);var l=B_(o.delay);i.delayNextStep(l)}t.steps.length&&(t.steps.forEach(function(t){return lb(n,t,i)}),i.currentTimeline.applyStylesToKeyframe(),i.subContextCount>r&&i.transformIntoNewTimeline()),e.previousNode=t},t.prototype.visitGroup=function(t,e){var n=this,r=[],i=e.currentTimeline.currentTime,o=t.options&&t.options.delay?B_(t.options.delay):0;t.steps.forEach(function(l){var s=e.createSubContext(t.options);o&&s.delayNextStep(o),lb(n,l,s),i=Math.max(i,s.currentTimeline.currentTime),r.push(s.currentTimeline)}),r.forEach(function(t){return e.currentTimeline.mergeTimelineCollectedStyles(t)}),e.transformIntoNewTimeline(i),e.previousNode=t},t.prototype._visitTiming=function(t,e){if(t.dynamic){var n=t.strValue;return q_(e.params?tb(n,e.params,e.errors):n,e.errors)}return{duration:t.duration,delay:t.delay,easing:t.easing}},t.prototype.visitAnimate=function(t,e){var n=e.currentAnimateTimings=this._visitTiming(t.timings,e),r=e.currentTimeline;n.delay&&(e.incrementTime(n.delay),r.snapshotCurrentStyles());var i=t.style;5==i.type?this.visitKeyframes(i,e):(e.incrementTime(n.duration),this.visitStyle(i,e),r.applyStylesToKeyframe()),e.currentAnimateTimings=null,e.previousNode=t},t.prototype.visitStyle=function(t,e){var n=e.currentTimeline,r=e.currentAnimateTimings;!r&&n.getCurrentStyleProperties().length&&n.forwardFrame();var i=r&&r.easing||t.easing;t.isEmptyStep?n.applyEmptyStep(i):n.setStyles(t.styles,i,e.errors,e.options),e.previousNode=t},t.prototype.visitKeyframes=function(t,e){var n=e.currentAnimateTimings,r=e.currentTimeline.duration,i=n.duration,o=e.createSubContext().currentTimeline;o.easing=n.easing,t.styles.forEach(function(t){o.forwardTime((t.offset||0)*i),o.setStyles(t.styles,t.easing,e.errors,e.options),o.applyStylesToKeyframe()}),e.currentTimeline.mergeTimelineCollectedStyles(o),e.transformIntoNewTimeline(r+i),e.previousNode=t},t.prototype.visitQuery=function(t,e){var n=this,r=e.currentTimeline.currentTime,i=t.options||{},o=i.delay?B_(i.delay):0;o&&(6===e.previousNode.type||0==r&&e.currentTimeline.getCurrentStyleProperties().length)&&(e.currentTimeline.snapshotCurrentStyles(),e.previousNode=Eb);var l=r,s=e.invokeQuery(t.selector,t.originalSelector,t.limit,t.includeSelf,!!i.optional,e.errors);e.currentQueryTotal=s.length;var a=null;s.forEach(function(r,i){e.currentQueryIndex=i;var s=e.createSubContext(t.options,r);o&&s.delayNextStep(o),r===e.element&&(a=s.currentTimeline),lb(n,t.animation,s),s.currentTimeline.applyStylesToKeyframe(),l=Math.max(l,s.currentTimeline.currentTime)}),e.currentQueryIndex=0,e.currentQueryTotal=0,e.transformIntoNewTimeline(l),a&&(e.currentTimeline.mergeTimelineCollectedStyles(a),e.currentTimeline.snapshotCurrentStyles()),e.previousNode=t},t.prototype.visitStagger=function(t,e){var n=e.parentContext,r=e.currentTimeline,i=t.timings,o=Math.abs(i.duration),l=o*(e.currentQueryTotal-1),s=o*e.currentQueryIndex;switch(i.duration<0?"reverse":i.easing){case"reverse":s=l-s;break;case"full":s=n.currentStaggerTime}var a=e.currentTimeline;s&&a.delayNextStep(s);var u=a.currentTime;lb(this,t.animation,e),e.previousNode=t,n.currentStaggerTime=r.currentTime-u+(r.startTime-n.currentTimeline.startTime)},t}(),Eb={},kb=function(){function t(t,e,n,r,i,o,l,s){this._driver=t,this.element=e,this.subInstructions=n,this._enterClassName=r,this._leaveClassName=i,this.errors=o,this.timelines=l,this.parentContext=null,this.currentAnimateTimings=null,this.previousNode=Eb,this.subContextCount=0,this.options={},this.currentQueryIndex=0,this.currentQueryTotal=0,this.currentStaggerTime=0,this.currentTimeline=s||new Tb(this._driver,e,0),l.push(this.currentTimeline)}return Object.defineProperty(t.prototype,"params",{get:function(){return this.options.params},enumerable:!0,configurable:!0}),t.prototype.updateOptions=function(t,e){var n=this;if(t){var r=t,i=this.options;null!=r.duration&&(i.duration=B_(r.duration)),null!=r.delay&&(i.delay=B_(r.delay));var o=r.params;if(o){var l=i.params;l||(l=this.options.params={}),Object.keys(o).forEach(function(t){e&&l.hasOwnProperty(t)||(l[t]=tb(o[t],l,n.errors))})}}},t.prototype._copyOptions=function(){var t={};if(this.options){var e=this.options.params;if(e){var n=t.params={};Object.keys(e).forEach(function(t){n[t]=e[t]})}}return t},t.prototype.createSubContext=function(e,n,r){void 0===e&&(e=null);var i=n||this.element,o=new t(this._driver,i,this.subInstructions,this._enterClassName,this._leaveClassName,this.errors,this.timelines,this.currentTimeline.fork(i,r||0));return o.previousNode=this.previousNode,o.currentAnimateTimings=this.currentAnimateTimings,o.options=this._copyOptions(),o.updateOptions(e),o.currentQueryIndex=this.currentQueryIndex,o.currentQueryTotal=this.currentQueryTotal,o.parentContext=this,this.subContextCount++,o},t.prototype.transformIntoNewTimeline=function(t){return this.previousNode=Eb,this.currentTimeline=this.currentTimeline.fork(this.element,t),this.timelines.push(this.currentTimeline),this.currentTimeline},t.prototype.appendInstructionToTimeline=function(t,e,n){var r={duration:null!=e?e:t.duration,delay:this.currentTimeline.currentTime+(null!=n?n:0)+t.delay,easing:""},i=new Ib(this._driver,t.element,t.keyframes,t.preStyleProps,t.postStyleProps,r,t.stretchStartingKeyframe);return this.timelines.push(i),r},t.prototype.incrementTime=function(t){this.currentTimeline.forwardTime(this.currentTimeline.duration+t)},t.prototype.delayNextStep=function(t){t>0&&this.currentTimeline.delayNextStep(t)},t.prototype.invokeQuery=function(t,e,n,r,i,o){var l=[];if(r&&l.push(this.element),t.length>0){t=(t=t.replace(wb,"."+this._enterClassName)).replace(Cb,"."+this._leaveClassName);var s=this._driver.query(this.element,t,1!=n);0!==n&&(s=n<0?s.slice(s.length+n,s.length):s.slice(0,n)),l.push.apply(l,c(s))}return i||0!=l.length||o.push('`query("'+e+'")` returned zero elements. (Use `query("'+e+'", { optional: true })` if you wish to allow this.)'),l},t}(),Tb=function(){function t(t,e,n,r){this._driver=t,this.element=e,this.startTime=n,this._elementTimelineStylesLookup=r,this.duration=0,this._previousKeyframe={},this._currentKeyframe={},this._keyframes=new Map,this._styleSummary={},this._pendingStyles={},this._backFill={},this._currentEmptyStepKeyframe=null,this._elementTimelineStylesLookup||(this._elementTimelineStylesLookup=new Map),this._localTimelineStyles=Object.create(this._backFill,{}),this._globalTimelineStyles=this._elementTimelineStylesLookup.get(e),this._globalTimelineStyles||(this._globalTimelineStyles=this._localTimelineStyles,this._elementTimelineStylesLookup.set(e,this._localTimelineStyles)),this._loadKeyframe()}return t.prototype.containsAnimation=function(){switch(this._keyframes.size){case 0:return!1;case 1:return this.getCurrentStyleProperties().length>0;default:return!0}},t.prototype.getCurrentStyleProperties=function(){return Object.keys(this._currentKeyframe)},Object.defineProperty(t.prototype,"currentTime",{get:function(){return this.startTime+this.duration},enumerable:!0,configurable:!0}),t.prototype.delayNextStep=function(t){var e=1==this._keyframes.size&&Object.keys(this._pendingStyles).length;this.duration||e?(this.forwardTime(this.currentTime+t),e&&this.snapshotCurrentStyles()):this.startTime+=t},t.prototype.fork=function(e,n){return this.applyStylesToKeyframe(),new t(this._driver,e,n||this.currentTime,this._elementTimelineStylesLookup)},t.prototype._loadKeyframe=function(){this._currentKeyframe&&(this._previousKeyframe=this._currentKeyframe),this._currentKeyframe=this._keyframes.get(this.duration),this._currentKeyframe||(this._currentKey" (Indicator: "line.me"; File: "SSL")
"HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-XSS-Protection: 1
X-Frame-Options: DENY
X-Content-Type-Options: nosniff
Cache-Control: no-cache
Content-Type: application/json;charset=UTF-8
Transfer-Encoding: chunked
Date: Mon, 16 Dec 2019 20:13:17 GMT
2000
{"categories-cat-informational":"Informational","cat110name":"Internet Telephony","ssextendeddesc":"The following categories also hold the potential for being carriers of spyware
and executables from them can be blocked independant of your policy settings:","rl_7_desc":"Shady behavior (spam, scam, potentially unwanted software, potentially malicious)","categories-cat-violence-hate-racism":"Violence/Intolerance","cat55short":"Social","ssclose":"Close","cat-subgroup.label":"Category Subgroup","cat30short":"Art","used_by_label":"Used By","cat82short":"ExeGeneral","cat99name":"Insufficient Content to Classify (ICC)","categories-cat-nudity":"Nudity","sssubmitforrating":"Check Category","categories-cat-pay-to-surf":"Pay to Surf","cat88desc":"Sites that provide online advertisements
banners
or the means to identify and market to existing or potential customers based on their browsing or online purchasing habits including but not limited to Web analytics sites such as visitor tracking and ranking sites. Includes social plugins and analytics that allow site visitors to share
vote for
or signal their appreciation of a site or its content (e.g. Facebook \"Like\" or Google \"+1\" plugins).","ssdrtrfull":"Dynamic Real-Time Rating","rl_1_name":"Very Safe","cat9desc6":"Sites that advocate or give advice on performing illegal acts such as service theft
evading law enforcement
fraud
burglary techniques and plagiarism. Also includes sites that provide or sell questionable educational materials
such as term papers.","cat9name":"Scam/Questionable Legality","cat49desc":"Sites containing personal
professional
or educational reference
including online dictionaries
maps
censuses
almanacs
library catalogues
genealogy-related sites and scientific information.","ssolddtsnote":"The URL submitted for review was rated more than {{days}} days ago. The default setting for Symantec SG clients to download rating changes is once a day. There is no need to show ratings older than this. Since Symantec's desktop client K9 and certain OEM partners update differently, ratings may differ from those of a Symantec SG as well as those present on the Site Review Tool.","cat22examples":"atheists.org|ufocasebook.com|paranormalnetwork.net|ancientblackmagic.com|spellsandmagic.com|churchofsatan.com|paranormalnews.com|morespells.com|nuforc.org|neworleansghosts.com","cat67name":"Vehicles","cat95desc":"Sites that allow translation of text (words, phrases, web pages, between various languages) or that can be used to identify a language.","categories-cat-controlled-substances":"Controlled Substances","cat5examples":"victoriassecret.com|fredericks.com","sentence.warning.22443":"This URL has already been rated {{existing}}. The current categorization likely already meets your security protection needs. Submit request anyway?","ssnotetext1":"NOTE: Symantec categorizes URLs and provides industry-leading web filtering solutions. Whether or not a URL, or URL category, is blocked or allowed lies solely under the control of each Symantec customer, <a href=\"/#/policy\">click here</a> for more information on how to change your Internet access policy.","cat56desc":"Sites and services that provide online file or note storage, file sharing, synchronization of files between devices and/or network-based data backup and restoration. These services may provide the means to upload, download, paste, organize, post and share documents, files, computer code, text, non-copyright-restricted videos, music and other electronically formatted information in virtual data storage. Does not include Office/Business Applications or Media Sharing.","examples_label":"Examples","ssprompterror":"Site entered is invalid <errorreason>, please enter a valid site","proxysgupdatestext":"In order to facilitate category updates, the current BCWF process creates several categorization updates throughout the course of each day. However, the frequency with which each ProxySG checks for the latest categorizations is left to the discretion of Symantec's customers who may check for and update on a less frequent basis than Symantec recommends. <p> Symantec has no control over the frequency with which its customers update their Symantec device(s). As such you may receive notification from a Symantec Analyst that a categorization has been added or modified but the change is not reflected on your end. Typically this failure to update results in an \"access denied\" page instead of the content you are seeking. </p><p> Because the updated category or categories have not yet propagated to the Symantec device(s) servicing your location
you may still be denied access. In the case of unclassified content you may have brought to Symantec's attention, you may still see a response of \"Unrated\" which some Symantec customers chose not to allow. Again, this is the result of a conscious decision by your company to delay the normal update cycle to its Symantec device(s). </p><p> In the case of modified categorizations, even though an updated or new categorization exists in the Symantec database and even though it may have been downloaded to the Symantec device(s) that governs your Internet access you will still be denied access to Web content if the changes are in conflict with your governing Internet access policy. </p><p> Questions regarding the frequency and timing of checks for BCWF database updates should be directed to your system administrator, IT or help desk departments as Symantec has no control over or knowledge of when its customers update their Symantec devices with the latest categorizations.","categories-cat-internet-telephony":"Internet Telephony","cat5desc":"Sites that contain images or offer the sale of swimsuits or intimate apparel or other types of suggestive clothing. Does not include sites selling undergarments as a subsection of other products offered.","cat17desc":"Sites that distribute, promote or provide tools or other information intended to help gain unauthorized or illegal access to computers, computer networks, or computerized communication and control systems. Also includes sites with instructions for creating or distributing malware or information on performing cyber attacks.","cat110examples":"speakfreely.org|linphone.org|skype.com|net2phone.com|voice.google.com|zingaya.com|tivi.com|qutecom.org","cat122short":"Callouts","categories-cat-child-pornography":"Child Pornography","cat94examples":"glsen.org|lgbtcenters.org|hrc.org","cat35name":"Military","cat63desc":"Sites consisting primarily of user-generated content that serves as a vehicle for self-promotion on which a variety of personal experiences or interests are shared. These sites do not represent businesses, institutions or governmental entities although they may mention or be sponsored by such bodies. Content on these sites tends to be dynamic in nature. Content topic and tone may vary from benign to extreme or vacillate between the two as determined by the author. Reader comments may also contain mixed content.","cat17short":"Hacking","cat106name":"E-Card/Invitations","sstypecaptcha":"Type the text on the left:","cat69short":"MP3Stream","cat61desc5":"Sites providing information on matters of daily life. This does not include sites relating to entertainment, sports, jobs, sex or sites promoting alternative lifestyles such as homosexuality. Also, personal homepages fall within this category if they cannot be classified in another category.","cat44short":"MaliciousOut","cat6short":"Nudity","ssHigh":"High","cat24desc":"Sites that discuss, encourage, promote, offer, sell, supply, or otherwise advocate the use or creation of tobacco or tobacco-related products including but not limited to traditional or electronic cigarettes, pipes, cigars, chewing tobacco, hookahs, or nicotine delivery systems. Does not include sites that sell tobacco as a subset of other products such as grocery stores.","cat96short":"NonView","cat106examples":"123greetings.com|americangreetings.com|bluemountain.com|ecardfunny.com|regards.com|e-card.com.tw|grusskartenfreunde.de|kisseo.es|greeting.rakuten.co.jp|evite.com","cat71short":"Downloads","cat103examples":"dyndns.com|no-i
2000
p.com|no-ip.org|sytes.net|ddns.net|your-server.de|selfip.com|duckdns.org","cat113name":"Radio/Audio Streams","cat62name3":"Gay/Lesbian","cat87examples":"kids.yahoo.com|playhousedisney.com|nickjr.com|pbskids.org|abcya.com|kids.nifty.com|cartoonnetwork.com|play.barbie.com|sesamestreet.org|sciencekids.co.nz","cat107short":"Info","cat31desc":"Sites that provide or advertise banking services, lending services, insurance services, financial information, or advice on a variety of fiscal topics including loans. Does not include sites that offer market information, brokerage or trading services, which are categorized in the Brokerage/Trading category.","cat102desc":"Sites that are not malicious sources but that host software with undesirable behavior or cause undesirable browser behavior such as such as intrusive adware, adware servers used exclusively by intrusive adware, and browser hijackers.","sspolicy1":"<p>Symantec Web filtering products do not select which categories are blocked or allowed nor do we have knowledge of the specific categories, exceptions or rules that comprise your Internet access policy.</p><p>Depending on your Internet filtering solution, you will need to follow different instructions to change your Internet access policy. </p><p> <h2> For ProxySG (or other business users): </h2></p><p> This policy management falls under the purview of whatever individual or group created/governs your Internet access policy. <p> The Symantec WebFilter team simply maps Web content to the appropriate WebFilter categories and leaves it to our customers to construct an Internet access policy which governs where their end users can or cannot go on the Internet. </p><p> If you feel that a certain category should be either blocked or allowed or an exception made in the case of a specific URL, you are best served by contacting your IT/Help Desk staff for further assistance.</p><p> If you cannot access Web content due to a network or other communication errors, you should contact your IT/Helpdesk personnel. <p><p> <h2> For K9 (or other home users): </h2></p><p> If you have software installed on your machine that filters your Internet browsing (such as K9), you may need to modify the set of categories that are filtered in the software configuration panel. This functionality is password protected. </p><p> The administrator for the software (typically the person who installed it) should have the password necessary to access and manage which categories to allow or block. Symantec DOES NOT maintain a record of passwords. </p><p> If you are the administrator of the K9 client and have forgotten your password, you can request a temporary password from Symantec by clicking the \"Forgot Password\" link on the K9 administration login panel. For other K9 support issues see the <a href='http://www1.k9webprotection.com/support/index.php'>K9 support site</a>. </p><p> If you are connected to an ISP which does the filtering for you, you will need to contact your ISP about which categories they allow/block. However, generally ISPs have one policy for all users and rarely change the policy.","cat37examples":"health.com|webmd.com|cvs.com|seattlechildrens.org|123dentist.com|aoa.org|health.pclady.com.cn|gesundheit.de|coi-sl.es|www.jda.or.jp","rl_8_desc":"Stronger possibility of maliciousness","cat120name":"Server-side Errors","sentence.detail.unresolvable-host":"The URL you submitted doesnt resolve. Please verify the URL before submitting a categorization change request.","cat34examples":"whitehouse.gov|federalreserve.gov|ec.europa.eu|westlaw.co.uk|polisen.se|usps.com|canada.ca|nasa.gov|www.bakermckenzie.com|un.org","categorieslabel":"Categories","cat56short":"OnlineStore","categories-cat-content-servers":"Content Delivery Networks","cat31short":"Financial","cat83short":"P2P","warn_22443":"This URL has already been categorized {{existing}}. With few exceptions, we will likely not change this to your suggestion. Submit request anyway?","ddgetcat":"Select a Category","sscorrecttext":"<span class=\"emphasis\"> If you feel these categories are CORRECT </span>, <a href=\"/#/policy\">click here</a> to learn more about your Internet access policy.","cat98desc":"Sites that are under construction, parked domains, search-bait or otherwise generally having no useful value.","rl_2_name":"Safe","cat122examples":"ipify.org|stun.l.google.com:19302|stun.2talk.com:3478|whatismyip.com|seeip.org","categories-cat-brokerage-trading":"Brokerage/Trading","cat59desc":"Sites that support the offering and purchasing of goods between individuals. Does not include classified advertisements.","cat8desc":"Sites that promote or offer for the sale alcohol/tobacco products, or provide the means to create them. Also includes sites that glorify, tout, or otherwise encourage the consumption of alcohol/tobacco. Does not include sites that sell alcohol or tobacco as a subset of other products.","categories-cat-malicious-sources-malnets":"Malicious Sources/Malnets","categories-cat-health":"Health","categories-cat-malicious-outbound-data-botnets":"Malicious Outbound Data/Botnets","tcTestRating":"Test Rating","cat38name":"Technology/Internet","cat66desc":"Sites that promote or provide opportunity for travel planning, including finding and making travel reservations, sharing of travel experiences (pro or con) vehicle rentals, descriptions of travel destinations, or promotions for hotels/casinos or other travel related accommodations. Mass transit information including but not limited to posting of schedules/fares or any other public transportation-related data are also included in this category.","cat53examples":"groups.google.com|forums.asp.net|reddit.com|disqus.com|tieba.baidu.com|answers.yahoo.com|proboards.com|stackoverflow.com|askmefast.com","cat109name":"Internet Connected Devices","ssprompttext":"Please enter a valid URL for the review process:","cat50examples":"istockphoto.com|everystockphoto.com|imageshack.us|video.google.com|youtube.com|fotosearch.com|metacafe.com|imagebam.com|break.com|canstockphoto.fr|myvideo.at|gettyimages.cn|images.search.yahoo.com","cat84name":"Audio/Video Clips","cat27desc":"Sites that offer education information, distance learning, or trade school information or programs. Includes sites that are sponsored by schools, educational facilities, faculty, or alumni groups.","ssblacklistremovalrequestlabel":"Please explain why you feel your IP address should not be prohibited from using this tool","cat123short":"APT","categories-cat-religion":"Religion","cat45name":"Job Search/Careers","sscategorizationdelimiter":"and","cat49examples":"wikipedia.org|merriam-webster.com|whitepages.com|maps.google.com|reference.com|pagesjaunes.fr|familysearch.org","cat18short":"Phishing","categories-cat-web-hosting":"Web Hosting","cat116name":"Cloud Infrastructure","sscategorizedpagetext":"Current categorization:","tcCategoryTestPages":"WebFilter Category Test Pages","cat91name":"Miscellaneous","cat46examples":"cnn.com|foxnews.com|msnbc.msn.com|weather.com|bbc.co.uk|news.google.com|accuweather.com|nytimes.com|buzzfeed.com|usatoday.com|time.com","cat45short":"Jobs","cat7short":"Extreme","cat36name8":"Political/Activist Groups","cat34desc":"Sites sponsored by or which provide information on government, government agencies and government services such as taxation and emergency services. Includes sites which discuss or explain laws of various governmental entities. Also includes sites that advertise legal services, lawyers for hire, adoption services, information about adoption, immigration information, and immigration services.","cat97short":"Content","cat20short":"Entertainment","sswebpulserated":"This page was rated by our WebPulse system","cat88name8":"Web Advertisements","ssnonratednote":"However, we do not handle unrated URLs in the same manner that we handle already rated URLs. Unrated URL submissions will b" (Indicator: "skype.com"; File: "SSL"), "esc":"Sites that promote and provide information on traditional, organized religious belief, practice and observance and directly-related subjects such as religious catechism or dogma and places of religious worship or observance (e.g., churches, synagogues, temples, etc.). This category does not include sites about non-traditional spiritual and non-religious belief systems (Alternative Spirituality/Belief).","cat99short":"ICC","categories-cat-personals-dating":"Personals/Dating","phrase.did-you-mean":"Perhaps you meant","cat74short":"ExeMal","categories-cat-extreme":"Gore/Extreme","cat72name":"Pay to Surf","cat65name5":"Sports/Recreation/Hobbies","cat3desc":"Sites that contain sexually explicit material for the purpose of arousing a sexual or prurient interest.","perror9":"host name cannot be less than 4 characters","perror8":"host name cannot be more than 255 characters","perror7":"host name must contain a period","perror6":"site contains invalid ASCII characters","cat15desc":"Sites that sell, review, or describe weapons such as guns, knives or martial arts devices, or provide information on their use, accessories, or other modifications. Does not include information on BB guns, paintball guns, black powder rifles, target shooting, or bows and arrows unless the site also meets one of the above requirements. Also does not include sites that promote collecting weapons, or groups that either support or oppose weapons use.","perror5":"site is a Kazaa address","perror4":"site failed quick check","categories-cat-piracy-copyright-concerns":"Piracy/Copyright Concerns","perror3":"could not parse URL","ddunknown":"I Don't Know","categories-cat-adult-mature-content":"Adult/Mature Content","perror2":"could not create java URL object","ssresultsuccessunrated":"We appreciate your help in rating this unrated site. We will inform you when a decision has been made regarding this site. However
unrated sites are handled differently and as a result
the exact time you can expect a response may vary.","perror1":"site cannot be empty","ssemailaddresstext":"Email Address:","cat33name":"Games","cat-subgroup.43":"Information Related","cat62examples":"gay.com|waf.org","cat61desc":"Sites providing information on matters of daily life. This includes but is not limited to pet care
home improvement
fashion/beauty tips
hobbies and other tasks that comprise everyday life. It does not include sites relating to entertainment
sports
jobs
personal pages or other topics which already have a specific category.","cat-subgroup.42":"Technology","cat-subgroup.41":"Commerce","cat104name":"URL Shorteners","ddgetcat2":"Second Category (optional)","ssresultsuccessnoemailunrated":"Since you did not include your email address
we will be unable to contact you when we complete the review process.","sscookiesrequired":"This site will not function properly without cookies enabled in your browser. Please enable cookies and try again.","cat112short":"MediaSharing","ssolddts":"> {{days}} days","cat22desc":"Sites that promote and provide information on a wide range of non-traditional and/or non-religious spiritual
existential
experiential
and philosophical belief systems. Includes sites related to atheism
agnosticism
and mysticism; sites related to quasi-religious
philosophical or spiritual belief systems and practices that do not include formally established religious meetings
places of worship
organizational structure
or dogma; and sites that endorse or offer information about affecting or influencing real events through supernatural or magical means. Also includes sites that discuss or deal with paranormal or unexplained events. This category does not include sites centered around traditional
organized religious belief
practice
and observance (Religion).","categories-cat-shopping":"Shopping","cat51desc5":"Sites that provide chat or instant messaging capabilities or client downloads.","cat59short":"Auctions","cat40name":"Search Engines/Portals","cat58examples":"amazon.com|macys.com|homedepot.com|craigslist.org|rakuten.com|groupon.com|coupons.com","cat34short":"Government","cat111name":"Online Meetings","categories-cat-pornography":"Pornography","cat86short":"ProxyAvoid","cat-subgroup.36":"Leisure","cat-subgroup.35":"Health Related","cat-subgroup.34":"Communication","cat55examples":"facebook.com|vk.com|twitter.com|renren.com|pinterest.com|xing.de|odnoklassniki.ru","cat-subgroup.33":"Multimedia","cat61short":"Society","cat-subgroup.32":"Social Interaction","cat-subgroup.31":"Society/Government","cat100desc":"Sites related to hobbies such as gardening
collecting
board games
scrapbooking
quilting
etc..","categories-cat-streaming-media-mp3-p2p":"Streaming Media/MP3/P2P","phrase.removal-request-sent":"Your removal request has been sent.","tempcatupdatemsgcatdesclink":"New category descriptions","appgroupslabel":"Groups","rl_5_name":"May Not Be Safe","cat89desc":"Sites of organizations that provide top-level domain pages
as well as web communities
blog hosting sites
and other hosting services.","corporate_email_examples":"webmail.<company>.com","cat-subgroup.23":"File Transfer","cat-subgroup.22":"Security Concerns","categories-cat-alcohol":"Alcohol","ca
2000
t-subgroup.21":"Security Threats","categories-cat-auctions":"Auctions","rl_0_desc":"Customers can use this Threat Risk Level for policy overrides on specific sites","categories-cat-newsgroups-forums":"Newsgroups/Forums","cdRiskDesc":"Threat Risk Level Descriptions","cat68name":"Humor/Jokes","ssresulterror100":"Playboy.com recently changed the content on their site. We have modified our categorization to match the new content.","cat96desc":"Servers that provide Internet infrastructure services and information used by applications but not necessarily viewable by web browsers. Includes security services such as security patch downloads
anti-virus database updates
content filtering systems
shared authentication services
and certificate management services such as OCSP and CRL services. Traffic and content in this category is neither malicious nor objectionable in nature and may be required for applications or network traffic to function properly.","categories-cat-job-search-careers":"Job Search/Careers","cat29name":"Charitable/Non-Profit","cat57desc":"Sites that primarily focus on providing information about and/or methods that enable authorized access to and use of a desktop computer or private network remotely.","cat126short":"PotentialSecurityRisk","cat-subgroup.12":"Liability Concerns","ssblacklist":"Due to usage of this site that appears to violate Symantec Site Review Terms and Conditions
your IP address has been prohibited from using this tool. If you believe this is a mistake please use the form below to request that your access be restored.","cat-subgroup.11":"Adult Related","ssJSdisabled":"It seems JavaScript is either disabled or not supported by your browser.","cat101short":"Spam","cat71examples":"download.com|play.google.com|appworld.blackberry.com|softpedia.com|shareware.de|download.enet.com.cn|filehippo.com|snapfiles.com|downloadsource.es","cat6desc":"Sites containing nude or seminude depictions of the human body. These depictions are not necessarily sexual in intent or effect
but may include sites containing nude paintings or photo galleries of artistic nature. This category also includes nudist or naturist sites that contain pictures of nude individuals.","categories-cat-apt":"APT","ssrequestedpagetext":"URL submitted:","cat18desc":"Sites that are designed to appear as a legitimate bank or retailer with the intent to fraudulently capture sensitive data (i.e. credit card numbers, pin numbers).","cat65desc5":"Sites that promote or provide information about spectator sports
recreational activities
or hobbies. Includes sites that discuss or promote camping
gardening
and collecting. Also includes sites dedicated to board games
scrapbooking and quilting.","cat48short":"Recreation","cat36name":"Political/Social Advocacy","cat23short":"Alcohol","blacklistedlabel":"Blacklist","cat64desc":"Sites that list
review
discuss
advertise and promote food
catering
dining services
cooking and recipes.","testpageslabel":"Test Pages","cat14name9":"Violence/Hate/Racism","cat107name":"Informational","cat21examples":"ge.com|sunbeam.com|ups.com|brandmetrics.com|exxonmobil.com|boeing.com|unilever.com|3m.com|chevron.com|kiewit.com","ssemailcheckboxtext":"Send results of the review via email","cat75short":"ExePopup","cat67examples":"topgear.com|boattrader.com|autotrader.com|www.honda.co.jp|ford.com|mercedes-benz.de|kbb.com|harley-davidson.com","categories-cat-web-page-hosting":"","categories-cat-internet-connected-devices":"Internet Connected Devices","cat4examples":"scarleteen.com|viagra.com|trojancondoms.com|nuvaring.com|beautifulcervix.com|sexuality.about.com|sexetc.org","cat25desc":"Sites that discuss
encourage
promote
offer
sell
supply or otherwise advocate the use
cultivation
manufacture
or distribution of non-pharmaceutical drugs
intoxicating plants
solvents or chemicals
and their related paraphernalia. Typically these substances have no accepted medical use and a high potential for abuse. This category does not include alcohol
tobacco
or marijuana sites as these have a dedicated category.","cat93name8":"Alternative Sexuality/Lifestyles","ssnewcomments":"New Comments","cat1examples":"landoverbaptist.org|punchbaby.com","cat43name":"Malicious Sources/Malnets","cat71desc":"Sites wholly dedicated to the download of software for any type of computer or computing device whether for payment or at no charge. Does not include sites or pages that offer a software download as a subset of their overall content.","cat114name":"TV/Video Streams","cat17examples":"facebookhacktool.com|windowspasswordhack.com|hackthissite.org|hackforums.net|happyhacker.org|hacken-lernen.de","ss90desc":"Unrated URLs are URLss that cannot be put into a category. This happens when a site is not yet in the Symantec Web Filter database
and DRTR (if used) has tried but was unable to categorize it. As a final line" (Indicator: "blackberry.com"; File: "SSL"), "of defense
you are given the opportunity to either block or allow pages on these sites.","cat113short":"RadioAudio","categories-cat-url-redirector-alias":"URL Shorteners","cat14examples":"klanparenthood.com|newnation.org|stormfront.org|godhatesfags.com|cockfightlive.com|holywar.org|codoh.com","cat32desc":"Sites that provide or advertise trading of securities and management of investment assets (online or offline). Also includes insurance sites
as well as sites that offer financial investment strategies
quotes
and news.","sscommondesc":"The following is a list of the most commonly blocked categories:","cat103desc":"Sites that utilize dynamic DNS services to map their domain names to dynamic IP addresses.","cat93examples":"ncsfreedom.org|objectum-sexuality.org|tigerden.com|understanding.infantilism.org","ssselectcategoriestext":"Your suggested category or categories (<a href=\"/#/category-descriptions\" target=\"_new\">read descriptions</a>):","cat52desc6":"Sites offering Web-based email services
such as online email reading
e-cards
and mailing list services.","cat50name":"Mixed Content/Potentially Adult","cat35short":"Miltary","cat90examples":"localhost|127.0.0.1","cat121name":"Marijuana","cat87short":"ForKids","cat10short":"Drugs","cat62short":"Gay","categories-cat-educational-institutions":"","cat105examples":"constantcontact.com|sendgrid.net|marketo.com|mailchimp.com|mandrillapp.com|mkto-m0027.com|r20.rs6.net|t.sidekickopen75.com|list-manage.com|cmpgnr.com","cat11name":"Gambling","categories-cat-audio-video-clips":"Audio/Video Clips","cat53name5":"Blogs/Newsgroups","cat110desc":"Sites that facilitate Internet telephony or provide Internet telephony services such as voice over IP (VOIP).","cat53name3":"Newsgroups","cat89examples":"blogspot.com|angelfire.com|webs.com|sites.google.com|homestead.com|www.geocities.jp|wix.com","categories-cat-email":"Email","rl_6_name":"Exercise Caution","cat86examples":"hotspotshield.com|strongvpn.com|ultrasurf.us|torproject.org|anonymizer.com|xroxy.com","categories-cat-web-ads-analytics":"Web Ads/Analytics","cat99desc":"Insufficient Content to Classify. This category is not viewable to customers.","tcTestRatingPageCategorizedAs":"This is a Symantec WebFilter test rating page categorized as","purposenotice":"Site Review allows users to check and dispute the current WebPulse categorization for any URL. <strong> Note: </strong> This tool does not perform full real-time analysis of malicious URLs or files
which is included with the complete Symantec security solution.","categories-cat-sex-education":"Sex Education","cat36examples":"gop.com|cdu.de|parti-socialiste.fr|www.jimin.jp|democrats.org|greenpeace.org|peta.org|cluw.org|nra.org|www.kmt.org.tw","cat33examples":"nintendo.com|gamespot.com|gamedaily.com|roblox.com|steampowered.com|xboxlive.com|gog.com|ubi.com|epicgames.com|leagueoflegends.com|liquipedia.net","rl_1_desc":"Top visited sites with long history of good behavior","jsecuritynotesrequired":"Comments are required when suggesting a security category for a URL.","cat9desc":"Content includes but is not limited to the promotion of get rich quick plans
shady work-from-home opportunities
pay-to-surf
Ponzi schemes and sites offering counterfeit goods for sale. Encompasses sites that facilitate p
2000
lagiarism by selling questionable educational materials such as term papers. Offering unscrupulous advice such as how to avoid detection by law enforcement or other regulatory bodies or advice on how to contravene prevailing laws or skirt societal standards also fits into this category.","cat39name":"Hacking/Proxy Avoidance","cat67desc":"Sites that provide information on or promote vehicles
boats
or aircraft
including sites that support online purchase of vehicles or parts.","cat29examples":"scouting.org|4-h.org|ymca.net|lionsclubs.org|redcross.org|unicef.org|pewtrusts.org|cityharvest.org|soles4souls.org","cat102short":"PUS","cat85name":"Office/Business Applications","cat121examples":"hightimes.com|rollitup.org|grasscity.com|cannabis.com|thctalk.com|cannabisculture.com|thcfarmer.com|grainesdemarijuana.fr|royalqueenseeds.de|asayake.jp|cannabiscollege.com|medcancup.com","ssloading":"Loading. Please wait.","info_combos_description":"Sites that provide content that is informational in nature and does not provide a way to directly act upon the information. Examples include a site that provides lottery results but does not sell lottery tickets or a site that provides travel timetables but does not let you book travel services or purchase travel tickets.","cat49short":"Reference","cat46name":"News","cat24short":"Tobacco","categories-cat-spam":"Spam","cat117name":"Cryptocurrency","wp_cat_98":"Placeholders","cat76short":"ExeFileShare","wp_cat_97":"Content Delivery Networks","wp_cat_96":"Web Infrastructure","wp_cat_95":"Translation","cat92name":"Suspicious","wp_cat_93":"Sexual Expression","wp_cat_92":"Suspicious","ssdisclaimer2":"You can change your Internet access policy by clicking <a href=\"http://<localserver>:<localport>/policy.html\" target=\"_top\">here</a> or by clicking on the \"Internet Settings\" tab above.","cat117examples":"bitcoin.org|exodus.io|bitmex.com|coinmarketcap.com|coinbase.com|dogecoin.com|litecoin.org|cex.io|ethereum.org|blockchain.com|gemini.com|wallet.bitcoin.com","wp_cat_90":"Uncategorized","categories-cat-glamour":"","cat35desc":"Sites that promote or provide information on military branches or armed services.","cat106desc":"Sites that facilitate the sending of electronic greeting cards
invitations or similar electronic messages typically used to mark an event or special occasion.","categories-cat-abortion":"Abortion","categories-cat-computer-information-security":"Computer/Information Security","cat52examples":"gmail.com|mail.aol.com|outlook.com|mail.yahoo.com|mail.naver.com|mail.yandex.ru|email.godaddy.com|webmail.earthlink.net","cat53name":"Newsgroups/Forums","cat124name":"Compromised Sites","sschangelink":"Check another URL","ssmaxlengthexceedederror":"The text you have entered in the following field exceeds the maximum allowed length","cat114short":"TVVideo","wp_cat_89":"Web Hosting","cat14name":"Violence/Intolerance","wp_cat_88":"Web Ads/Analytics","wp_cat_87":"For Kids","wp_cat_86":"Proxy Avoidance","corporate_email_description":"Email services solely used by corporations or institutions. This combination is typically used to distinguish enterprise or organizational email services from consumer-oriented email services.","wp_cat_85":"Office/Business Applications","cat113desc":"Sites that provide streams or downloads of radio
music
or other audio content-typically more than 15 minutes in length.","wp_cat_84":"Audio/Video Clips","categories-cat-entertainment":"Entertainment","wp_cat_83":"Peer-to-Peer (P2P)","proxysgupdatestitle":"ProxySG Categorization Update Cycle","cat53desc5":"Sites that primarily offer access to blogs
Usenet news groups or other messaging or bulletin board systems where various users can post content.","usepolicy":"Internet Access Policy","cat60name":"Real Estate","cat36short":"Political","cat45examples":"hotjobs.yahoo.com|flipdog.com|monster.com|indeed.com|glassdoor.com|theladders.com|ziprecruiter.com|jobstreet.com|thebalancecareers.com|kellyservices.us","cat88short":"WebAdv","cat11short":"Gambling","categories-cat-miscellaneous":"Miscellaneous","cat63short":"Blogs","cat21name":"Business/Economy","cat0short":"Overrides","cat120desc":"TODO: Description for Server-side Errors","cat90short":"Unrated","rl_7_name":"Suspicious/Risky","wp_cat_71":"Software Downloads","categories-cat-hobbies":"Hobbies","categories-cat-technology-internet":"Technology/Internet","ssviolationtext":"The site that you requested is in violation of your Internet policy.","cat29name9":"Charitable Organizations","applicationslabel":"Applications","cat29name6":"Cultural/Charitable Organizations","cat29name3":"Cultural Institutions","rl_2_desc":"Other top sites with consistent
good behavior","wp_cat_69":"Streaming Media/MP3/P2P","cdExamples":"Examples:","wp_cat_68":"Humor/Jokes","wp_cat_67":"Vehicles","cat88name":"Web Ads/Analytics","wp_cat_66":"Travel","wp_cat_65":"Sports/Recreation","wp_cat_64":"Restaurants/Food","wp_cat_63":"Personal Sites","cat50short":"MediaServer","wp_cat_62":"Sexuality/Alternative Lifestyles","ssresultusepolicy":"Symantec manages the Web site ratings system used by many different software and hardware vendors. Symantec does not control whether a Web page is \"Blocked\" or \"Allowed\" -- your Internet Use Policy controls this. For more information on how to change your Internet Use Policy
<ahref> click here </a>.","wp_cat_61":"Society/Daily Living","wp_cat_60":"Real Estate","threatrisklevelslabel":"Threat Risk","cat64examples":"subway.com|foodnetwork.com|allrecipes.com|eatingwell.com|vinrestaurant.cn|coca-cola.com|lespapillesparis.fr","cat49name":"Reference","categories-cat-drugs":"","professional_networking_examples":"linkedin.com
xing.com","cat61examples":"style.com|ivillage.com|nameberry.com|lifestyle.msn.com|weddingwire.com|akc.org|gqmagazine.fr","wp_cat_121":"Marijuana","cat103short":"DynDNS","cat95name":"Translation","cat39note":"This category also includes any service which will allow a person to bypass our filtering system (Proxy Avoidance). This includes image search engines
translation services
and anonymous surfing services.","ssMedium":"Medium","cat38desc":"Sites that sponsor or provide information
news
reviews
opinions and coverage of computing
computing devices and technology
consumer electronics
and general technology. Also includes sites of technology-related organizations and companies.","wp_cat_59":"Auctions","wp_cat_58":"Shopping","policy_link_label":"Policy Example","cat109desc":"Sites that allow management and monitoring of or network access to physical devices connected to the Internet. Such devices include but are not limited to network infrastructure such as routers and switches
network-enabled industrial equipment
security cameras
home automation equipment
and other Web-enabled devices. Also includes security camera feed" (Indicator: "wire.com"; File: "SSL"), "Audio Streams","ssemailfieldtitle":"Email Address","cat17name":"Hacking","wp_cat_112":"Media Sharing","cat45desc":"Sites that provide assistance in finding employment
and tools for locating prospective employers.","wp_cat_111":"Online Meetings","wp_cat_110":"Internet Telephony","cat116desc":"Services supporting Cloud operations. This includes Infrastructure as a Service (IaaS)
Platform as a Service (PaaS)
and Software as a Service (SaaS). Does not include content in the Web Hosting or Content Delivery Networks categories. Sites using Cloud Infrastructure that can be put in a more specific category are not included.","cat63name":"Personal Sites","wp_cat_49":"Reference","wp_cat_47":"Personals/Dating","wp_cat_46":"News","wp_cat_45":"Job Search/Careers","wp_cat_44":"Malicious Outbound Data/Botnets","wp_cat_43":"Malicious Sources/Malnets","categories-cat-social-networking":"Social Networking","cat106name8":"Greeting Cards","wp_cat_40":"Search Engines/Portals","cat24name":"Tobacco","cat52desc":"Sites offering Web-based email services
such as online email reading
and mailing list services.","cat83examples":"frostwire.com|thepiratebay.se|utorrent.com|vuze.com|bearshare.com|torrentz.eu","wp_cat_109":"Internet Connected Devices","wp_cat_108":"Computer/Information Security","cat123desc":"","wp_cat_107":"Informational","ssresulterror26":"Only a single submission per site is needed unless the content differs. A pending related submission already exists.","wp_cat_106":"E-Card/Invitations","cat54desc6":"Sites that promote and provide information on conventional or unconventional religious or quasi-religious subjects
as well as churches
synagogues
or other houses of worship. Does not include sites containing alternative religions such as Wicca or witchcraft (Alternative Spirituality/Occult) or atheist beliefs (Political/Activist Groups).","ssresulterror25":"Comments exceed the maximum allowed length","subgroups.label":"Subgroups","ssresulterror24":"An error has occurred on our server preventing your request from being processed. Symantec personnel have been notified and will attempt to fix the problem as quickly as possible. Please try again later.","ssresulterror23":"This professional networking site was reclassified as Business/Economy and Social Networking due to its social networking capabilities and content.","wp_cat_103":"Dynamic DNS Host","wp_cat_102":"Potentially Unwanted Software","cat1desc":"Sites that cover
present
discuss or otherwise depict topics or themes of an adult nature generally accepted as being suitable only for mature audiences. Content does not necessarily have to consist of excessive violence
sexual themes or nudity though profane
vulgar or coarse language is often present. Does not include sex education
which is categorized in the Sex Education category or content that is sexually gratuitous in nature
which is categorized in the Pornography or Extreme categories.","ssresulterror21":"You have already submitted this Web page and it has been reviewed.","wp_cat_101":"Spam","cat37short":"Health","ssresulterror20":"Myspace.com has been categorized as such due to the abundance of adult topics and material throughout the site.","ssselectone":"Select One","categories-cat-potential-security-threat":"Potential Security Risk","cat13desc":"Server Blacklist (Currently only AFS)","cat89short":"WebHosting","cat12short":"Hate","cat64short":"Food","wp_cat_39":"Hacking/Proxy Avoidance","wp_cat_38":"Technology/Internet","categories-cat-alcohol-tobacco":"Alcohol/Tobacco","cat31name":"Finance","wp_cat_37":"Health","wp_cat_36":"Political/Social Advocacy","group.label":"Group","wp_cat_35":"Military","cat102name":"Potentially Unwanted Software","cat1short":"Adult","wp_cat_34":"Government/Legal","cat30examples":"nga.gov|haydenplanetarium.org|sydneyoperahouse.com|nationalgallery.org.uk|poetry.com|philorch.org|sfballet.org|metmuseum.org|broadway.com|si.edu","wp_cat_33":"Games","cat91short":"Misc","wp_cat_32":"Brokerage/Trading","wp_cat_31":"Finance","wp_cat_30":"Art/Culture","categories-cat-games":"Games","jsnocat":"Please indicate which category or categories you feel this site should belong to.","rl_8_name":"Possibly Malicious","ssresulterror19":"You haven't indicated which category or categories you feel this site should belong to. Please go back and try again.","ssresulterror18":"You have selected more than the allowed 4 categories. Please go back and try again.","ssresulterror17":"This is a high-profile URL that is correctly categorized and cannot be changed via Site Review.","cat20desc":"Sites that provide information about or promote popular culture including but not limited to film, film critiques and discussions, film trailers, box office, television, home entertainment, music, comics, graphic novels, literary news, and reviews. This category also includes entertainment-oriented periodicals, interviews, fan clubs, celebrity gossip, and podcasts; and music and film charts.","ssresulterror16":"This URL has already been submitted many times and has been verified as rated correctly, thus it cannot be submitted via this page.","ssresulterror15":"This URL is already categorized as you believe it should be.","categories-cat-intimate-apparel-swimsuit":"Intimate Apparel/Swimsuit","cat29desc6":"Sites that nurture cultural understanding and foster volunteerism such as 4H, the Lions and Rotary Clubs. Also encompasses non-profit associations that cultivate philanthropic or relief efforts. Sites that provide a learning environment or cultural refinement/awareness outside of the strictures of formalized education such as museums and planetariums are included under this heading.","ssresulterror14":"The referrer <placereferrerhere> is invalid - please <a href=\"javascript: window.viewModel.showForm()\"> click here </a> and select a valid referrer.","ssresulterror12":"You have entered an invalid email address.","ssresulterror11":"This Web page has already been submitted, and it has completed the review process. It has also been pushed out to our servers. The decision to rate the site as we have has already been reviewed. If you would like to add your own comments and receive a more detailed explanation of why the site has been rated as it has, please <a href=\"javascript: window.viewModel.showForm()\"> click here </a> and enter a valid email address in the form.","ssresulterror10":"This Web page has already completed the review process, and our servers are currently being updated. Please allow up to 24 hours for this process to complete. If you are still having problems accessing this site after that time, feel free to return and submit the site again.","wp_cat_29":"Charitable/Non-Profit","wp_cat_27":"Education","wp_cat_26":"Child Pornography","wp_cat_25":"Controlled Substances","cat23examples":"johnniewalker.com|heineken.com|carlsberg.com|jackdaniels.com|coors.com|budweiser.com|www.tsingtao.com.cn|asahibeer.co.jp|paulaner.de|www.carabal.es","wp_cat_24":"Tobacco","categories-cat-hacking-proxy-avoidance":"Hacking/Proxy Avoidance","wp_cat_23":"Alcohol","wp_cat_22":"Alternative Spirituality/Belief","cat9examples":"bugmenot.com|cashfiesta.com|makemoneyin60seconds.com|essaydepot.com|jerseykick.com|gotmoneyfree.com" (Indicator: "wire.com"; File: "SSL"), "ns","cat114desc":"Sites that provide streams or downloads of television, movie, Webcam, or other video content-typically more than 15 minutes in length.","cat90note":"This category is used for sites which should never receive a rating, such as localhost. All sites are, by default, unrated, unless placed in another category","cat8examples":"budweiser.com|cigar.com|coors.com","cat67short":"Vehicles","cat61name":"Society/Daily Living","categories-cat-vehicles":"Vehicles","cat42short":"WebComm","cat4short":"SexEd","cat94short":"LGBT","ssviolationnoncategorizedpagetext":"This URL has not yet been rated","categories-cat-hate-racism":"","cat85name8":"Web Applications","cat33name4":"Online Games","cat116examples":"us-west-2.amazonaws.com|eu-central-1.elasticbeanstalk.com|blob.core.windows.net|oss-us-east-1.aliyuncs.com|storage.googleapis.com|s3.amazonaws.com|52.216.184.149|13.88.145.128|cloudfiles.rackspacecloud.com|s3.us.cloud-object-storage.appdomain.cloud","cat33name1":"Games","cat22name":"Alternative Spirituality/Belief","categories-cat-alternative-spirituality-belief":"Alternative Spirituality/Belief","cat50desc":"Sites with generally non-offensive content but that also have potentially objectionable content such as adult or pornographic material that is not organized so that it can be classified separately. Sites that explicitly exclude offensive, adult, and pornographic content are not included in this category.","categories-cat-placeholders":"Placeholders","ssgray":"Potential Spyware","ssemailccfieldtitle":"CC Email Addresses","cat113examples":"pandora.com|shoutcast.com|tunein.com|spotify.com|last.fm|radio.funradio.fr","cat121desc":"Sites that discuss, encourage, promote, offer, sell, supply or otherwise advocate the use, cultivation, manufacture or distribution of marijuana and its myriad aliases, whether for recreational or medicinal purposes. Includes sites with content regarding marijuana-related paraphernalia.","cat51examples":"web.ebuddy.com|aim.com|afreesms.com|whatsapp.com |im.qq.com|chattalk.de|enviado.es|way2sms.com|messenger.yahoo.com|trillian.im","tempcatupdatemsgintropasttense":"New Symantec WebFilter categories became effective on August 16, 2011. Click links below for more information:","cat0note":"This category is only used in our OEM guide and by development. Not to be marketed.","cat-group.20":"Security","cat97examples":"cdnetworks.com|limelightnetworks.com|akamaized.net|cdnjs.cloudflare.com|googleusercontent.com|akamai.net|fastly.net|cloudfront.net","cat105short":"eMarketing","term.submit":"Submit","cat11desc":"Sites where a user can place a bet or participate in a betting pool, participate in a lottery, or receive information, assistance, recommendations, or training in such activities. Does not include sites that sell gambling-related products/machines or sites for offline casinos and hotels, unless they meet one of the above requirements.","ssresultsuccess0":"Your page submission has been received.","ssviolationreport":"If you feel that you have been improperly blocked from the above site, <ahref>click here</a> to report it.","cat100name":"Hobbies","rl_6_desc":"Very new sites; Starting to establish a history of shady behavior","cat109examples":"online.wilife.com|mydlink.com|arc.webeyecms.com|viewnetcam.com|synology.me|mycloudnas.com|customer.control4.com|webcam.oii.ox.ac.uk|dropcam.com/demo|asuscomm.com","cat47examples":"eharmony.com|match.com|okcupid.com|pof.com|bharatmatrimony.com|chemistry.com","appattributeslabel":"Attributes","categories-cat-ecards-invitations":"E-Card/Invitations","cat54short":"Religion","categories-cat-suspicious":"Suspicious","cat-group.10":"Legal Liability","sentence.error.22463":"We don't allow categorizing a URL as malicious AND suspicious. Please modify your suggested categorization and submit again.","cat81short":"ExeUpdate","cat89name":"Web Hosting","ssinternal":"Internal Testing","sscategorizedpagetextrisk":"This URL is categorized as a security risk","categories-cat-tv-video-streams":"TV/Video Streams","ssnewdtsnote":"It is important to note that new ratings or updates to existing ratings are part of a daily update cycle. Symantec Systems builds the update files at midnight GMT. Submissions reviewed before midnight UTC are processed in that day's batch. Any submissions not reviewed before midnight GMT do" (Indicator: "trillian.im"; File: "SSL") - source
- File/Memory
- relevance
- 10/10
-
Found an instant messenger related domain
-
Informative 13
-
General
-
Contacts domains
- details
- "sitereview.bluecoat.com"
- source
- Network Traffic
- relevance
- 1/10
-
Contacts server
- details
-
"8.28.16.207:443"
"205.185.216.42:80"
"184.30.187.53:443" - source
- Network Traffic
- relevance
- 1/10
-
Creates mutants
- details
-
"\Sessions\1\BaseNamedObjects\IsoScope_e18_IESQMMUTEX_0_519"
"\Sessions\1\BaseNamedObjects\UpdatingNewTabPageData"
"Local\InternetShortcutMutex"
"{5312EE61-79E3-4A24-BFE1-132B85B23C3A}"
"IsoScope_e18_IESQMMUTEX_0_519"
"Local\URLBLOCK_DOWNLOAD_MUTEX"
"IsoScope_e18_IESQMMUTEX_0_303"
"IsoScope_e18_IESQMMUTEX_0_331"
"Local\ZonesLockedCacheCounterMutex"
"Local\VERMGMTBlockListFileMutex"
"IsoScope_e18_IE_EarlyTabStart_0x114_Mutex"
"IsoScope_e18_ConnHashTable<3608>_HashTable_Mutex"
"Local\URLBLOCK_HASHFILESWITCH_MUTEX"
"{66D0969A-1E86-44CF-B4EC-3806DDDA3B5D}"
"UpdatingNewTabPageData"
"Local\ZonesCacheCounterMutex"
"Local\!BrowserEmulation!SharedMemory!Mutex"
"Local\URLBLOCK_FILEMAPSWITCH_MUTEX_3608"
"\Sessions\1\BaseNamedObjects\Local\!BrowserEmulation!SharedMemory!Mutex"
"\Sessions\1\BaseNamedObjects\Local\VERMGMTBlockListFileMutex" - source
- Created Mutant
- relevance
- 3/10
-
Drops files marked as clean
- details
- Antivirus vendors marked dropped file "urlblockindex_1_.bin" as clean (type is "data")
- source
- Binary File
- relevance
- 10/10
-
Opened the service control manager
- details
-
"iexplore.exe" called "OpenSCManager" requesting access rights "SC_MANAGER_CONNECT" (0x1)
"iexplore.exe" called "OpenSCManager" requesting access rights "0XE0000000L" - source
- API Call
- relevance
- 10/10
- ATT&CK ID
- T1035 (Show technique in the MITRE ATT&CK™ matrix)
-
Process launched with changed environment
- details
- Process "iexplore.exe" (Show Process) was launched with new environment variables: "PATH="%PROGRAMFILES%\Internet Explorer;""
- source
- Monitored Target
- relevance
- 10/10
-
Spawns new processes
- details
-
Spawned process "iexplore.exe" with commandline "https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%2 ..." (Show Process)
Spawned process "iexplore.exe" with commandline "SCODEF:3608 CREDAT:275457 /prefetch:2" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Spawns new processes that are not known child processes
- details
-
Spawned process "iexplore.exe" with commandline "https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%2 ..." (Show Process)
Spawned process "iexplore.exe" with commandline "SCODEF:3608 CREDAT:275457 /prefetch:2" (Show Process) - source
- Monitored Target
- relevance
- 3/10
-
Contacts domains
-
Installation/Persistance
-
Creates new processes
- details
- "iexplore.exe" is creating a new process (Name: "%PROGRAMFILES%\Internet Explorer\iexplore.exe", Handle: 900)
- source
- API Call
- relevance
- 8/10
-
Dropped files
- details
-
"urlblockindex_1_.bin" has type "data"
"OpenSans-ExtraBoldItalic-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"77EC63BDA74BD0D0E0426DC8F8008506" has type "data"
"6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04" has type "data"
"~DFD4619B016FA777CF.TMP" has type "data"
"styles.afe80b5fc84edd7c5688_1_.css" has type "UTF-8 Unicode text with very long lines"
"favicon-32x32_1_.png" has type "PNG image data 32 x 32 8-bit/color RGBA non-interlaced"
"symantec-sans_bold-italic_1_.eot" has type "Embedded OpenType (EOT)"
"OpenSans-LightItalic-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"OpenSans-Semibold-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"4F21952A714049709706EC223B44B03A_54211BF5C10E05A762D9C2C3C9009B3E" has type "data"
"symantec-sans_bold_1_.eot" has type "Embedded OpenType (EOT)"
"en-US.3" has type "data"
"preload_2_.json" has type "HTML document ASCII text with very long lines with no line terminators"
"OpenSans-Light-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"runtime.26209474bfa8dc87a77c_1_.js" has type "ASCII text with very long lines with no line terminators"
"OpenSans-BoldItalic-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"OpenSans-Regular-webfont_1_.eot" has type "Embedded OpenType (EOT)"
"scripts.e888373b64dc543ebfa3_1_.js" has type "ASCII text with very long lines with no line terminators"
"TarAD54.tmp" has type "data" - source
- Binary File
- relevance
- 3/10
-
Creates new processes
-
Network Related
-
Found potential URL in binary/memory
- details
-
Pattern match: "https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%252F%252Fmarketpowervaluation.com%252Fsaad%252FZS%252Fd7b47c3413b16e5ebbcfaae4211d29df%252Fenterpassword.php%253F7J7i19157652594419cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a"
Pattern match: "https://sitereview.bluecoat.com"
Heuristic match: "sitereview.bluecoat.com"
Pattern match: "https://sitereview.bluecoat.com/"
Pattern match: "http://www.w3.org/2000/svg,g"
Heuristic match: "M=T.f,j=r.Sy"
Heuristic match: "fieldset[disabled] .btn-default:hover{border-color:#ccc}.btn-default .badge{color:#fff;background-color:#333}.btn-primary{color:#fff;background-color:#337ab7}.btn-primary.focus,.btn-primary:focus{color:#fff;background-color:#286090;border-color:#122b40}.bt"
Heuristic match: "Parent||n.do"
Pattern match: "https://popper.js.org/"
Pattern match: "http://getbootstrap.com"
Pattern match: "ub.com/h5bp/html5-boilerplate/blob/master/src/css/main.css"
Pattern match: "rap.com/customize/?id=fe4e01664ceb7788b206adf72a7f36e4"
Pattern match: "http://www.w3.org/2000/svg"
Heuristic match: "nt=t.element,this.target=t.options.inputTarget,this.domHandler=function(e){S(t.options.enable,[t])&&n.handler(e)},this.init()}function tt(t,e,n){var r=n.pointers.length,i=n.changedPointers.length,o=e&H&&r-i==0,l=e&(z|B)&&r-i==0;n.isFirst=!!o,n.isFinal=!!l,"
Pattern match: "http://g.co/ng/security#xss"
Pattern match: "e.size/16*(e.flipX?-1:1)+"
Pattern match: "http://www.w3.org/2000/svg,viewBox:0"
Pattern match: "https://angular.io/docs/ts/latest/api/common/index/NgFor-directive.html#!#change-propagation"
Heuristic match: "{return t.ge"
Pattern match: "http://www.w3.org/2000/svg,xhtml:http://www.w3.org/1999/xhtml,xlink:http://www.w3.org/1999/xlink,xml:http://www.w3.org/XML/1998/namespace,xmlns:http://www.w3.org/2000/xmlns/},Sc=/%COMP%/g,xc=_nghost-%COMP%,Ec=_ngcontent-%COMP%;function"
Pattern match: "https://angular.io/api/forms/+(formControl===t?FormControlDirective:FormControlName)+#use-with-ngmodel\n"
Pattern match: "https://material.angular.io/guide/theming"
Pattern match: "http://bit.ly/IWukam"
Heuristic match: "uleListenerCallback=function(t,e,n){var r=this;t>=0&&t<this._microtaskId?this._zone.run(function(){return e(n)}):(0==this._animationCallbacksBuffer.length&&Promise.resolve(null).then(function(){r._zone.run(function(){r._animationCallbacksBuffer.forEach(fun"
Pattern match: "http://uncategorized.dontrateme.com/:http://testrating.webfilter.bluecoat.com/+encodeURI(t),this.legacySupportService.showPopupWindow"
Pattern match: "http://,e.context.$implicit"
Pattern match: "https://www.symantec.com/about/legal/repository]],null,null,null,null,null"
Pattern match: "https://www.symantec.com/about/legal/blue-coat-legal-archive/website-terms-of-use],[id,lnkTos],[target,_blank]],null,null,null,null,null"
Pattern match: "http://www.w3.org/1999/xlink],[viewBox,0"
Pattern match: "http://www1.k9webprotection.com/support/index.php"
Pattern match: "https://support.symantec.com/en_US/article.ALERT2658.html\"
Pattern match: "www.casadelhabano.it|thehookah.com|v2cigs.com|taklope.com,categories-cat-online-meeting:Online"
Pattern match: "www.honda.co.jp|ford.com|mercedes-benz.de|kbb.com|harley-davidson.com,categories-cat-web-page-hosting:,categories-cat-internet-connected-devices:Internet"
Pattern match: "www.geocities.jp|wix.com,categories-cat-email:Email,rl_6_name:Exercise"
Pattern match: "www.oddsshark.com|spil2vind.dk|socialholdemsecrets.com|onlinegambling.com|netbet.org|www.bodog.eu|www.pokerstars.com|www.ladbrokes.com|www.unibet.com|www.bovada.lv,wp_cat_51:Chat"
Pattern match: "www.tsingtao.com.cn|asahibeer.co.jp|paulaner.de|www.carabal.es,wp_cat_24:Tobacco,categories-cat-hacking-proxy-avoidance:Hacking/Proxy"
Pattern match: "www.army.mil|www.navy.mil|www.af.mil,cat23desc:Sites"
Pattern match: "https://www.symantec.com/about/legal/blue-coat-legal-archive/website-terms-of-use\"
Pattern match: "www.imperialhotel.co.jp,perror10:host"
Pattern match: "dropcam.com/demo|asuscomm.com,cat47examples:eharmony.com|match.com|okcupid.com|pof.com|bharatmatrimony.com|chemistry.com,appattributeslabel:Attributes,categories-cat-ecards-invitations:E-Card/Invitations,cat54short:Religion,categories-cat"
Pattern match: "www.katiedidwhat.com|stallman.org|brucelawson.co.uk|micahclemens.com|myfrenchcountryhome.blogspot.com|www.isuwannee.com,cat117desc:Sites"
Pattern match: "https://sitereview.bluecoat.com/acceptable-use"
Pattern match: "https://www.symantec.com/about/legal/blue-coat-legal-archive/website-terms-of-use"
Pattern match: "https://www.msn.com/spartan/ientpgbconfig?locale=en-us&market=us" - source
- File/Memory
- relevance
- 10/10
-
Found potential URL in binary/memory
-
Unusual Characteristics
-
Drops cabinet archive files
- details
-
"57C8EDB95DF3F0AD4EE2DC2B8CFD4157" has type "Microsoft Cabinet archive data 6894 bytes 1 file"
"77EC63BDA74BD0D0E0426DC8F8008506" has type "Microsoft Cabinet archive data 58806 bytes 1 file"
"CabAD44.tmp" has type "Microsoft Cabinet archive data 58806 bytes 1 file" - source
- Binary File
- relevance
- 10/10
-
Installs hooks/patches the running process
- details
-
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x74521250" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "c0bf1d6e" to virtual address "0x762B1F68" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x77BD11B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "60d21f6e" to virtual address "0x77BD13B8" (part of module "SHLWAPI.DLL")
"iexplore.exe" wrote bytes "a0351c6e" to virtual address "0x762B202C" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "30301c6e" to virtual address "0x6EDBFE90" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x7771917C" (part of module "IERTUTIL.DLL")
"iexplore.exe" wrote bytes "a0351c6e" to virtual address "0x7452139C" (part of module "UXTHEME.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x75EE14E0" (part of module "USER32.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x74EA1038" (part of module "VERSION.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x77C31210" (part of module "IMM32.DLL")
"iexplore.exe" wrote bytes "60d21f6e" to virtual address "0x762B1D7C" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "80321801703218010032180160321801503218014032180130321801000000002cc93b76c021180100000000901718015023180100181801601f180120361801000000004036180100000000" to virtual address "0x01188000"
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x011870C0"
"iexplore.exe" wrote bytes "a0351c6e" to virtual address "0x761D1144" (part of module "LPK.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x762611BC" (part of module "GDI32.DLL")
"iexplore.exe" wrote bytes "c03a1c6e" to virtual address "0x762B1FB0" (part of module "SHELL32.DLL")
"iexplore.exe" wrote bytes "c03a1c6e" to virtual address "0x6EDBFE80" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "60cd1f6e" to virtual address "0x6EDBFEC0" (part of module "IEFRAME.DLL")
"iexplore.exe" wrote bytes "b0331c6e" to virtual address "0x771017CC" (part of module "ADVAPI32.DLL") - source
- Hook Detection
- relevance
- 10/10
- ATT&CK ID
- T1179 (Show technique in the MITRE ATT&CK™ matrix)
-
Drops cabinet archive files
Session Details
No relevant data available.
Screenshots
Loading content, please wait...
Hybrid Analysis
Tip: Click an analysed process below to view more details.
Analysed 3 processes in total.
-
rundll32.exe
"%WINDIR%\System32\ieframe.dll",OpenURL C:\c07db2508ed087298ef5ea3293388b94cf4ea0611994be10921fd3117d383bc2.url
(PID: 2724)
-
iexplore.exe
https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%252F%252Fmarketpowervaluation.com%252Fsaad%252FZS%252Fd7b47c3413b16e5ebbcfaae4211d29df%252Fenterpassword.php%253F7J7i19157652594419cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a%2526AP___%253Daa%2540ee.com%2526error%253D
(PID: 3608)
- iexplore.exe SCODEF:3608 CREDAT:275457 /prefetch:2 (PID: 3396)
-
iexplore.exe
https://sitereview.bluecoat.com/#%2Flookup-result%2Fhttps%253A%252F%252Fmarketpowervaluation.com%252Fsaad%252FZS%252Fd7b47c3413b16e5ebbcfaae4211d29df%252Fenterpassword.php%253F7J7i19157652594419cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a19cbc36edf153b0592111252a51a313a%2526AP___%253Daa%2540ee.com%2526error%253D
(PID: 3608)
Network Analysis
DNS Requests
Domain | Address | Registrar | Country |
---|---|---|---|
sitereview.bluecoat.com
OSINT |
8.28.16.207
TTL: 21599 |
CSC CORPORATE DOMAINS, INC. | United States |
Contacted Hosts
IP Address | Port/Protocol | Associated Process | Details |
---|---|---|---|
8.28.16.207 |
443
TCP |
iexplore.exe PID: 3396 |
United States |
205.185.216.42 |
80
TCP |
iexplore.exe PID: 3396 |
United States |
184.30.187.53 |
443
TCP |
iexplore.exe PID: 3608 |
United States |
Contacted Countries
HTTP Traffic
No relevant HTTP requests were made.
Extracted Strings
Extracted Files
Displaying 47 extracted file(s). The remaining 6 file(s) are available in the full version and XML/JSON reports.
-
Clean 1
-
-
urlblockindex_1_.bin
- Size
- 16B (16 bytes)
- Type
- data
- AV Scan Result
- 0/69
- MD5
- fa518e3dfae8ca3a0e495460fd60c791
- SHA1
- e4f30e49120657d37267c0162fd4a08934800c69
- SHA256
- 775853600060162c4b4e5f883f9fd5a278e61c471b3ee1826396b6d129499aa7
-
-
Informative Selection 1
-
-
preload_1_.json
- Size
- 5KiB (5075 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines, with no line terminators
- MD5
- 5aacc858e782c870960786ff163a1bb2
- SHA1
- 81e91e5649dc3f8ad4c8d09a2a5e61381e177ed2
- SHA256
- 1292d4814e880cbc0c9b6fe84e24095545f73c52db718b952bb1d94cbc219e1a
-
-
Informative 45
-
-
en-US.3
- Size
- 18KiB (18176 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3608)
- MD5
- 5a34cb996293fde2cb7a4ac89587393a
- SHA1
- 3c96c993500690d1a77873cd62bc639b3a10653f
- SHA256
- c6a5377cbc07eece33790cfc70572e12c7a48ad8296be25c0cc805a1f384dbad
-
imagestore.dat
- Size
- 15KiB (15576 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- 07f328c7d503a636be4ff4c680c99a1a
- SHA1
- c4a77658394b3e1ab4bb66316f8412f579940bc8
- SHA256
- b8848a54b37086c7c2a2c1044b1e555d7507c86cf3bf6d7175c0b99fccde8cbe
-
VX4VOYY2.htm
- Size
- 24KiB (24594 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- e79002179fc74522ba0efbe530c5cea5
- SHA1
- 6dd4d1925af2f09e587ccc0622da067161e26509
- SHA256
- ce4eaca123c8f21510a45c5bf239106eb0468c393f3a5d44a2c9d3f67996180b
-
3FA0F92EA40DC353FF9E95B9F7D06EAF_02A7BB8D663AB0A2D3E0CE44422ED38B
- Size
- 446B (446 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- 1463e1fdcbc84ab4c86e7e090a18350b
- SHA1
- a37f0a474f34d06d80c5d9901ad9c787a76d78f6
- SHA256
- 2e882544c7c53cd19d6a56b45f1895972585f9e31083475e707fafe73fe9a002
-
4F21952A714049709706EC223B44B03A_54211BF5C10E05A762D9C2C3C9009B3E
- Size
- 430B (430 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- 7761765703c3b783fe742f73a15971c5
- SHA1
- 92f4e0ddf7dd2a36da4a0835206473f4dcd49afb
- SHA256
- ea4dd089218570d6a250a63004fef1a2346ec6f266fd2a66dc5425ee93c8397d
-
57C8EDB95DF3F0AD4EE2DC2B8CFD4157
- Size
- 342B (342 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- f701e25f19fd6786e973405c79dfeb03
- SHA1
- f2a94258afc642e48cdadc12ad76f363a975ec5c
- SHA256
- 08e586b23375193a2b8c5eaa29d7ef93597362ee46f6404b4117b6423c40c6c1
-
77EC63BDA74BD0D0E0426DC8F8008506
- Size
- 57KiB (58806 bytes)
- Type
- data
- Description
- Microsoft Cabinet archive data, 58806 bytes, 1 file
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- 5ad071a3917588e8cd883b123b395b21
- SHA1
- 4b688617093f21879354dd662a72266c35fd3cd2
- SHA256
- de62965c15528da598b0079d2d20d953dd6f71b13a23807bff0666d03f69c0fa
-
6BADA8974A10C4BD62CC921D13E43B18_BEB37ABADF39714871232B4792417E04
- Size
- 434B (434 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3608)
- MD5
- 4749a76895a3a61c2a9d723820c259f9
- SHA1
- f719461893c2433955d8b3d35eee646dcadda7e9
- SHA256
- 196d8495d9e59277d97001fdbd52d83876c967f5d9c80e45769957d65a2409de
-
6BADA8974A10C4BD62CC921D13E43B18_D9817BD5013875AD517DA73475345203
- Size
- 1.5KiB (1507 bytes)
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- d15ab99e12f63a4fcd622dc96826d156
- SHA1
- 769d219d34245b34e8aeceb61e7c3b1560fe6662
- SHA256
- 88c20197b7bde84c7e20c8c6726e6c2ea891472a8a8b1fe42ed286b23d599611
-
CabAD44.tmp
- Size
- 57KiB (58806 bytes)
- Type
- data
- Description
- Microsoft Cabinet archive data, 58806 bytes, 1 file
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- 5ad071a3917588e8cd883b123b395b21
- SHA1
- 4b688617093f21879354dd662a72266c35fd3cd2
- SHA256
- de62965c15528da598b0079d2d20d953dd6f71b13a23807bff0666d03f69c0fa
-
TarAD54.tmp
- Size
- 142KiB (145767 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3396)
- MD5
- fe89f18dcbc1bd6573e49a2221389694
- SHA1
- dd884349dd55c170460eb58fc8b2d7d0d3db1f20
- SHA256
- 6ff151546711862351137b646c09b5845979972079e68d00d0bc499540f58934
-
~DF16709B526BBA0FE0.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3608)
- MD5
- 293838375c14cef966d25f7a7379ad42
- SHA1
- 7cc4aba796edfb68a071859bdad8e4458a340f02
- SHA256
- 9b7d3ca7bb58daffd1aabae97793ca566140d7ca042031ff09770fadf550f2cd
-
~DF6E9001981EA38D4C.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3608)
- MD5
- 6c3c374d4fb300dd83fa67f3a033e60c
- SHA1
- 8db70bcf89201b22002845230332d8a3570279f8
- SHA256
- 8f63eeb697080654799876b7c8ab8096d798d57f54acd2892959db3f39813e81
-
~DFD4619B016FA777CF.TMP
- Size
- 16KiB (16384 bytes)
- Type
- data
- Runtime Process
- iexplore.exe (PID: 3608)
- MD5
- 89c6bde2c7a8274e20f4ecefb40482cc
- SHA1
- aefc2bbf817cf10e6c6ca7ef7c1e45fb0df5bcfe
- SHA256
- 9edf586f722bc921d78e0545d959f3aed69b3902dde5b49cf94727be874e394d
-
OpenSans-ExtraBoldItalic-webfont_1_.eot
- Size
- 33KiB (33758 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 47a4ebaa3043257ef6e47d413e66e8a3
- SHA1
- a5e5a2d5953e379445e14ba828f9336b8fda073d
- SHA256
- 8abc51792db27126daeccaf5a23e934e418c703356892318b23e214e4869aa3a
-
styles.afe80b5fc84edd7c5688_1_.css
- Size
- 220KiB (225125 bytes)
- Type
- text
- Description
- UTF-8 Unicode text, with very long lines
- MD5
- 47ef4753a6ef8cc9261dde952e2ad578
- SHA1
- 10a56f29ade11c5ff337db1f8f18d9bc6d9fc564
- SHA256
- 0c6fe742d96bab4453d09e59a31a789a07e989af75d7abe9b70192e590c48404
-
favicon-32x32_1_.png
- Size
- 1.9KiB (1961 bytes)
- Type
- img image
- Description
- PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced
- MD5
- 48d8efa897cb00893edfc79125941013
- SHA1
- c0f62ccbdbf813d251f8dfd14ac3e8d3e803e7dd
- SHA256
- 0b37485a11e01bc5068bc29c4441c135b7d3a062db50898f010a5addeb05231e
-
symantec-sans_bold-italic_1_.eot
- Size
- 26KiB (26509 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- c4f61882beda4c4343b43a3309728394
- SHA1
- 11f4c9d6cb3013e3ba45f2394c5fd1f224c0bec1
- SHA256
- be14ad14eb1b5cd3bf2d6c3db3ab348d9d2848fcf7e8f203766e9b17743995a5
-
OpenSans-LightItalic-webfont_1_.eot
- Size
- 34KiB (34578 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- f79ad2bc808868972dcf514db1266959
- SHA1
- 82d413996cd41629fee31289942aaae8f59d9d61
- SHA256
- f0b395e798d5d3b3fc92898f390db3dea91d6e1ff8909ceda76152b9fdda5259
-
OpenSans-Semibold-webfont_1_.eot
- Size
- 30KiB (30350 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 59c11da9e4754863c2368a45b3569072
- SHA1
- 0ba480f703384bd122a7ded89137ca3762c2da0c
- SHA256
- 563a2efb83dfca418701f28fc8ecd979b6314f23213d200faa50e8a04bcb809c
-
symantec-sans_bold_1_.eot
- Size
- 24KiB (24618 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 07cde8ed3325c8452623e6662643d1ba
- SHA1
- 249a2533691cd95b54a526f6d33ba1176b861630
- SHA256
- 0f0b44ddc8d69a08b1b561f7ea950cef19e5246f115d97526d677ce19354f83c
-
preload_2_.json
- Size
- 5KiB (5075 bytes)
- Type
- html
- Description
- HTML document, ASCII text, with very long lines, with no line terminators
- MD5
- 5aacc858e782c870960786ff163a1bb2
- SHA1
- 81e91e5649dc3f8ad4c8d09a2a5e61381e177ed2
- SHA256
- 1292d4814e880cbc0c9b6fe84e24095545f73c52db718b952bb1d94cbc219e1a
-
OpenSans-Light-webfont_1_.eot
- Size
- 29KiB (29794 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 5730cb1af0272e9923d68c8aebeb6056
- SHA1
- ed68cada8c4bfa00683942d9c87bf3cc34666522
- SHA256
- 82080862c0635b3b9e1c0d6d2955a41d9ca3d25e3bbeb582fdcbd1dddfd4f06a
-
runtime.26209474bfa8dc87a77c_1_.js
- Size
- 1.4KiB (1440 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- cd1ce3e306bf57f272364d1cc0249d6e
- SHA1
- b62956c2192bfe5516d6374e753773901ed50ec5
- SHA256
- eb3d5f2600910179bef8b0709214b7c721ea66e92ebb35bc282264beb2631eaf
-
OpenSans-BoldItalic-webfont_1_.eot
- Size
- 33KiB (34166 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 71c7ea332a864bb704af441f6cb35f0c
- SHA1
- 031de24dab40440c3322c059454167ec14b52719
- SHA256
- 678e7910f89499bbba5070e28633b1c468726914824c44f882fb455c3d4eeabd
-
OpenSans-Regular-webfont_1_.eot
- Size
- 29KiB (29934 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 65eb1ec3bbe3cbe8e6acd8c3db5abd8b
- SHA1
- c7ac4f61bc716a94362fbda76f5784ed3a17b61c
- SHA256
- 8e9e1b3bfc423a801a1145e73c76bf44aabaf752a11362428cd264a6a6eca007
-
scripts.e888373b64dc543ebfa3_1_.js
- Size
- 86KiB (87599 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- 4a22195a7d2b238f1a12bda3aafbd1ac
- SHA1
- 3ea64720007b7f455283091590d1189f3958a4a6
- SHA256
- 6eb34550a943f2f4a970ea936a70788fd2a492f8a49e9db44ce6422bff6b8c89
-
_7AFD4B7F-2040-11EA-982A-0A00275AE5E4_.dat
- Size
- 7KiB (7168 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- c0d9ff5195cb9c1b90cd08a6be6e6d8d
- SHA1
- aef857a93bf84f698b9d1200b67a7440f5832989
- SHA256
- 9456afcd39051ad790692c893e52a9d35082362e4bdef1abbc04af44d5a80b29
-
search__0633EE93-D776-472f-A0FF-E1416B8B2E3A_.ico
- Size
- 237B (237 bytes)
- Type
- img image
- Description
- PNG image data, 16 x 16, 4-bit colormap, non-interlaced
- MD5
- 9fb559a691078558e77d6848202f6541
- SHA1
- ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
- SHA256
- 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
-
favicon_2_.ico
- Size
- 237B (237 bytes)
- Type
- img image
- Description
- PNG image data, 16 x 16, 4-bit colormap, non-interlaced
- MD5
- 9fb559a691078558e77d6848202f6541
- SHA1
- ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
- SHA256
- 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
-
RecoveryStore._7AFD4B7D-2040-11EA-982A-0A00275AE5E4_.dat
- Size
- 5.5KiB (5632 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 826120b75a5a6023dee10fbd91ad050d
- SHA1
- d7fdff34c1749c666e255ee74ba3afb11d4df2c5
- SHA256
- 17dfce3ff4317edb463c526d6bb8aed3e4ad83abd1d0d571e92ece76cd248cbd
-
sitereview.bluecoat_1_.xml
- Size
- 268B (268 bytes)
- Type
- text
- Description
- ASCII text, with no line terminators
- MD5
- 8dfd2607670c650328a410ad49fa9563
- SHA1
- 0dd1c11bddc24e1587dcb5851c2434fa333dc8c6
- SHA256
- a58ec3124aad6308e0c12d64ab5174ff97652026e9e1c846525fcd4700afecee
-
polyfills.121dc920926db7a1fffb_1_.js
- Size
- 98KiB (100665 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- fc272d1836008f75a2dbc3ac1ad7b331
- SHA1
- fe4c15020a477e8e2dccc8f3dda798abdf9ebdd1
- SHA256
- 9b8dd9f963c9d371e4babd0e36f2c9e73af62782950ad4f7fd7a6d340d5b6450
-
symantec-sans_light_1_.eot
- Size
- 24KiB (24826 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 8e3e7304e33b53acdcb0859b8397f7ac
- SHA1
- 9df059bde3b2dc588bfd7e9b0d93f495ed839b9f
- SHA256
- fab1a6977f64b8b3be9cb540de511e8fbc47a8041f873d9174337c6f42e49a11
-
_9C86BF76-2040-11EA-982A-0A00275AE5E4_.dat
- Size
- 4.5KiB (4608 bytes)
- Type
- text
- Description
- Composite Document File V2 Document, Cannot read section info
- MD5
- 13016641b8b35c3838c6a873049073ef
- SHA1
- fded730b47117d3ae66c2bb837daba1b155e5c07
- SHA256
- 4b7d9ae0914f95f39931eba7bbf91286b637eeca5ebe366acc265806e59efed9
-
main.0c02892e99681196587a_1_.js
- Size
- 1.1MiB (1160738 bytes)
- Type
- script javascript
- Description
- ASCII text, with very long lines, with no line terminators
- MD5
- b0198cdd3fb9e08d120d38fe153d3ae3
- SHA1
- 161b81cc7414c1920a768d9462e8cb011229eeaa
- SHA256
- 389071eb2fed30865fffab526be51adfd63a6dbd7dbead2407b3157fedf8d2f1
-
OpenSans-SemiboldItalic-webfont_1_.eot
- Size
- 34KiB (34866 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 64d25bbb700a27a5698723b95e327565
- SHA1
- d0bdf71e7f824995f87266fdc8cc442460a557cf
- SHA256
- a440618db66d7613b172a2df880e61cf24f69a88099434e50ca7f99139fc6748
-
OpenSans-Italic-webfont_1_.eot
- Size
- 34KiB (34798 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 1760d80f0af3abb822245ca7422da695
- SHA1
- a086dd16302f75d43a12d7da87e847744f70939e
- SHA256
- da4c9e311ded6def2e0578639af3459feccbb5ebb804b39d9039010339bc13e7
-
OpenSans-Bold-webfont_1_.eot
- Size
- 30KiB (30858 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 96ed4b8eb33bf83bcae23cf8ae4a47d4
- SHA1
- 2548d5b7a03f8623679bce6831454b43e4418bdb
- SHA256
- 710336ea5403bd2db4b38104477a2e8d61a533ebb575fe67a18f58ae1742b729
-
symantec-sans_regular_1_.eot
- Size
- 24KiB (25012 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 06bfb050922bcd0bb322f4e89bf38ddb
- SHA1
- 50bb55a8951382936fc14924e1ba1197a7b36642
- SHA256
- 3d01cfd129d0b6ef659a23714e3645785ca4ac55ea205918cdc1766d5ceb3ebf
-
symantec-sans_light-italic_1_.eot
- Size
- 26KiB (26866 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- 2ff080426466d993663fdac972b3f486
- SHA1
- b3132a9d95052ec8803d01576fc47f75b86caf39
- SHA256
- 10ce4b02af0ffa397fa25251de376ab11e11945d657f649c2a28acbe7090ae22
-
symantec-sans_regular-italic_1_.eot
- Size
- 26KiB (27094 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- bed86a8ddf4fb34cb8facd8fdf788851
- SHA1
- 4e287477553ce2e77403c9d0dc3b422d57ec0fa8
- SHA256
- 6c5813fe054b24a5741c5b50c999a0b78aca4d32681e19cfbd91e7e6f685c4f3
-
OpenSans-ExtraBold-webfont_1_.eot
- Size
- 30KiB (30602 bytes)
- Type
- unknown
- Description
- Embedded OpenType (EOT)
- MD5
- c5a21d0a8ee416940f7eadf01d151594
- SHA1
- f928caf6aa44f0a7209e50c7e8da22596504f95d
- SHA256
- 594312b1c530d35d1443722277303889866e7ddcaf2d15e88eacabbf9bd8a5d2
-
favicon_3_.ico
- Size
- 237B (237 bytes)
- MD5
- 9fb559a691078558e77d6848202f6541
- SHA1
- ea13848d33c2c7f4f4baa39348aeb1dbfad3df31
- SHA256
- 6d8a01dc7647bc218d003b58fe04049e24a9359900b7e0cebae76edf85b8b914
-
en_US_1_.json
- Size
- 83KiB (85224 bytes)
- MD5
- a5fa0a8c629b11ea1b85e2b0b96c08a4
- SHA1
- c9daee6cbf3a5f83ac02f813f61f3639afbb48eb
- SHA256
- aa5b9ce76edc42ec15d56cc201f1879c52fdea5642fcf10e61e163454048b14b
-
Notifications
-
Runtime
- Although all strings were processed, some are hidden from the report in order to reduce the overall size
- Not all IP/URL string resources were checked online
- Not all sources for indicator ID "binary-0" are available in the report
- Not all sources for indicator ID "hooks-8" are available in the report
- Not all sources for indicator ID "mutant-0" are available in the report
- Some low-level data is hidden, as this is only a slim report
- This URL analysis has missing honeyclient data