Joe Sandbox Cloud Basic Analysis Report

Loading ...

Analysis Report http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21

Overview

General Information

Joe Sandbox Version:24.0.0 Fire Opal
Analysis ID:96303
Start date:07.12.2018
Start time:00:43:18
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 3m 56s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171
Number of analysed new started processes analysed:5
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies
  • EGA enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean0.win@3/168@5/2
Cookbook Comments:
  • Adjust boot time
  • Browsing link: http://www.hacienda.gobierno.pr/
  • Browsing link: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtual
  • Browsing link: http://www.hacienda.gobierno.pr/contactenos
  • Browsing link: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-responde
  • Browsing link: http://www.hacienda.gobierno.pr/individuos
  • Browsing link: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtual
  • Browsing link: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyente
  • Browsing link: http://www.hacienda.pr.gov/pagos
  • Browsing link: http://www.hacienda.gobierno.pr/individuos/contribucion-sobre-ingresos
  • Browsing link: http://www.hacienda.pr.gov/que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva
  • Browsing link: http://www.hacienda.pr.gov/apelaciones
Warnings:
Show All
  • Exclude process from analysis (whitelisted): ielowutil.exe, conhost.exe, CompatTelRunner.exe
  • Report size exceeded maximum capacity and may have missing behavior information.
  • Report size getting too big, too many NtCreateFile calls found.
  • Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

StrategyScoreRangeReportingDetection
Threshold00 - 100Report FP / FNclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold40 - 5false
ConfidenceConfidence


Classification

Analysis Advice

Sample HTTP request are all non existing, likely the sample will exhibit less behavior



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingSystem Service DiscoveryApplication Deployment SoftwareData from Local SystemData CompressedStandard Non-Application Layer Protocol5
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Application Layer Protocol5

Signature Overview

Click to jump to signature section


Networking:

barindex
Downloads compressed data via HTTPShow sources
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:56 GMTContent-Length: 1886Data Raw: 1f 8b 08 00 00 00 00 00 04 00 9c 58 e9 72 dc 36 12 fe af a7 40 ec 72 95 a4 88 9c b1 36 56 2a a3 3f 71 ae 4d b6 76 ab 72 38 0f 00 92 4d 12 1e 90 60 00 50 33 e3 94 de 7d bb 71 f0 1a ca b6 52 a5 19 0d 81 46 1f 5f 9f e0 c5 e6 fa fa 82 5d b3 6f 4b 21 81 7e fc 1b 5a d0 22 67 b6 86 06 12 d1 16 d0 01 7e b5 96 65 dc 00 33 f6 24 c1 a4 48 b9 b9 88 67 df f6 56 e5 aa e9 24 58 a0 1d c7 cf 00 30 3e dd 78 6f dc a1 cd 35 fb a3 af 2a 30 56 a8 96 49 61 2c ad be 9c 92 b2 bf 2f 18 cb 94 2e 40 ef d8 eb ee c8 8c 92 a2 b8 c7 45 f5 00 ba 94 ea b0 63 b5 28 50 29 5a eb 94 11 c4 6b c7 78 86 84 bd 05 5a fd e0 54 3f e2 f9 ed f6 fe e2 71 21 a0 97 4e 06 49 4f 9c 45 3b d6 aa d6 1d 1c d7 12 d1 f0 6a b2 d3 70 5d 09 14 b3 75 52 79 51 88 b6 72 4f 4b e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 29 Jul 2014 20:58:56 GMTAccept-Ranges: bytesETag: "0683fe96fabcf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:56 GMTContent-Length: 1152Data Raw: 1f 8b 08 00 00 00 00 00 04 00 94 97 5d 6f db 36 17 c7 ef f3 29 0e 90 67 cb b3 20 72 9c 76 c9 12 07 1b 56 b7 ce d5 76 33 14 bb 19 86 82 16 8f 2d 22 14 a9 91 54 6c b7 c8 77 df e1 8b 64 59 96 1d 0f 05 0a 8b 2f 7f 9e d7 1f 99 eb cb cb 33 b8 84 5f 17 42 a2 ff f1 3b 13 0a ac db 48 b4 05 a2 83 85 36 f0 89 39 84 52 f3 5a e2 88 d6 5c 9f 9d 5d 5f c2 93 36 39 d2 4a 66 dc 35 2a 0e 9c 16 59 70 1a 16 52 33 07 b5 15 6a 09 42 49 a1 30 9b 4b 9d 3f 5f c1 aa 40 83 20 1c ac b4 79 b6 57 a0 1d 0d ac 84 c5 b4 6e e4 b5 47 b9 56 8e 8c 40 93 a5 dd 5e 19 be 9d 01 e4 12 99 99 c0 9c f6 3d 9e bd 1e 5a 39 22 93 cb 4c 38 2c c3 a6 60 ce 04 94 56 f8 48 9f 25 33 4b a1 26 30 f6 1f 15 e3 9c cc 0c 5f 07 f5 7e e9 2b 72 61 2b c9 36 93 1d ef b6 da 99 11 c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 29 Jul 2014 20:58:56 GMTAccept-Ranges: bytesETag: "0683fe96fabcf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:56 GMTContent-Length: 907Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b4 56 4d 6f a3 3c 10 be f3 2b 2c 55 7b a9 ea 94 26 4d b7 81 eb 7b dc d3 6a b5 77 83 9d 60 c5 d8 c8 98 a4 1f ea 7f df b1 0d 04 08 24 a4 d2 9b 43 04 c6 f3 cc 33 1f cf d8 77 15 c7 94 18 56 f0 74 cf 34 a6 fc 80 3e 83 ad 92 06 97 fc 83 45 e8 29 0c 7f c4 7e 61 4b 72 2e de 23 f4 97 69 4a 24 79 40 25 91 25 2e 99 e6 db 38 48 48 ba df 69 55 49 1a a1 3b c6 18 ac 28 4d 01 51 f3 5d 66 a2 65 f1 86 ee 5e 5e 5e 50 a9 04 a7 ed c7 44 19 a3 f2 b3 af 1f 98 4b ca de 22 b4 81 5f 1c 7c 05 c1 e3 3d fa af 65 19 e0 ab bf fb c7 60 d1 8b 0c 7d a2 23 a7 26 83 88 7e b2 3c 46 05 a1 94 cb 5d 84 16 4b 96 fb bf 30 46 5f 43 ab fe 2b ce 18 a1 0e ab 50 25 37 5c c9 48 33 41 0c 3f b0 13 e2 5c ac 42 b3 c3 03 ba bc 47 b2 37 d3
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 12 Apr 2013 13:27:00 GMTAccept-Ranges: bytesETag: "06a76698137ce1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:56 GMTContent-Length: 1058Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 56 6d 6f dc 36 0c fe 9e 5f c1 c1 e8 5e b2 fa e2 4b 9a 2e bd 7c 5b 5e 80 6c dd a7 7e 1c 86 42 67 d1 b6 76 b2 64 c8 72 ee d2 61 ff 7d 94 6c 39 f2 9d b3 a4 48 5b 18 49 28 8a 7c 48 3e a4 78 72 0c 77 8a a3 b2 f0 3d fc d6 b5 56 14 0f 90 4b d6 b6 d8 c2 f1 c9 d1 d1 c2 58 14 5e 61 09 ff 1c 01 fd ab 99 29 85 4a 25 16 76 05 ef b2 66 77 79 f4 6f a4 76 3a a7 76 71 a0 76 36 a7 b6 3c 3d d0 7b 37 ab f7 3e d2 73 a2 41 c9 e2 ce a6 4c 8a 52 ad c0 89 83 8a 11 65 35 a7 e3 e5 41 29 27 6f 68 66 b4 fa 83 a0 f6 f7 90 a4 43 bd e1 c4 2b 8a b5 a8 59 89 9f 23 70 85 d4 cc 46 b8 82 4a 0c 6e d0 19 71 1d 51 79 ae 7e bf e1 c2 6a 03 0d e3 5c a8 12 84 82 bb 1b 57 1c cb d6 12 17 f9 06 3f 63 af 51 08 94 bc c5 60 6d b8 b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 21 Jan 2014 22:01:18 GMTAccept-Ranges: bytesETag: "08b944ff416cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 2357Data Raw: 1f 8b 08 00 00 00 00 00 04 00 94 1a db 8e a3 3a f2 57 58 b5 46 9a 91 62 44 ee 9d a0 6d 1d ad b4 5f b1 3a 0f 0e 38 c1 a7 1d 8c c0 e9 a4 07 f1 ef 5b be 81 01 43 32 13 4d 26 54 95 cb e5 ba bb 98 4c 5c 59 c8 bf 48 c9 f0 37 e2 05 c9 83 30 c7 5f 27 5c a2 33 7d 90 14 09 5e d4 bf 11 cd 53 f2 38 6e a2 a8 51 f4 ff 54 c1 99 12 96 56 44 84 09 67 0c 17 15 49 eb 8c d0 4b 26 8e f8 26 78 4b 46 f3 e2 26 c2 33 2f af 48 c2 13 7e 2d 18 11 a4 3e e1 e4 f3 52 f2 5b 9e 22 7a c5 17 72 cc 79 4e 9a 13 4f bf eb 82 57 54 50 9e 1f 4b c2 b0 a0 5f 1a 1c e2 f4 4a 73 44 1e 05 06 59 52 f3 08 72 0b 9a 60 66 1e f3 bb 95 7e f1 f2 9a aa 5d 53 5f 71 79 01 08 23 67 71 5c ed a2 e2 a1 77 36 fa a0 95 a3 92 02 a7 29 cd 2f f2 f7 71 b7 29 1e ff a2 d7 82 97 02 e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 30 Nov 2018 18:16:43 GMTAccept-Ranges: bytesETag: "8037abd8d888d41:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 7461Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 3d 6b 8f e3 36 92 9f 13 20 ff 41 d7 83 45 32 59 cb 23 3f bb a7 07 99 dd 1c 70 8f 2f 87 3b dc 7d dc ec 05 b2 25 db da 91 2d 43 92 fb 91 b9 fd ef c7 37 ab c8 22 25 77 27 b7 73 c0 ce 60 92 6e 89 2c 92 c5 62 bd 59 fa 63 75 3c 37 6d 9f 5c da fa bb 43 df 9f ef df bd db 35 a7 be 9b ee 9b 66 5f 97 f9 b9 ea a6 db e6 f8 6e db 75 7f d8 e5 c7 aa 7e fe e1 df f8 fb b2 6d f3 fe 7e 99 65 93 db 2c 7b fb e1 9b af 5f 00 e8 df cf e5 e9 f7 ff 95 9f 3a 0d 67 b2 96 b0 0e fd b1 9e 24 9b a6 78 66 ff bd f4 7d 73 9a 24 45 f5 30 49 ba 73 ce 7e 3c cc d8 bf 39 fb b7 60 ff 96 13 d6 7e c5 7e 58 4f 92 f3 24 c9 27 49 79 9c 24 d5 71 cf 5a f7 6d 73 62 ff 6f 18 b0 4b cd da d5 d5 24 e9 f3 4d 5d b2 ff b5 ec df 81 fd 2b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 30 Nov 2018 18:36:05 GMTAccept-Ranges: bytesETag: "8058468ddb88d41:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 9007Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 3d ed 8e dc 36 92 bf 37 40 de 41 37 c6 c2 f1 ec a8 a7 3f 67 ba 27 d8 e0 7c c9 6c 62 c0 1f 39 c7 f7 b1 d8 bd 5b b0 5b ea 6e 25 ea 56 9f a4 1e 7b 12 04 b8 67 b9 47 bb 27 39 7e 88 54 15 59 a4 d4 9e 49 76 17 38 1b 89 67 24 aa 58 2c 16 ab 8a c5 aa e2 e5 79 f4 f5 cb 37 ff f4 fc e5 77 d1 f9 e5 a7 9f 2c 8b e4 3e fa e9 d3 4f 22 fe 67 55 e4 45 79 13 3d 99 8d c5 df cf 3f fd e4 e7 4f 3f f9 f4 13 76 11 b1 9b 6d 71 97 96 76 bb ab f9 64 74 35 31 ed 6e ee b2 2a ab d3 c4 6e 36 9d 4e db 36 08 50 bc ab e2 75 96 d7 29 6f 76 76 28 8b 4d 96 dc 7c f5 ef 2f 76 6c 93 be 2b d9 be 5a 17 e5 6e f0 2a 5b 95 45 55 ac eb c1 f3 fc b0 65 9f bd 39 b0 55 56 df ff 7e 3e 7c 76 f6 b9 82 a3 61 30 d9 a0 68 1b 7c ae fb 29
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Wed, 26 Mar 2014 03:09:38 GMTAccept-Ranges: bytesETag: "0c576d2a048cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 33226Data Raw: 1f 8b 08 00 00 00 00 00 04 00 c4 bd e9 7e db 46 b6 2f fa fd 3c 85 88 78 cb 80 59 a2 24 a7 b3 cf 6e 50 30 af e3 24 9d f4 ce d4 b1 3b 49 6f 8a ce 0f 13 41 70 16 49 59 76 44 ee 67 b9 cf 72 9f ec ae ff 5a 55 85 02 08 29 ee 3e f7 dc 93 6e 8b 18 0a 35 ae 5a 53 ad e1 fc 59 e7 64 fa b7 db 7c f3 e1 e4 dd 65 ef 7f f6 2e 4f a6 37 b8 eb a5 ab c5 c9 de dc ac 36 c5 f9 bc 4c f3 e5 36 3f 79 76 fe 3f fc f1 ed 32 dd 95 ab a5 1f ab 24 b8 37 77 27 e9 07 3f 0e ee 37 f9 ee 76 b3 3c 19 f7 ca ed 2f e5 32 5b dd d1 c3 41 1c c6 bd e5 2a cb df 7c 58 e7 51 14 fd 79 10 f7 b2 7c 1c df ce 77 3f 97 f9 dd 7e 1f f7 d6 f1 26 5f ee e4 8b b0 73 79 a8 6a 7d 87 5a cb b1 df 49 67 c3 78 14 dc bf 8b 37 27 49 94 f6 92 55 f6 41 65 d1 d8 f7 ae b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 1071Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 56 4d 6f dc 36 10 bd ef af 98 b8 06 a4 b5 d7 52 db a3 0d a3 2d 12 24 30 d0 c2 69 62 a0 87 a2 07 5a 1a ed d2 a1 48 99 a4 76 bb 08 fc df 3b 43 8a fa 88 e1 14 28 da 5b 0d 63 b1 92 38 6f de cc bc 37 da 55 79 76 b6 82 33 78 f8 b5 47 7b 84 5b 5d 21 bc 57 fd 56 6a d8 7f 57 7c cf 8f 76 de 77 97 65 d9 85 bb ae 78 78 e4 93 45 65 da b2 b3 e6 01 2b 5f 1a 8a a2 93 7c f8 4d 2f 14 28 59 a1 76 58 43 af 6b b4 e0 77 08 bf dc dc 81 d0 35 bc 7b ff 73 7a ec 2e 39 00 12 fe e1 70 28 4c 47 0f 4c 6f 2b 2c 8c dd 96 e9 60 d9 4a 7f 31 5c 14 dd ae 7b 16 b7 d5 fd 32 60 db a9 62 e7 5b 45 27 cb d5 2a 6f 7a 5d 79 69 34 e4 a7 6b f8 bc 02 d8 0b 0b 95 a8 88 d8 35 7c 7e da 40 df cb 9a be 7e 7b b5 a2 87 a1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 5745Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc 3b 6b 73 db c6 b5 df fd 2b 36 8c 13 80 16 05 5a b9 ed 6d 2b 59 6e 14 5b 6e 9c 89 13 5f 4b 9e b4 e3 a8 99 25 b0 22 d7 06 b1 2c 16 90 c4 38 fe ef f7 3c f6 05 92 52 ec b9 b7 5f 9a 99 c8 24 b0 7b f6 bc 5f 7b 78 ef 4a b6 e2 69 db af 64 2d 8e fd 87 df 7e 13 ef 45 66 55 d7 e9 66 6e b3 43 f1 fe c3 44 64 33 b5 90 57 da b4 e1 41 6d 4a 59 2b fa 26 3e 1c dd bb 37 9d 8a 93 ba 36 d7 c2 74 0b d5 8a ef e4 95 3c 2b 5b bd ea 44 ad 67 ad 6c b5 b2 a2 33 a2 b7 4a dc 2f ee bd fd 9f 5e b5 eb a2 31 4f 4c 73 59 eb b2 cb c7 00 23 bf ec 9b b2 d3 a6 11 f9 fd b1 78 0f 40 1f 3c b8 27 1e 88 1f af 54 db ea 4a 09 b7 ed b2 29 74 a3 3b 84 37 ef 65 5b 09 39 97 ba b1 9d f8 fb d9 99 90 5d 27 cb 77 b6 80 8d
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Wed, 24 Sep 2014 22:33:34 GMTAccept-Ranges: bytesETag: "033259347d8cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 1756Data Raw: 1f 8b 08 00 00 00 00 00 04 00 9c 57 6d 6f 1b c7 11 fe 2b 1b a2 85 25 40 a1 ed f8 43 51 05 01 ac 58 72 0d 25 96 55 53 49 fb c1 5f f6 ee 86 e4 d6 cb dd cb be 50 a5 0d ff f7 3e 33 b3 47 52 b1 1b 03 01 04 f1 6e 66 f6 d9 79 9f b9 cb 54 47 eb e7 3e f6 d6 93 f9 c1 7c 34 8f 46 5f 93 f5 2f 63 da 54 6f 1f 9d 9b 65 0d 7d 71 31 98 93 bf 84 53 08 24 2a 35 05 73 53 37 1d a5 13 10 bf f9 e1 e9 e9 e9 f7 e6 d3 99 79 94 4b 72 61 95 71 ea e3 6c 76 fe 71 76 11 cc c5 f5 c5 bf cd ab bb bb 5b 43 29 c5 64 62 df d7 94 68 98 cf ce 67 af 6a 17 4d 0d 8d 23 42 2c 3e 9f 9d cd e4 e5 2d e5 ea 8b 79 11 07 3a 37 df e4 62 4b cd 38 f6 e2 5d 7d f2 64 f9 6c 70 ab 68 06 6a 52 76 88 82 70 10 3c 7b 78 7d a2 df 2a e5 62 0a a5 8d 0b b6 d0 60 6c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Tue, 04 Nov 2014 22:22:50 GMTAccept-Ranges: bytesETag: "0593ade7df8cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 2165Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc 59 eb 8e db b8 15 fe 5f a0 ef c0 66 81 48 4e 2d 79 06 bb cd 0f a7 13 60 33 e9 16 0b 64 b1 97 2c 5a 14 41 50 d0 d2 b1 cd 0c 4d 6a 49 6a 3c 4e 77 9e aa 8f d0 17 eb 21 29 c9 92 4c c9 97 69 d7 3f 06 1a e9 5c bf 73 a5 b4 2c 45 66 98 14 44 af e5 f6 3b 5a c4 9c 9a bf 70 d8 4c 09 97 c2 5f 18 aa 56 60 26 e4 5f bf ff 1d c1 df 3d 55 04 89 1c c1 94 c8 c2 72 eb 29 d9 d0 c2 fe 51 77 a0 5e 79 42 24 22 37 a4 a0 4a c3 37 5c 52 53 8b 4e 0d 3c 98 78 32 a9 c9 50 79 97 cc 2b 6e 91 79 c2 4a 15 12 57 96 d8 df 67 29 37 73 72 fd e5 74 7f 2b 03 61 40 cd 89 80 2d 59 49 b9 e2 90 a2 71 3a 7d 47 cd 3b b1 8a 6b db 27 2d 16 7c fe f3 ae 80 5b 29 8c 92 7c 4e 96 94 6b 68 3d d7 46 01 98 bf 31 d8 0e 92 c8
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Tue, 21 Jan 2014 22:01:20 GMTAccept-Ranges: bytesETag: "0b8c550f416cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:57 GMTContent-Length: 1516Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 58 5f 6f db 36 10 7f cf a7 b8 b9 41 25 a5 b2 ec 02 7b 4a ea 62 e9 da 61 1d 86 ad 6b f3 16 e4 81 96 68 8b ad 4c 0a 24 ed a6 7f f2 dd 77 a4 28 5a a2 e4 24 6d 91 01 cb 43 2c 1d ef 8e f7 e7 c7 bb a3 66 27 27 47 70 02 bf ac 58 45 cd c3 52 08 ad b4 24 75 f6 5e e1 bb 21 bd 91 62 c7 0a aa 60 4d 39 95 a4 02 ca 4b c2 73 ba a1 5c 2b 20 bc 80 15 bb c6 65 2d e0 45 2b 1d 29 f8 e3 1d 18 a5 2a 43 1d b3 a3 a3 1d 91 f0 52 6e 6b 94 5f b4 0f 5f bf c2 97 9b b3 a3 a3 78 b5 e5 b9 66 82 c7 c7 a9 5b 4b be 1c 01 4c b6 8a 02 ea 63 b9 9e 20 1b b8 b5 6c 49 4b b2 63 42 aa cc 9b 8b 4a 8d 04 00 d1 9a e4 e5 29 78 95 b9 e0 9a 5e eb c4 ad 03 cc 66 ad 4b a0 c4 86 ee 8d 06 4d 96 33 67 1a 43 a1 b5 24 46 43
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1886Data Raw: 1f 8b 08 00 00 00 00 00 04 00 9c 58 e9 72 dc 36 12 fe af a7 40 ec 72 95 a4 88 9c b1 36 56 2a a3 3f 71 ae 4d b6 76 ab 72 38 0f 00 92 4d 12 1e 90 60 00 50 33 e3 94 de 7d bb 71 f0 1a ca b6 52 a5 19 0d 81 46 1f 5f 9f e0 c5 e6 fa fa 82 5d b3 6f 4b 21 81 7e fc 1b 5a d0 22 67 b6 86 06 12 d1 16 d0 01 7e b5 96 65 dc 00 33 f6 24 c1 a4 48 b9 b9 88 67 df f6 56 e5 aa e9 24 58 a0 1d c7 cf 00 30 3e dd 78 6f dc a1 cd 35 fb a3 af 2a 30 56 a8 96 49 61 2c ad be 9c 92 b2 bf 2f 18 cb 94 2e 40 ef d8 eb ee c8 8c 92 a2 b8 c7 45 f5 00 ba 94 ea b0 63 b5 28 50 29 5a eb 94 11 c4 6b c7 78 86 84 bd 05 5a fd e0 54 3f e2 f9 ed f6 fe e2 71 21 a0 97 4e 06 49 4f 9c 45 3b d6 aa d6 1d 1c d7 12 d1 f0 6a b2 d3 70 5d 09 14 b3 75 52 79 51 88 b6 72 4f 4b e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 29 Jul 2014 20:58:56 GMTAccept-Ranges: bytesETag: "0683fe96fabcf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1152Data Raw: 1f 8b 08 00 00 00 00 00 04 00 94 97 5d 6f db 36 17 c7 ef f3 29 0e 90 67 cb b3 20 72 9c 76 c9 12 07 1b 56 b7 ce d5 76 33 14 bb 19 86 82 16 8f 2d 22 14 a9 91 54 6c b7 c8 77 df e1 8b 64 59 96 1d 0f 05 0a 8b 2f 7f 9e d7 1f 99 eb cb cb 33 b8 84 5f 17 42 a2 ff f1 3b 13 0a ac db 48 b4 05 a2 83 85 36 f0 89 39 84 52 f3 5a e2 88 d6 5c 9f 9d 5d 5f c2 93 36 39 d2 4a 66 dc 35 2a 0e 9c 16 59 70 1a 16 52 33 07 b5 15 6a 09 42 49 a1 30 9b 4b 9d 3f 5f c1 aa 40 83 20 1c ac b4 79 b6 57 a0 1d 0d ac 84 c5 b4 6e e4 b5 47 b9 56 8e 8c 40 93 a5 dd 5e 19 be 9d 01 e4 12 99 99 c0 9c f6 3d 9e bd 1e 5a 39 22 93 cb 4c 38 2c c3 a6 60 ce 04 94 56 f8 48 9f 25 33 4b a1 26 30 f6 1f 15 e3 9c cc 0c 5f 07 f5 7e e9 2b 72 61 2b c9 36 93 1d ef b6 da 99 11 c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 29 Jul 2014 20:58:56 GMTAccept-Ranges: bytesETag: "0683fe96fabcf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 907Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b4 56 4d 6f a3 3c 10 be f3 2b 2c 55 7b a9 ea 94 26 4d b7 81 eb 7b dc d3 6a b5 77 83 9d 60 c5 d8 c8 98 a4 1f ea 7f df b1 0d 04 08 24 a4 d2 9b 43 04 c6 f3 cc 33 1f cf d8 77 15 c7 94 18 56 f0 74 cf 34 a6 fc 80 3e 83 ad 92 06 97 fc 83 45 e8 29 0c 7f c4 7e 61 4b 72 2e de 23 f4 97 69 4a 24 79 40 25 91 25 2e 99 e6 db 38 48 48 ba df 69 55 49 1a a1 3b c6 18 ac 28 4d 01 51 f3 5d 66 a2 65 f1 86 ee 5e 5e 5e 50 a9 04 a7 ed c7 44 19 a3 f2 b3 af 1f 98 4b ca de 22 b4 81 5f 1c 7c 05 c1 e3 3d fa af 65 19 e0 ab bf fb c7 60 d1 8b 0c 7d a2 23 a7 26 83 88 7e b2 3c 46 05 a1 94 cb 5d 84 16 4b 96 fb bf 30 46 5f 43 ab fe 2b ce 18 a1 0e ab 50 25 37 5c c9 48 33 41 0c 3f b0 13 e2 5c ac 42 b3 c3 03 ba bc 47 b2 37 d3
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 12 Apr 2013 13:27:00 GMTAccept-Ranges: bytesETag: "06a76698137ce1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1058Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ac 56 6d 6f dc 36 0c fe 9e 5f c1 c1 e8 5e b2 fa e2 4b 9a 2e bd 7c 5b 5e 80 6c dd a7 7e 1c 86 42 67 d1 b6 76 b2 64 c8 72 ee d2 61 ff 7d 94 6c 39 f2 9d b3 a4 48 5b 18 49 28 8a 7c 48 3e a4 78 72 0c 77 8a a3 b2 f0 3d fc d6 b5 56 14 0f 90 4b d6 b6 d8 c2 f1 c9 d1 d1 c2 58 14 5e 61 09 ff 1c 01 fd ab 99 29 85 4a 25 16 76 05 ef b2 66 77 79 f4 6f a4 76 3a a7 76 71 a0 76 36 a7 b6 3c 3d d0 7b 37 ab f7 3e d2 73 a2 41 c9 e2 ce a6 4c 8a 52 ad c0 89 83 8a 11 65 35 a7 e3 e5 41 29 27 6f 68 66 b4 fa 83 a0 f6 f7 90 a4 43 bd e1 c4 2b 8a b5 a8 59 89 9f 23 70 85 d4 cc 46 b8 82 4a 0c 6e d0 19 71 1d 51 79 ae 7e bf e1 c2 6a 03 0d e3 5c a8 12 84 82 bb 1b 57 1c cb d6 12 17 f9 06 3f 63 af 51 08 94 bc c5 60 6d b8 b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Tue, 21 Jan 2014 22:01:18 GMTAccept-Ranges: bytesETag: "08b944ff416cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 2357Data Raw: 1f 8b 08 00 00 00 00 00 04 00 94 1a db 8e a3 3a f2 57 58 b5 46 9a 91 62 44 ee 9d a0 6d 1d ad b4 5f b1 3a 0f 0e 38 c1 a7 1d 8c c0 e9 a4 07 f1 ef 5b be 81 01 43 32 13 4d 26 54 95 cb e5 ba bb 98 4c 5c 59 c8 bf 48 c9 f0 37 e2 05 c9 83 30 c7 5f 27 5c a2 33 7d 90 14 09 5e d4 bf 11 cd 53 f2 38 6e a2 a8 51 f4 ff 54 c1 99 12 96 56 44 84 09 67 0c 17 15 49 eb 8c d0 4b 26 8e f8 26 78 4b 46 f3 e2 26 c2 33 2f af 48 c2 13 7e 2d 18 11 a4 3e e1 e4 f3 52 f2 5b 9e 22 7a c5 17 72 cc 79 4e 9a 13 4f bf eb 82 57 54 50 9e 1f 4b c2 b0 a0 5f 1a 1c e2 f4 4a 73 44 1e 05 06 59 52 f3 08 72 0b 9a 60 66 1e f3 bb 95 7e f1 f2 9a aa 5d 53 5f 71 79 01 08 23 67 71 5c ed a2 e2 a1 77 36 fa a0 95 a3 92 02 a7 29 cd 2f f2 f7 71 b7 29 1e ff a2 d7 82 97 02 e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 30 Nov 2018 18:16:43 GMTAccept-Ranges: bytesETag: "8037abd8d888d41:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 7461Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 3d 6b 8f e3 36 92 9f 13 20 ff 41 d7 83 45 32 59 cb 23 3f bb a7 07 99 dd 1c 70 8f 2f 87 3b dc 7d dc ec 05 b2 25 db da 91 2d 43 92 fb 91 b9 fd ef c7 37 ab c8 22 25 77 27 b7 73 c0 ce 60 92 6e 89 2c 92 c5 62 bd 59 fa 63 75 3c 37 6d 9f 5c da fa bb 43 df 9f ef df bd db 35 a7 be 9b ee 9b 66 5f 97 f9 b9 ea a6 db e6 f8 6e db 75 7f d8 e5 c7 aa 7e fe e1 df f8 fb b2 6d f3 fe 7e 99 65 93 db 2c 7b fb e1 9b af 5f 00 e8 df cf e5 e9 f7 ff 95 9f 3a 0d 67 b2 96 b0 0e fd b1 9e 24 9b a6 78 66 ff bd f4 7d 73 9a 24 45 f5 30 49 ba 73 ce 7e 3c cc d8 bf 39 fb b7 60 ff 96 13 d6 7e c5 7e 58 4f 92 f3 24 c9 27 49 79 9c 24 d5 71 cf 5a f7 6d 73 62 ff 6f 18 b0 4b cd da d5 d5 24 e9 f3 4d 5d b2 ff b5 ec df 81 fd 2b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: text/cssContent-Encoding: gzipLast-Modified: Fri, 30 Nov 2018 18:36:05 GMTAccept-Ranges: bytesETag: "8058468ddb88d41:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 9007Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 3d ed 8e dc 36 92 bf 37 40 de 41 37 c6 c2 f1 ec a8 a7 3f 67 ba 27 d8 e0 7c c9 6c 62 c0 1f 39 c7 f7 b1 d8 bd 5b b0 5b ea 6e 25 ea 56 9f a4 1e 7b 12 04 b8 67 b9 47 bb 27 39 7e 88 54 15 59 a4 d4 9e 49 76 17 38 1b 89 67 24 aa 58 2c 16 ab 8a c5 aa e2 e5 79 f4 f5 cb 37 ff f4 fc e5 77 d1 f9 e5 a7 9f 2c 8b e4 3e fa e9 d3 4f 22 fe 67 55 e4 45 79 13 3d 99 8d c5 df cf 3f fd e4 e7 4f 3f f9 f4 13 76 11 b1 9b 6d 71 97 96 76 bb ab f9 64 74 35 31 ed 6e ee b2 2a ab d3 c4 6e 36 9d 4e db 36 08 50 bc ab e2 75 96 d7 29 6f 76 76 28 8b 4d 96 dc 7c f5 ef 2f 76 6c 93 be 2b d9 be 5a 17 e5 6e f0 2a 5b 95 45 55 ac eb c1 f3 fc b0 65 9f bd 39 b0 55 56 df ff 7e 3e 7c 76 f6 b9 82 a3 61 30 d9 a0 68 1b 7c ae fb 29
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Wed, 26 Mar 2014 03:09:38 GMTAccept-Ranges: bytesETag: "0c576d2a048cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 33226Data Raw: 1f 8b 08 00 00 00 00 00 04 00 c4 bd e9 7e db 46 b6 2f fa fd 3c 85 88 78 cb 80 59 a2 24 a7 b3 cf 6e 50 30 af e3 24 9d f4 ce d4 b1 3b 49 6f 8a ce 0f 13 41 70 16 49 59 76 44 ee 67 b9 cf 72 9f ec ae ff 5a 55 85 02 08 29 ee 3e f7 dc 93 6e 8b 18 0a 35 ae 5a 53 ad e1 fc 59 e7 64 fa b7 db 7c f3 e1 e4 dd 65 ef 7f f6 2e 4f a6 37 b8 eb a5 ab c5 c9 de dc ac 36 c5 f9 bc 4c f3 e5 36 3f 79 76 fe 3f fc f1 ed 32 dd 95 ab a5 1f ab 24 b8 37 77 27 e9 07 3f 0e ee 37 f9 ee 76 b3 3c 19 f7 ca ed 2f e5 32 5b dd d1 c3 41 1c c6 bd e5 2a cb df 7c 58 e7 51 14 fd 79 10 f7 b2 7c 1c df ce 77 3f 97 f9 dd 7e 1f f7 d6 f1 26 5f ee e4 8b b0 73 79 a8 6a 7d 87 5a cb b1 df 49 67 c3 78 14 dc bf 8b 37 27 49 94 f6 92 55 f6 41 65 d1 d8 f7 ae b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1071Data Raw: 1f 8b 08 00 00 00 00 00 04 00 ec 56 4d 6f dc 36 10 bd ef af 98 b8 06 a4 b5 d7 52 db a3 0d a3 2d 12 24 30 d0 c2 69 62 a0 87 a2 07 5a 1a ed d2 a1 48 99 a4 76 bb 08 fc df 3b 43 8a fa 88 e1 14 28 da 5b 0d 63 b1 92 38 6f de cc bc 37 da 55 79 76 b6 82 33 78 f8 b5 47 7b 84 5b 5d 21 bc 57 fd 56 6a d8 7f 57 7c cf 8f 76 de 77 97 65 d9 85 bb ae 78 78 e4 93 45 65 da b2 b3 e6 01 2b 5f 1a 8a a2 93 7c f8 4d 2f 14 28 59 a1 76 58 43 af 6b b4 e0 77 08 bf dc dc 81 d0 35 bc 7b ff 73 7a ec 2e 39 00 12 fe e1 70 28 4c 47 0f 4c 6f 2b 2c 8c dd 96 e9 60 d9 4a 7f 31 5c 14 dd ae 7b 16 b7 d5 fd 32 60 db a9 62 e7 5b 45 27 cb d5 2a 6f 7a 5d 79 69 34 e4 a7 6b f8 bc 02 d8 0b 0b 95 a8 88 d8 35 7c 7e da 40 df cb 9a be 7e 7b b5 a2 87 a1
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Thu, 16 Jun 2016 00:05:32 GMTAccept-Ranges: bytesETag: "0ae5fcc62c7d11:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 5745Data Raw: 1f 8b 08 00 00 00 00 00 04 00 dc 3b 6b 73 db c6 b5 df fd 2b 36 8c 13 80 16 05 5a b9 ed 6d 2b 59 6e 14 5b 6e 9c 89 13 5f 4b 9e b4 e3 a8 99 25 b0 22 d7 06 b1 2c 16 90 c4 38 fe ef f7 3c f6 05 92 52 ec b9 b7 5f 9a 99 c8 24 b0 7b f6 bc 5f 7b 78 ef 4a b6 e2 69 db af 64 2d 8e fd 87 df 7e 13 ef 45 66 55 d7 e9 66 6e b3 43 f1 fe c3 44 64 33 b5 90 57 da b4 e1 41 6d 4a 59 2b fa 26 3e 1c dd bb 37 9d 8a 93 ba 36 d7 c2 74 0b d5 8a ef e4 95 3c 2b 5b bd ea 44 ad 67 ad 6c b5 b2 a2 33 a2 b7 4a dc 2f ee bd fd 9f 5e b5 eb a2 31 4f 4c 73 59 eb b2 cb c7 00 23 bf ec 9b b2 d3 a6 11 f9 fd b1 78 0f 40 1f 3c b8 27 1e 88 1f af 54 db ea 4a 09 b7 ed b2 29 74 a3 3b 84 37 ef 65 5b 09 39 97 ba b1 9d f8 fb d9 99 90 5d 27 cb 77 b6 80 8d
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Wed, 24 Sep 2014 22:33:34 GMTAccept-Ranges: bytesETag: "033259347d8cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1756Data Raw: 1f 8b 08 00 00 00 00 00 04 00 9c 57 6d 6f 1b c7 11 fe 2b 1b a2 85 25 40 a1 ed f8 43 51 05 01 ac 58 72 0d 25 96 55 53 49 fb c1 5f f6 ee 86 e4 d6 cb dd cb be 50 a5 0d ff f7 3e 33 b3 47 52 b1 1b 03 01 04 f1 6e 66 f6 d9 79 9f b9 cb 54 47 eb e7 3e f6 d6 93 f9 c1 7c 34 8f 46 5f 93 f5 2f 63 da 54 6f 1f 9d 9b 65 0d 7d 71 31 98 93 bf 84 53 08 24 2a 35 05 73 53 37 1d a5 13 10 bf f9 e1 e9 e9 e9 f7 e6 d3 99 79 94 4b 72 61 95 71 ea e3 6c 76 fe 71 76 11 cc c5 f5 c5 bf cd ab bb bb 5b 43 29 c5 64 62 df d7 94 68 98 cf ce 67 af 6a 17 4d 0d 8d 23 42 2c 3e 9f 9d cd e4 e5 2d e5 ea 8b 79 11 07 3a 37 df e4 62 4b cd 38 f6 e2 5d 7d f2 64 f9 6c 70 ab 68 06 6a 52 76 88 82 70 10 3c 7b 78 7d a2 df 2a e5 62 0a a5 8d 0b b6 d0 60 6c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Tue, 04 Nov 2014 22:22:50 GMTAccept-Ranges: bytesETag: "0593ade7df8cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 2165Data Raw: 1f 8b 08 00 00 00 00 00 04 00 bc 59 eb 8e db b8 15 fe 5f a0 ef c0 66 81 48 4e 2d 79 06 bb cd 0f a7 13 60 33 e9 16 0b 64 b1 97 2c 5a 14 41 50 d0 d2 b1 cd 0c 4d 6a 49 6a 3c 4e 77 9e aa 8f d0 17 eb 21 29 c9 92 4c c9 97 69 d7 3f 06 1a e9 5c bf 73 a5 b4 2c 45 66 98 14 44 af e5 f6 3b 5a c4 9c 9a bf 70 d8 4c 09 97 c2 5f 18 aa 56 60 26 e4 5f bf ff 1d c1 df 3d 55 04 89 1c c1 94 c8 c2 72 eb 29 d9 d0 c2 fe 51 77 a0 5e 79 42 24 22 37 a4 a0 4a c3 37 5c 52 53 8b 4e 0d 3c 98 78 32 a9 c9 50 79 97 cc 2b 6e 91 79 c2 4a 15 12 57 96 d8 df 67 29 37 73 72 fd e5 74 7f 2b 03 61 40 cd 89 80 2d 59 49 b9 e2 90 a2 71 3a 7d 47 cd 3b b1 8a 6b db 27 2d 16 7c fe f3 ae 80 5b 29 8c 92 7c 4e 96 94 6b 68 3d d7 46 01 98 bf 31 d8 0e 92 c8
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKContent-Type: application/javascriptContent-Encoding: gzipLast-Modified: Tue, 21 Jan 2014 22:01:20 GMTAccept-Ranges: bytesETag: "0b8c550f416cf1:0"Vary: Accept-EncodingServer: Microsoft-IIS/8.0X-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:44:41 GMTContent-Length: 1516Data Raw: 1f 8b 08 00 00 00 00 00 04 00 d4 58 5f 6f db 36 10 7f cf a7 b8 b9 41 25 a5 b2 ec 02 7b 4a ea 62 e9 da 61 1d 86 ad 6b f3 16 e4 81 96 68 8b ad 4c 0a 24 ed a6 7f f2 dd 77 a4 28 5a a2 e4 24 6d 91 01 cb 43 2c 1d ef 8e f7 e7 c7 bb a3 66 27 27 47 70 02 bf ac 58 45 cd c3 52 08 ad b4 24 75 f6 5e e1 bb 21 bd 91 62 c7 0a aa 60 4d 39 95 a4 02 ca 4b c2 73 ba a1 5c 2b 20 bc 80 15 bb c6 65 2d e0 45 2b 1d 29 f8 e3 1d 18 a5 2a 43 1d b3 a3 a3 1d 91 f0 52 6e 6b 94 5f b4 0f 5f bf c2 97 9b b3 a3 a3 78 b5 e5 b9 66 82 c7 c7 a9 5b 4b be 1c 01 4c b6 8a 02 ea 63 b9 9e 20 1b b8 b5 6c 49 4b b2 63 42 aa cc 9b 8b 4a 8d 04 00 d1 9a e4 e5 29 78 95 b9 e0 9a 5e eb c4 ad 03 cc 66 ad 4b a0 c4 86 ee 8d 06 4d 96 33 67 1a 43 a1 b5 24 46 43
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET /publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /modules/system/system.base.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/date/date_api/date.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/date/date_popup/themes/datepicker.1.7.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/views/css/views.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /modules/field/theme/field.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/ckeditor/ckeditor.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/ctools/css/ctools.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/panels/css/panels.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap/css/overrides.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/css/main.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/css/fixes.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-1_2_0.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/jquery_update/replace/jquery/1.7/jquery.min.js?v=1.7.1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /misc/jquery.once.js?v=1.2 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /misc/drupal.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/languages/es_J9Y8YzyEdl4HhXEmGeumOe380LdmA-nqBGM0YeJ1KvY.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/js/client.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap/js/bootstrap.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/capture_7.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-ivu-loto.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/FB-Logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-ogp.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-pr-gov.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-bgf.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-fortaleza.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/btn-header-hacienda-virtual.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/icon-info.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/nav-sep.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/fonts/icomoon.eot? HTTP/1.1Accept: */*Referer: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://www.hacienda.gobierno.prAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/modules/flexslider/assets/css/flexslider_img.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/libraries/flexslider/flexslider.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/homepage_slider/public/slideshow/suri-web_banner-servicios-01_2.jpg?itok=jLC1Ofel HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/styles/homepage_slider/public/slideshow/web-banner-beneficio-retencion-3.jpg?itok=iNqm69y8 HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo_hv.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/libraries/flexslider/jquery.flexslider-min.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/modules/flexslider/assets/js/flexslider.load.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sobre-hacienda/hacienda-virtual HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/webbanner_suri_1.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-colecturia_virtual-fullcolor.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/boton_colecturia_virtual_0.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/boton_colecturia_virtual_0.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /contactenos HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/contactenosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/contactenosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sistema-de-servicio-y-atencion-al-contribuyente-hacienda-responde HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/modules/field_collection/field_collection.theme.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-respondeAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/comunicaciones/haciendaresponde.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-respondeAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-respondeAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-respondeAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /individuos HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/individuos/img/invididuo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/individuosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/individuosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/individuosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sobre-hacienda/hacienda-virtual HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /modules/system/system.base.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/date/date_api/date.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/date/date_popup/themes/datepicker.1.7.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /modules/field/theme/field.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/views/css/views.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/ckeditor/ckeditor.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/ctools/css/ctools.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/panels/css/panels.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap/css/overrides.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/css/main.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/css/fixes.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-1_2_0.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/modules/jquery_update/replace/jquery/1.7/jquery.min.js?v=1.7.1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /misc/jquery.once.js?v=1.2 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /misc/drupal.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/languages/es_J9Y8YzyEdl4HhXEmGeumOe380LdmA-nqBGM0YeJ1KvY.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/js/client.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap/js/bootstrap.js?pfh47y HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/webbanner_suri_1.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-colecturia_virtual-fullcolor.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/nav-sep.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/icon-info.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/images/btn-header-hacienda-virtual.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/boton_colecturia_virtual_0.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-ivu-loto.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-twitter.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/FB-Logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-ogp.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-pr-gov.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-bgf.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/logo-fortaleza.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /sites/default/files/favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/themes/bootstrap_hacienda/fonts/icomoon.eot? HTTP/1.1Accept: */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoOrigin: http://www.hacienda.pr.govAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sobre-hacienda/servicios-al-contribuyente HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/all/modules/field_collection/field_collection.theme.css?pfh47y HTTP/1.1Accept: text/css, */*Referer: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyenteAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyenteAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyenteAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /pagos HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/pagosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/pagosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /individuos/contribucion-sobre-ingresos HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.gobierno.pr/individuos/contribucion-sobre-ingresosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.gobierno.prConnection: Keep-AliveCookie: _ga=GA1.2.1012135752.1544172244; _gid=GA1.2.721500859.1544172244; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.gobierno.pr/individuos/contribucion-sobre-ingresosAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/que-pasa-si-no-cumplo-con-mi-responsabilidad-contributivaAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/que-pasa-si-no-cumplo-con-mi-responsabilidad-contributivaAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /apelaciones HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /sites/default/files/ogo%20Loterias-de-Puerto-Rico-1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://www.hacienda.pr.gov/apelacionesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: www.hacienda.pr.govConnection: Keep-AliveCookie: _ga=GA1.2.640699908.1544172286; _gid=GA1.2.380121132.1544172286; _gat=1; has_js=1
Source: global trafficHTTP traffic detected: GET /pages/scripts/0026/1577.js?428936 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://www.hacienda.pr.gov/apelacionesAccept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: dnn506yrbagrg.cloudfront.netIf-Modified-Since: Wed, 14 Nov 2018 15:03:20 GMTIf-None-Match: "58657101825065d131e9039e820e3850"Connection: Keep-Alive
Found strings which match to known social media urlsShow sources
Source: contactenos[1].htm.2.drString found in binary or memory: <li class="bigger"><a href="https://twitter.com/DptoHacienda/"><img alt="Twitter" src="/sites/default/files/logo-twitter.png"></a></li> equals www.twitter.com (Twitter)
Source: contactenos[1].htm.2.drString found in binary or memory: <li class="bigger"><a href="https://www.facebook.com/dptohacienda/?fref=ts/"><img alt="facebook" src="/sites/default/files/FB-Logo.png"></a></li> equals www.facebook.com (Facebook)
Source: bootstrap.min[1].js.2.drString found in binary or memory: * Copyright 2013 Twitter, Inc. equals www.twitter.com (Twitter)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x148df146,0x01d48e09</date><accdate>0x148df146,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0x148df146,0x01d48e09</date><accdate>0x1490564a,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x149d5407,0x01d48e09</date><accdate>0x149d5407,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0x149d5407,0x01d48e09</date><accdate>0x149d5407,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x14a211df,0x01d48e09</date><accdate>0x14a211df,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0x14a211df,0x01d48e09</date><accdate>0x14a211df,0x01d48e09</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: www.hacienda.gobierno.pr
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0Content-Type: text/html; charset=utf-8Content-Language: esExpires: Sun, 19 Nov 1978 05:00:00 GMTServer: Microsoft-IIS/8.0X-Powered-By: PHP/5.4.24X-Drupal-Cache: MISSX-Content-Type-Options: nosniffX-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:59 GMTContent-Length: 336Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 2b 52 44 46 61 20 31 2e 30 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 4d 61 72 6b 55 70 2f 44 54 44 2f 78 68 74 6d 6c 2d 72 64 66 61 2d 31 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3
Tries to download non-existing http data (HTTP/1.1 404 Not Found)Show sources
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundCache-Control: no-cache, must-revalidate, post-check=0, pre-check=0Content-Type: text/html; charset=utf-8Content-Language: esExpires: Sun, 19 Nov 1978 05:00:00 GMTServer: Microsoft-IIS/8.0X-Powered-By: PHP/5.4.24X-Drupal-Cache: MISSX-Content-Type-Options: nosniffX-Powered-By: ASP.NETDate: Thu, 06 Dec 2018 23:43:59 GMTContent-Length: 336Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 57 33 43 2f 2f 44 54 44 20 58 48 54 4d 4c 2b 52 44 46 61 20 31 2e 30 2f 2f 45 4e 22 20 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 4d 61 72 6b 55 70 2f 44 54 44 2f 78 68 74 6d 6c 2d 72 64 66 61 2d 31 2e 64 74 64 22 3e 3c 68 74 6d 6c 20 78 6d 6c 6e 73 3d 22 68 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 31 39 39 39 2f 78 68 74 6d 6c 22 3e 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3
Urls found in memory or binary dataShow sources
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: http://asycuda.hacienda.pr.gov:8080/awclient/
Source: drupal[1].js.2.drString found in binary or memory: http://bugs.jquery.com/ticket/9521
Source: contactenos[1].htm.2.drString found in binary or memory: http://drupal.org)
Source: main[1].css0.2.drString found in binary or memory: http://fonts.googleapis.com/css?family=Montserrat:400
Source: main[1].css0.2.drString found in binary or memory: http://fonts.googleapis.com/css?family=Open
Source: css[2].css.2.drString found in binary or memory: http://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff)
Source: css[2].css.2.drString found in binary or memory: http://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: css[1].css.2.drString found in binary or memory: http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: http://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css.2.drString found in binary or memory: http://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: contactenos[1].htm.2.drString found in binary or memory: http://fortaleza.pr.gov/
Source: js[1].js2.2.drString found in binary or memory: http://g.co/dev/maps-no-account
Source: onion[1].js.2.drString found in binary or memory: http://maps.google.cn
Source: init_embed[1].js.2.drString found in binary or memory: http://maps.gstatic.cn
Source: onion[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6.png
Source: onion[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/mapcnt6_hdpi.png
Source: controls[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/sv9.png)
Source: controls[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/api-3/images/sv9_hdpi.png)
Source: init_embed[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/embed/images/entity11.png)
Source: init_embed[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/embed/images/entity11_hdpi.png)
Source: onion[1].js.2.drString found in binary or memory: http://maps.gstatic.cn/mapfiles/transparent.png)
Source: contactenos[1].htm.2.drString found in binary or memory: http://ogp.me/ns#
Source: system.base[1].css0.2.drString found in binary or memory: http://perishablepress.com/press/2009/12/06/new-clearfix-hack
Source: jquery.once[1].js0.2.drString found in binary or memory: http://plugins.jquery.com/project/once
Source: contactenos[1].htm.2.drString found in binary or memory: http://rdfs.org/sioc/ns#
Source: contactenos[1].htm.2.drString found in binary or memory: http://rdfs.org/sioc/types#
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: bootstrap.min[1].js.2.drString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: js[1].js2.2.drString found in binary or memory: http://www.broofa.com
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.gdb-pur.com/
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.gdb.pr.gov/
Source: flexslider[1].css.2.drString found in binary or memory: http://www.gnu.org/licenses/gpl-2.0.html
Source: jquery.once[1].js0.2.drString found in binary or memory: http://www.gnu.org/licenses/gpl.html
Source: common[1].js.2.drString found in binary or memory: http://www.google.cn
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: embed[1].htm.2.drString found in binary or memory: http://www.google.com/search?q=Departamento
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacien.gov/apelacioneso-cumplo-con-mi-responsabilidad-contributivaRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacien.gov/pagosacienda/servicios-al-contribuyenteRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacien.gov/que-pasa-si-no-cumplo-con-mi-responsabilidad-contributivaRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacien.gov/sobre-hacienda/hacienda-virtualRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacien.gov/sobre-hacienda/servicios-al-contribuyenteRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienbierno.pr/contactenosda/hacienda-virtualRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienbierno.pr/individuos/contribucion-sobre-ingresosRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienbierno.pr/individuoservicio-y-atencion-al-contribuyente-hacien
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienbierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacien
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienbierno.pr/sobre-hacienda/hacienda-virtualRoot
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienda.go
Source: ~DF9A5B58BA1F752202.TMP.1.dr, embed[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/NDepartamento
Source: individuos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/auditoria-fiscal
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/aviso-importante
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/blicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-1
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/comerciantes/patronos-y-agentes-retenedores
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/conoce-el-sistema-unificado-de-rentas-internas-suri
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/contactenos
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/contactenosda/hacienda-virtual
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/contactenosda/hacienda-virtualactenos
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/contactenosda/hacienda-virtualx
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/contactenosjCont
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/impuesto-sobre-ventas-y-uso-ivu
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/individuos
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/individuos/contribuRoot
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/individuos/contribucion-sobre-ingresos
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/individuoservicio-y-atencion-al-contribuyente-hacienda-responde
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/individuoshIndividuos
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/misc/drupal.js?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/misc/jquery.once.js?v=1.2
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/modules/field/theme/field.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/modules/system/system.base.css?pfh47y
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/planillas-formularios-y-anejos
Source: individuos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/planillas-formularios-y-anejos/repositorio?field_documentos_tipo_con
Source: ~DF9A5B58BA1F752202.TMP.1.dr, {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/publicaciones/borrador-de-reglamento-sobre-medidas-de-seguridad-y-ac
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/sistema-de-servicio-y-atencion-al-contribuyente-hacienda-responde
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/libraries/flexslider/flexslider.css?pfh47y
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/libraries/flexslider/jquery.flexslider-min.js?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/ckeditor/ckeditor.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/ctools/css/ctools.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/date/date_api/date.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/date/date_popup/themes/datepicker.1.7.css?pfh47y
Source: individuos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/field_collection/field_collection.theme.css?pfh47y
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/flexslider/assets/css/flexslider_img.css?pfh47y
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/flexslider/assets/js/flexslider.load.js?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/jquery_update/replace/jquery/1.7/jquery.min.js?v=1
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/panels/css/panels.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/modules/views/css/views.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/themes/bootstrap/css/overrides.css?pfh47y
Source: contactenos[1].htm.2.dr, LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/themes/bootstrap/js/bootstrap.js?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/themes/bootstrap_hacienda/css/fixes.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/themes/bootstrap_hacienda/css/main.css?pfh47y
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/all/themes/bootstrap_hacienda/js/client.js?pfh47y
Source: imagestore.dat.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/favicon.ico~
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/languages/es_J9Y8YzyEdl4HhXEmGeumOe380LdmA-nqBGM
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/logo-1_2_0.png
Source: boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-21[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/publicaciones/2018/12/bi_ri_18-21_posposicion_de
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/servicios_disponibles_a_traves_de_colecturia_vir
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/servicios_disponibles_en_colecturia_virtual_hast
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/styles/homepage_slider/public/slideshow/suri-web
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sites/default/files/styles/homepage_slider/public/slideshow/web-bann
Source: ~DF9A5B58BA1F752202.TMP.1.dr, LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtual
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtuales/default/files/favicon.ico
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualo-de-rentas-internas-num-18-21-bi-ri-
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/hacienda-virtualtHacienda
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/publicaciones
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.gobierno.pr/sobre-hacienda/servicios-al-contribuyente
Source: {3B653362-F9FC-11E8-AAD9-C25F135D3C65}.dat.1.drString found in binary or memory: http://www.hacienda.pr
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/apelaciones
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/apelacionesjApelaciones
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/apelacioneso-cumplo-con-mi-responsabilidad-contributivan
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/arbitrios
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/auditoria-fiscal
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/beneficio-por-retencion-de-empleados-patronos-afectados-tras-el-paso-de-l
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/conoce-el-sistema-unificado-de-rentas-internas-suri
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/creditos-contributivos
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/derogar-reglamentos-obsoletos-del-departamento-de-hacienda-repeal-obsolet
Source: contribucion-sobre-ingresos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/documentos/2017-planilla-de-credito-para-personas-de-65-anos-o-mas-y-cred
Source: contribucion-sobre-ingresos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/individuos/contribucion-sobre-ingresos/convocatoria-desarrolladores-de-pr
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/inversionistas-investors
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/misc/drupal.js?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/misc/jquery.once.js?v=1.2
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/modules/field/theme/field.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/modules/system/system.base.css?pfh47y
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/pagos
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/pagosacienda/servicios-al-contribuyente
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/pagosacienda/servicios-al-contribuyenteb
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/planillas-formularios-y-anejos
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/planillas-formularios-y-anejos/repositorio?field_documentos_tipo_contrib_
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/9044-reglamento-para-anadir-los-articulos-100101-1-100102-1
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/borrador-de-reglamento-conjunto-para-la-operacion-de-las-ti
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/borrador-reglamento-enmiendas-al-ivu-por-razon-de-la-ley-nu
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/recibo-contabilizacion-y-reembolso-de-los-fondos-del-seguro
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/reglamento-8851-reglamento-conjunto-sobre-alternativas-de-p
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/reglamento-del-departamento-de-hacienda-de-la-ley-num-14-20
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/publicaciones/reglamento-para-anadir-los-articulos-100101-1-100102-1-1001
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/ckeditor/ckeditor.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/ctools/css/ctools.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/date/date_api/date.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/date/date_popup/themes/datepicker.1.7.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/field_collection/field_collection.theme.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/jquery_update/replace/jquery/1.7/jquery.min.js?v=1.7.1
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/panels/css/panels.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/modules/views/css/views.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/themes/bootstrap/css/overrides.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/themes/bootstrap/js/bootstrap.js?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/themes/bootstrap_hacienda/css/fixes.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/themes/bootstrap_hacienda/css/main.css?pfh47y
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/all/themes/bootstrap_hacienda/js/client.js?pfh47y
Source: imagestore.dat.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/default/files/favicon.ico
Source: imagestore.dat.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/default/files/favicon.ico~
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/default/files/languages/es_J9Y8YzyEdl4HhXEmGeumOe380LdmA-nqBGM0YeJ1
Source: que-pasa-si-no-cumplo-con-mi-responsabilidad-contributiva[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sites/default/files/logo-1_2_0.png
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/calendario-contributivo
Source: LBUW0WWS.htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtual
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualon-al-contribuyente-hacienda-responde
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/hacienda-virtualtHacienda
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/publicaciones
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyente
Source: servicios-al-contribuyente[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyente/centros-de-servicios
Source: servicios-al-contribuyente[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyente/directorio-de-colecturias
Source: servicios-al-contribuyente[1].htm.2.drString found in binary or memory: http://www.hacienda.pr.gov/sobre-hacienda/servicios-al-contribuyente/distritos-de-cobro
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: contactenos[1].htm.2.drString found in binary or memory: http://www.loteriasdepuertorico.com/juegos/powerball/
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: jquery.once[1].js0.2.drString found in binary or memory: http://www.opensource.org/licenses/mit-license.php
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: flexslider[1].css.2.drString found in binary or memory: http://www.woothemes.com/flexslider/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: contactenos[1].htm.2.drString found in binary or memory: http://www2.pr.gov/
Source: contactenos[1].htm.2.drString found in binary or memory: http://xmlns.com/foaf/0.1/
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://apps1.hacienda.pr.gov/Cuantias/Public/Login.aspx?ReturnUrl=%2fCuantias%2f
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://apps1.hacienda.pr.gov/SITLey163/
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://apps1.hacienda.pr.gov/haceforms/Login?returnurl=%2fhaceforms
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://apps2.hacienda.pr.gov/registrofacturassuplidores/
Source: LBUW0WWS.htm.2.drString found in binary or memory: https://apps2.hacienda.pr.gov/tituloiii/
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://arra.hacienda.pr.gov/gcentidades/
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://arra.hacienda.pr.gov/suplidoresweb/
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://cbks0.googleapis.com/cbk?
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://cbks1.googleapis.com/cbk?
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://colecturiavirtual.hacienda.pr.gov/portal
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://colecturiavirtual.hacienda.pr.gov/portal/
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://colecturiavirtual.hacienda.pr.gov/portal//
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://creditos.hacienda.gobierno.pr/IDRequest/Tbl_Grupo_Controlado/AddTbl_Grupo_Controlado.aspx
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://creditos.hacienda.gobierno.pr/MonthlyExciseTaxDepositForm480.36/Security/SignIn.aspx
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://creditos.hacienda.gobierno.pr/cci/Security/SignIn.aspx
Source: util[1].js.2.dr, common[1].js.2.drString found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages#
Source: js[1].js2.2.drString found in binary or memory: https://developers.google.com/maps/documentation/javascript/error-messages?utm_source=maps_js
Source: js[1].js1.2.drString found in binary or memory: https://earthbuilder.googleapis.com
Source: css[3].css.2.drString found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: css[3].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/googlesans/v11/4UaGrENHsxJlGDuGo1OIlL3Owpg.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v12/JTURjIg1_i6t8kCHKm45_dJE3gnD-A.woff)
Source: css[1].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/montserrat/v12/JTUSjIg1_i6t8kCHKm459WlhzQ.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UN7rgOUuhv.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v15/mem5YaGs126MiZpBA-UNirkOUuhv.woff)
Source: css[1].css0.2.drString found in binary or memory: https://fonts.gstatic.com/s/opensans/v15/mem8YaGs126MiZpBA-UFVZ0d.woff)
Source: css[3].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc-.woff)
Source: css[3].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmSU5fBBc-.woff)
Source: css[3].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc-.woff)
Source: css[3].css.2.drString found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxM.woff)
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://geo0.ggpht.com/cbk
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://geo1.ggpht.com/cbk
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://geo2.ggpht.com/cbk
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://geo3.ggpht.com/cbk
Source: drupal[1].js.2.drString found in binary or memory: https://github.com/angular/angular.js/blob/v1.4.4/src/ng/urlUtils.js
Source: drupal[1].js.2.drString found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L53
Source: drupal[1].js.2.drString found in binary or memory: https://github.com/jquery/jquery-ui/blob/1.11.4/ui/tabs.js#L58
Source: drupal[1].js.2.drString found in binary or memory: https://grack.com/blog/2009/11/17/absolutizing-url-in-javascript
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms.googleapis.com/mz?v=818
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms0.google.com/kh?v=122
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms0.google.com/kh?v=818
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms0.googleapis.com/kh?v=122
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms0.googleapis.com/kh?v=818
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms1.google.com/kh?v=122
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms1.google.com/kh?v=818
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms1.googleapis.com/kh?v=122
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://khms1.googleapis.com/kh?v=818
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://lh3.ggpht.com/
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://lh4.ggpht.com/
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://lh5.ggpht.com/
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://lh6.ggpht.com/
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.google.com
Source: contactenos[1].htm.2.drString found in binary or memory: https://maps.google.com/maps?f=q&amp;source=s_q&amp;hl=en&amp;geocode=&amp;q=Departamento
Source: js[1].js1.2.drString found in binary or memory: https://maps.googleapis.com
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.googleapis.com/maps-api-v3/api/js/35/4
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.GetMetadata
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.googleapis.com/maps/api/js/GeoPhotoService.SingleImageSearch
Source: embed[1].htm.2.drString found in binary or memory: https://maps.googleapis.com/maps/api/js?client=google-maps-embed&amp;paint_origin=&amp;libraries=geo
Source: contactenos[1].htm.2.drString found in binary or memory: https://maps.googleapis.com/maps/api/js?v=3.exp&amp;sensor=false&amp;pfh47y
Source: js[1].js2.2.drString found in binary or memory: https://maps.googleapis.com/maps/vt
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/
Source: onion[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/mapcnt6.png
Source: onion[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/mapcnt6_hdpi.png
Source: controls[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/sv9.png);background-size:164px
Source: controls[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/api-3/images/sv9_hdpi.png)
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/defaultphoto
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11.png);background-size:70px
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/entity11_hdpi.png);background-size:70px
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2.png);background-size:109px
Source: init_embed[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/embed/images/exp2_hdpi.png);background-size:109px
Source: onion[1].js.2.drString found in binary or memory: https://maps.gstatic.com/mapfiles/transparent.png);height:10px;width:4px;float:left;margin-top:3px;m
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://maps.gstatic.com/maps-api-v3/api/images/
Source: embed[1].htm.2.drString found in binary or memory: https://maps.gstatic.com/maps-api-v3/embed/js/35/4/init_embed.js
Source: init_embed[1].js.2.drString found in binary or memory: https://mt0.google.com/vt/icon/name=icons/spotlight/star_S_8x.png&scale=
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://mts.googleapis.com/maps/vt/icon
Source: js[1].js1.2.drString found in binary or memory: https://mts0.googleapis.com/mapslt?hl=en
Source: js[1].js2.2.drString found in binary or memory: https://mts0.googleapis.com/mapslt?hl=en-US
Source: js[1].js1.2.drString found in binary or memory: https://mts1.googleapis.com/mapslt?hl=en
Source: js[1].js2.2.drString found in binary or memory: https://mts1.googleapis.com/mapslt?hl=en-US
Source: init_embed[1].js.2.drString found in binary or memory: https://myaccount.google.com/
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://planillatrimestralpatronal.hacienda.gobierno.pr/
Source: contactenos[1].htm.2.drString found in binary or memory: https://portal.ivuloto.pr.gov/Inicio/tabid/86/language/es-CO/Default.aspx?returnurl=%2fdefault.aspx
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://siscon.hacienda.gobierno.pr/Siscon/Portal/ARBAW951Form.aspx
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://static.panoramio.com.storage.googleapis.com/photos/
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: init_embed[1].js.2.drString found in binary or memory: https://support.google.com/maps/?p=thirdpartymaps
Source: init_embed[1].js.2.drString found in binary or memory: https://support.google.com/maps?p=kml
Source: hacienda-virtual[1].htm.2.drString found in binary or memory: https://suri.hacienda.pr.gov/_/
Source: contactenos[1].htm.2.drString found in binary or memory: https://twitter.com/DptoHacienda/
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/analytics
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/u/d
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: js[1].js2.2.dr, js[1].js1.2.dr, common[1].js.2.drString found in binary or memory: https://www.google.com
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.com/analytics/web/inpage/pub/inpage.js?
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://www.google.com/maps
Source: embed[1].htm.2.drString found in binary or memory: https://www.google.com/maps/api/js/ApplicationService.AuthSuccess
Source: ~DF9A5B58BA1F752202.TMP.1.drString found in binary or memory: https://www.google.com/maps/embed?origin=mfe&pb=
Source: js[1].js2.2.dr, js[1].js1.2.drString found in binary or memory: https://www.google.com/maps/preview/log204
Source: js[1].js2.2.drString found in binary or memory: https://www.google.com/maps/vt

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean0.win@3/168@5/2
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DF9E108BFE7290C83B.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3824 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:3824 CREDAT:17410 /prefetch:2Jump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
behaviorgraph top1 process2 2 Behavior Graph ID: 96303 URL: http://www.hacienda.gobierno.pr/publicaciones/boletin-inf... Startdate: 07/12/2018 Architecture: WINDOWS Score: 0 5 iexplore.exe 6 87 2->5         started        process3 7 iexplore.exe 1 260 5->7         started        dnsIp4 10 hacienda.pr.gov 64.185.194.11, 49789, 49790, 49791 GOBIERNOPR-AS-OfficeofManagementandBudgetPR Puerto Rico 7->10 12 dnn506yrbagrg.cloudfront.net 13.32.163.89, 49808, 49809, 80 AMAZON-02-AmazoncomIncUS United States 7->12 14 4 other IPs or domains 7->14

Simulations

Behavior and APIs

No simulations

Antivirus Detection

Initial Sample

SourceDetectionScannerLabelLink
http://www.hacienda.gobierno.pr/publicaciones/boletin-informativo-de-rentas-internas-num-18-21-bi-ri-18-210%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://www.gdb-pur.com/0%virustotalBrowse
http://www.gdb-pur.com/0%Avira URL Cloudsafe
http://www.hacien.gov/pagosacienda/servicios-al-contribuyenteRoot0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.