infojet

for AVPros
(srchddg)

5 minute NWS/AWS/NOAA Airport Aviation Weather


(AVWthr1)


(AVWthr2)   (AVWthr3)  (AVWthr-METAR trend)



(Aviation -- METAR/TAF only)




FastAWS Links (Metars, Airmets, Sigmets, ProgCharts)

UTC/Zulu time





DuckDuck Go



NEWS,Recalls,IT-ALERTS


SECMKTS


RESOURCES



LINCDEC











DuckDuck Go











SpeedTest-Megapath



SpeedTest-Fast.com(netflix)



Google Internet Speed Test



Comcast Business Internet Speed Test



AT&T Internet Speed Test



Comcast Xfinity Internet Speed Test





AT&T Speed Tiers by service category (download/upload speeds)



Comcast/Xfinity Internet Speed Tiers by service category (download/upload speeds)







Start Options for USB/microSDHC computers



privacy policy
terms of use




Scan URL (urlscan.io)












(ttls)
37883













Commercial(webbot) TOP site visits by (.com,.net,.org) Domain Name(since JAN-1-2020)






as of 2021-09-26




sogou.com ,10761
googlebot.com ,2162
amazonaws.com ,1881
msn.com ,1021
googleusercontent.com ,715
omnis.com ,605
tmodns.net ,238
cloudsystemnetworks.com ,173
apple.com ,130
myvzw.com ,115
internet-census.org ,108
pagething.com ,106
colocrossing.com ,86
mycingular.net ,82
hwclouds-dns.com ,65
vultr.com ,65
h12-media.com ,52
netsystemsresearch.com ,52
google.com ,43
duckduckgo.com ,38
qwant.com ,38
webnx.com ,36
contaboserver.net ,33
okitup.net ,31
aspiegel.com ,27
kyivstar.net ,26
ispsystem.net ,24
007ac9.net ,20
dataprovider.com ,20
lipperhey.com ,19
cdn77.com ,18
onr.com ,17
linode.com ,15
dreamhost.com ,14
sbcglobal.net ,14
completel.net ,14
rr.com ,14
secureserver.net ,13
datapacket.com ,13
secqin.com ,13
ip-192-99-18.net ,13
prcdn.net ,11
quadranet.com ,11
sprious.com ,10
gthost.com ,10
dataproviderbot.com ,10
verizon.net ,9
jscriptsdev.com ,9
ip-167-114-175.net ,9
scaleway.com ,8
chinaunicom.com ,8
ColocationAmerica.com ,8
dnspure.com ,8
baidu.com ,8
directwebhost.org ,8
spectrum.com ,8
fbsv.net ,7
comdevelopment.com ,7
onyphe.net ,7
bluehost.com ,6
rima-tde.net ,6
web-hosting.com ,6
hostry.com ,6
totalplay.net ,6
rootlayer.net ,6
keznews.com ,6
cox.net ,5
nextconnex.net ,5
ovh.net ,5
pldt.net ,5
cosmoyard.com ,5
shawcable.net ,5
fcpi.net ,5
jumpingroo.com ,4
scalabledns.com ,4
servebyte.com ,4
btcentralplus.com ,4
hostwindsdns.com ,4
wiredns.net ,4
cargojet.com ,4
ip-144-217-190.net ,4
ip-51-79-111.net ,4
cipherwave.net ,4
hidehost.net ,4
rch003.net ,4
woorank.com ,4
bangnumb.com ,4
inwitelecom.net ,3
ip-158-69-252.net ,3
plus.net ,3
puregig.net ,3
ip-167-114-124.net ,3
cantv.net ,3
sonic.net ,3
i3d.net ,3
triolan.net ,3
zare.com ,3
domaincrawler.com ,3
clientshostname.com ,3
ip-167-114-172.net ,3
turk.net ,3
contabo.net ,3
myaisfibre.com ,3
ip-167-114-159.net ,3
it-tv.org ,3
ip-167-114-100.net ,3
ip-54-39-17.net ,3
adiaboreha.com ,3
bitdefender.net ,2
coldhak.com ,2
mycdz.com ,2
skyeris.net ,2
ptklp.com ,2
websitewelcome.com ,2
example.com ,2
2com.net ,2
rederatural.com ,2
telia.com ,2
virginm.net ,2
ip-142-44-251.net ,2
startdedicated.com ,2
cavtel.net ,2
hinet.net ,2
hostdime.com ,2
totinternet.net ,2
ip-51-222-50.net ,2
hecombawatedly.com ,2
ip-142-44-138.net ,2
accesskenya.net ,2
ip-51-161-57.net ,2
Borealisbroadband.net ,2
uelockies.com ,2
ip-198-245-49.net ,2
prismwebnets.com ,2
ip-167-114-150.net ,2
ip-51-79-116.net ,2
ip-167-114-90.net ,2
lagranfrancia.com ,2
vuhuv.com ,2
glesys.net ,2
serverastra.com ,2
proxad.net ,2
fasternetwork.com ,2
ip-51-222-43.net ,2
group-ib.com ,2
ip-51-222-151.net ,2
qwest.net ,2
windstream.net ,2
kpn.net ,2
ip-51-222-133.net ,2
ip-54-39-227.net ,2
netwpool.com ,2
yournetmarket.com ,2
scrtc.com ,2
citenet.net ,2
noc401.com ,2
idianrunner.com ,2
amazeintaernet.com ,2
advantageww.net ,2
flashstart.com ,2
censys-scanner.com ,2
trinicom.com ,2
hargray.net ,1
ipvnow.com ,1
nephosdns.com ,1
rcncustomer.com ,1
serverhotell.net ,1
telkomsa.net ,1
superonline.net ,1
as13285.net ,1
avast.com ,1
ip-192-99-225.net ,1
cloudradium.com ,1
linuxpl.com ,1
rogers.com ,1
metronethn.com ,1
64m.org ,1
telecom-solution.com ,1
ip-192-95-29.net ,1
ip-66-70-203.net ,1
cloudedic.net ,1
xo.net ,1
luisgermano.com ,1
ip-142-4-195.net ,1
silverstar.com ,1
InterCable.net ,1
abilitybusinesscomputing.com ,1
sciencescores.com ,1
airtelkenya.com ,1
foundationapi.com ,1
protedtmailsrv22.com ,1
edns1.com ,1
i-tera.com ,1
tangobacchus.com ,1
m247.com ,1
othush.com ,1
eu.org ,1
fex.net ,1
appliedprivacy.net ,1
dnsserverboot.com ,1
volia.net ,1
lockingall.com ,1
promocloud.net ,1
2i3.net ,1
dsci-net.com ,1
online.net ,1
opera-mini.net ,1
ip-51-161-120.net ,1
h0sted.net ,1
torservers.net ,1
as42926.net ,1
dslextreme.com ,1
datection.net ,1
ricetell.com ,1
bhn.net ,1
tedata.net ,1
free-face-sitting.com ,1
sitting.com ,1
royal-watches.com ,1
246.net ,1
azimut-r.net ,1
svea.net ,1
mivocloud.com ,1
keff.org ,1
webhop.net ,1
no-reverse-dns-configured.com ,1
quintex.com ,1
serveroffer.net ,1
cloudlinkd.com ,1
idknet.com ,1
gtt.net ,1
aglyptrutivin.com ,1
hosted-by-worldstream.net ,1
sukienhanoi.com ,1
townisp.com ,1
inew-cs.com ,1
q-challenges.com ,1
chaycrop.com ,1
ptd.net ,1
routergate.com ,1
wideopenwest.com ,1
primehome.com ,1
netvigator.com ,1
ztomy.com ,1
kievline.net ,1
ctinets.com ,1
objectified.com ,1
tzulo.com ,1
psychz.net ,1
optonline.net ,1
afnet.net ,1
mysipl.com ,1
sure.com ,1
appearancemachine.net ,1
wateen.net ,1
servermania.com ,1
westcall.net ,1
webhostbox.net ,1
16clouds.com ,1
nicecrawler.com ,1
pbiaas.com ,1
ip-142-4-215.net ,1
paradisenetworks.net ,1
t-2.net ,1
convergeict.com ,1
hostsila.org ,1
sl-reverse.com ,1
comcast.net ,1
imoncommunications.net ,1
letztermensch.com ,1
hostgator.com ,1
controladordns.com ,1
vnserver.com ,1
activatemed.net ,1
udm.net ,1
o2switch.net ,1
alpinaasia.com ,1
ladyashleydesigns.com ,1
bringover.net ,1
convergentindia.com ,1
easyinfinite.com ,1
ip-167-114-24.net ,1
kaspersky-labs.com ,1
accountservergroup.com ,1
visionefectiva.com ,1
ipnxtelecoms.com ,1
atwar-game.com ,1
inmotionhosting.com ,1



(lines in domain name file)
19517





sogou.com ,10761 (55.1% of visits)
googlebot.com ,2162 (11.1% of visits)
amazonaws.com ,1881 (9.6% of visits)
msn.com ,1021 (5.2% of visits)
googleusercontent.com ,715 (3.7% of visits)
omnis.com ,605 (3.1% of visits)
tmodns.net ,238 (1.2% of visits)
cloudsystemnetworks.com ,173 (0.9% of visits)
apple.com ,130 (0.7% of visits)
myvzw.com ,115 (0.6% of visits)
internet-census.org ,108 (0.6% of visits)
pagething.com ,106 (0.5% of visits)
colocrossing.com ,86 (0.4% of visits)
mycingular.net ,82 (0.4% of visits)
hwclouds-dns.com ,65 (0.3% of visits)
vultr.com ,65 (0.3% of visits)
h12-media.com ,52 (0.3% of visits)
netsystemsresearch.com ,52 (0.3% of visits)
google.com ,43 (0.2% of visits)
duckduckgo.com ,38 (0.2% of visits)
qwant.com ,38 (0.2% of visits)
webnx.com ,36 (0.2% of visits)
contaboserver.net ,33 (0.2% of visits)
okitup.net ,31 (0.2% of visits)
aspiegel.com ,27 (0.1% of visits)
kyivstar.net ,26 (0.1% of visits)
ispsystem.net ,24 (0.1% of visits)
007ac9.net ,20 (0.1% of visits)
dataprovider.com ,20 (0.1% of visits)
lipperhey.com ,19 (0.1% of visits)
cdn77.com ,18 (0.1% of visits)
onr.com ,17 (0.1% of visits)
linode.com ,15 (0.1% of visits)
dreamhost.com ,14 (0.1% of visits)
sbcglobal.net ,14 (0.1% of visits)
completel.net ,14 (0.1% of visits)
rr.com ,14 (0.1% of visits)
secureserver.net ,13 (0.1% of visits)
datapacket.com ,13 (0.1% of visits)
secqin.com ,13 (0.1% of visits)
ip-192-99-18.net ,13 (0.1% of visits)
prcdn.net ,11 (0.1% of visits)
quadranet.com ,11 (0.1% of visits)
sprious.com ,10 (0.1% of visits)
gthost.com ,10 (0.1% of visits)
dataproviderbot.com ,10 (0.1% of visits)
verizon.net ,9 (0% of visits)
jscriptsdev.com ,9 (0% of visits)
ip-167-114-175.net ,9 (0% of visits)
scaleway.com ,8 (0% of visits)
chinaunicom.com ,8 (0% of visits)
ColocationAmerica.com ,8 (0% of visits)
dnspure.com ,8 (0% of visits)
baidu.com ,8 (0% of visits)
directwebhost.org ,8 (0% of visits)
spectrum.com ,8 (0% of visits)
fbsv.net ,7 (0% of visits)
comdevelopment.com ,7 (0% of visits)
onyphe.net ,7 (0% of visits)
bluehost.com ,6 (0% of visits)
rima-tde.net ,6 (0% of visits)
web-hosting.com ,6 (0% of visits)
hostry.com ,6 (0% of visits)
totalplay.net ,6 (0% of visits)
rootlayer.net ,6 (0% of visits)
keznews.com ,6 (0% of visits)
cox.net ,5 (0% of visits)
nextconnex.net ,5 (0% of visits)
ovh.net ,5 (0% of visits)
pldt.net ,5 (0% of visits)
cosmoyard.com ,5 (0% of visits)
shawcable.net ,5 (0% of visits)
fcpi.net ,5 (0% of visits)
jumpingroo.com ,4 (0% of visits)
scalabledns.com ,4 (0% of visits)
servebyte.com ,4 (0% of visits)
btcentralplus.com ,4 (0% of visits)
hostwindsdns.com ,4 (0% of visits)
wiredns.net ,4 (0% of visits)
cargojet.com ,4 (0% of visits)
ip-144-217-190.net ,4 (0% of visits)
ip-51-79-111.net ,4 (0% of visits)
cipherwave.net ,4 (0% of visits)
hidehost.net ,4 (0% of visits)
rch003.net ,4 (0% of visits)
woorank.com ,4 (0% of visits)
bangnumb.com ,4 (0% of visits)
inwitelecom.net ,3 (0% of visits)
ip-158-69-252.net ,3 (0% of visits)
plus.net ,3 (0% of visits)
puregig.net ,3 (0% of visits)
ip-167-114-124.net ,3 (0% of visits)
cantv.net ,3 (0% of visits)
sonic.net ,3 (0% of visits)
i3d.net ,3 (0% of visits)
triolan.net ,3 (0% of visits)
zare.com ,3 (0% of visits)
domaincrawler.com ,3 (0% of visits)
clientshostname.com ,3 (0% of visits)
ip-167-114-172.net ,3 (0% of visits)
turk.net ,3 (0% of visits)
contabo.net ,3 (0% of visits)
myaisfibre.com ,3 (0% of visits)
ip-167-114-159.net ,3 (0% of visits)
it-tv.org ,3 (0% of visits)
ip-167-114-100.net ,3 (0% of visits)
ip-54-39-17.net ,3 (0% of visits)
adiaboreha.com ,3 (0% of visits)
bitdefender.net ,2 (0% of visits)
coldhak.com ,2 (0% of visits)
mycdz.com ,2 (0% of visits)
skyeris.net ,2 (0% of visits)
ptklp.com ,2 (0% of visits)
websitewelcome.com ,2 (0% of visits)
example.com ,2 (0% of visits)
2com.net ,2 (0% of visits)
rederatural.com ,2 (0% of visits)
telia.com ,2 (0% of visits)
virginm.net ,2 (0% of visits)
ip-142-44-251.net ,2 (0% of visits)
startdedicated.com ,2 (0% of visits)
cavtel.net ,2 (0% of visits)
hinet.net ,2 (0% of visits)
hostdime.com ,2 (0% of visits)
totinternet.net ,2 (0% of visits)
ip-51-222-50.net ,2 (0% of visits)
hecombawatedly.com ,2 (0% of visits)
ip-142-44-138.net ,2 (0% of visits)
accesskenya.net ,2 (0% of visits)
ip-51-161-57.net ,2 (0% of visits)
Borealisbroadband.net ,2 (0% of visits)
uelockies.com ,2 (0% of visits)
ip-198-245-49.net ,2 (0% of visits)
prismwebnets.com ,2 (0% of visits)
ip-167-114-150.net ,2 (0% of visits)
ip-51-79-116.net ,2 (0% of visits)
ip-167-114-90.net ,2 (0% of visits)
lagranfrancia.com ,2 (0% of visits)
vuhuv.com ,2 (0% of visits)
glesys.net ,2 (0% of visits)
serverastra.com ,2 (0% of visits)
proxad.net ,2 (0% of visits)
fasternetwork.com ,2 (0% of visits)
ip-51-222-43.net ,2 (0% of visits)
group-ib.com ,2 (0% of visits)
ip-51-222-151.net ,2 (0% of visits)
qwest.net ,2 (0% of visits)
windstream.net ,2 (0% of visits)
kpn.net ,2 (0% of visits)
ip-51-222-133.net ,2 (0% of visits)
ip-54-39-227.net ,2 (0% of visits)
netwpool.com ,2 (0% of visits)
yournetmarket.com ,2 (0% of visits)
scrtc.com ,2 (0% of visits)
citenet.net ,2 (0% of visits)
noc401.com ,2 (0% of visits)
idianrunner.com ,2 (0% of visits)
amazeintaernet.com ,2 (0% of visits)
advantageww.net ,2 (0% of visits)
flashstart.com ,2 (0% of visits)
censys-scanner.com ,2 (0% of visits)
trinicom.com ,2 (0% of visits)
hargray.net ,1 (0% of visits)
ipvnow.com ,1 (0% of visits)
nephosdns.com ,1 (0% of visits)
rcncustomer.com ,1 (0% of visits)
serverhotell.net ,1 (0% of visits)
telkomsa.net ,1 (0% of visits)
superonline.net ,1 (0% of visits)
as13285.net ,1 (0% of visits)
avast.com ,1 (0% of visits)
ip-192-99-225.net ,1 (0% of visits)
cloudradium.com ,1 (0% of visits)
linuxpl.com ,1 (0% of visits)
rogers.com ,1 (0% of visits)
metronethn.com ,1 (0% of visits)
64m.org ,1 (0% of visits)
telecom-solution.com ,1 (0% of visits)
ip-192-95-29.net ,1 (0% of visits)
ip-66-70-203.net ,1 (0% of visits)
cloudedic.net ,1 (0% of visits)
xo.net ,1 (0% of visits)
luisgermano.com ,1 (0% of visits)
ip-142-4-195.net ,1 (0% of visits)
silverstar.com ,1 (0% of visits)
InterCable.net ,1 (0% of visits)
abilitybusinesscomputing.com ,1 (0% of visits)
sciencescores.com ,1 (0% of visits)
airtelkenya.com ,1 (0% of visits)
foundationapi.com ,1 (0% of visits)
protedtmailsrv22.com ,1 (0% of visits)
edns1.com ,1 (0% of visits)
i-tera.com ,1 (0% of visits)
tangobacchus.com ,1 (0% of visits)
m247.com ,1 (0% of visits)
othush.com ,1 (0% of visits)
eu.org ,1 (0% of visits)
fex.net ,1 (0% of visits)
appliedprivacy.net ,1 (0% of visits)
dnsserverboot.com ,1 (0% of visits)
volia.net ,1 (0% of visits)
lockingall.com ,1 (0% of visits)
promocloud.net ,1 (0% of visits)
2i3.net ,1 (0% of visits)
dsci-net.com ,1 (0% of visits)
online.net ,1 (0% of visits)
opera-mini.net ,1 (0% of visits)
ip-51-161-120.net ,1 (0% of visits)
h0sted.net ,1 (0% of visits)
torservers.net ,1 (0% of visits)
as42926.net ,1 (0% of visits)
dslextreme.com ,1 (0% of visits)
datection.net ,1 (0% of visits)
ricetell.com ,1 (0% of visits)
bhn.net ,1 (0% of visits)
tedata.net ,1 (0% of visits)
free-face-sitting.com ,1 (0% of visits)
sitting.com ,1 (0% of visits)
royal-watches.com ,1 (0% of visits)
246.net ,1 (0% of visits)
azimut-r.net ,1 (0% of visits)
svea.net ,1 (0% of visits)
mivocloud.com ,1 (0% of visits)
keff.org ,1 (0% of visits)
webhop.net ,1 (0% of visits)
no-reverse-dns-configured.com ,1 (0% of visits)
quintex.com ,1 (0% of visits)
serveroffer.net ,1 (0% of visits)
cloudlinkd.com ,1 (0% of visits)
idknet.com ,1 (0% of visits)
gtt.net ,1 (0% of visits)
aglyptrutivin.com ,1 (0% of visits)
hosted-by-worldstream.net ,1 (0% of visits)
sukienhanoi.com ,1 (0% of visits)
townisp.com ,1 (0% of visits)
inew-cs.com ,1 (0% of visits)
q-challenges.com ,1 (0% of visits)
chaycrop.com ,1 (0% of visits)
ptd.net ,1 (0% of visits)
routergate.com ,1 (0% of visits)
wideopenwest.com ,1 (0% of visits)
primehome.com ,1 (0% of visits)
netvigator.com ,1 (0% of visits)
ztomy.com ,1 (0% of visits)
kievline.net ,1 (0% of visits)
ctinets.com ,1 (0% of visits)
objectified.com ,1 (0% of visits)
tzulo.com ,1 (0% of visits)
psychz.net ,1 (0% of visits)
optonline.net ,1 (0% of visits)
afnet.net ,1 (0% of visits)
mysipl.com ,1 (0% of visits)
sure.com ,1 (0% of visits)
appearancemachine.net ,1 (0% of visits)
wateen.net ,1 (0% of visits)
servermania.com ,1 (0% of visits)
westcall.net ,1 (0% of visits)
webhostbox.net ,1 (0% of visits)
16clouds.com ,1 (0% of visits)
nicecrawler.com ,1 (0% of visits)
pbiaas.com ,1 (0% of visits)
ip-142-4-215.net ,1 (0% of visits)
paradisenetworks.net ,1 (0% of visits)
t-2.net ,1 (0% of visits)
convergeict.com ,1 (0% of visits)
hostsila.org ,1 (0% of visits)
sl-reverse.com ,1 (0% of visits)
comcast.net ,1 (0% of visits)
imoncommunications.net ,1 (0% of visits)
letztermensch.com ,1 (0% of visits)
hostgator.com ,1 (0% of visits)
controladordns.com ,1 (0% of visits)
vnserver.com ,1 (0% of visits)
activatemed.net ,1 (0% of visits)
udm.net ,1 (0% of visits)
o2switch.net ,1 (0% of visits)
alpinaasia.com ,1 (0% of visits)
ladyashleydesigns.com ,1 (0% of visits)
bringover.net ,1 (0% of visits)
convergentindia.com ,1 (0% of visits)
easyinfinite.com ,1 (0% of visits)
ip-167-114-24.net ,1 (0% of visits)
kaspersky-labs.com ,1 (0% of visits)
accountservergroup.com ,1 (0% of visits)
visionefectiva.com ,1 (0% of visits)
ipnxtelecoms.com ,1 (0% of visits)
atwar-game.com ,1 (0% of visits)
inmotionhosting.com ,1 (0% of visits)












Webbot/Spiders (A-Z list)


007ac9.net ,20
16clouds.com ,1
246.net ,1
2com.net ,2
2i3.net ,1
64m.org ,1
Borealisbroadband.net ,2
ColocationAmerica.com ,8
InterCable.net ,1
abilitybusinesscomputing.com ,1
accesskenya.net ,2
accountservergroup.com ,1
activatemed.net ,1
adiaboreha.com ,3
advantageww.net ,2
afnet.net ,1
aglyptrutivin.com ,1
airtelkenya.com ,1
alpinaasia.com ,1
amazeintaernet.com ,2
amazonaws.com ,1881
appearancemachine.net ,1
apple.com ,130
appliedprivacy.net ,1
as13285.net ,1
as42926.net ,1
aspiegel.com ,27
atwar-game.com ,1
avast.com ,1
azimut-r.net ,1
baidu.com ,8
bangnumb.com ,4
bhn.net ,1
bitdefender.net ,2
bluehost.com ,6
bringover.net ,1
btcentralplus.com ,4
cantv.net ,3
cargojet.com ,4
cavtel.net ,2
cdn77.com ,18
censys-scanner.com ,2
chaycrop.com ,1
chinaunicom.com ,8
cipherwave.net ,4
citenet.net ,2
clientshostname.com ,3
cloudedic.net ,1
cloudlinkd.com ,1
cloudradium.com ,1
cloudsystemnetworks.com ,173
coldhak.com ,2
colocrossing.com ,86
comcast.net ,1
comdevelopment.com ,7
completel.net ,14
contabo.net ,3
contaboserver.net ,33
controladordns.com ,1
convergeict.com ,1
convergentindia.com ,1
cosmoyard.com ,5
cox.net ,5
ctinets.com ,1
datapacket.com ,13
dataprovider.com ,20
dataproviderbot.com ,10
datection.net ,1
directwebhost.org ,8
dnspure.com ,8
dnsserverboot.com ,1
domaincrawler.com ,3
dreamhost.com ,14
dsci-net.com ,1
dslextreme.com ,1
duckduckgo.com ,38
easyinfinite.com ,1
edns1.com ,1
eu.org ,1
example.com ,2
fasternetwork.com ,2
fbsv.net ,7
fcpi.net ,5
fex.net ,1
flashstart.com ,2
foundationapi.com ,1
free-face-sitting.com ,1
glesys.net ,2
google.com ,43
googlebot.com ,2162
googleusercontent.com ,715
group-ib.com ,2
gthost.com ,10
gtt.net ,1
h0sted.net ,1
h12-media.com ,52
hargray.net ,1
hecombawatedly.com ,2
hidehost.net ,4
hinet.net ,2
hostdime.com ,2
hosted-by-worldstream.net ,1
hostgator.com ,1
hostry.com ,6
hostsila.org ,1
hostwindsdns.com ,4
hwclouds-dns.com ,65
i-tera.com ,1
i3d.net ,3
idianrunner.com ,2
idknet.com ,1
imoncommunications.net ,1
inew-cs.com ,1
inmotionhosting.com ,1
internet-census.org ,108
inwitelecom.net ,3
ip-142-4-195.net ,1
ip-142-4-215.net ,1
ip-142-44-138.net ,2
ip-142-44-251.net ,2
ip-144-217-190.net ,4
ip-158-69-252.net ,3
ip-167-114-100.net ,3
ip-167-114-124.net ,3
ip-167-114-150.net ,2
ip-167-114-159.net ,3
ip-167-114-172.net ,3
ip-167-114-175.net ,9
ip-167-114-24.net ,1
ip-167-114-90.net ,2
ip-192-95-29.net ,1
ip-192-99-18.net ,13
ip-192-99-225.net ,1
ip-198-245-49.net ,2
ip-51-161-120.net ,1
ip-51-161-57.net ,2
ip-51-222-133.net ,2
ip-51-222-151.net ,2
ip-51-222-43.net ,2
ip-51-222-50.net ,2
ip-51-79-111.net ,4
ip-51-79-116.net ,2
ip-54-39-17.net ,3
ip-54-39-227.net ,2
ip-66-70-203.net ,1
ipnxtelecoms.com ,1
ipvnow.com ,1
ispsystem.net ,24
it-tv.org ,3
jscriptsdev.com ,9
jumpingroo.com ,4
kaspersky-labs.com ,1
keff.org ,1
keznews.com ,6
kievline.net ,1
kpn.net ,2
kyivstar.net ,26
ladyashleydesigns.com ,1
lagranfrancia.com ,2
letztermensch.com ,1
linode.com ,15
linuxpl.com ,1
lipperhey.com ,19
lockingall.com ,1
luisgermano.com ,1
m247.com ,1
metronethn.com ,1
mivocloud.com ,1
msn.com ,1021
myaisfibre.com ,3
mycdz.com ,2
mycingular.net ,82
mysipl.com ,1
myvzw.com ,115
nephosdns.com ,1
netsystemsresearch.com ,52
netvigator.com ,1
netwpool.com ,2
nextconnex.net ,5
nicecrawler.com ,1
no-reverse-dns-configured.com ,1
noc401.com ,2
o2switch.net ,1
objectified.com ,1
okitup.net ,31
omnis.com ,605
online.net ,1
onr.com ,17
onyphe.net ,7
opera-mini.net ,1
optonline.net ,1
othush.com ,1
ovh.net ,5
pagething.com ,106
paradisenetworks.net ,1
pbiaas.com ,1
pldt.net ,5
plus.net ,3
prcdn.net ,11
primehome.com ,1
prismwebnets.com ,2
promocloud.net ,1
protedtmailsrv22.com ,1
proxad.net ,2
psychz.net ,1
ptd.net ,1
ptklp.com ,2
puregig.net ,3
q-challenges.com ,1
quadranet.com ,11
quintex.com ,1
qwant.com ,38
qwest.net ,2
rch003.net ,4
rcncustomer.com ,1
rederatural.com ,2
ricetell.com ,1
rima-tde.net ,6
rogers.com ,1
rootlayer.net ,6
routergate.com ,1
royal-watches.com ,1
rr.com ,14
sbcglobal.net ,14
scalabledns.com ,4
scaleway.com ,8
sciencescores.com ,1
scrtc.com ,2
secqin.com ,13
secureserver.net ,13
servebyte.com ,4
serverastra.com ,2
serverhotell.net ,1
servermania.com ,1
serveroffer.net ,1
shawcable.net ,5
silverstar.com ,1
sitting.com ,1
skyeris.net ,2
sl-reverse.com ,1
sogou.com ,10761
sonic.net ,3
spectrum.com ,8
sprious.com ,10
startdedicated.com ,2
sukienhanoi.com ,1
superonline.net ,1
sure.com ,1
svea.net ,1
t-2.net ,1
tangobacchus.com ,1
tedata.net ,1
telecom-solution.com ,1
telia.com ,2
telkomsa.net ,1
tmodns.net ,238
torservers.net ,1
totalplay.net ,6
totinternet.net ,2
townisp.com ,1
trinicom.com ,2
triolan.net ,3
turk.net ,3
tzulo.com ,1
udm.net ,1
uelockies.com ,2
verizon.net ,9
virginm.net ,2
visionefectiva.com ,1
vnserver.com ,1
volia.net ,1
vuhuv.com ,2
vultr.com ,65
wateen.net ,1
web-hosting.com ,6
webhop.net ,1
webhostbox.net ,1
webnx.com ,36
websitewelcome.com ,2
westcall.net ,1
wideopenwest.com ,1
windstream.net ,2
wiredns.net ,4
woorank.com ,4
xo.net ,1
yournetmarket.com ,2
zare.com ,3
ztomy.com ,1


















Webbot visit BAR chart to Infojet.org since 1-JAN-2020

























Small Business CyberSecurity 3-step Fast-List:

(1) Business Continuity Plan and BACKUPs(ENCRYPTED)-- Have malware-free backups of encrypted data ready to maintain operations after a cyber-event. Have a ready-to-go Business continuity plan. Your business continuity plan should be ready to snap into place to keep business operating without interuption.)

(2) UPDATEs-- Automatically update and automatically encrypt all hardware and software. Only use Apple or Chrome computers if possible. Ensure full encryption is used on all data in all phases (in-transit, in-storage, in-memmory).

(3) TRAINING-- Train yourself and all staff to never click on any links in any type of messages (emails, instant messages, text messages, etc.) or on any attachments in any messages. When reading messages, put your hands behind your back and only view, but not touch, any messages, or you will be fired!!


Cyber security resouces:
NIST Cybersecurity Framework
CISA Cyber Essentials
Checklist from your cyberinsurance provider (AIG has a 40 item checklist)
FINRA's cyber security checklist for small business
IRS's Safeguarding Taxpayer Data cybersecurity checklist (pub. 4557) & pub 5293
NIST Small Business Information Security
NIST Small Business Cybersecurity Corner



If your business is planning to operate 100% offsite, in the cloud, such as a tax firm running Chromebooks, Google Workspace and Intuit ProConnect, your number one priority will be to control access to your cloud resources through strict user and device management.


Most cybersecurity checklists are far too long, too detailed and too full of confusing jargon for most small businesses to successfully implement or implement in a timely manner. Because of these factors as well as the time and cost to fully implement a comprehensive cybersecurity program, many small businesses feel overwhelmed and do almost nothing (except for activating automatic updates on software) hoping they will not get hit.

Your small business will likely experience a cyber-event of some type in the future. Just make sure all of your systems are (1) automatically updated, (2) have a malware-free backup system ready to snap into place to keep your business going and (3) ensure all data is encrypted with the highest level of encryption available (AES-256) so you can assure affected parties that any data lost from a cyber event cannot by viewed cyber invaders (If the cyber invaders have your data but do not have your encryption key, they cannot view your data. Currently, AES-256 encryption would take hundreds of years to break with today's computing resources.).


Cyber Review (Traveler's Insurance)


CyberSecurity Videos (Traveler's CyberInsurance)



6 Basic foundations for a Secure Network:

CIS Control 1: Identify and Control of Hardware Assets (Are only authorized devices allowed to connect to network?)


CIS Control 2: List and Control of Software Assets (Are only authorized software programs run on the network?)


CIS Control 3: Continuously Assess for & Eliminate Network Vulnerabilities (Is the network checked & cleaned of vulnerabilities?)


CIS Control 4: Are Administrative Privileges controlled and monitored (Are only the bare minimal administrative rights granted to perform tasks?)


CIS Control 5: Secure configuration of network devices (Are network devices securely configured? Are device manufacturers' default settings changed to secure settings?) (secure benchmark refs: CIS, NIST NCP)


CIS Control 6: Monitor, Analyze and Maintain network logs (Are network logs analyzed, monitored, maintained and checked for integrity for later investigation to understand current or potential cyber attacks?)


Key Cybersecurity Resources (for planning for and creating a secure operation-source for cybersecurity frameworks):
Center for Internet Security (CIS)

NIST Cybersecurity Framework(Identify, Protect, Detect, Respond, Recover)

References for CyberAlerts/CyberEvents:
CYBERSECURITY & INFRASTRUCTURE SECURITY AGENCY

US-CERT

NSA Cybersecurity Advisories






MITRE Attack Framework (displays attacker techniques)





Federal Communications Commission (FCC) Cyberplanner





Federal Trade Commission (FTC) Cybersecurity for Small Business








IRS Security Nine (FAT BET VUR):
(1) Firewall
(2) Anti-malware
(3) Two-Factor Authentication for all accounts (Online tax software, MS 365, Google Workspace, etc.)
(4) Backups of data to a secured location offnetwork or in the cloud secured with two-factor authentication. Practice restoring your backups to a live environment to ensure your data is actually fully restored.
(5) Encryption of all data and devices (use 7zip to encrypt data and store in external drive or encrypted cloud storage like Google Drive in Google Workspace (Enterprise edition)
(6) Training for all staff and decision makers, have data confidentiality and data security agreement policy on logon screen so staff see it and agree to it at each logon.
(7) Virtual Private Network (VPN) connection to the internet (use ProtonVPN)
(8) Update everything automatically
(9) Review ALL Terms of Use agreements with any online service that will handle entity data, (for incidents, Recover and Report) (3-step incident response plan: Identify, Assess, Recover/Report)






IRS Data Security Plan required by the Federal Trade Commission (FTC) Safeguards Rule:
15 USC 6801: Protection of nonpublic personal information


§6801. Protection of nonpublic personal information
(a) Privacy obligation policy

It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information.

(b) Financial institutions safeguards
In furtherance of the policy in subsection (a), each agency or authority described in section 6805(a) of this title, other than the Bureau of Consumer Financial Protection, shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards-
(1) to insure the security and confidentiality of customer records and information
(2) to protect against any anticipated threats or hazards to the security or integrity of such records and
(3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer.




16 CFR part 314 _ STANDARDS FOR SAFEGUARDING CUSTOMER INFORMATION (also known as the Gramm-Leach-Bliley Act (GLBA)




FTC Safeguaurds Rule

Complying with the FTC Safeguards Rule





CISA 1-page Ransomware Fast Tips





CISA Cybersecurity planning questions/table top exercises





US Secret Service Cybersecurity planning guides











CISA Resources (Cyber Self-Assessments)





CISA Incident Reporting Form (for Federal Information Security Modernization Act of 2014 (44 USC 3552), FISMA related incidents and violations)


The Federal Information Security Modernization Act of 2014 (FISMA) defines incident as an occurrence that (A) actually or imminently jeopardizes, without lawful authority, the integrity, confidentiality, or availability of information or an information system; or (B) constitutes a violation or imminent threat of violation of law, security policies, security procedures, or acceptable use policies.




Notification Requirement

Agencies must report information security incidents, where the confidentiality, integrity, or availability of a federal information system of a civilian Executive Branch agency is potentially compromised, to the NCCIC/US-CERT with the required data elements, as well as any other available information, within one hour of being identified by the agency’s top-level Computer Security Incident Response Team (CSIRT), Security Operations Center (SOC), or information technology department. In some cases, it may not be feasible to have complete and validated information for the section below (Submitting Incident Notifications) prior to reporting. Agencies should provide their best estimate at the time of notification and report updated information as it becomes available. Events that have been found by the reporting agency not to impact confidentiality, integrity or availability may be reported voluntarily to US-CERT; however, they may not be included in the FISMA Annual Report to Congress.




In 1986, theUnited States Congress enacted the Computer Fraud and Abuse Act (CFAA), as an amendment to18 U.S.C. 1030. The CFAA has since been amended multiple times to address advancements in technologyand cybercrime. The CFAA criminalizes knowingly accessing a computer without authorization, obtainingprotected information, with the intent to defraud, intentionally causing unauthorized damage to a protectedcomputer, knowingly and with intent to defraud trafficking in passwords or access information, and extortioninvolving computers.







Small business Cybersecurity Road Map, one-page poster/cartoon (CISA)








CISA Small Business Cyberessentials





CISA Small Business Cyberessentials Starter kit





CISA Small Business Cyberessentials Starter Kit, by Chapter











CISA CyberEssentials Fast List

Managing cyber risks requires building a Culture of Cyber Readiness. The Culture of Cyber Readiness has six Essential Elements:

Yourself

You, as leader of your organization are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to drive cybersecurity strategy, investment and culture.

Actions For Leaders

Action to Take in Consultation with IT

To learn more about how you can drive cybersecurity strategy, investment and culture, explore the Cyber Essentials Toolkit on this element.

Your Staff

As users of your organization’s digital equipment and systems, your staff are essential elements of your organization’s Culture of Cyber Readiness. Your task for this element is to develop cybersecurity awareness and vigilance.

Actions For Leaders

Actions to Take in Consultation with IT

Your Systems

As the infrastructure that makes your organization operational, your systems are an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to protect critical assets and applications.

Action For Leaders

Actions to Take in Consultation with IT

Your Surroundings

As your organization’s digital workplace, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to ensure only those who belong on your digital workplace have access to it.

Actions to Take in Consultation with IT

Your Data

Your data, intellectual property, and other sensitive information is what your organization is built on. As such, it is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to make backups and avoid loss of information critical to operations.

Action For Leaders

Actions to Take in Consultation with IT

Your Crisis Response

As your strategy for responding to and recovering from compromise, this is an essential element of your organization’s Culture of Cyber Readiness. Your task for this element is to limit damage and quicken restoration of normal operations.

Actions For Leaders

Action to Take in Consultation with IT

Booting Up: Things to Do First

Even before your organization has begun to adopt a Culture of Cyber Readiness, there are things you can begin doing today to make your organization more prepared against cyber risks.

Backup Data

Employ a backup solution that automatically and continuously backs up critical data and system configurations.

Multi-Factor Authentication

Require multi-factor authentication (MFA) for accessing your systems whenever possible. MFA should be required of all users, but start with privileged, administrative, and remote access users.

Patch &Update Management

Enable automatic updates whenever possible. Replace unsupported operating systems, applications and hardware (replace network hardware like routers 3 years after purchase and computing devices 5 years after purchase). Test and deploy patches quickly.













Recommendations

CISA recommends that users and administrators consider using the following best practices to strengthen the security posture of their organization's systems. Any configuration changes should be reviewed by system owners and administrators prior to implementation to avoid unwanted impacts.

Additional information on malware incident prevention and handling can be found in National Institute of Standards and Technology (NIST) Special Publication 800-83, Guide to Malware Incident Prevention & Handling for Desktops and Laptops.






















Questions Every CEO Should Ask About Cyber Risks



Remember__ CyberSecurity Risk __ Equals __ Business / Oranizational Risk

As technology continues to evolve, cyber threats continue to grow in sophistication and complexity. Cyber threats affect businesses of all sizes and require the attention and involvement of chief executive officers (CEOs) and other senior leaders. To help companies understand their risks and prepare for cyber threats, CEOs should discuss key cybersecurity risk management topics with their leadership and implement cybersecurity best practices. The best practices listed in this document have been compiled from lessons learned from incident response activities and managing cyber risk.

What should CEOs know about the cybersecurity threats their companies face?

CEOs should ask the following questions about potential cybersecurity threats:

What can CEOs do to mitigate cybersecurity threats?

The following questions will help CEOs guide discussions about their cybersecurity risk with management:

Recommended Organizational Cybersecurity Best Practices

The cybersecurity best practices listed below can help organizations manage cybersecurity risks.

Refer to the Cybersecurity and Infrastructure Security Agency (CISA) Cyber Essentials page for recommendations on managing cybersecurity risks for small businesses.



Remember __ CyberSecurity Risk __ Equals __ Business / Oranizational Risk






















Cybersecurity evolution should eventually lead to a zero-trust environment where devices, services and people will be required to continually request access to critical systems and data. Unless otherwise stated, all access is denied by default in a zero trust environment.

See the US National Security Agency's overview of a Zero-Trust environment


NSA Zero-Trust Model




NIST CyberSecurity Education Resources



































Salt Security Automated detection and response AI API security Model

Cyberattackers are in the process of fully automating and operationalizing adversarial artificial intelligence (AI) API attacks that will soon be able to easily breach current web app and API cybersecurity defenses.

Businesses will need AI API cybersecurity, like that provided by Salt, to battle this incoming threat.










ComplianceForge (Pre_Written Cybersecurity Policies)
Cybersecurity Frameworks _ Span of Coverage











Fast Cybersecurity Policies for broke, time-starved small businesses. If you are a broke small business and do not have any money and little time to spend on making cybersecurity policies, use the US Federal Communications Commission (FCC) CyberPlanner to make policies fast. The FCC policies are somewhat out of date but it will be better to have these policies fast than no policies at all.



FCC Cybersecurity for Small Business

FCC 10 CyberSecurity Tips

FCC CyberSecurity Planning Guide All Policies (50 pages)

FCC CyberPlanner (all policies) direct document
FCC Cybersecurity 10 tips (direc document)




TurboFast 2-step Cybersecurity for broke, time-starved, non-regulated businesses, such as dog walkers/dog trainers, who do not want to understand this cybersecurity stuff.

___ (1) Automatically generate Cybersecurity Policies, using the FCC CyberPlanner_|_FCC CyberPlanner-All Policies (check)



___ (1a) Safeguard data from creation to destruction through automated security and encryption processes applied to auto-updated devices, services and software handling data. All staff, including myself, agree daily to securely access (via VPN and MFA) data on company approved devices and services.




___ (2) Go through the process of getting (but not necessarily buying) CyberSecurity Insurance to find and plan to fix weaknesses in your business that would enable your business to qualify for cyber insurance coverage. Remember, cyber insurance requirements are bare minimum for a secure network. If your business cannot qualify for insurance, your network is likely insecure.(chose one or more of the below cyber insurance forms) (get CyberSecurity Insurance if your business can afford it.) (check)

(2a) Traveler's Insurance CyberSecurity Network Risk Pressure Checklist/Assessment___Traveler's Ins CyberRisk all forms

(2b) Traveler's Insurance CyberRisk Application longform (most comprehensive)__CyberRisk_app_local_PDF

(2c) Traveler's Insurance CyberRisk Application ShortForm Fast__CyberRisk_app_local_PDF

(2d) US Risk Cybersecurity Insurance application

(2e) Coalition Cybersecurity and Cyberinsurance automated risk scanner



___ (3) Is your company's private data secured using modern and automated cybersecurity methods to prevent unauthorized data access and/or unauthorized data disclosure? Do you know where your data is at all times? (check)

___ (4) Are company systems secured against unauthorized access and setup to maintain secure business operations if a cyber attack occurs (incident response and recovery). (check)

___ (5) Are all devices, software and services auto-updated and automatically secured by modern cybersecurity systems? Have I replaced all network devices greater than 3 years old, computing devices greater than 5-years old and all devices, software and services no longer being updated by the device, software or service vendor? Are staff trained in modern cybersecurity awareness on a monthly basis and annually agree to a data handling policy? (check)


check1, check2, check3, 4 and 5 check, done!


CyberSecurity TurboFast summary:
___ (1) Is my data secured to prevent public exposure and public access during all business operations?
___ (2) Can my business rapidly react, recover and restore normal business operations after a cyber event without public exposure of data? And efficiently report the event to relevant legally required entities? ___ (3) Are devices, services and software automatically updated and automatically secured? Are staff, including myself, trained on current cybersecurity best practices?





Do any laws, like HIPAA, FISMA, GLBA or SOX, apply to my type of business?
Are any cybersecurity frameworks required for my business type?

Some business types that are governed by specific laws and/or contractural requirements are required to use a specific minimum cybersecurity framework level, such as NIST CyberSecurityFramework (NIST CSF), to demonstrate cybersecurity compliance before the business is allowed to operate in that industry.


For example, does the Gramm-Leach-Bliley Act (GLBA) (15 USC 6801, 16 CFR part 314, 17 CFR part 248) also known as the FTC Safeguards Rule mandate a specific cybersecurity framework to meet compliance requirements for safeguarding customer information? No. Direct reading of the GLBA United States Code (USC) and Code of Federal Regulations (CFR) information for safeguarding customer information does not mandate a specific method to achieve compliance. The GLBA USC and CFRs just state that the method of safeguarding information must be written. Finra.org, which is the Finanacial industry regulatory authority overseeing brokers and financial advisors references the NIST CSF for safeguarding customer information (Finra Cybersecurity Checklist). Although no cybersecurity framework is required to meet GLBA compliance, adhering to a specified framework such as the NIST CSF makes the cybersecurity process more standardized and predictable and is also a cybersecurity best practice. IRS Tax preparers are required to be in compliance with the GLBA/FTC Safeguards Rule.



15 USC 6801
15 USC 6801: Protection of nonpublic personal information Text contains those laws in effect on May 9, 2021 From Title 15-COMMERCE AND TRADECHAPTER 94-PRIVACYSUBCHAPTER I-DISCLOSURE OF NONPUBLIC PERSONAL INFORMATION Jump To: Source CreditAmendmentsEffective Date §6801. Protection of nonpublic personal information (a) Privacy obligation policy It is the policy of the Congress that each financial institution has an affirmative and continuing obligation to respect the privacy of its customers and to protect the security and confidentiality of those customers' nonpublic personal information. (b) Financial institutions safeguards In furtherance of the policy in subsection (a), each agency or authority described in section 6805(a) of this title, other than the Bureau of Consumer Financial Protection, shall establish appropriate standards for the financial institutions subject to their jurisdiction relating to administrative, technical, and physical safeguards- (1) to insure the security and confidentiality of customer records and information; (2) to protect against any anticipated threats or hazards to the security or integrity of such records; and (3) to protect against unauthorized access to or use of such records or information which could result in substantial harm or inconvenience to any customer. ( Pub. L. 106–102, title V, §501, Nov. 12, 1999, 113 Stat. 1436 ; Pub. L. 111–203, title X, §1093(1), July 21, 2010, 124 Stat. 2095 .) Amendments 2010-Subsec. (b). Pub. L. 111–203 inserted , other than the Bureau of Consumer Financial Protection, after section 6805(a) of this title in introductory provisions.


16 CFR part 314 (GLBA, FTC Safeguards Rule) (Remember that this regulation covers a wide variety of busineses from the 1-person tax preparation office to a national bank like JP Morgan Chase. So, the details of Information Security Programs will vary widely.)

§314.3 Standards for safeguarding customer information.
(a) Information security program. You shall develop, implement, and maintain a comprehensive information security program that is written in one or more readily accessible parts and contains administrative, technical, and physical safeguards that are appropriate to your size and complexity, the nature and scope of your activities, and the sensitivity of any customer information at issue. Such safeguards shall include the elements set forth in §314.4 and shall be reasonably designed to achieve the objectives of this part, as set forth in paragraph (b) of this section.


(b) Objectives.
The objectives of section 501(b) of the Act, and of this part, are to:
(1) Insure the security and confidentiality of customer information;
(2) Protect against any anticipated threats or hazards to the security or integrity of such information; and
(3) Protect against unauthorized access to or use of such information that could result in substantial harm or inconvenience to any customer.



§314.4 Elements. In order to develop, implement, and maintain your information security program, you shall:


____(a) Designate an employee or employees to coordinate your information security program.
________________________
________________________

____(b) Identify reasonably foreseeable internal and external risks to the security, confidentiality, and integrity of customer information that could result in the unauthorized disclosure, misuse, alteration, destruction or other compromise of such information, and assess the sufficiency of any safeguards in place to control these risks. At a minimum, such a risk assessment should include consideration of risks in each relevant area of your operations, including:
_________(1) Employee training and management;
_________(2) Information systems, including network and software design, as well as information processing, storage, transmission and disposal; and
_________(3) Detecting, preventing and responding to attacks, intrusions, or other systems failures.

____(c) Design and implement information safeguards to control the risks you identify through risk assessment, and regularly test or otherwise monitor the effectiveness of the safeguards' key controls, systems, and procedures.

(Information safeguards below to protect against risks of unauthorized access, exposure, alternation and use of customer data will be implemented promptly but no later than beginning of calendar year.)

___________________ (encryption of data in all phases)
___________________ (control of access to data via VPN and MFA)
___________________ (Staff policy training and agreement to secure data handling, access and use on company approved devices and services)

(Evaluate effectiveness of safeguards yearly and create a scheduled fix-it list of problems and solutions called a plan of actions and milestones (POA&M).

____(d) Oversee service providers, by:
________(1) Taking reasonable steps to select and retain service providers that are capable of maintaining appropriate safeguards for the customer information at issue; and
________(2) Requiring your service providers by contract to implement and maintain such safeguards.

____(e) Evaluate and adjust your information security program in light of the results of the testing and monitoring required by paragraph (c) of this section; any material changes to your operations or business arrangements; or any other circumstances that you know or have reason to know may have a material impact on your information security program.

(Changes to information security program after evaluating implemented program and POA&M list)

(Administrative changes) __________________________________________________

(Physical changes) _____________________________________________

(Technical changes) _____________________________________________







17 CFR part 248
§248.30 Procedures to safeguard customer records and information; disposal of consumer report information. (a) Every broker, dealer, and investment company, and every investment adviser registered with the Commission must adopt written policies and procedures that address administrative, technical, and physical safeguards for the protection of customer records and information. These written policies and procedures must be reasonably designed to: (1) Insure the security and confidentiality of customer records and information; (2) Protect against any anticipated threats or hazards to the security or integrity of customer records and information; and (3) Protect against unauthorized access to or use of customer records or information that could result in substantial harm or inconvenience to any customer. (b) Disposal of consumer report information and records—(1) Definitions (i) Consumer report has the same meaning as in section 603(d) of the Fair Credit Reporting Act (15 U.S.C. 1681a(d)). (ii) Consumer report information means any record about an individual, whether in paper, electronic or other form, that is a consumer report or is derived from a consumer report. Consumer report information also means a compilation of such records. Consumer report information does not include information that does not identify individuals, such as aggregate information or blind data. (iii) Disposal means: (A) The discarding or abandonment of consumer report information; or (B) The sale, donation, or transfer of any medium, including computer equipment, on which consumer report information is stored. (iv) Notice-registered broker-dealers means a broker or dealer registered by notice with the Commission under section 15(b)(11) of the Securities Exchange Act of 1934 (15 U.S.C. 78o(b)(11)). (v) Transfer agent has the same meaning as in section 3(a)(25) of the Securities Exchange Act of 1934 (15 U.S.C. 78c(a)(25)). (2) Proper disposal requirements—(i) Standard. Every broker and dealer other than notice-registered broker-dealers, every investment company, and every investment adviser and transfer agent registered with the Commission, that maintains or otherwise possesses consumer report information for a business purpose must properly dispose of the information by taking reasonable measures to protect against unauthorized access to or use of the information in connection with its disposal. (ii) Relation to other laws. Nothing in this section shall be construed: (A) To require any broker, dealer, or investment company, or any investment adviser or transfer agent registered with the Commission to maintain or destroy any record pertaining to an individual that is not imposed under other law; or (B) To alter or affect any requirement imposed under any other provision of law to maintain or destroy any of those records. 65 FR 40362, June 29, 2000, as amended at 69 FR 71329, Dec. 8, 2004



























































Cloud Computing Environment





Introduction

The Federal Government launched the Federal Risk and Authorization Management Program (FedRAMP) in June 2012 to account for the unique security requirements surrounding cloud computing. FedRAMP consists of a subset of NIST Special Publication (SP) 800-53 security controls targeted towards cloud provider and customer security requirements.

Based on NIST guidance, FedRAMP control baseline, industry best practices, and the Internal Revenue Service (IRS) Publication 1075, this guidance document provides agencies guidance for securing FTI in a cloud environment. These requirements are subject to change, based on updated standards or guidance. Agencies and their cloud providers should also review the requirements of FedRAMP and ensure overall compliance with these guidelines.

As defined by the National Institute of Standards and Technology (NIST), “Cloud computing is a model for enabling ubiquitous, convenient, on-demand network access to a shared pool of configurable, computing resources (e.g., networks, servers, storage, applications and services) that can be rapidly provisioned and released with minimal management effort or service provider interaction. This cloud model promotes availability and consists of five essential characteristics, three service models and four deployment models.”

As agencies look to reduce costs and improve reliability of business operations, cloud computing offers an alternative to traditional data center models. Cloud solutions reduce direct hardware expenditures and may eliminate redundant operations and consolidate resources.

However, while cloud computing offers many potential benefits, it is not without risk. The primary security concerns with cloud computing are:

Monitoring and addressing security issues that arise with FTI in a cloud environment remain in the purview of the agency. Limiting access to authorized individuals becomes a much greater challenge with the increased availability of data in the cloud, and agencies may have greater difficulties to identify FTI when segregated or commingled in the cloud environment. Agencies that utilize a public cloud model should have increased oversight and governance over the security controls implemented by their cloud provider.

Cloud Computing Definition

Five essential characteristics define a cloud computing environment and differentiate it from a traditional computing environment:

Service and Deployment Models

An agency’s cloud implementation is a combination of a service model and a deployment model.

Service Models

The resource stack provided as part of the cloud solution and the responsibilities which fall between the agency and the cloud provider define service models. NIST SP 800-145 outlines the possible service models that may be employed during a cloud implementation.

Deployment Models

Organizations have several choices for deploying a cloud computing model, as defined by NIST in SP 800-145:

The following table summarizes the four deployment models, and the relationship of system management, ownership and location for each model.  

Table 1: Cloud Deployment Models

 

System Management

System Owners

System Location

Public

Provider

Provider

Provider Site

Private

Agency or Provider

Agency or Provider

Agency or Provider Site

Community

Agency or Provider

Agency or Provider

Agency or Provider Site

Hybrid

Agency or Provider

Agency or Provider

Agency or Provider Site

 

The risk to data varies in each of the four deployment models, with of private cloud typically being the lowest risk model, and public cloud being the highest risk model. Depending on the deployment model, compensating controls can be accepted in place of the mandatory requirements provided those compensating controls must provide the same level of protection as mandatory controls for safeguarding FTI.

Security Responsibility

The service and deployment model used in a cloud computing environment will determine the responsibility for security controls implementation between the agency and the cloud provider for the protection of FTI that is stored or processed cloud environment. The delineation of security control responsibility is heavily dependent on the service and deployment models of the solution the agency is adopting.  For example, if the solution is a SaaS e-mail solution, the agency may be responsible for a small subset of security control responsibilities including Access Controls.  If the agency is deploying their own applications to a PaaS or IaaS solution, they will have greater responsibility for securing the application layer, and potentially the platform and middleware; and may have responsibilities in almost all of the Publication 1075 (NIST 800-53) control families with the exception of possibly the personnel and physical security requirements. Figure 1 is a notional illustration of the differences in scope between the cloud consumer (agency) and cloud provider for each of the service models discussed above.

Figure 1. Security Control Responsibility

Figure 1 is a notional illustration of the differences in scope between the cloud consumer (agency) and cloud provider for each of the service models discussed above.

The

Defining a Cloud within the context of the Office of Safeguards

The above definitions, largely created by NIST, define cloud computing for the industry at large. Due to the nature of relationships between IRS, partner agencies, consolidated data centers and third-party providers, there are certain circumstances to consider when determining whether FTI resides in a cloud environment:

Examples of Cloud Environments (non-comprehensive) where Safeguards would require a 45-day Notification and would subsequently assess the solution using the Safeguards Cloud Computing Safeguards Computer Security Evaluation Matrix (SCSEM) during an onsite review:

Specific examples where Safeguards would not consider an agency solution to be a cloud environment requiring 45-day notification and use of the Cloud Computing SCSEM during an on-site review.

Mandatory Requirements for FTI in a Cloud Environment

The following mandatory controls are applicable for all cloud service and deployment models. However, as stated earlier, depending on the deployment model, compensating controls can be accepted in place of the mandatory requirements provided those compensating controls afford the same level of protection as mandatory controls for safeguarding FTI. Potential compensating controls will be evaluated by the IRS Office of Safeguards as part of the cloud computing notification (see requirement below).

To utilize a cloud computing model to receive, transmit, store or process FTI, the agency must be in compliance with all Publication 1075 requirements. The following mandatory requirements are in effect for introducing FTI to a cloud environment:

Use tab to go to the next focusable element




 

Agencies maintaining FTI within cloud environments must engage services from FedRAMP certified vendors to complete the authorization framework resulting in an Authority to Operate.

Cloud solutions used to receive, process or store must undergo a complete assessment using the FedRAMP Authorization Framework from an authorized third-party assessment organization (3PAO). The assessment must result in an Authority to Operate granted by the FedRAMP organization. Only FedRAMP-authorized solutions may receive, process, store or transmit FTI. The discovery of FTI in a non-FedRAMP cloud during an onsite Safeguards review will result in a Critical finding.


 

Agencies must leverage vendors and services where (i) all FTI physically resides in systems located within the United States; and (ii) all access and support of such data is performed from the United States.

Identification of requirement that FTI may not be accessed by contractors located “offshore”, outside of the United States or its territories.  All physical locations where FTI is stored, transmitted, processed and/or received must remain within the United States. This includes all primary and secondary data centers and any backup facilities. Additionally, cloud environments (and any components, including, but not limited to, storage, virtualization, operating systems and networking) may not be accessed by vendor administrators from networks outside the United States. Further, FTI may not be received, stored, processed or disposed via information technology systems located off-shore. The discovery of offshore storage and/or access to FTI during an onsite Safeguards review will result in a Critical finding.


 

Agencies and their cloud providers must provide a complete listing of all data centers within the cloud environment where FTI will be received, processed, transmitted or stored.

In addition to certifying all data centers, environments and equipment reside onshore, the agency and provider must disclose all physical locations where FTI is received, processed, stored and maintained. Safeguards cannot approve the implementation of cloud solutions without a full understanding of the physical locations where FTI is processed, in addition to understanding the logical protections the solution provides.


 

The agency must notify the IRS Office of Safeguards at least 45 days prior to transmitting FTI into a cloud environment.

To utilize a cloud environment that receives, processes, stores or transmits FTI, the agency must meet the following mandatory notification requirement:

  • The agency must submit a Cloud Computing Notification (see Publication 1075 Section 9.4.1, Cloud Computing

Environments) to the IRS Office of Safeguards at least 45 days prior to transmitting FTI into a cloud environment.

The IRS strongly recommends that any agency planning on using a cloud computing model to receive, process, store and/or transmit FTI, contact the Office of Safeguards at SafeguardReports@irs.gov to schedule a conference call to discuss the details of the planned cloud computing implementation.


 

Software, data and services that receive, transmit, process or store FTI must be isolated within the cloud environment so that other cloud customers sharing physical or virtual space cannot access other customer data or applications.

One of the most common compliance issues with FTI is data location. Use of an agency-owned computing center allows the agency to structure its computing environment and to know in detail where FTI is stored and what safeguards are used to protect the data.

In contrast, a characteristic of many cloud computing services is detailed information about the location of an organization’s data is unavailable or not disclosed to the service subscriber. This makes it difficult to ascertain whether sufficient safeguards are in place and whether legal and regulatory compliance requirements are being met.

IRS Publication 1075, section 5.2, Commingling of FTI, recommends separating FTI from other information to the maximum extent possible. Organizing data in this manner will reduce the likelihood of unauthorized data access and disclosure. If complete separation is not possible, the agency must label FTI down to the data element level. Labeling must occur prior to introducing the data to the cloud and the data must be tracked accordingly through audit trails captured for operating systems, databases and applications that receive, store, process or transmit FTI.

IRS Publication 1075, section 9.3.3, Audit & Accountability, states audit logs must enable tracking activities taking place on the system. It also contains requirements for creating audit-related processes at both the application and system levels. Within the application, auditing must be enabled to the extent necessary to capture access, modification, deletion and movement of FTI by each unique user. This auditing requirement also applies to data tables or databases embedded in or residing outside of the application. Included in that section, as well, is the requirement for agencies to “coordinate the access and protection of audit information” with its cloud providers.


 

The agency must establish security policies and procedures based on IRS Publication 1075 for how FTI is stored, handled and accessed inside the cloud through a legally binding contract or SLA with their third-party cloud provider.

While the agency may not have direct control over FTI at all times, they ultimately maintain accountability while it is in the cloud, and the ownership rights over the data must be firmly established in the service contract to enable a basis for trust. The SLA is a mechanism to mitigate security risk that comes with the agency’s lack of visibility and control in a cloud environment. It is important that agencies establish SLAs with cloud providers that clearly identify Publication 1075 security control requirements and determine who has responsibility (provider, customer) for their implementation. At a minimum, SLAs with cloud providers must include:

  • IRS Publication 1075, Exhibit 7 contract language;

  • Identification of computer security requirements the cloud provider must meet per IRS Publication 1075, section 9, Computer System Security, which provides the security control requirements to include in agreements with third-party cloud providers;

  • Identification of requirements for cloud provider personnel who have access to FTI. All cloud provider personnel with logical FTI access must have a justifiable need for that access and submit to a background investigation; 

  • Identification of requirements for incident response to ensure cloud providers follow the incident notification procedures required by IRS Publication 1075. In the event of an unauthorized disclosure or data breach, the cloud provider and agency must report incident information to the appropriate Agent-in-charge, TIGTA and the IRS Office of Safeguards within 24 hours according to Publication 1075, section 10, Reporting Improper Inspections or Disclosures;

  • Agreement on the scope of the security boundary for the section of the cloud where FTI is accessible and systems with FTI reside. The agency must ensure that boundary details are included in the SLA between the two parties;

  • Clearly state that agencies have the right to require changes to their section of the cloud environment and cloud providers will comply with IT policies and procedures provided by the agency;

  • IRS Publication 1075, Exhibit 6, Contractor 45-day Notification Procedures contains a requirement for notifying the IRS prior to executing any agreement to disclose FTI to a contractor the cloud provider may utilize, or at least 45 days prior to the disclosure of FTI, to ensure appropriate contractual language is included and that contractors are held to safeguarding requirements and

  • Identification of cloud provider employee awareness and training requirements for access to FTI and incident response. IRS Publication 1075, 6.2, Training Requirements states employees must be certified to understand the agency’s security policy and procedures for safeguarding IRS information prior to being granted access to FTI, and must maintain their authorization to access FTI through annual recertification.


 

FTI must be encrypted in transit within the cloud environment. All mechanisms used to encrypt FTI must be FIPS 140-2 compliant, and operate utilizing the FIPS 140-2 compliant module. This requirement must be included in the SLA.

IRS Publication 1075 requires encryption of FTI in transit in Section 9.3.16.6, Transmission Confidentiality and Integrity (SC-8). The agency must ensure that encryption requirements are included in contracts with third-party providers. The IRS does not advocate specific mechanisms to accomplish encryption as long as they are FIPS 140-2 compliant and configured securely. Additionally, agencies must retain control of the encryption keys used to encrypt and decrypt the FTI at all times and be able to provide information as to who has access to and knows information regarding the key passphrase.


 

FTI must be encrypted while at rest in the cloud using a NIST-validated, FIPS 140-2 compliant encryption module. Encryption protects the confidentiality and integrity of the data and provides a methodology for segmenting an agency’s data from others while stored. This requirement must be included in the SLA.

In a cloud environment, protection of data and data isolation are a primary concern. Encryption of data at rest provides the agency with assurance that FTI is being properly protected in the cloud. NIST’s SP 800-144 recommends, “Data must be secured while at rest, in transit and in use, and access to the data must be controlled.”

The IRS does not advocate specific mechanisms to accomplish encryption as long as they are FIPS 140-2 compliant and configured securely. Additionally, agencies must retain control of the encryption keys used to encrypt and decrypt the FTI at all times and be able to provide information as to who has access to and knows information regarding the key passphrase. If the agency is able to satisfy this requirement, effectively preventing logical access to the data from the cloud vendor, agencies may use cloud infrastructure for data types that have contractor-access restrictions.


 

Storage devices where FTI has resided must be securely sanitized and/or destroyed using methods acceptable by National Security Agency/Central Security Service (NSA/CSS). This requirement must be included in the SLA.

If a storage device fails, or in situations where the data is moved within or removed from a cloud environment, actions must be taken to ensure residual FTI is no longer accessible. The destruction or sanitization methods apply to both individual devices that have failed as well as in situations where the agency removes data from the cloud environment or relocates FTI to another environment.

The technique for clearing, purging and destroying media depends on the type of media being sanitized. Acceptable physical destruction methods would include disintegration, incineration, pulverizing, shredding, or melting. Repurposed media must be purged to ensure no residual FTI remains on the device.

As there are varied approaches towards secure sanitization based on provider specifications, cloud providers should consult their data storage provider to determine the best method to sanitize the asset. If the storage device will no longer be in service, the residual data must be purged using Secure Erase or through degaussing using a NSA/CSS approved degausser.

The cloud provider is required to notify the agency upon destroying or repurposing storage media. The agency must verify that FTI has been removed or destroyed and notify the IRS Office of Safeguards of the destruction of storage media in the agency’s annual Safeguard Security Report (SSR).


 

The agency must conduct an annual assessment of the security controls in place on all information systems used for receiving, processing, storing and transmitting FTI. The IRS Office of Safeguards will evaluate the risk assessment as part of the 45 Day notification requirement.

Agencies are required to conduct a risk assessment (or update an existing risk assessment, if one exists) when migrating FTI to a cloud environment. Subsequently, the risk assessment must be reviewed annually to account for changes to the environment.  The implementation and an evaluation of the associated risks should be part of the risk assessment. The IRS Office of Safeguards will evaluate the risk assessment as part of the above notification requirement.


 

Cloud implementations which truly represent remote access from the internet must incorporate multi-factor authentication.

Remote access to the cloud where the access is available over the public internet requires multi-factor authentication. Multi-factor authentication requires at least two of the three criteria: 1) something a user knows (e.g., password); 2) something a user has (e.g., hardware cryptographic token) and 3) something a user is (e.g., using biometric information). 


 

Customer defined security controls must be identified, documented and implemented. The customer defined security controls, as implemented, must comply with Publication 1075 requirements.

Cloud providers may designate selected controls as customer defined. For customer defined security controls, the agency must identify, document and implement the customer defined controls, in accordance with Publication 1075. Implementation of some controls may need to be done in partnership with the agency’s cloud provider, however the agency has primary responsibility for ensuring it is completed.

The agency’s capability to test the functionality and security control implementation of a subsystem within a cloud environment is more limited than the ability to perform testing within the agency’s own infrastructure. However, other mechanisms such as third-party assessments may be used to establish a level of trust with the cloud provider.

Note: IRS Office of Safeguards will test agency-managed security controls during onsite reviews using the appropriate SCSEM for applications, operating systems, database management systems, etc. This determination will be made based on the cloud service model (i.e., PaaS, IaaS, SaaS) used to process FTI and will be discussed prior to any onsite review. The Office of Safeguards onsite review team will leverage the Cloud Computing SCSEM to assess many of the service provider security control implementations.

Use the FTI Cloud Notification Form DOCX to submit a 45 Day Notification to the Office of Safeguards.

Resources

Additional information can be obtained through the following resources:































































































Fast Cyber Security checklist:

(1) (Policies): FCC Cyberplanner , https://www.fcc.gov/cyberplanner(SANS.org also has nuerous, pre-written cybersecurity policies for small/medium businesses)

(2) (Assessment): NIST CSF (Cyber Security Framework): Cybersecurity Framework | NIST

(3) (Risk Mgmt, Incident Response): Cyber Insurance, The Cyber Risk Pressure Test - Travelers Insurance


Cybercheck all Staff, Devices and Sevices (including all company generated and external APIs (use Salt Security to find and cybercheck APIs)


CISA resources:

https://us-cert.cisa.gov/resources/ncats (National Cybersecurity Assessments and Technical Services)

https://us-cert.cisa.gov/resources/assessments  (CISA Cyber Resilience Review 40 page checklist)

https://www.sba.gov/business-guide/manage-your-business/stay-safe-cybersecurity-threats


fastcyber.herewire.com

fastcyberss.herewire.com





Fast Incident Response Plan for 1-person business storing all sensitive data on payment processor Square:

If you suspect unauthorized access to your Square account (squareup.com) such as by  receiving a message, email or notification from Square indicating your account was accessed when you did not access your account, perform the following incident response steps:


(1) Immediately change your account access information (username, password, authenticator app, biometric settings).


(2) Contact Square (squareup) immediately to report suspicious activity at https://squareup.com/help/contact?prefill=unrecognized_account_activity

when logged into your Square account. Square support link, https://squareup.com/help/us/en/contact?panel=99BFD8B89324 (search for suspicious activity)


(2a) Report confirmed data breaches and exposures to:

--Local law enforcement (Police or Sheriff)

--Local FBI office (https://www.fbi.gov/contact-us/field-offices)

--Local US Secret Service office (https://www.secretservice.gov/contact/field-offices)


(3) Notify any customers with credit cards saved on file to change their credit card information if it is confirmed that credit card information was obtained. Recommend changing credit card information if unauthorized access occurred but loss of credit card information was not confirmed. (For CA, any CA resident must be notified of a breach, see https://oag.ca.gov/privacy/databreach/reporting)


(4) Report to applicable state and federal agencies if the number of breached records exceeds applicable thresholds for each industry. For CA, report a data breach to the State of CA OAG if the number of breached records (# of CA residents) exceeds 500 (https://oag.ca.gov/privacy/databreach/report-a-breach ). 



References (FTC):

https://www.ftc.gov/tips-advice/business-center/guidance/data-breach-response-guide-business

https://identitytheft.gov/Steps

https://identitytheft.gov/databreach


Square references:

https://www.sellercommunity.com/t5/General-Discussion/If-my-Square-account-is-hacked-and-bank-details-are-changed-and/td-p/86918

https://www.sellercommunity.com/t5/Seller-Community-Events/Live-Q-amp-A-Ask-us-anything-about-Square-and-Security/td-p/87134









API Security (APIs need to be automatically secured against adversarial automated artificial intelligence attacks using an automated, agentless, AI driven API security service like Salt Security) Note: your Web Application Firewall (WAF) (like CloudFlare), API gateways, cloud access security brokers (CASB) and/or cloud workload protection services will likely not protect you from adversarial automated artificial intelligence API attacks as these low and slow attacks will never be detected above baseline activity. By the time you find out your APIs have been compromised by AAAI attacks, you will be so far too late in responding you might as well just shut down your operation because your business as you know it is owned by someone else now and that will, for the most part, be the end.

Remember: Cyber Risk = Business Survival Risk
Remember2: AWS, MS Azure, Google Cloud, Oracle Cloud will not secure your APIs for you. You need to secure your APIs yourself when using cloud configured resources.



OWASP API security top 10




OWASP Security Cheat Sheets




OWASP GraphQL API cheat sheet



Cyber security companies with effective offerings (as of June 2021)
CrowdStrike (numerous automated cybersecurity offerings, FedRAMP approved, requires lightweight agent installed on all endpoints)
Armis Security (to detect all network devices, both managed and unmanaged, agentless)
Salt Security (ai-driven, enterprise-scale, automated API security, for large organizations creating and deploying APIs)(ALL companies running APIs need automated API security, agentless deployment)

For a small 5-person tax preparation office using cloud-based tax software, it is best to use Chromebooks to securely access cloud-base SaaS programs.

For school districts, water districts and other small government related offices, Crowdstrike local government and education solution would be a low-workload solution to meet cybersecurity requirements.



Emergency Incident Response (Commercial/Professional Services)
If your agency or business is experiencing an active breach, and you do not have an incident response plan ready to deploy for the particular incident that is occurring, besides contacting local law enforcement, the FBI and/or the US Secret Service, you may wish to contact Crowdstrike's urgent Incident Response Service for immediate assistance. It will cost a ton of money but will likely be worth it.


CrowdStrike--Incident Response Plan basics



Incident Response Plan example (UC Berkeley)

Fast IRP:
(1) Assess
(2) Contain
(3) Investigate
(4) Secure
(5) Remediate



Basic Risk Calculations (Equations)

Risk=Likelihood x Impact (score each 1-5, maximum risk score = 25)
(Search Risk=Likelihood x impact)
Risk=Vulnerability x Threat x Consequence
(Search Risk = Vulnerability x Threat x Consequence)

Risk can also be stated as
RISK = Impact x Probablity (RIP), scale of 1-5 for Impact and Probability with a maximum score of 25 for the highest Risk items.



Fast Risk Assessment (TVRIP)
Determine the external/internal Threats to your Vulnerabilities then calcluate the RISK using Impact x Probability

For example, here is an assessment of an End of Life (EOL) Linksys 1900ac router: Threats=numerous CVEs exist against the EOL Linksys router
Vulnerability= EOL Linksys 1900ac router
Risk=Impact (5) x probability (5) = 25 (maximum RISK) so prompt decommissining of router and replacement is recommended.


Cyber Security template policies SANS.org







Microsoft Security offerings

Microsoft CASB



Microsoft Security Main



Microsoft Security MS 365



Microsoft Security Advanced Threat Protection (ATP)



Microsoft Security Defender Endpoint)



Federal Trade Commission (FTC) Business Security Information

FTC Start with Security: A Guide for Business


FTC Protecting Personal Information: A Guide for Business




Data Backups and Compression:
If data is going to be compressed as well as encrypted, ensure to:
(1) Compress first, then
(2) Encrypt
































INFOJET(back to top)