10c10903f69a0ea93b00ecc7ecf8efb381452ef407a961b313faf3628242952f

Analysis

max time kernel
0s
max time network
69s
platform
windows10-2004_x64
resource
win10v2004-20231222-en
resource tags

arch:x64arch:x86image:win10v2004-20231222-enlocale:en-usos:windows10-2004-x64system
submitted
30/12/2023, 09:17 UTC

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

1446d61a2650dd01b46dba873e91e4f0.html
Size

47KB
MD5

1446d61a2650dd01b46dba873e91e4f0
SHA1

8caddcde7eeb8142c007d8e759e0996626b383d2
SHA256

10c10903f69a0ea93b00ecc7ecf8efb381452ef407a961b313faf3628242952f
SHA512

fb9973a6ae78823d11e84ca797405ff6ffe817c3f0e0ceeb15ee67c4f95d9e42cb1ec2244a0d07cde0debbdc0fc8ee601f040231de86880c3d3c1e2677448c32
SSDEEP

768:D8ql4Hse0SKlpfcvfbkwtfYE9toVvUyXPyrwvXJN8FORtzPp16oWeNoQ9oGFjqWW:D/WHse0SsfcvfbkwtfYE9toVvUyXPyrp

Score

1^/10

Malware Config

Signatures

Modifies Internet Explorer settings 1 TTPs 6 IoCs

adware spyware

Modify Registry

T1112

description	ioc	Process
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\CompatibilityFlags = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Recovery\AdminActive	iexplore.exe
Set value (int)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Recovery\AdminActive\{336008EB-A8CE-11EE-A0B6-E2EC48AD62A3} = "0"	iexplore.exe
Key created	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\Software\Microsoft\Internet Explorer\Main\WindowsSearch	iexplore.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-3803511929-1339359695-2191195476-1000\SOFTWARE\Microsoft\Internet Explorer\Main\WindowsSearch\Version = "WS not running"	iexplore.exe

Suspicious use of SetWindowsHookEx 2 IoCs

pid	Process
4816	iexplore.exe
4816	iexplore.exe

Suspicious use of WriteProcessMemory 3 IoCs

description	pid	Process	procid_target
PID 4816 wrote to memory of 680	4816	iexplore.exe	18
PID 4816 wrote to memory of 680	4816	iexplore.exe	18
PID 4816 wrote to memory of 680	4816	iexplore.exe	18

C:\Program Files\Internet Explorer\iexplore.exe
"C:\Program Files\Internet Explorer\iexplore.exe" C:\Users\Admin\AppData\Local\Temp\1446d61a2650dd01b46dba873e91e4f0.html
1⤵
- Modifies Internet Explorer settings
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:4816
- C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
  "C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE" SCODEF:4816 CREDAT:17410 /prefetch:2
  2⤵
  PID:680

Network

DNS

2.136.104.51.in-addr.arpa

Remote address:

8.8.8.8:53

Request

2.136.104.51.in-addr.arpa

IN PTR

Response
DNS

canesearch.com

Remote address:

8.8.8.8:53

Request

canesearch.com

IN A

Response

canesearch.com

IN CNAME

traff-3.hugedomains.com

traff-3.hugedomains.com

IN CNAME

hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com

hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com

IN A

3.19.116.195

hdr-nlb4-0bbd2e21834cb637.elb.us-east-2.amazonaws.com

IN A

3.18.7.81
DNS

www.google.com

Remote address:

8.8.8.8:53

Request

www.google.com

IN A

Response

www.google.com

IN A

142.250.200.4
DNS

translate.google.com

Remote address:

8.8.8.8:53

Request

translate.google.com

IN A

Response

translate.google.com

IN CNAME

www3.l.google.com

www3.l.google.com

IN A

142.250.200.46
DNS

w.sharethis.com

Remote address:

8.8.8.8:53

Request

w.sharethis.com

IN A

Response

w.sharethis.com

IN CNAME

d3mdrpbbs8qfxa.cloudfront.net

d3mdrpbbs8qfxa.cloudfront.net

IN A

18.172.89.93

d3mdrpbbs8qfxa.cloudfront.net

IN A

18.172.89.54

d3mdrpbbs8qfxa.cloudfront.net

IN A

18.172.89.30

d3mdrpbbs8qfxa.cloudfront.net

IN A

18.172.89.4
GET

http://www.google.com/jsapi?key=ABQIAAAA_BpgOkczCb6ZB5K3J0klchRLSACP8v950kN6twGynSvDj-aT4BRueBKYjVcYG2lP-%20GQuP78i_ZVPvw

Remote address:

142.250.200.4:80

Request

GET /jsapi?key=ABQIAAAA_BpgOkczCb6ZB5K3J0klchRLSACP8v950kN6twGynSvDj-aT4BRueBKYjVcYG2lP-%20GQuP78i_ZVPvw HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: www.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Location: https://www.gstatic.com/charts/loader.js?key=ABQIAAAA_BpgOkczCb6ZB5K3J0klchRLSACP8v950kN6twGynSvDj-aT4BRueBKYjVcYG2lP-%20GQuP78i_ZVPvw
X-Content-Type-Options: nosniff
Server: sffe
Content-Length: 331
X-XSS-Protection: 0
Date: Mon, 01 Jan 2024 17:49:58 GMT
Expires: Mon, 01 Jan 2024 18:19:58 GMT
Cache-Control: public, max-age=1800
Content-Type: text/html; charset=UTF-8
Age: 12
GET

http://pagead2.googlesyndication.com/pagead/show_ads.js

Remote address:

216.58.204.66:80

Request

GET /pagead/show_ads.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: pagead2.googlesyndication.com
Connection: Keep-Alive

Response

HTTP/1.1 200 OK

P3P: policyref="http://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Timing-Allow-Origin: *
Cross-Origin-Resource-Policy: cross-origin
Vary: Accept-Encoding
Date: Mon, 01 Jan 2024 17:50:10 GMT
Expires: Mon, 01 Jan 2024 17:50:10 GMT
Cache-Control: private, max-age=3600
Content-Type: text/javascript; charset=UTF-8
ETag: 14433190735057056198
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Content-Encoding: gzip
Server: cafe
Content-Length: 14128
X-XSS-Protection: 0
GET

http://canesearch.com/plugins/content/itpsocialbuttons/style.css

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/addons.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/addons.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/style1.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/style1.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/media/system/js/caption.js

Remote address:

3.19.116.195:80

Request

GET /media/system/js/caption.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/images/emailButton.png

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/images/emailButton.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/components/com_jcomments/tpl/default/style.css?v=12

Remote address:

3.19.116.195:80

Request

GET /components/com_jcomments/tpl/default/style.css?v=12 HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/layout.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/layout.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/modules/mod_pgt_rssscroller/mod_pgt_rssscroller.css

Remote address:

3.19.116.195:80

Request

GET /modules/mod_pgt_rssscroller/mod_pgt_rssscroller.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/components/com_jcomments/libraries/joomlatune/ajax.js?v=3

Remote address:

3.19.116.195:80

Request

GET /components/com_jcomments/libraries/joomlatune/ajax.js?v=3 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/js/gk.script.js

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/js/gk.script.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/modules/mod_pgt_rssscroller/pgt_rssscroller.js

Remote address:

3.19.116.195:80

Request

GET /modules/mod_pgt_rssscroller/pgt_rssscroller.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/images/stories/entertainment.gif

Remote address:

3.19.116.195:80

Request

GET /images/stories/entertainment.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/kunenadiscuss/css/discuss.css

Remote address:

3.19.116.195:80

Request

GET /plugins/content/kunenadiscuss/css/discuss.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/template.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/template.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/menu/mega.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/menu/mega.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/js/domready_fix.js

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/js/domready_fix.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/images/printButton.png

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/images/printButton.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/relatedArticlesTags/relatedArticlesTags.css

Remote address:

3.19.116.195:80

Request

GET /plugins/content/relatedArticlesTags/relatedArticlesTags.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/system/css/general.css

Remote address:

3.19.116.195:80

Request

GET /templates/system/css/general.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/typo.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/typo.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/media/system/js/mootools.js

Remote address:

3.19.116.195:80

Request

GET /media/system/js/mootools.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/js/menu/mega.js

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/js/menu/mega.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/images/stories/business.gif

Remote address:

3.19.116.195:80

Request

GET /images/stories/business.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/system/rokbox/themes/clean/rokbox-style.css

Remote address:

3.19.116.195:80

Request

GET /plugins/system/rokbox/themes/clean/rokbox-style.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/gk_stuff.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/gk_stuff.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/components/com_jcomments/js/jcomments-v2.1.js?v=7

Remote address:

3.19.116.195:80

Request

GET /components/com_jcomments/js/jcomments-v2.1.js?v=7 HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/plugins/system/rokbox/rokbox.js

Remote address:

3.19.116.195:80

Request

GET /plugins/system/rokbox/rokbox.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/delicious.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/delicious.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/templates/system/css/system.css

Remote address:

3.19.116.195:80

Request

GET /templates/system/css/system.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/css/joomla.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/css/joomla.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/templates/gk_twn2/fonts/BebasNeue/stylesheet.css

Remote address:

3.19.116.195:80

Request

GET /templates/gk_twn2/fonts/BebasNeue/stylesheet.css HTTP/1.1
Accept: text/css, */*
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:09 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/plugins/content/relatedArticlesTags/relatedArticlesTags.js

Remote address:

3.19.116.195:80

Request

GET /plugins/content/relatedArticlesTags/relatedArticlesTags.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:10 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/images/rss2content/2015/08/02/violencia-en-mexico-150x110.jpg

Remote address:

3.19.116.195:80

Request

GET /images/rss2content/2015/08/02/violencia-en-mexico-150x110.jpg HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

Remote address:

142.250.200.46:80

Request

GET /translate_a/element.js?cb=googleTranslateElementInit HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: translate.google.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Content-Type: application/binary
Cache-Control: no-cache, no-store, max-age=0, must-revalidate
Pragma: no-cache
Expires: Mon, 01 Jan 1990 00:00:00 GMT
Date: Mon, 01 Jan 2024 17:50:10 GMT
Location: https://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit
Cross-Origin-Opener-Policy: same-origin-allow-popups
Server: ESF
Content-Length: 0
X-XSS-Protection: 0
X-Frame-Options: SAMEORIGIN
X-Content-Type-Options: nosniff
GET

http://w.sharethis.com/button/buttons.js

Remote address:

18.172.89.93:80

Request

GET /button/buttons.js HTTP/1.1
Accept: application/javascript, */*;q=0.8
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: w.sharethis.com
Connection: Keep-Alive

Response

HTTP/1.1 301 Moved Permanently

Server: CloudFront
Date: Mon, 01 Jan 2024 17:50:11 GMT
Content-Type: text/html
Content-Length: 167
Connection: keep-alive
Location: https://w.sharethis.com/button/buttons.js
X-Cache: Redirect from cloudfront
Via: 1.1 587008ba996b678a886e443d280cf96a.cloudfront.net (CloudFront)
X-Amz-Cf-Pop: MAN51-P1
X-Amz-Cf-Id: ltS4UMZN9l52eTPSIRyCfv5u2vGbVcWjg_RrKdTSzSsIv2us4Z0NZA==
DNS

www.hugedomains.com

Remote address:

8.8.8.8:53

Request

www.hugedomains.com

IN A

Response

www.hugedomains.com

IN A

172.67.70.191

www.hugedomains.com

IN A

104.26.6.37

www.hugedomains.com

IN A

104.26.7.37
DNS

g.bing.com

Remote address:

8.8.8.8:53

Request

g.bing.com

IN A

Response

g.bing.com

IN CNAME

g-bing-com.a-0001.a-msedge.net

g-bing-com.a-0001.a-msedge.net

IN CNAME

dual-a-0001.a-msedge.net

dual-a-0001.a-msedge.net

IN A

204.79.197.200

dual-a-0001.a-msedge.net

IN A

13.107.21.200
DNS

209.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

209.178.17.96.in-addr.arpa

IN PTR

Response

209.178.17.96.in-addr.arpa

IN PTR

a96-17-178-209deploystaticakamaitechnologiescom
DNS

4.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

4.200.250.142.in-addr.arpa

IN PTR

Response

4.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f41e100net
DNS

46.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

46.200.250.142.in-addr.arpa

IN PTR

Response

46.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f141e100net
DNS

66.204.58.216.in-addr.arpa

Remote address:

8.8.8.8:53

Request

66.204.58.216.in-addr.arpa

IN PTR

Response

66.204.58.216.in-addr.arpa

IN PTR

lhr48s49-in-f21e100net

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f66�G

66.204.58.216.in-addr.arpa

IN PTR

lhr25s13-in-f2�G
DNS

3.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

3.180.250.142.in-addr.arpa

IN PTR

Response

3.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f31e100net
DNS

195.116.19.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

195.116.19.3.in-addr.arpa

IN PTR

Response

195.116.19.3.in-addr.arpa

IN PTR

ec2-3-19-116-195 us-east-2compute amazonawscom
DNS

85.177.190.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

85.177.190.20.in-addr.arpa

IN PTR

Response
DNS

191.70.67.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

191.70.67.172.in-addr.arpa

IN PTR

Response
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/digg.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/digg.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/facebook.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/facebook.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/google.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/google.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/stumbleupon.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/stumbleupon.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
DNS

35.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

35.200.250.142.in-addr.arpa

IN PTR

Response

35.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f31e100net
DNS

93.89.172.18.in-addr.arpa

Remote address:

8.8.8.8:53

Request

93.89.172.18.in-addr.arpa

IN PTR

Response

93.89.172.18.in-addr.arpa

IN PTR

server-18-172-89-93man51r cloudfrontnet
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/technorati.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/technorati.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/twitter.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/twitter.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/linkedin.png

Remote address:

3.19.116.195:80

Request

GET /plugins/content/itpsocialbuttons/images/small/linkedin.png HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/index.php?option=com_jcomments&task=captcha&tmpl=component&ac=19954

Remote address:

3.19.116.195:80

Request

GET /index.php?option=com_jcomments&task=captcha&tmpl=component&ac=19954 HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.1 302 Found

content-length: 0
date: Mon, 01 Jan 2024 17:50:11 GMT
location: https://www.hugedomains.com/domain_profile.cfm?d=canesearch.com
GET

http://canesearch.com/images/stories/breaking.gif

Remote address:

3.19.116.195:80

Request

GET /images/stories/breaking.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
GET

http://canesearch.com/images/stories/sports.gif

Remote address:

3.19.116.195:80

Request

GET /images/stories/sports.gif HTTP/1.1
Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5
Accept-Language: en-US
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like Gecko
Accept-Encoding: gzip, deflate
Host: canesearch.com
Connection: Keep-Alive

Response

HTTP/1.0 404 Not Found

cache-control: no-cache
content-type: text/html
x-reason: MediaRequest
DNS

translate.googleapis.com

Remote address:

8.8.8.8:53

Request

translate.googleapis.com

IN A

Response

translate.googleapis.com

IN A

172.217.16.234
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR

Response
DNS

95.221.229.192.in-addr.arpa

Remote address:

8.8.8.8:53

Request

95.221.229.192.in-addr.arpa

IN PTR
DNS

31.19.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.19.162.3.in-addr.arpa

IN PTR

Response

31.19.162.3.in-addr.arpa

IN PTR

server-3-162-19-31man51r cloudfrontnet
DNS

31.19.162.3.in-addr.arpa

Remote address:

8.8.8.8:53

Request

31.19.162.3.in-addr.arpa

IN PTR
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR

Response

14.200.250.142.in-addr.arpa

IN PTR

lhr48s29-in-f141e100net
DNS

14.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

14.200.250.142.in-addr.arpa

IN PTR
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR

Response

234.16.217.172.in-addr.arpa

IN PTR

lhr48s28-in-f101e100net

234.16.217.172.in-addr.arpa

IN PTR

mad08s04-in-f10�I
DNS

234.16.217.172.in-addr.arpa

Remote address:

8.8.8.8:53

Request

234.16.217.172.in-addr.arpa

IN PTR
DNS

googleads.g.doubleclick.net

Remote address:

8.8.8.8:53

Request

googleads.g.doubleclick.net

IN A

Response

googleads.g.doubleclick.net

IN A

142.250.200.34
DNS

158.240.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

158.240.127.40.in-addr.arpa

IN PTR

Response
DNS

34.200.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

34.200.250.142.in-addr.arpa

IN PTR

Response

34.200.250.142.in-addr.arpa

IN PTR

lhr48s30-in-f21e100net
DNS

44.143.84.52.in-addr.arpa

Remote address:

8.8.8.8:53

Request

44.143.84.52.in-addr.arpa

IN PTR

Response

44.143.84.52.in-addr.arpa

IN PTR

server-52-84-143-44man50r cloudfrontnet
DNS

9.228.82.20.in-addr.arpa

Remote address:

8.8.8.8:53

Request

9.228.82.20.in-addr.arpa

IN PTR

Response
DNS

tpc.googlesyndication.com

Remote address:

8.8.8.8:53

Request

tpc.googlesyndication.com

IN A

Response

tpc.googlesyndication.com

IN A

142.250.180.1
DNS

1.180.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

1.180.250.142.in-addr.arpa

IN PTR

Response

1.180.250.142.in-addr.arpa

IN PTR

lhr25s32-in-f11e100net
DNS

227.187.250.142.in-addr.arpa

Remote address:

8.8.8.8:53

Request

227.187.250.142.in-addr.arpa

IN PTR

Response

227.187.250.142.in-addr.arpa

IN PTR

lhr25s34-in-f31e100net
DNS

103.169.127.40.in-addr.arpa

Remote address:

8.8.8.8:53

Request

103.169.127.40.in-addr.arpa

IN PTR

Response
DNS

210.178.17.96.in-addr.arpa

Remote address:

8.8.8.8:53

Request

210.178.17.96.in-addr.arpa

IN PTR

Response

210.178.17.96.in-addr.arpa

IN PTR

a96-17-178-210deploystaticakamaitechnologiescom

142.250.200.4:80

www.google.com

98 B
52 B
2
1
142.250.200.4:80

http://www.google.com/jsapi?key=ABQIAAAA_BpgOkczCb6ZB5K3J0klchRLSACP8v950kN6twGynSvDj-aT4BRueBKYjVcYG2lP-%20GQuP78i_ZVPvw

http

529 B
895 B
4
3

HTTP Request

GET http://www.google.com/jsapi?key=ABQIAAAA_BpgOkczCb6ZB5K3J0klchRLSACP8v950kN6twGynSvDj-aT4BRueBKYjVcYG2lP-%20GQuP78i_ZVPvw

HTTP Response

301
216.58.204.66:80

http://pagead2.googlesyndication.com/pagead/show_ads.js

http

1.0kB
16.6kB
15
14

HTTP Request

GET http://pagead2.googlesyndication.com/pagead/show_ads.js

HTTP Response

200
216.58.204.66:80

pagead2.googlesyndication.com

98 B
52 B
2
1
3.19.116.195:80

http://canesearch.com/templates/gk_twn2/images/emailButton.png

http

3.2kB
1.7kB
21
11

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/style.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/addons.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/style1.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/media/system/js/caption.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/images/emailButton.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/images/stories/entertainment.gif

http

3.2kB
1.7kB
20
11

HTTP Request

GET http://canesearch.com/components/com_jcomments/tpl/default/style.css?v=12

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/layout.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/modules/mod_pgt_rssscroller/mod_pgt_rssscroller.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/components/com_jcomments/libraries/joomlatune/ajax.js?v=3

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/js/gk.script.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/modules/mod_pgt_rssscroller/pgt_rssscroller.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/images/stories/entertainment.gif

HTTP Response

404
3.19.116.195:80

http://canesearch.com/templates/gk_twn2/images/printButton.png

http

3.2kB
1.7kB
21
11

HTTP Request

GET http://canesearch.com/plugins/content/kunenadiscuss/css/discuss.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/template.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/menu/mega.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/js/domready_fix.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/images/printButton.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/images/stories/business.gif

http

2.7kB
1.3kB
17
9

HTTP Request

GET http://canesearch.com/plugins/content/relatedArticlesTags/relatedArticlesTags.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/system/css/general.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/typo.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/media/system/js/mootools.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/js/menu/mega.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/images/stories/business.gif

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/delicious.png

http

2.8kB
1.5kB
18
10

HTTP Request

GET http://canesearch.com/plugins/system/rokbox/themes/clean/rokbox-style.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/gk_stuff.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/components/com_jcomments/js/jcomments-v2.1.js?v=7

HTTP Response

302

HTTP Request

GET http://canesearch.com/plugins/system/rokbox/rokbox.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/delicious.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/images/rss2content/2015/08/02/violencia-en-mexico-150x110.jpg

http

3.2kB
1.7kB
19
11

HTTP Request

GET http://canesearch.com/templates/system/css/system.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/css/joomla.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/templates/gk_twn2/fonts/BebasNeue/stylesheet.css

HTTP Response

302

HTTP Request

GET http://canesearch.com/plugins/content/relatedArticlesTags/relatedArticlesTags.js

HTTP Response

302

HTTP Request

GET http://canesearch.com/images/rss2content/2015/08/02/violencia-en-mexico-150x110.jpg

HTTP Response

404
142.250.200.46:80

http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

http

488 B
620 B
4
3

HTTP Request

GET http://translate.google.com/translate_a/element.js?cb=googleTranslateElementInit

HTTP Response

301
142.250.200.46:80

translate.google.com

98 B
52 B
2
1
18.172.89.93:80

w.sharethis.com

150 B
52 B
3
1
18.172.89.93:80

http://w.sharethis.com/button/buttons.js

http

500 B
714 B
5
3

HTTP Request

GET http://w.sharethis.com/button/buttons.js

HTTP Response

301
142.250.200.46:443

translate.google.com

tls

3.2kB
41.7kB
44
37
172.67.70.191:443

www.hugedomains.com

tls

922 B
3.5kB
11
8
172.67.70.191:443

www.hugedomains.com

tls

910 B
3.5kB
11
8
172.67.70.191:443

www.hugedomains.com

tls

9.9kB
85.4kB
156
128
172.67.70.191:443

www.hugedomains.com

tls

968 B
3.6kB
12
9
172.67.70.191:443

www.hugedomains.com

tls

910 B
3.5kB
11
8
172.67.70.191:443

www.hugedomains.com

tls

922 B
3.5kB
11
8
204.79.197.200:443

g.bing.com

tls

2.7kB
9.5kB
25
20
18.172.89.93:443

w.sharethis.com

tls

2.3kB
36.5kB
37
35
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/digg.png

http

604 B
349 B
6
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/digg.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/facebook.png

http

608 B
349 B
6
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/facebook.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/google.png

http

698 B
349 B
8
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/google.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/stumbleupon.png

http

611 B
349 B
6
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/stumbleupon.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/technorati.png

http

610 B
349 B
6
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/technorati.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/twitter.png

http

607 B
349 B
6
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/twitter.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/plugins/content/itpsocialbuttons/images/small/linkedin.png

http

980 B
349 B
7
4

HTTP Request

GET http://canesearch.com/plugins/content/itpsocialbuttons/images/small/linkedin.png

HTTP Response

404
3.19.116.195:80

http://canesearch.com/index.php?option=com_jcomments&task=captcha&tmpl=component&ac=19954

http

525 B
245 B
4
2

HTTP Request

GET http://canesearch.com/index.php?option=com_jcomments&task=captcha&tmpl=component&ac=19954

HTTP Response

302
3.19.116.195:80

http://canesearch.com/images/stories/breaking.gif

http

577 B
349 B
6
4

HTTP Request

GET http://canesearch.com/images/stories/breaking.gif

HTTP Response

404
3.19.116.195:80

http://canesearch.com/images/stories/sports.gif

http

575 B
349 B
6
4

HTTP Request

GET http://canesearch.com/images/stories/sports.gif

HTTP Response

404
172.217.16.234:443

translate.googleapis.com

tls

5.3kB
101.8kB
85
80
172.217.16.234:443

translate.googleapis.com

tls

1.0kB
5.4kB
13
10
142.250.200.34:443

googleads.g.doubleclick.net

tls

1.0kB
5.3kB
13
10
142.250.200.34:443

googleads.g.doubleclick.net

tls

9.7kB
14.7kB
48
41
142.250.180.1:443

tpc.googlesyndication.com

tls

2.5kB
18.7kB
34
30
142.250.180.1:443

tpc.googlesyndication.com

tls

1.0kB
5.0kB
13
10
142.250.200.4:443

www.google.com

tls

1.7kB
6.9kB
21
16
96.17.178.173:80

248 B
4.0kB
5
5

8.8.8.8:53

2.136.104.51.in-addr.arpa

dns

71 B
157 B
1
1

DNS Request

2.136.104.51.in-addr.arpa
8.8.8.8:53

canesearch.com

dns

60 B
190 B
1
1

DNS Request

canesearch.com

DNS Response

3.19.116.195

3.18.7.81
8.8.8.8:53

www.google.com

dns

60 B
76 B
1
1

DNS Request

www.google.com

DNS Response

142.250.200.4
8.8.8.8:53

translate.google.com

dns

66 B
103 B
1
1

DNS Request

translate.google.com

DNS Response

142.250.200.46
8.8.8.8:53

w.sharethis.com

dns

61 B
168 B
1
1

DNS Request

w.sharethis.com

DNS Response

18.172.89.93

18.172.89.54

18.172.89.30

18.172.89.4
8.8.8.8:53

www.hugedomains.com

dns

65 B
113 B
1
1

DNS Request

www.hugedomains.com

DNS Response

172.67.70.191

104.26.6.37

104.26.7.37
8.8.8.8:53

g.bing.com

dns

56 B
158 B
1
1

DNS Request

g.bing.com

DNS Response

204.79.197.200

13.107.21.200
8.8.8.8:53

209.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

209.178.17.96.in-addr.arpa
8.8.8.8:53

4.200.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

4.200.250.142.in-addr.arpa
8.8.8.8:53

46.200.250.142.in-addr.arpa

dns

73 B
112 B
1
1

DNS Request

46.200.250.142.in-addr.arpa
8.8.8.8:53

66.204.58.216.in-addr.arpa

dns

72 B
169 B
1
1

DNS Request

66.204.58.216.in-addr.arpa
8.8.8.8:53

3.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

3.180.250.142.in-addr.arpa
8.8.8.8:53

195.116.19.3.in-addr.arpa

dns

71 B
133 B
1
1

DNS Request

195.116.19.3.in-addr.arpa
8.8.8.8:53

85.177.190.20.in-addr.arpa

dns

72 B
158 B
1
1

DNS Request

85.177.190.20.in-addr.arpa
8.8.8.8:53

191.70.67.172.in-addr.arpa

dns

72 B
134 B
1
1

DNS Request

191.70.67.172.in-addr.arpa
8.8.8.8:53

35.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

35.200.250.142.in-addr.arpa
8.8.8.8:53

93.89.172.18.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

93.89.172.18.in-addr.arpa
8.8.8.8:53

translate.googleapis.com

dns

70 B
86 B
1
1

DNS Request

translate.googleapis.com

DNS Response

172.217.16.234
8.8.8.8:53

95.221.229.192.in-addr.arpa

dns

146 B
144 B
2
1

DNS Request

95.221.229.192.in-addr.arpa

DNS Request

95.221.229.192.in-addr.arpa
8.8.8.8:53

31.19.162.3.in-addr.arpa

dns

140 B
125 B
2
1

DNS Request

31.19.162.3.in-addr.arpa

DNS Request

31.19.162.3.in-addr.arpa
8.8.8.8:53

14.200.250.142.in-addr.arpa

dns

146 B
112 B
2
1

DNS Request

14.200.250.142.in-addr.arpa

DNS Request

14.200.250.142.in-addr.arpa
8.8.8.8:53

234.16.217.172.in-addr.arpa

dns

146 B
142 B
2
1

DNS Request

234.16.217.172.in-addr.arpa

DNS Request

234.16.217.172.in-addr.arpa
8.8.8.8:53

googleads.g.doubleclick.net

dns

73 B
89 B
1
1

DNS Request

googleads.g.doubleclick.net

DNS Response

142.250.200.34
8.8.8.8:53

158.240.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

158.240.127.40.in-addr.arpa
8.8.8.8:53

34.200.250.142.in-addr.arpa

dns

73 B
111 B
1
1

DNS Request

34.200.250.142.in-addr.arpa
8.8.8.8:53

44.143.84.52.in-addr.arpa

dns

71 B
127 B
1
1

DNS Request

44.143.84.52.in-addr.arpa
8.8.8.8:53

9.228.82.20.in-addr.arpa

dns

70 B
156 B
1
1

DNS Request

9.228.82.20.in-addr.arpa
8.8.8.8:53

tpc.googlesyndication.com

dns

71 B
87 B
1
1

DNS Request

tpc.googlesyndication.com

DNS Response

142.250.180.1
8.8.8.8:53

1.180.250.142.in-addr.arpa

dns

72 B
110 B
1
1

DNS Request

1.180.250.142.in-addr.arpa
8.8.8.8:53

227.187.250.142.in-addr.arpa

dns

74 B
112 B
1
1

DNS Request

227.187.250.142.in-addr.arpa
8.8.8.8:53

103.169.127.40.in-addr.arpa

dns

73 B
147 B
1
1

DNS Request

103.169.127.40.in-addr.arpa
8.8.8.8:53

210.178.17.96.in-addr.arpa

dns

72 B
137 B
1
1

DNS Request

210.178.17.96.in-addr.arpa

MITRE ATT&CK Enterprise v15

Reconnaissance

Resource Development

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Modify Registry

T1112

Credential Access

Discovery

Lateral Movement

Collection

Command and Control

Exfiltration

Impact

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request

HTTP Response

HTTP Request