Windows Analysis Report
http://az9.pl/

Overview

General Information

Sample URL:	http://az9.pl/
Analysis ID:	1396696
Infos:

Detection

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Creates files inside the system directory

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/iphone14pro.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_closed.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr3.jpg	Avira URL Cloud: Label: malware
Source: https://bigultimatebonus.life/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://y1uy13f.xuowltwo.live/media/mainstream/icon.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/2.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/like.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/top_red.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr6.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/sound.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr2.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr11.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_open.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_2.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box-iphone14pro.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/l.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/css/flag-icon.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_1.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr1.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_3.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr5.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr4.jpg	Avira URL Cloud: Label: malware
Source: https://xuowltwo.live/crhhigmk/	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/flags/1x1/us.svg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/u.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/x1.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/alert.mp3	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: y1uy13f.xuowltwo.live	Virustotal: Detection: 6%			Perma Link
Source: bigultimatebonus.life	Virustotal: Detection: 14%			Perma Link

Source: https://bigultimatebonus.life/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: az9.plConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru HTTP/1.1Host: bigultimatebonus.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bigultimatebonus.lifeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bigultimatebonus.life/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkruAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid=t1~h22irzseq2ep0nacjbfxeqrw; p1=https://xuowltwo.live/crhhigmk/; s1=ju6whgjvkqwdsgpi
Source: global traffic	HTTP traffic detected: GET /crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3D HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bigultimatebonus.life/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_2.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_3.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/icon.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/sound.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/u.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/2.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_1.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://y1uy13f.xuowltwo.liveSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://y1uy13f.xuowltwo.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/css/flag-icon.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=j8SQUTltnVU5cOAeyzqSxW-qHOakRuBHDQGLTGeceC9Z5rRzk5trMKb4CuZC_CFmc7KFwQcRJL-qGz8MvkkzMZmElvXAFWLO-TPZ9PMqBYA78ZAuaepnXIRHe-TAolVoW6Z7dQnqpgyX0m-TmS72bebAgoqZv5GkpRFUcZIw1Kk

Source: chromecache_82.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_82.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFUZ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVp0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFW50bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWJ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWZ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2)
Source: chromecache_79.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_79.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_79.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_96.1.dr	String found in binary or memory: https://xuowltwo.live/crhhigmk/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_732_379165751

Jump to behavior

Source: classification engine

Classification label: mal56.win@20/82@22/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://az9.pl/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.155.184.32	bigultimatebonus.life	Switzerland	44160	INTERNETONEInternetServicesProviderIT	false
185.155.186.25	unknown	Switzerland	6898	INTERNETONE_CH	false
185.155.184.55	y1uy13f.xuowltwo.live	Switzerland	44160	INTERNETONEInternetServicesProviderIT	false
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
151.101.65.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
136.243.216.235	jsontdsexit2.com	Germany	24940	HETZNER-ASDE	false
104.21.26.13	unknown	United States	13335	CLOUDFLARENETUS	false
142.250.64.110	clients.l.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.16.84	accounts.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.65.229	true
y1uy13f.xuowltwo.live	185.155.184.55	true
accounts.google.com	142.251.16.84	true
jsontdsexit2.com	136.243.216.235	true
www.google.com	142.250.80.100	true
clients.l.google.com	142.250.64.110	true
az9.pl	172.67.135.33	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
bigultimatebonus.life	185.155.184.32	true
clients2.google.com	unknown	unknown
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://cdn.jsdelivr.net/npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js	false		high
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_closed.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3D	false		unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/iphone14pro.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr3.jpg	false	Avira URL Cloud: malware	unknown
https://az9.pl/	false	Avira URL Cloud: safe	unknown
https://bigultimatebonus.life/favicon.ico	false	0%, Virustotal, Browse Avira URL Cloud: phishing	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/icon.js	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/2.js	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/like.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/top_red.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/sound.js	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr6.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr2.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_open.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr11.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_2.css	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/l.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box-iphone14pro.png	false	Avira URL Cloud: malware	unknown
https://jsontdsexit2.com/ExtService.svc/getextparams	false	2%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/css/flag-icon.css	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_1.js	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr1.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_3.js	false	Avira URL Cloud: malware	unknown
https://bigultimatebonus.life/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru	false		unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr5.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr4.jpg	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/flags/1x1/us.svg	false	Avira URL Cloud: malware	unknown
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1	false		high
https://y1uy13f.xuowltwo.live/media/mainstream/u.js	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102.css	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/x1.png	false	Avira URL Cloud: malware	unknown
https://y1uy13f.xuowltwo.live/media/mainstream/alert.mp3	false	Avira URL Cloud: malware	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	assembler source, ASCII text	9A13F3506156BF7084AA380C75FDA671	117AB6DE499A40ABBFE8B7C56A6F40D812F0E309	FE71A9AA3271DD1850F74BBD853F9A9FAEDA64350652141C2FF6EB4DD8187AD5
Chrome Cache Entry: 101	PNG image data, 15 x 14, 8-bit colormap, non-interlaced	17586A0AEB3F7B2AA7FB15A9251FBCD4	6ADFFAD1183C93BC0DC114C89C77365734EC0DD6	8BF8DC3A4B6F7E4FA2A6FA74495C212F37A301311980CBC758050993ED9C07E1
Chrome Cache Entry: 102	Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural	6D2D3DA2EA28ACE816FA4A138829DC18	606E0EC3D7FB05C69F16233CFE1FF0A0EE760505	D79BC81189750262716692ADE6CC4D6FB6C4FBC4AA01C2B9D0AA67E5788821FC
Chrome Cache Entry: 103	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 104	PNG image data, 440 x 514, 8-bit colormap, non-interlaced	2F6BFED27C86FB5B0CF0796E73089FB0	BE5C1A83CB372816542E8F92E75FDDCC12872D42	601790639EDD8B031101566F42F5CA7BB57D1FD090AFF2783F7A5F5A1CEB0084
Chrome Cache Entry: 105	PNG image data, 440 x 514, 8-bit colormap, non-interlaced	2F6BFED27C86FB5B0CF0796E73089FB0	BE5C1A83CB372816542E8F92E75FDDCC12872D42	601790639EDD8B031101566F42F5CA7BB57D1FD090AFF2783F7A5F5A1CEB0084
Chrome Cache Entry: 56	ASCII text	AE061C759F20723E38540A261F2127D7	C09D8C4C6C7B2E125D92940BFA3F5930B51290BC	B01A4B1535F5F682181C7C5D4CC8E56C2BFA0FF66C197C67CADB2B176F91E1A2
Chrome Cache Entry: 57	PNG image data, 258 x 185, 8-bit colormap, non-interlaced	E26AB4191E2B939C553EA223042BE270	1EF6E06777AD700E46A5D5995573B8AD09D339C8	7CC901BCB50159C267C3ECD4995BB69DBD47939CA52C81AB28F527651200E472
Chrome Cache Entry: 58	SVG Scalable Vector Graphics image	1067E4F544573A808DB9CF39397E3B8E	7D2A7929ED766649E6D09157371AFFAD5B9AE005	442F2945EBCD2872EB28599AAD185E96A054C9FE611087EBC02398FADE385C48
Chrome Cache Entry: 59	PNG image data, 768 x 293, 8-bit colormap, non-interlaced	A0560779CF67AEB9A0C19F68F3582024	FF8D079FBBBAD6B70BE4D83C760A4A61BC51FF33	B585EE5FC0AF431C584664F82E390E5A65BBBC6F201FE495D7C289EA618F5D5E
Chrome Cache Entry: 60	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	752F51C4C387C0CA7F4337ACDEEC15D6	7F9777F95AECECFCE6FA930181269CCE30A4A059	227CEC10C842BA3865D12ED22363F87CA5135B3AC2C72E5AB1A3169C4A2D569C
Chrome Cache Entry: 61	PNG image data, 258 x 185, 8-bit colormap, non-interlaced	E26AB4191E2B939C553EA223042BE270	1EF6E06777AD700E46A5D5995573B8AD09D339C8	7CC901BCB50159C267C3ECD4995BB69DBD47939CA52C81AB28F527651200E472
Chrome Cache Entry: 62	Audio file with ID3 version 2.3.0, contains: MPEG ADTS, layer III, v1, 128 kbps, 44.1 kHz, Monaural	6D2D3DA2EA28ACE816FA4A138829DC18	606E0EC3D7FB05C69F16233CFE1FF0A0EE760505	D79BC81189750262716692ADE6CC4D6FB6C4FBC4AA01C2B9D0AA67E5788821FC
Chrome Cache Entry: 63	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	752F51C4C387C0CA7F4337ACDEEC15D6	7F9777F95AECECFCE6FA930181269CCE30A4A059	227CEC10C842BA3865D12ED22363F87CA5135B3AC2C72E5AB1A3169C4A2D569C
Chrome Cache Entry: 64	JSON data	F52109C337C1D2A05581C0DED10DB2AE	6CAC46951051E862BF008E01B8A03F1BC0FF1701	71769019D0F6847A78458800C13EA7A19489B6F03E3F6AED069EEEF179F25193
Chrome Cache Entry: 65	JSON data	F52109C337C1D2A05581C0DED10DB2AE	6CAC46951051E862BF008E01B8A03F1BC0FF1701	71769019D0F6847A78458800C13EA7A19489B6F03E3F6AED069EEEF179F25193
Chrome Cache Entry: 66	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	F17D127DFCAA6F94929EEDD080276DF0	EC801473523B8EB44E123B5634081D2B57715BA6	0108E4D428F408F819F174AE8A5923B4010E80A14FC9872B018C12781E114403
Chrome Cache Entry: 67	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	7F103BC91A8084CD154189B5EBB2CF86	375E58C42A8C409BBF111847A1F6798BA6C0D5F5	346139AAEC984853288672896D297DED47AC7EE1CB77CA43B63E130952CDD946
Chrome Cache Entry: 68	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	4C88EBF87B0CC26121497DE03DB7F64A	A1256A5CFCD62223172EB3633659CADDFF6CF005	28DB5EDB0FE5E61F42EB8A0D10250A317F3AC840E074FFA761CB953C330F2CF6
Chrome Cache Entry: 69	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	F17D127DFCAA6F94929EEDD080276DF0	EC801473523B8EB44E123B5634081D2B57715BA6	0108E4D428F408F819F174AE8A5923B4010E80A14FC9872B018C12781E114403
Chrome Cache Entry: 70	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	C74A5BEFD416E24626972E88ED65526D	4E8C25553248600CF23C3D6BCEC488D986A129F8	53BB570F4465306A78670ECBEA911BA0362251D2DC825D9EA0CB5D1C70F413AC
Chrome Cache Entry: 71	ASCII text, with CRLF line terminators	B7A46A018DCD21A4828BAE0B04DDCC6C	1D8418D6CC45E5C29E1AAB008C18EA633E7730C4	299595FD56AA6A2FCFAC34FCF780D33B61785AD96F19485E65A33EAD8FD69CBC
Chrome Cache Entry: 72	SVG Scalable Vector Graphics image	1067E4F544573A808DB9CF39397E3B8E	7D2A7929ED766649E6D09157371AFFAD5B9AE005	442F2945EBCD2872EB28599AAD185E96A054C9FE611087EBC02398FADE385C48
Chrome Cache Entry: 73	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	A660370FEB6A1543C3C872A52F7BCFA7	B9478ED6228E8FB34A393013D474CDE8DC400848	9D1EED749548DAD4B80B2D7CE32052143BD38773685029D7B60CEE82A31840B7
Chrome Cache Entry: 74	PNG image data, 768 x 293, 8-bit colormap, non-interlaced	A0560779CF67AEB9A0C19F68F3582024	FF8D079FBBBAD6B70BE4D83C760A4A61BC51FF33	B585EE5FC0AF431C584664F82E390E5A65BBBC6F201FE495D7C289EA618F5D5E
Chrome Cache Entry: 75	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	A660370FEB6A1543C3C872A52F7BCFA7	B9478ED6228E8FB34A393013D474CDE8DC400848	9D1EED749548DAD4B80B2D7CE32052143BD38773685029D7B60CEE82A31840B7
Chrome Cache Entry: 76	ASCII text, with very long lines (5014), with no line terminators	1F1FED792DA20AA1E75213D3F1839A0D	B5744653854DC322EFFAE7E83BA3B99F8818DFFC	32CDE492155502743E1B7C5EC41BA974216BE8C331DB01E5CD933726443241DF
Chrome Cache Entry: 77	PNG image data, 258 x 185, 8-bit colormap, non-interlaced	99264BEE31A1ABDE5D0035468E53BBFB	D1F25383B68C3769EB3BDB36783E85C112078054	8DA9180789C861B8D0D67D2BCA168DFCC6DE98F6999AB47400C38397D122157F
Chrome Cache Entry: 78	PNG image data, 258 x 185, 8-bit colormap, non-interlaced	99264BEE31A1ABDE5D0035468E53BBFB	D1F25383B68C3769EB3BDB36783E85C112078054	8DA9180789C861B8D0D67D2BCA168DFCC6DE98F6999AB47400C38397D122157F
Chrome Cache Entry: 79	ASCII text, with very long lines (65297)	A454220FC07088BF1FDD19313B6BFD50	265A733CB7FBC481FD2510A659A85AD55C93C895	7F3145C87D3570154F633975E8A4F8D30AA38603EDABA145501E9C90DDBE186C
Chrome Cache Entry: 80	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	4C88EBF87B0CC26121497DE03DB7F64A	A1256A5CFCD62223172EB3633659CADDFF6CF005	28DB5EDB0FE5E61F42EB8A0D10250A317F3AC840E074FFA761CB953C330F2CF6
Chrome Cache Entry: 81	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	F96150CBBB80AC607B3F264141A7FAEF	9ED21CB4E5C552F29BC23DB55684C945E7582071	F013C5F2D9AEDD8072D4BF01749C7DFCBACB80A43D06AA579403ADFD8FD21FD3
Chrome Cache Entry: 82	HTML document, Unicode text, UTF-8 text, with very long lines (651), with CRLF line terminators	127BD4B1F3BE668B82F209E90D917BFD	A97840A381FB3C4C8E9B6EB9A9E37AEED1DF0261	A336D017B83C38638DAF629F0CBBA85F5B284EFB3BB56ABB34E73664AE94D1C5
Chrome Cache Entry: 83	ASCII text, with very long lines (8233), with no line terminators	F065C7E65477147EBE301F629E80C74E	D4FE4168D7560DC70896348E6F39C57A6648BB1A	38434A1622E0A93044D95C667396C22F6960E2B8D4752A15FCAC544EF1C85BD3
Chrome Cache Entry: 84	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	EE850988ED56CD6F2498CAE7993A8753	965F9091CA3E7F21F5B8115347227AEDC93C586E	0303153A716BC5000D737521C0F6EB517700A1856B8E22BA8C088EC8F06ED8BA
Chrome Cache Entry: 85	ASCII text, with very long lines (927), with CRLF line terminators	32FA6D2A0774C237770A72345B00DD8B	252CEA83EE175DD1914D426E0D5D63A1C68D3282	2D940E642CD14425D5CAFBC7C1E5E88D0F028BCF092744FA86F71EF7343420B5
Chrome Cache Entry: 86	ASCII text, with very long lines (4392), with no line terminators	4E465CB29C5E827F2524DAEA92E6BC0A	CEA9784F8330DD339C0057502E85522AC2F266E3	78AAC7B6BEE2D9E1C29891827C06B51E40AE927E22DB5FFD8825BB525117813B
Chrome Cache Entry: 87	Web Open Font Format (Version 2), TrueType, length 9132, version 1.0	358D3070946A90B4960CD111154FDC12	A0BA0BF47A7F905F9AA1A3CE15A39CDAC62466EE	54C64F3C66372027154F01FC9F24B4E25FDFE405B70D1994C79ABBC2576FF775
Chrome Cache Entry: 88	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	F96150CBBB80AC607B3F264141A7FAEF	9ED21CB4E5C552F29BC23DB55684C945E7582071	F013C5F2D9AEDD8072D4BF01749C7DFCBACB80A43D06AA579403ADFD8FD21FD3
Chrome Cache Entry: 89	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	9B63CCBD631923743813E838190CECBF	5C6DD930C81346616E9C641FF41B6F18344C7E76	4CA9130A03F6874BAB37D2D52FD4546E3DE34CCCCBD83AA5B9CB6ED0F923D8B3
Chrome Cache Entry: 90	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	9B63CCBD631923743813E838190CECBF	5C6DD930C81346616E9C641FF41B6F18344C7E76	4CA9130A03F6874BAB37D2D52FD4546E3DE34CCCCBD83AA5B9CB6ED0F923D8B3
Chrome Cache Entry: 91	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	EE850988ED56CD6F2498CAE7993A8753	965F9091CA3E7F21F5B8115347227AEDC93C586E	0303153A716BC5000D737521C0F6EB517700A1856B8E22BA8C088EC8F06ED8BA
Chrome Cache Entry: 92	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	890D869DB1B3D28AF588BE81685214F2	5375BD0C2C75A6E40168F5561EB4ECA993D14505	EA2521ADD13DEB769FB7ABEE364670A567E7A3DC7B3B4474B5F80510DC593212
Chrome Cache Entry: 93	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	C74A5BEFD416E24626972E88ED65526D	4E8C25553248600CF23C3D6BCEC488D986A129F8	53BB570F4465306A78670ECBEA911BA0362251D2DC825D9EA0CB5D1C70F413AC
Chrome Cache Entry: 94	ASCII text, with very long lines (6570), with no line terminators	A8E36248F01478844F0C4DB185E945A0	D822225C2E21CD5FD7910F825DA1E646B21DC078	9195437B3D4FFD3D3652DF03D4DE4FF03C454386EC19A1777DA588A2F83827C2
Chrome Cache Entry: 95	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, progressive, precision 8, 60x60, components 3	7F103BC91A8084CD154189B5EBB2CF86	375E58C42A8C409BBF111847A1F6798BA6C0D5F5	346139AAEC984853288672896D297DED47AC7EE1CB77CA43B63E130952CDD946
Chrome Cache Entry: 96	HTML document, ASCII text, with very long lines (46678), with CRLF line terminators	85C451E2C86B234581D746F56062BC3B	6183BFC133447296B63A43ACDEEE846A367349C6	A240997718DA52D12ECFCA405E7DAD306EF4142A441729F03BEFB75C38CC1947
Chrome Cache Entry: 97	PNG image data, 15 x 14, 8-bit colormap, non-interlaced	17586A0AEB3F7B2AA7FB15A9251FBCD4	6ADFFAD1183C93BC0DC114C89C77365734EC0DD6	8BF8DC3A4B6F7E4FA2A6FA74495C212F37A301311980CBC758050993ED9C07E1
Chrome Cache Entry: 98	PNG image data, 258 x 184, 8-bit colormap, non-interlaced	890D869DB1B3D28AF588BE81685214F2	5375BD0C2C75A6E40168F5561EB4ECA993D14505	EA2521ADD13DEB769FB7ABEE364670A567E7A3DC7B3B4474B5F80510DC593212
Chrome Cache Entry: 99	ASCII text, with CRLF line terminators	A42AF1908408284441961EE5FAC7891E	9C4E5D6EEA95A03464380779A7AB9764E163F3A9	36A93A8003AB142DC7446633CF75524283582968CE207F8B773BE234C4ED5CF6

AV Detection

Antivirus detection for URL or domain

Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/iphone14pro.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_closed.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr3.jpg	Avira URL Cloud: Label: malware
Source: https://bigultimatebonus.life/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://y1uy13f.xuowltwo.live/media/mainstream/icon.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/2.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/like.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/top_red.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr6.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/sound.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr2.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr11.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box_open.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_2.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/box-iphone14pro.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/l.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/css/flag-icon.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_1.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr1.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102_3.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr5.jpg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/fr4.jpg	Avira URL Cloud: Label: malware
Source: https://xuowltwo.live/crhhigmk/	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/flags/1x1/us.svg	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/u.js	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/1102.css	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/all/ab/x1.png	Avira URL Cloud: Label: malware
Source: https://y1uy13f.xuowltwo.live/media/mainstream/alert.mp3	Avira URL Cloud: Label: malware

Multi AV Scanner detection for domain / URL

Source: y1uy13f.xuowltwo.live	Virustotal: Detection: 6%			Perma Link
Source: bigultimatebonus.life	Virustotal: Detection: 14%			Perma Link

Source: https://bigultimatebonus.life/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 23.51.58.94
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	TCP traffic detected without corresponding DNS query: 69.164.46.128
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=117.0.5938.132&lang=en-US&acceptformat=crx3,puff&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26brand%3DONGR%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-117.0.5938.132Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: az9.plConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru HTTP/1.1Host: bigultimatebonus.lifeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: bigultimatebonus.lifeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://bigultimatebonus.life/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkruAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: sid=t1~h22irzseq2ep0nacjbfxeqrw; p1=https://xuowltwo.live/crhhigmk/; s1=ju6whgjvkqwdsgpi
Source: global traffic	HTTP traffic detected: GET /crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3D HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://bigultimatebonus.life/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_2.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@4.3.1/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/css/flag-icon.css HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_3.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/icon.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/sound.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/u.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/2.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/1102_1.js HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://y1uy13f.xuowltwo.liveSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://y1uy13f.xuowltwo.live/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/media/mainstream/flag-icon/css/flag-icon.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/l.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr2.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ExtService.svc/getextparams HTTP/1.1Host: jsontdsexit2.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/like.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr1.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr3.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/top_red.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/x1.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box-iphone14pro.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_open.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/flag-icon/flags/1x1/us.svg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr4.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/box_closed.png HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://y1uy13f.xuowltwo.live/crhhigmk/?u=f31yu1y&o=mhxka94&t=NoUNIQ&cid=23n0u3t1tkru&f=1&sid=t1~h22irzseq2ep0nacjbfxeqrw&fp=26mYBxD1qHiy%2F7cYRR%2FEMg%3D%3DAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr5.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr6.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/all/ab/fr11.jpg HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /media/mainstream/alert.mp3 HTTP/1.1Host: y1uy13f.xuowltwo.liveConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: clients2.google.com

Source: unknown

Source: chromecache_82.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.5.1/jquery.min.js
Source: chromecache_82.1.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFUZ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVZ0bf8pkAg.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFVp0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFW50bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWJ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWZ0bf8pkAp6a.woff2)
Source: chromecache_99.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/opensans/v17/mem8YaGs126MiZpBA-UFWp0bf8pkAp6a.woff2)
Source: chromecache_79.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_79.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_79.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_96.1.dr	String found in binary or memory: https://xuowltwo.live/crhhigmk/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.51.58.94:443 -> 192.168.2.4:49750 version: TLS 1.2

Creates files inside the system directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\chrome_BITS_732_379165751

Jump to behavior

Source: classification engine

Classification label: mal56.win@20/82@22/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "http://az9.pl/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2120 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=6128 --field-trial-handle=1980,i,12541706661546956868,10376714994367635285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1396696
Product:	CloudBasic
Start time:	08:08:44
Start date:	22.02.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://az9.pl/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://az9.pl/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://az9.pl/