Loading ...

Play interactive tourEdit tour

Analysis Report http://handbalzephyr.nl

Overview

General Information

Joe Sandbox Version:26.0.0 Aquamarine
Analysis ID:141295
Start date:13.06.2019
Start time:00:28:32
Joe Sandbox Product:CloudBasic
Overall analysis duration:0h 5m 24s
Hypervisor based Inspection enabled:false
Report type:full
Cookbook file name:browseurl.jbs
Sample URL:http://handbalzephyr.nl
Analysis system description:Windows 10 64 bit (version 1803) with Office 2016, Adobe Reader DC 19, Chrome 70, Firefox 63, Java 8.171, Flash 30.0.0.113
Number of analysed new started processes analysed:13
Number of new started drivers analysed:0
Number of existing processes analysed:0
Number of existing drivers analysed:0
Number of injected processes analysed:0
Technologies:
  • EGA enabled
  • AMSI enabled
Analysis stop reason:Timeout
Detection:CLEAN
Classification:clean0.win@3/72@21/18
Cookbook Comments:
  • Adjust boot time
  • Enable AMSI
  • Browsing link: http://pink-koala.mnytrk.com/smartlink?mongo_id=5d017cd95376fb44427e070a&redirect_url=https%3a%2f%2fconfirmeo.com%2f%3flp%3dvideo1%26cid%3d598329178%26uid%3d6%26ts%3d0%26eid%3dm2019061222-e6f8551ee0ed026df24ea8ffc3cb5957%26media_type%3dmainstream&bot=1&suspicious=1&suspicious_reason=continue_link
Warnings:
Show All
  • Exclude process from analysis (whitelisted): MpCmdRun.exe, sc.exe, ielowutil.exe, TiWorker.exe, WMIADAP.exe, MusNotifyIcon.exe, conhost.exe, CompatTelRunner.exe, TrustedInstaller.exe
  • Excluded IPs from analysis (whitelisted): 13.107.4.50, 23.10.249.17, 23.10.249.50, 172.227.168.22, 104.16.88.20, 104.16.89.20, 104.16.86.20, 104.16.87.20, 104.16.85.20, 23.54.112.20, 52.156.196.151, 172.217.168.8, 172.217.168.14, 216.58.215.228, 72.21.81.200, 152.199.19.161
  • Excluded domains from analysis (whitelisted): au.download.windowsupdate.com.edgesuite.net, e3615.a.akamaiedge.net, cdn.jsdelivr.net.cdn.cloudflare.net, ds-s7.addthis.com.edgekey.net, www-google-analytics.l.google.com, ie9comview.vo.msecnd.net, www-googletagmanager.l.google.com, ctldl.windowsupdate.com, c-0001.c-msedge.net, settings-win.data.microsoft.com, a767.dscg3.akamai.net, settingsfd-geo.trafficmanager.net, e11290.dspg.akamaiedge.net, iecvlist.microsoft.com, au.au-msedge.net, go.microsoft.com, www.googletagmanager.com, audownload.windowsupdate.nsatc.net, go.microsoft.com.edgekey.net, www.google.com, au.c-0001.c-msedge.net, www.google-analytics.com, cs9.wpc.v0cdn.net
  • Report size getting too big, too many NtDeviceIoControlFile calls found.

Detection

StrategyScoreRangeReportingWhitelistedDetection
Threshold00 - 100falseclean

Confidence

StrategyScoreRangeFurther Analysis Required?Confidence
Threshold30 - 5true
ConfidenceConfidence


Classification

Analysis Advice

Some HTTP requests failed (404). It is likely the sample will exhibit less behavior
Uses HTTPS for network communication, use the 'Proxy HTTPS (port 443) to read its encrypted data' cookbook for further analysis



Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and Control
Valid AccountsWindows Remote ManagementWinlogon Helper DLLPort MonitorsFile System Logical OffsetsCredential DumpingFile and Directory Discovery1Remote File Copy4Data from Local SystemData Encrypted1Standard Cryptographic Protocol2
Replication Through Removable MediaService ExecutionPort MonitorsAccessibility FeaturesBinary PaddingNetwork SniffingApplication Window DiscoveryRemote ServicesData from Removable MediaExfiltration Over Other Network MediumStandard Non-Application Layer Protocol6
Drive-by CompromiseWindows Management InstrumentationAccessibility FeaturesPath InterceptionRootkitInput CaptureQuery RegistryWindows Remote ManagementData from Network Shared DriveAutomated ExfiltrationStandard Application Layer Protocol6
Exploit Public-Facing ApplicationScheduled TaskSystem FirmwareDLL Search Order HijackingObfuscated Files or InformationCredentials in FilesSystem Network Configuration DiscoveryLogon ScriptsInput CaptureData EncryptedRemote File Copy4

Signature Overview

Click to jump to signature section


Networking:

barindex
Downloads compressed data via HTTPShow sources
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:37 GMTServer: Apache/2X-Powered-By: PHP/5.6.28X-Pingback: http://handbalzephyr.nl/xmlrpc.phpLink: <http://handbalzephyr.nl/>; rel=shortlinkVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 5751Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 3d e9 72 dc 36 93 bf e5 aa bc 03 cc 6c 59 b6 23 0e e7 90 34 ba bd be 62 fb 8b af b5 9c a4 be c4 2e 15 66 88 21 31 43 12 0c 48 6a 2c 39 79 97 fd bb af b1 fb 62 db 0d f0 9c 93 63 d1 b6 0f cd 10 68 34 ba 1b dd 8d 46 03 84 4e dc d8 f7 ce 6e 91 f4 cf 89 cb a8 5d 3c aa a2 68 28 79 18 93 f8 2a 64 a7 06 0d 43 8f 0f 69 cc 45 60 8d e9 25 d5 95 46 b5 09 fe 19 25 c1 10 a1 48 28 c5 90 45 d1 dd 7b e4 f3 1c 10 fc e1 23 72 77 ca 03 5b 4c 5b 9e d0 88 c9 ed d3 53 92 96 85 54 b2 20 2e aa 96 60 81 3f b1 08 0b b0 53 62 b8 71 1c 1e 59 56 4c 27 cc 0c 25 bf 66 91 e9 32 c9 3a dd d6 50 f8 d6 83 e4 b4 fd 57 ff a0 3b e9 df 11 a7 1d
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:28:40 GMTETag: "44f-507bca6fd386e-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 469Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 85 53 db 8e db 20 10 7d 76 be 02 69 55 a9 95 8a e5 a4 bb 8a eb fd 1a 02 83 3d 0d 06 04 38 c9 ee aa ff de c1 8e 23 27 91 55 3f 58 0c cc 39 73 3b a3 f0 54 9e bd d4 7b f6 b5 29 7a 11 5a b4 0d ab de 37 85 17 4a a1 6d 47 e3 ef 66 a3 66 3f 1e 20 7a 67 23 70 37 24 3f a4 25 6e 07 3d ab ca 37 fa 6f a1 bf e3 28 77 f3 e5 92 8b 95 51 06 00 4b 9c 42 41 b8 51 67 4e ef 22 26 74 c4 2a 0e d1 99 21 01 11 ba 13 04 6d dc b9 61 1d 2a 05 96 ae a4 41 df b0 00 32 7d df fa cb 4f 76 f7 fb 41 0e 1d 60 db a5 26 9b 64 9d 51 a5 6e 36 d6 ea 2d 0e 2e 50 3e cf b5 f7 02 0d 8f 60 13 77 c7 9c e4 ec b7 f3 17 46 49 a2 62 2f bf 7e d7 7a fb ba 8a b3 ed 0a 4e eb 8a be 07 5c f4 a2 e7 07 e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:56 GMTETag: "332-507bcb2b4acdb-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 493Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 cb 8e db 30 0c bc f7 2b 7c 29 0a 2c 26 9b ec f6 71 70 8e 45 8f bd 74 bf 80 92 68 9b 1b 59 72 24 da 40 1a e4 df 4b 67 13 60 db 43 0f 06 65 51 1c ce 0c b9 7d 68 7e 14 f1 cd 4f 3e 71 f9 54 9b 5f 5c 59 9b ef 2f 2f cd f2 fc b8 6b 36 cd a0 3a b5 db ad af b5 ac a9 47 9f c7 e6 61 fb 61 d0 31 c2 e5 70 42 90 05 75 a2 04 9a a6 c8 8a ec 5e d9 2b a4 2b 34 32 86 27 0c cf 18 3e 63 f8 82 e1 2b 86 6f 98 e0 62 f6 87 e3 9c 95 31 15 06 81 9c 2b 20 5f 72 3a 8d a0 10 ac 53 85 93 1e 5e ec 8d cf 81 11 38 22 74 09 3c 42 c6 1e 92 2a 0e 2e e0 88 8a 4a e3 84 3a 52 8c a8 5a e4 c0 6b c8 a9 47 9d 9d 7d 13 54 b1 50 81 c3 0c 81 e7 a4 5c 10 0c 4e 11 02 72 c4 1c 11 05 9d 70
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:56 GMTETag: "2705-507bcb2b16ff2-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 1741Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5a dd 8f d3 38 10 7f df bf c2 6f dc 71 db 36 e9 47 9a 76 25 a4 d3 0a 10 12 dc 21 2d ef 5c da b8 8d 0f 37 ae 9c 74 97 82 e0 6f 3f db b1 b3 76 32 76 90 4e da 2e 0f 60 26 33 d3 99 df 7c c5 b1 27 2f af 10 5a 25 11 7a cb 49 8e ee ce 55 8d 0f e8 27 ba 65 1c a3 db bb bb b1 78 fa 1e 67 bc 44 07 49 f9 89 8a ba 3e ae 27 13 21 31 de 57 93 2b f9 98 6c 71 59 e1 1c 9d ca 1c 73 f4 f6 e3 7b 94 95 39 fa f0 ee d3 f8 ea a5 e0 98 c8 5f 78 c3 f8 16 57 68 93 6d bf ec 39 13 9c 15 aa 19 aa 8e 59 89 76 27 4a d1 03 c9 eb e2 5a 30 e2 7b 5c 22 b2 43 75 81 c5 ef 91 0a 15 8c 93 6f ac ac 33 8a aa 2d 67 94 92 72 2f ad 7a 57 6e 39 ce 2a 2c 38 05 97 90 38 b3 13 47 34 13 ff d
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:57 GMTETag: "36f-507bcb2b5a6cf-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 266Keep-Alive: timeout=2, max=98Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 92 c1 6e c3 20 0c 86 cf e3 29 7c dc a2 76 49 a7 1e 26 fa 12 95 76 d8 99 10 87 59 25 80 80 4a 8d a6 bc fb 20 55 ba 64 ea 76 9a 02 42 02 5b ff af 0f db 65 01 db 15 16 14 25 2b 8b 87 b7 d8 6b 0c 10 1c 4a 6a 49 0a ad 7b d0 64 4e d8 40 b4 f0 6e 7d 73 f4 18 02 d4 e7 40 26 5f 1e 85 26 65 52 9a 3a a1 30 6c 00 a3 7c ba 9a ad c6 cd a8 53 cf 23 87 27 f5 11 e1 13 5a 6d 45 e4 30 3e 0f d0 09 af c8 70 a8 d2 7e c1 2e 9f 03 0c df 2a 8d ed 4c 94 5f 73 cd ee aa 80 6a a1 91 68 22 fa a4 6a 28 38 2d 7a 0e b5 b6 f2 34 09 b7 d9 85 83 38 47 7b 0b 8d 34 53 6c 60 ec 2f e4 81 cd d1 16 64 53 ea 1f 08 d2 6f 36 22 75 4e 25 97 3a f5 16 3d ff f1 cd 89 ce 89 a6 21 a3 38 bc ba c
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Fri, 20 Feb 2015 13:36:20 GMTETag: "15d7-50f85234ec396-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 2680Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 57 09 8f e2 38 16 fe 2b b5 dd 5a cd b4 28 3a e1 4e 40 ab 5d e7 20 5c 81 70 13 34 52 cb 49 9c 03 72 91 84 1c a0 f9 ef eb 04 aa 0a 1a aa 67 76 0b 29 65 fb 9d 7e fe de f3 f3 7f 74 cf 8d ca 3a 54 d1 f9 3a 72 2c 3b 6b 2f a0 62 23 29 40 61 d8 09 03 b5 7d 0c ec df a3 7c c9 cf 97 be 23 2f fa f6 c9 fa bf bf 5a e8 db 8b ee 05 0e 8c 7e ff 0d 39 0a d2 34 a4 95 3d 1f b9 51 e6 a3 df be bd e6 32 1a 8c 60 1b fa be 6d a9 30 b2 3c 97 48 cb 85 f5 c4 d3 f5 8e 02 43 d4 ac bf 6a 24 2d cc 0c c0 80 e2 6f 23 03 90 14 23 76 83 ff 4f c1 2f fe 18 61 66 cf c6 f9 a0 57 4c 0b 39 75 db 77 7b 93 3d bd 18 9d fa 78 ca d7 f3 45 c9 c0 1f 81 69 8d 37 12 27 57 2b a6 5a 98 ca 17 19
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:56 GMTETag: "34f0-507bcb2b38abc-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 2240Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5b 59 8f dc 36 12 7e de f9 15 5a 18 41 6c 47 d2 a8 d5 52 5f 83 78 17 31 72 3c 64 b1 01 12 60 1f 03 b6 c4 ee 26 2c 89 5a 91 3d 33 4e 30 ff 3d 45 52 07 29 51 7d d9 46 14 21 83 16 45 16 8b 55 5f 1d 2c d2 f7 6f 1d ef ef fc cf 79 7b 7f 77 f7 6f 92 97 b4 e2 ce b1 ca 5e df df ef 68 c1 99 bf a7 74 9f 61 54 12 e6 27 34 bf 4f 18 fb d7 0e e5 24 fb f8 ed 7f 4b 5c 7c f3 2b 2a d8 66 1e 04 84 a3 8c 24 2e fc 72 a3 f6 6d a1 ff 72 97 ed 5b a4 de de 3c f4 66 cc d1 73 92 16 fe 96 52 ce 78 85 4a f1 22 26 15 9c 78 e8 09 33 9a e3 fb c8 0f fd 40 f0 61 34 fb 39 81 be 8c 01 cd bb fb 09 c8 12 78 f8 0f 22 45 fd f3 6f 67 e7 ee c0 f3 cc dd d2 f4 a3 f3 a7 b3 45 c9 87 7d 4
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:58 GMTETag: "131f-507bcb2ceaae8-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 1423Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 ad 57 5b 6f db 36 14 7e 8e 7f 05 db 60 48 53 98 8e ac d8 5d ea be 74 05 96 6d 2f 1b 50 f4 7d a0 24 ca e2 42 93 02 49 3b 4e d2 fe f7 1d 5e 64 93 b2 1c a7 45 73 35 6f 87 df 39 e7 3b 17 5e bd 7d 85 6a 22 ca 87 4f 72 8b 36 f9 64 3a 99 fb 31 69 5b 3d 29 e5 0a 7d 4d c7 57 6e 54 c8 ed d5 39 67 25 15 9a a2 b7 57 a3 49 37 8b ef 15 69 c7 d1 58 df 31 11 8f e5 da 50 15 4f 30 21 7a 13 2b b2 a4 e3 9e 48 c4 6a 45 56 87 d3 b2 f8 8f 96 26 9e 16 64 d3 1b 22 dd 92 04 83 59 b5 a3 a7 d1 59 4b aa 8a 89 e5 02 65 1f 46 67 2b a2 96 4c f8 cf 85 54 15 55 fe 33 e0 e5 4c d0 05 12 52 50 18 6f a8 32 ac 24 1c 13 ce 96 b0 df c8 f6 c3 e8 db a8 8f cb 8a 97 9a 19 26 61 0f 29 b4 e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Wed, 06 Feb 2019 19:55:34 GMTETag: "1528-5813f1be2ecd1-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 1634Keep-Alive: timeout=2, max=100Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 58 5d 4f dc 38 14 7d 1e 24 fe 83 b7 55 25 40 24 93 81 d2 85 cc 4b 61 0b 2d 12 b4 55 61 f7 b5 f2 24 9e 8c 85 13 47 b6 07 18 10 ff 7d af 3f e2 71 32 19 60 5b 2d 02 94 89 af ed fb 71 7c ee f1 0c 77 36 37 d0 0e 3a c5 72 81 2e 49 4e 31 fa 8c 19 23 62 81 2e a8 22 66 ec 4c f0 4a 91 2a 47 57 6a c1 08 ba 8d 47 f1 7e 3c da ff d3 0c fe c5 eb 85 a0 c5 4c a1 ad 6c 1b ed 25 a3 3d f4 79 c6 1f 16 17 78 b2 8b ce ab 2c 36 56 33 a5 ea 74 38 2c f4 08 c3 93 38 e3 e5 30 1c b8 e3 22 af 05 91 32 e6 a2 18 92 7b bd dd b0 66 f3 82 56 72 48 c0 b7 a8 d4 be 45 85 f5 0d e6 ee c0 df e6 c6 db 72 62 9c de 45 f0 f4 17 b8 89 69 45 84 fd 44 c0 69 fb 78 c2 95 e2 25 7a dc dc 18 4
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:35:37 GMTETag: "1763f-507bcbfda2f4b-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 33231Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 dd bd 7b 77 e3 c6 b1 2f fa ff fe 14 22 32 5b 06 86 2d 8a 1a db 39 3b a0 21 5e 7b c6 13 3b f1 2b 99 71 6c 87 a2 bd f0 22 09 89 2f 91 d4 48 b2 c8 7c f6 5b bf aa ee 46 e3 c1 b1 b3 f7 b9 eb 9e 75 9c 8c 08 34 fa dd d5 d5 55 d5 f5 38 7f de 39 b9 fe db 5d be 79 3c 79 77 d1 bb a0 ff 9f ec 4f fc 34 38 79 d1 ef 7f ac e8 ef c5 47 e6 fb eb d5 dd 32 8b 77 c5 6a a9 4e be 5c a6 3d ca 78 7d 8b 2f bd d5 66 7a 3e 2f d2 7c b9 cd 4f 9e 9f ff 47 67 72 b7 4c 91 cf 8f 55 12 3c 79 ab e4 3a 4f 77 5e 14 ed 1e d7 f9 6a 72 b2 58 65 77 f3 fc f4 f4 c8 87 5e fe b0 5e 6d 76 db 61 f5 35 8a 7b d9 2a bd 5b e4 cb dd 30 a1 9a 3b fd 20 2c 1b 0a 9e 8a 89 df 29 b3 04 b
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:35:36 GMTETag: "1c1f-507bcbfd038c4-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 3063Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 95 59 7b 73 db 36 12 ff ff 3e 05 cd e6 6c 20 c2 51 72 7a 8f 8e 14 46 e3 a6 49 93 4e 9d 36 b5 ef da 19 59 bd 81 49 88 a2 4d 01 2a 00 ca 76 4d 7d f7 db 05 48 8a 94 95 b4 37 93 89 f0 dc 5d ec fe f6 45 0f 9f 1f 05 37 1f 4b a1 1f 82 f3 3c d3 dc 8a 60 73 1a bd 88 4e 83 2a 20 09 0d 5e 8c 46 ff 60 f0 ff e9 97 cd b1 b7 aa 94 29 b7 b9 92 2c 78 2f 93 28 e0 32 0d 94 5d 0a 1d 24 4a 5a 9d 5f 97 56 69 03 f7 6f 7e c3 0b 91 d2 d9 b0 c8 13 21 8d 08 9e 0f ff e2 c9 44 2b cf ed bc b4 22 8e e3 8d ca d3 60 74 7c 4c 0e ec 1e 8d 28 5b 94 32 41 96 44 30 cb 24 7d 6c e6 81 26 30 db 70 1d e8 d8 46 c0 df a8 42 4c f2 99 9c 57 15 c1 1f b8 cd 44 43 ee 67 ae 65 2e
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:59 GMTETag: "568-507bcb2d3bd00-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 712Keep-Alive: timeout=2, max=98Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 8d 54 5d 4f e3 30 10 7c e7 57 18 1e 2a 9b 4b dd 16 a4 7b 68 14 9d f8 92 40 2a a0 03 74 82 43 d5 69 9b 6c 12 43 6a e7 6c a7 a5 2a fd ef b7 49 29 2d a8 3a f1 e0 28 9d d9 1d 8f c7 9b 76 f6 77 d9 89 29 67 56 65 b9 67 3c 16 ec a0 db eb b1 63 0b 3a 31 9a 1d 81 a5 27 cf bd 2f fb 9d ce 68 89 42 0d 4a 8d 5e ec b0 7d 36 50 31 6a 87 09 ab 74 82 96 f9 1c d9 e5 c5 dd 0a 66 7c 70 71 72 76 75 7b 26 fd 8b 17 92 1a ea 9e bb 1c f4 b3 63 de f4 d9 9b 34 24 66 0c 4e 1a 9b 75 9e 60 02 2e b6 aa f4 ed b1 a9 1c b6 a7 39 62 d1 61 a9 b1 cc 99 31 b2 d2 28 ed d1 3a f9 49 ea 12 7c ae c0 b1 63 42 56 96 a7 d3 a9 1c 2f f1 f6 88 70 99 a0 68 94 80 b9 d8 94 c8 46 55 c6
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:58 GMTETag: "5a5f-507bcb2d28978-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 8634Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 9d 3c 6b 77 db 36 96 df f5 2b 64 76 6a 93 11 44 4b 69 33 9d 21 4d eb 38 4e d2 66 77 67 db 9d 74 b7 7b d6 f1 ce a1 48 e8 49 51 0a 49 59 76 24 fd f7 bd 0f 00 04 25 d9 ed 6c 73 6a 11 0f 5e 00 17 17 f7 0d 5e be 3a 6b 8f e2 3c 79 7a bb 7c 6c 3f bc f6 fb fe 1b 2e c7 ab 55 e9 27 cb 45 7b d7 2c 5f 52 69 b8 7c bc fc 26 9b 26 32 2f 65 fb d5 65 cb 1d ad f3 a4 9a 2e 73 b7 10 3f 8a 91 78 f0 b6 0f 71 d1 fe 97 68 e4 3a 93 6a 91 39 9e c8 e1 b9 f0 c4 0a 7e 7e f4 c4 30 1a f9 1a 52 64 5e f6 b6 43 7f b9 92 b9 0f a3 65 4f 6e 35 99 96 22 2e c6 eb 85 cc ab d2 db 8b 8f 51 1e 3f 4c c7 71 b5 2c fc 75 29 8b 9b 31 34 f8 8b b8 4a 26 ee e5 a2 9c ca cb a9 27 de
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Wed, 06 Feb 2019 19:55:34 GMTETag: "1b74-5813f1be2e8e9-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 1911Keep-Alive: timeout=2, max=99Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 59 5b 6f db 36 14 7e 56 81 fe 87 b3 06 c3 92 c0 52 6c 37 6e 32 17 05 d6 b9 d9 d6 a1 69 87 a5 18 f6 36 d0 16 6d 73 91 48 8d a4 1c a7 45 fe fb 0e 49 5d a8 8b 9d a6 ed d6 b4 85 c4 db b9 7d e7 3b 87 4a 10 9c 1c 07 29 8d 19 99 8b ed cb 78 43 f8 82 c6 f0 86 ad d6 1a f4 9a a6 34 38 3e 79 fc 28 30 ab 36 54 2a 26 38 8c a3 67 10 c2 af 39 a7 30 1e 8e 46 41 50 2f 59 0a 09 9d c3 36 d1 28 9a 44 5b bb aa 58 f7 0e cf 4a c8 2d cc c9 e2 7a 25 45 ce 63 50 fa 36 61 7c 55 ac 3a 48 e7 e5 9a 8f b8 27 13 8a 69 94 3d 85 25 db d2 f8 39 0e 7d 08 19 8f e9 76 0a a3 a1 fd 63 c6 b4 c8 a6 60 9f 12 ba d4 c5 e3 0d 8b f5 da 2e fb d6 bc ae a9 b1 ad 7e 5f e4 52 09 39 85 4c 30 ae
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:38 GMTServer: Apache/2Last-Modified: Tue, 06 Jan 2015 14:26:20 GMTETag: "3cc-50bfc9735553d-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 318Keep-Alive: timeout=2, max=97Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 93 b1 6e c3 20 10 40 67 f3 15 37 58 02 d2 c4 71 a2 4e 8e fa 11 55 ba 57 14 2e 31 09 05 0b 70 d2 a8 ca bf 17 db a9 5c af 1d cc 80 b8 c7 a1 3b e9 1d eb 05 ac 66 58 b0 58 13 92 c3 0b 9c 5e 5b f4 b7 1d 21 eb 19 0b 5f 84 07 6d 75 4c f5 0f ad 95 51 3b cb 38 f9 26 59 ce 68 71 14 c6 a4 96 28 2f 50 c8 9a fd 49 c8 52 46 4a 89 b5 0e bc 90 b5 36 ca a3 65 54 19 3a 09 e3 24 14 29 12 31 7a 46 3d 1a ba 84 df f7 03 d3 8a 72 78 02 ba d2 11 3f 29 df fd b3 c0 41 58 79 fb 70 5f ac eb 30 6b 84 52 da 1e b3 ac 82 72 d9 81 1a 4d 83 3e 74 a0 4f c8 dc 05 bd 11 b7 11 64 c6 c9 33 aa 0e 1c 84 09 d8 c3 3b 79 6c f7 ae b1 6e bb cf eb 29 67 9d 25 3e f3 74 8c ca 73
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:39 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:31:56 GMTETag: "41c-507bcb2b261e0-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 425Keep-Alive: timeout=2, max=97Connection: Keep-AliveContent-Type: text/cssData Raw: 1f 8b 08 00 00 00 00 00 00 03 bd 93 c1 4e e3 30 10 86 cf db a7 18 09 21 41 d5 50 67 2b 04 b8 e2 84 c4 79 6f 7b 40 1c 1c 7b 92 58 a4 b6 35 76 da c2 8a 77 df 71 da 92 ac e0 ba d8 39 24 e3 99 7f be df a3 2c e7 50 fc e7 05 f3 e5 6c 39 ff f1 e8 69 13 e1 e2 f7 af 87 c7 1b 88 7d 08 9e 12 9a cb c3 e9 b7 40 cc 8c dd 5e ed 82 ae 6f 16 f9 ad 66 20 f8 03 3b 6b 52 2b e1 7d 36 b3 2e f4 e9 29 bd 06 bc 4f b8 4f cf 8b 49 00 37 ca 76 ff 44 12 f2 77 ce 53 84 6a d4 b9 bb 3d 5f 43 a5 f4 4b 43 be 77 46 c2 59 5d d7 1c f1 64 90 0a 52 c6 f6 51 c2 2a ec 4f 31 09 d1 77 d6 c0 19 96 79 43 99 8f 82 32 c6 ba 46 42 c9 6a 1b 45 8d 75 12 ae c3 1e 44 2e db 17 b1 55 c6 ef 24 08 de ac 05 d4 54 ea 62 25 16 87 47 5
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:39 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:28:42 GMTETag: "3b90-507bca71fa8d2-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 5860Keep-Alive: timeout=2, max=96Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 5b 6b 77 e3 46 72 fd be bf 02 c4 e6 70 00 ab 05 52 e3 f5 26 07 34 86 47 19 69 d6 93 8c ac 89 25 67 bd 51 68 1f 10 68 92 90 40 80 06 1a 14 b9 22 ff 7b 6e f5 03 0f 8a b4 67 b3 5f 44 f4 ab ba bb ba 1e b7 aa 5b 83 af 7a 7f b0 be b2 1e ff ab e2 c5 d6 fa 90 17 4b eb 73 5a cd 93 8c 6a d7 bc 28 93 3c f3 ad af bd 6f 2e bc e1 f9 db e1 c5 9f bc e1 9f bd b7 43 6a fd 81 ff 5a 25 05 2f cd e0 f5 85 f7 8d 95 17 56 1a 0a 5e 50 87 f7 f9 6a 5b 24 f3 85 b0 9c c8 b5 68 b0 75 e3 59 97 69 59 ad a8 f9 7a 13 2e 57 29 c6 87 59 6c c5 79 54 2d 79 26 42 81 09 ad 50 f8 d6 42 88 95 3f 18 2c 43 ea ef 45 f9 72 f0 f8 2b cd 33 98 61 91 03 22 f0 b9 c8 1f 79 24 ac
Source: global trafficHTTP traffic detected: HTTP/1.1 200 OKDate: Wed, 12 Jun 2019 22:29:39 GMTServer: Apache/2Last-Modified: Thu, 13 Nov 2014 12:28:42 GMTETag: "25ba-507bca720c258-gzip"Accept-Ranges: bytesVary: Accept-Encoding,User-AgentContent-Encoding: gzipContent-Length: 2716Keep-Alive: timeout=2, max=94Connection: Keep-AliveContent-Type: application/javascriptData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 1a d9 72 db 38 f2 59 fe 0a d8 e3 1a 52 3b 22 6d 3f 4c 4d ad 62 bb 6a 2a 93 d4 ec d6 54 bc 13 27 fb e2 75 a9 20 12 92 e1 50 20 43 80 3e e2 e8 df b7 1b 07 09 1e 92 6c cf ee 43 1c 09 e8 6e f4 85 be a0 70 51 89 44 f1 5c 84 87 63 f2 b4 b7 37 e2 0b 12 aa c7 82 e5 0b 32 bb 2f 92 c5 2f e4 ec 8c 04 95 48 d9 82 0b 96 06 e4 fb f7 66 e3 8c 88 2a cb c6 7b a3 91 5b 22 4f eb 37 40 a5 fe 7a 18 b3 07 c5 44 1a 3e 91 84 26 37 2c 9d 92 63 b2 9e 58 12 63 84 3d 0c 6b 1e 90 05 47 2b 96 55 51 e4 a5 fa 5d ad b2 9f 35 25 bd 7c e9 ad 86 80 3f 02 fc 20 e5 77 66 97 9c 93 45 5e ae 82 b1 f9 fa 0f c1 d5 7b f8 ae 01 d7 e6 b4 78 21 da 9b 40 bb c3 80 ba e1 32 a6
Downloads files from webservers via HTTPShow sources
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.1 HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/css/reset.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/css/960.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/css/wordpress.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/tablepress/css/default.min.css?ver=1.5.1 HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/css/main.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/js/fancybox2/jquery.fancybox.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/easy-media-gallery/css/frontend.css?ver=4.0.26 HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery.js?ver=1.11.1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/js/jquery.mousewheel-3.0.6.pack.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/js/fancybox2/jquery.fancybox.pack.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/easy-media-gallery/css/styles/mediabox/Light.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/js/main.js HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/images/logo.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/LOGO-tve2-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/ZorgkwekerijLieseind1-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/climavision1-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/LOGO-oetelaar1-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/sporthal2-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/independer3-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/slagerijdennisvandeven7-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/Kohler-Systems-Support-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/themes/handbalzephyr/css/forms.css HTTP/1.1Accept: text/css, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.20 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.1 HTTP/1.1Accept: application/javascript, */*;q=0.8Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/figaro3-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/hetbrabantsgevoel2-190x80.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/Worstenbrood1.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/hbg.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/teamuitje-b-jeugd-500x308.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/JPG-5780-500x331.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /wp-content/uploads/image3-500x500.jpg HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: handbalzephyr.nlConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /?u=0q782k7&o=1apk8b8 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: take-prizes-here12.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /7213144471/?u=0q782k7&o=1apk8b8&f=1 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://handbalzephyr.nl/Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: sweeps3513.wtflife55.life
Source: global trafficHTTP traffic detected: GET /web/ HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://sweeps3513.wtflife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: sweeps3513.wtflife55.lifeConnection: Keep-AliveCookie: ASP.NET_SessionId=0biku1chwr310zplrlm5lurc
Source: global trafficHTTP traffic detected: GET /?url=I4WHKFughjJF8hN7lWENt93WnJeDtIz7OoG7Gj7zIvuaaGt8gY2m%2fqM2b2Yr%2bhz3UkAyIkB6RgFCu2ohSXo5rlqspso6oeQKebV1cnkewyxWEKM0oSrp3GLHDLrlsW%2bvWkLAuMGz704b6hjuPLyhvEk9vz0oiDxZpxoQ44Mss%2busREoGztkVe95FmosC4J5RbHW5DG5QT1A%3d HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://sweeps3513.wtflife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: realcenter-mobileapps2.com
Source: global trafficHTTP traffic detected: GET /away.php HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Referer: http://sweeps3513.wtflife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateConnection: Keep-AliveHost: realcenter-mobileapps2.comCookie: PHPSESSID=p80cd07jdtutpoo6h0i9n5sbg2
Source: global trafficHTTP traffic detected: GET /kt/ch/46/favicon.ico? HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: eslitrezo.com
Source: global trafficHTTP traffic detected: GET /click/1/2bfc4836-39f4-4d02-a86d-4e3287fca749 HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: arre.work
Source: global trafficHTTP traffic detected: GET /offer.png HTTP/1.1Accept: image/png, image/svg+xml, image/jxr, image/*;q=0.8, */*;q=0.5Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: track.fungiers.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /rnd/wdav?kbjr=B8R7EMJXRa50dWBQfpY5O4%2FHPUyeBTvljL3ZfIMKqA4%3D HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoConnection: Keep-AliveHost: astrulitzorem.com
Source: global trafficHTTP traffic detected: GET /smartlink?user_id=6&source_type=popunder&media_type=mainstream&vertical=browser_extensions&click_id=M2019061222-e6f8551ee0ed026df24ea8ffc3cb5957&site_id=07b1b23c-e62e-4fe8-b6ca-0d81ed8f01a1&zone_id=185392&creative_id=263764 HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: pink-koala.mnytrk.comConnection: Keep-Alive
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Accept: */*Accept-Encoding: gzip, deflateUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoHost: pink-koala.mnytrk.comConnection: Keep-AliveCookie: money_machine_session=eyJpdiI6Im9Td21JbStuRGRzMERVcjhKSlRTZHc9PSIsInZhbHVlIjoiXC94YVRJOXk3YzZXaTJEU0xLRTB5YWtjdUwyUDFvTmRoc1N2K2RsTURSS0hGeGVCdFUxMUdYcHdKSG82ZWdpS2hpYnFkNU5zS2IzUm1maXoydnYxRkVBPT0iLCJtYWMiOiI3MDhjYTkwYmUzZmE0NmNlNGJhYTE1MGIyZGNhMTI0OWU3NmE1MmU4MTMyMjk1ZjFjOGFjODg0MmNkOWU3NDllIn0%3D
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1User-Agent: AutoItHost: pink-koala.mnytrk.comCookie: money_machine_session=eyJpdiI6Im9Td21JbStuRGRzMERVcjhKSlRTZHc9PSIsInZhbHVlIjoiXC94YVRJOXk3YzZXaTJEU0xLRTB5YWtjdUwyUDFvTmRoc1N2K2RsTURSS0hGeGVCdFUxMUdYcHdKSG82ZWdpS2hpYnFkNU5zS2IzUm1maXoydnYxRkVBPT0iLCJtYWMiOiI3MDhjYTkwYmUzZmE0NmNlNGJhYTE1MGIyZGNhMTI0OWU3NmE1MmU4MTMyMjk1ZjFjOGFjODg0MmNkOWU3NDllIn0%3D
Source: global trafficHTTP traffic detected: GET /smartlink?mongo_id=5d017cd95376fb44427e070a&redirect_url=https%3a%2f%2fconfirmeo.com%2f%3flp%3dvideo1%26cid%3d598329178%26uid%3d6%26ts%3d0%26eid%3dm2019061222-e6f8551ee0ed026df24ea8ffc3cb5957%26media_type%3dmainstream&bot=1&suspicious=1&suspicious_reason=continue_link HTTP/1.1Accept: text/html, application/xhtml+xml, image/jxr, */*Accept-Language: en-USUser-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; Trident/7.0; rv:11.0) like GeckoAccept-Encoding: gzip, deflateHost: pink-koala.mnytrk.comConnection: Keep-AliveCookie: money_machine_session=eyJpdiI6Im9Td21JbStuRGRzMERVcjhKSlRTZHc9PSIsInZhbHVlIjoiXC94YVRJOXk3YzZXaTJEU0xLRTB5YWtjdUwyUDFvTmRoc1N2K2RsTURSS0hGeGVCdFUxMUdYcHdKSG82ZWdpS2hpYnFkNU5zS2IzUm1maXoydnYxRkVBPT0iLCJtYWMiOiI3MDhjYTkwYmUzZmE0NmNlNGJhYTE1MGIyZGNhMTI0OWU3NmE1MmU4MTMyMjk1ZjFjOGFjODg0MmNkOWU3NDllIn0%3D
Found strings which match to known social media urlsShow sources
Source: 5YYR7E8W.htm.2.drString found in binary or memory: <li class="facebook"><span><a href="https://www.facebook.com/" target="_blank"><i class="fa fa-facebook"></i></a></span></li> equals www.facebook.com (Facebook)
Source: 5YYR7E8W.htm.2.drString found in binary or memory: <li class="youtube"><span><a href="https://www.youtube.com/" target="_blank"><i class="fa fa-youtube"></i></a></span></li> equals www.youtube.com (Youtube)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xd71cdb92,0x01d521b9</date><accdate>0xd71cdb92,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml0.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.facebook.com/"/><date>0xd71cdb92,0x01d521b9</date><accdate>0xd71f512e,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Facebook.url"/></tile></msapplication></browserconfig> equals www.facebook.com (Facebook)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xd726ee59,0x01d521b9</date><accdate>0xd726ee59,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml5.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.twitter.com/"/><date>0xd726ee59,0x01d521b9</date><accdate>0xd729717a,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Twitter.url"/></tile></msapplication></browserconfig> equals www.twitter.com (Twitter)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xd72be6d6,0x01d521b9</date><accdate>0xd72be6d6,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: msapplication.xml7.1.drString found in binary or memory: <browserconfig><msapplication><config><site src="http://www.youtube.com/"/><date>0xd72be6d6,0x01d521b9</date><accdate>0xd72be6d6,0x01d521b9</accdate></config><tile><wide310x150logo/><square310x310logo/><square70x70logo/><favorite src="C:\Users\user\Favorites\Youtube.url"/></tile></msapplication></browserconfig> equals www.youtube.com (Youtube)
Source: main[1].css.2.drString found in binary or memory: div.header-container div.social-media ul li.facebook span { background: #48649F; } equals www.facebook.com (Facebook)
Source: main[1].css.2.drString found in binary or memory: div.header-container div.social-media ul li.youtube span { background: #CC181E; } equals www.youtube.com (Youtube)
Performs DNS lookupsShow sources
Source: unknownDNS traffic detected: queries for: handbalzephyr.nl
Posts data to webserverShow sources
Source: unknownHTTP traffic detected: HTTP/1.1 302 FoundDate: Wed, 12 Jun 2019 22:29:45 GMTContent-Type: text/plain; charset=utf-8Content-Length: 67Connection: keep-aliveSet-Cookie: __cfduid=dc5579d28370b6dbfa9a6c9ac0ff57ad91560378585; expires=Thu, 11-Jun-20 22:29:45 GMT; path=/; domain=.arre.work; HttpOnlyX-Powered-By: ExpressAccess-Control-Allow-Origin: undefinedAccess-Control-Allow-Headers: Origin, X-Requested-With, Content-Type, Accept, Access-Control-Allow-Credentials,Cookie,x-session-idAccess-Control-Allow-Methods: GET, POST, PUT, DELETE, OPTIONSAccess-Control-Allow-Credentials: trueLocation: https://s1-4d678282a7.kiwitrack.pro/?sl=77566Vary: AcceptSet-Cookie: SERVERID=; Expires=Thu, 01-Jan-1970 00:00:01 GMT; path=/Server: cloudflareCF-RAY: 4e5f43eced2f3e54-ZRHData Raw: 46 6f 75 6e 64 2e 20 52 65 64 69 72 65 63 74 69 6e 67 20 74 6f 20 68 74 74 70 73 3a 2f 2f 73 31 2d 34 64 36 37 38 32 38 32 61 37 2e 6b 69 77 69 74 72 61 63 6b 2e 70 72 6f 2f 3f 73 6c 3d 37 37 35 36 36 Data Ascii: Found. Redirecting to https:/
Tries to download or post to a non-existing http route (HTTP/1.1 404 Not Found / 503 Service Unavailable)Show sources
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.10.3Date: Wed, 12 Jun 2019 22:29:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: keep-aliveCache-Control: no-cache, privateContent-Encoding: gzipData Raw: 32 36 62 0d 0a 1f 8b 08 00 00 00 00 00 00 03 8d 54 c1 8e d3 30 10 bd ef 57 cc 86 c3 5e ea a6 cb 4a 15 0a 49 11 5a 16 89 0b ac 58 90 e0 e8 26 93 c4 d4 b1 83 ed b4 1b d0 fe 3b b6 d3 6e d2 24 20 72 69 ed 37 33 7e 6f fc 3c f1 e5 bb 4f b7 5f be df df 41 69 2a be b9 88 dd 0f 70 2a 8a 24 40 11 6c 2e c0 7e 71 89 34 eb fe fa 65 85 86 42 5a 52 a5 d1 24 41 63 72 f2 ea 18 d9 c3 a5 31 35 c1 9f 0d db 27 c1 37 f2 f5 2d b9 95 55 4d 0d db 72 0c 20 95 c2 a0 b0 b9 1f ee 12 cc 0a 9c 64 0b 5a 61 12 ec 19 1e 6a a9 cc 20 e1 c0 32 53 26 19 ee 59 8a c4 2f 16 c0 04 33 8c 72 a2 53 ca 31 b9 b6 c5 3c 6b cf c5 30 c3 71 73 4f 0b 84 8f d2 c0 7b d9 88 2c 0e bb dd 41 d8 25 21 16 13 46 03 21 03 a1 9c 89 1d 94 0a f3 24 70 7a 74 14 86 b9 8b 5a 16 52 16 1c 69 cd f4 32 95 55 98 6a fd 26 a7 15 e3 6d f2 d9 72 38
Urls found in memory or binary dataShow sources
Source: 960[1].css.2.drString found in binary or memory: http://960.gs/
Source: jquery.mousewheel-3.0.6.pack[1].js.2.drString found in binary or memory: http://adomas.org/javascript-mouse-wheel/
Source: jquery.mousewheel-3.0.6.pack[1].js.2.drString found in binary or memory: http://brandonaaron.net)
Source: 2Y7VQ89P.htm.2.drString found in binary or memory: http://confirmeo.mnytrk.com/smartlink?user_id=6&media_type=mainstream&vertical=&traffic_source_id=0&
Source: reset[1].css.2.drString found in binary or memory: http://cssreset.com
Source: frontend[1].css.2.drString found in binary or memory: http://ghozylab.com/
Source: slick.min[1].js0.2.drString found in binary or memory: http://github.com/kenwheeler/slick
Source: slick.min[1].js0.2.drString found in binary or memory: http://github.com/kenwheeler/slick/issues
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl
Source: 5YYR7E8W.htm.2.dr, ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: http://handbalzephyr.nl/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/01/29/carnavalstraining-7-februari-voor-f-en-e-jeugd/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/01/29/grote-clubactie-opbrengst-2017/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/03/01/carnavalstraining-2018/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/03/01/worstenbroodjes-actie-carnaval-2018/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/04/06/fotos-uit-de-oude-doos/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/04/16/verkiezingen-vereniging-van-het-jaar/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/04/23/de-opnames-van-het-rolstoelhandbal-voor-koffietijd-zijn-gemaakt-b
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/05/22/interland-rolstoelhandbal/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/07/11/seizoensafsluiting-2018/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/09/06/toverland-2018/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/11/30/zwarte-pieten-tonen-handbal-kunstjes/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2018/12/04/dik-verdiende-zege-voor-de-dames-van-zephyr/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2019/01/17/helden-van-b-jeugd-strijden-tegen-elkaar-op-kartbaan-uden/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2019/01/30/papier-inzameling-3/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/2019/01/30/worstenbroodjes/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/?s=
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: http://handbalzephyr.nl/Root
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/actueel/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/agenda/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/bestuur/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/category/persartikelen/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/commissies/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/commissies/prac/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/commissies/toernooi-commissie/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/competitie/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/externe-links/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/fotos-2/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/fotos/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/handbal-promo/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie-leden/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie/goalverhuur/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie/handbal-spelregels/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie/nhv-gedragcodes/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/informatie/sponsoring/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/kohler-systems-support/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/kom-jij-bij-ons-handballen/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/materiaalbeheer/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/nhv-competitie/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/overig-kader/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/papier-inzameling/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/rolstoel-handbal/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/scheidsrechters/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/schema-tijdwaarnemen/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/sponsoren-2/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/dames/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/gemengd-f-jeugd/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/heren/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/jongens-b-jeugd/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/teams/meisjes-e-jeugd/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/trainers-en-coaches/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/voorbeeld-pagina/feed/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/website/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wedstrijdverslagen/dames/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/weetjes/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/worstenbroodjes/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/contact-form-7/includes/css/styles.css?ver=4.0.1
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.1
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/easy-media-gallery/css/frontend.css?ver=4.0.26
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/easy-media-gallery/css/styles/mediabox/Light.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/easy-media-gallery/includes/js/func/html5.js
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/plugins/tablepress/css/default.min.css?ver=1.5.1
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/960.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/forms.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/main.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/reset.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/wordpress.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/images/logo.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/js/fancybox2/jquery.fancybox.css
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/js/fancybox2/jquery.fancybox.pack.js
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/js/jquery.mousewheel-3.0.6.pack.js
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/themes/handbalzephyr/js/main.js
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/JPG-5780-500x331.jpg
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/Kohler-Systems-Support-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/LOGO-oetelaar1-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/LOGO-tve2-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/Worstenbrood1.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/ZorgkwekerijLieseind1-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/climavision1-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/figaro3-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/hbg.jpg
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/hetbrabantsgevoel2-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/homepage-photo.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/homepage-photo.png);
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/image3-500x500.jpg
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/independer3-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/slagerijdennisvandeven7-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/sporthal2-190x80.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-content/uploads/teamuitje-b-jeugd-500x308.png
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.1
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://handbalzephyr.nl/wp-includes/js/jquery/jquery.js?ver=1.11.1
Source: slick.min[1].js0.2.drString found in binary or memory: http://kenwheeler.github.io
Source: slick.min[1].js0.2.drString found in binary or memory: http://kenwheeler.github.io/slick
Source: jquery.form.min[1].js.2.drString found in binary or memory: http://malsup.com/jquery/form/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://ogp.me/ns#
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: http://pink-koala.mnyt
Source: smartlink[1].htm.2.drString found in binary or memory: http://pink-koala.mnytrk.com/smartlink?mongo_id=5d017cd95376fb44427e070a&redirect_url=https%3A%2F%2F
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: http://pink-koala.mnytrk.com/smartlink?user_id=6&source_type=popunder&media_type=mainstream&vertical
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: http://realcenter-mobiife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1leapps2.com/away.php?u=0q782k7&o
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: http://realcenter-mobileapps2.com/away.php?u=0q782k7&o=1apk8b8&f=1
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://schema.org
Source: 960[1].css.2.drString found in binary or memory: http://sonspring.com/journal/clearing-floats
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: http://sweeps3513.wtflife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: http://sweeps3513.wtfll/ife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1Root
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://take-prizes-here12.com/?u=0q782k7&o=1apk8b8
Source: kCH25Q4L0000V8100HIT1A9K405L1GWF0TPC00T0c98506R705L1G00[1].htm.2.drString found in binary or memory: http://track.fungiers.com/offer.png
Source: kCH25Q4L0000V8100HIT1A9K405L1GWF0TPC00T0c98506R705L1G00[1].htm.2.drString found in binary or memory: http://track.fungiers.com/track?txId=M2019061222-e6f8551ee0ed026df24ea8ffc3cb5957&traffic_source_id=
Source: frontend[1].css.2.drString found in binary or memory: http://wordpress.org/extend/plugins/easy-media-gallery/
Source: msapplication.xml.1.drString found in binary or memory: http://www.amazon.com/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.climavision.nl/
Source: msapplication.xml1.1.drString found in binary or memory: http://www.google.com/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.hetbrabantsgevoel.nl
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.icetex.nl/
Source: msapplication.xml2.1.drString found in binary or memory: http://www.live.com/
Source: jquery.mousewheel-3.0.6.pack[1].js.2.drString found in binary or memory: http://www.mathias-bank.de)
Source: msapplication.xml3.1.drString found in binary or memory: http://www.nytimes.com/
Source: msapplication.xml4.1.drString found in binary or memory: http://www.reddit.com/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.slagerijdennisvandeven.nl
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.tve.nl
Source: msapplication.xml5.1.drString found in binary or memory: http://www.twitter.com/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.vandenoetelaar-metaal.nl/
Source: movie[1].dat.2.drString found in binary or memory: http://www.videolan.org/x264.html
Source: 6CZ0A1BY.htm.2.dr, -nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ[1].htm.2.drString found in binary or memory: http://www.wapforum.org/DTD/xhtml-mobile10.dtd
Source: msapplication.xml6.1.drString found in binary or memory: http://www.wikipedia.com/
Source: msapplication.xml7.1.drString found in binary or memory: http://www.youtube.com/
Source: 960[1].css.2.drString found in binary or memory: http://www.yuiblog.com/blog/2010/09/27/clearfix-reloaded-overflowhidden-demystified
Source: 5YYR7E8W.htm.2.drString found in binary or memory: http://www.zorgkwekerijlieseind.nl/
Source: 2Y7VQ89P.htm.2.drString found in binary or memory: https://2.confirmeo.com/?lp=video1&cid=598329178&uid=6&ts=0&eid=m2019061222-e6f8551ee0ed026df24ea8ff
Source: js[1].js.2.drString found in binary or memory: https://adservice.google.com/ddm/regclk
Source: analytics[1].js.2.drString found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizRoot
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.dr, away[1].htm.2.drString found in binary or memory: https://best.prizedeal32.info/?utm_medium=ccb1966b9d7c2c6b97aced65bb3ff188a3ca62cc&utm_campaign=main
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497.com/185392/f6612a1d516725be822f3424f22fe64f/e35131
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=6701774974790664271&clickverify=1&utm_content=fdc2c69a9caf9d
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=67017749764271&clickverify=1&utm_content=fdc2c69a9caf9dad939
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497?lp=video1&cid=598329178&uid=6&ts=0&eid=m2019061222
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497aa9b59248365d547186e&s1=dvx&cid=6701774974790664271
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497b
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497n
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497nSda/rDN3/ojdn/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxL
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497nSda/rDN3/uSJk/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxL
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497om/in.php?campaign=58500fec724faa9b59248365d547186e
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedeal32.info/?utm_term=670177497rk.com/smartlink?user_id=6&source_type=popunder&med
Source: 6CZ0A1BY.htm.2.drString found in binary or memory: https://best.prizedeal32.info/proc.php?7fd970a484e435f7b3fefa3de005424e7017883b
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://best.prizedealleapps2.com/away.php?u=0q782k7&o=1apk8b8&f=132.info/?utm_medium=ccb1966b9d7c2c
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://confirmeo.com/
Source: smartlink[1].htm0.2.drString found in binary or memory: https://confirmeo.com/?lp=video1&amp;cid=598329178&amp;uid=6&amp;ts=0&amp;eid=m2019061222-e6f8551ee0
Source: smartlink[1].htm0.2.drString found in binary or memory: https://confirmeo.com/?lp=video1&amp;cid=598329178&amp;uid=6&amp;ts=p;ts=0&amp;eid=m2019061222-e6f85
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://confirmeo.com/?lp=video1&cid=598329178&uid=6&ts=0&eid=m2019061222-e6f8551ee0ed026df24ea8ffc3
Source: js[1].js.2.drString found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: jquery.form.min[1].js.2.drString found in binary or memory: https://github.com/malsup/form
Source: jquery.form.min[1].js.2.drString found in binary or memory: https://github.com/malsup/form#copyright-and-license
Source: 6CZ0A1BY.htm.2.drString found in binary or memory: https://goo.gl/kLsUWi
Source: -nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ[1].htm.2.drString found in binary or memory: https://ico.minently.com/kt/ch/46/favicon.ico
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://minently.com/
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://minently.com/R
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.dr, ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://minently.com/RnSda/rDN3/ojdn/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ?qDo=WW_M
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://minently.com/RnSda/rDN3/uSJk/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ/_jIz7aUk
Source: J1FUHZD2.htm.2.drString found in binary or memory: https://s2-04c957c2-de0b-42f5-ba57-be49d38709d8-1560378585-367959.qclick.pro/?
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: analytics[1].js.2.drString found in binary or memory: https://stats.g.doubleclick.net/r/collect?t=dc&aip=1&_r=3&
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://track.fungiers
Source: -nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ[1].htm.2.dr, ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://track.fungiers.com/185392/f6612a1d516725be822f3424f22fe64f/e3513143202a282b3c89436ac2877991/
Source: {FD7BA62F-8DAC-11E9-AADA-C25F135D3C65}.dat.1.drString found in binary or memory: https://up.trkgenius.c
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://up.trkgenius.com/in.html?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=67017749747906
Source: ~DFB73F3A0A1E82C544.TMP.1.drString found in binary or memory: https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=670177497479066
Source: 5YYR7E8W.htm.2.drString found in binary or memory: https://www.figaroroadshow.com/
Source: js[1].js.2.drString found in binary or memory: https://www.google-analytics.com/analytics.js
Source: analytics[1].js.2.drString found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: analytics[1].js.2.drString found in binary or memory: https://www.google.%/ads/ga-audiences
Source: 2Y7VQ89P.htm.2.drString found in binary or memory: https://www.googletagmanager.com/gtag/js?id=UA-72940345-42
Source: js[1].js.2.drString found in binary or memory: https://www.googletraveladservices.com/travel/clk/pagead/conversion/
Source: js[1].js.2.drString found in binary or memory: https://www.googletraveladservices.com/travel/flights/clk
Source: 5YYR7E8W.htm.2.drString found in binary or memory: https://www.independer.nl
Source: smartlink[1].htm.2.drString found in binary or memory: https://www.nummorum.net/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: https://www.youtube.com/
Source: 5YYR7E8W.htm.2.drString found in binary or memory: https://yoast.com/wordpress/plugins/seo/
Uses HTTPSShow sources
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443

System Summary:

barindex
Classification labelShow sources
Source: classification engineClassification label: clean0.win@3/72@21/18
Creates files inside the user directoryShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Microsoft\Internet Explorer\Recovery\HighJump to behavior
Creates temporary filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile created: C:\Users\user\AppData\Local\Temp\~DFFF1978033C578B5B.TMPJump to behavior
Reads ini filesShow sources
Source: C:\Program Files\internet explorer\iexplore.exeFile read: C:\Users\desktop.iniJump to behavior
Spawns processesShow sources
Source: unknownProcess created: C:\Program Files\internet explorer\iexplore.exe 'C:\Program Files\Internet Explorer\iexplore.exe' -Embedding
Source: unknownProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4580 CREDAT:17410 /prefetch:2
Source: C:\Program Files\internet explorer\iexplore.exeProcess created: C:\Program Files (x86)\Internet Explorer\iexplore.exe 'C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE' SCODEF:4580 CREDAT:17410 /prefetch:2Jump to behavior
Found graphical window changes (likely an installer)Show sources
Source: Window RecorderWindow detected: More than 3 window changes detected
Uses new MSVCR DllsShow sources
Source: C:\Program Files (x86)\Internet Explorer\iexplore.exeFile opened: C:\Program Files (x86)\Java\jre1.8.0_171\bin\msvcr100.dllJump to behavior

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 141295 URL: http://handbalzephyr.nl Startdate: 13/06/2019 Architecture: WINDOWS Score: 0 11 pink-koala.mnytrk.com 2->11 6 iexplore.exe 6 84 2->6         started        process3 process4 8 iexplore.exe 1 94 6->8         started        dnsIp5 13 arre.work 104.18.41.115, 49735, 49736, 80 unknown United States 8->13 15 astrulitzorem.com 104.27.134.134, 49739, 49740, 80 unknown United States 8->15 17 26 other IPs or domains 8->17

Simulations

Behavior and APIs

No simulations

Antivirus and Machine Learning Detection

Initial Sample

SourceDetectionScannerLabelLink
http://handbalzephyr.nl0%virustotalBrowse

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

SourceDetectionScannerLabelLink
p.billysrv.com0%virustotalBrowse
minently.com0%virustotalBrowse
kiwitrack.pro0%virustotalBrowse
arre.work0%virustotalBrowse
best.prizedeal32.info0%virustotalBrowse
take-prizes-here12.com0%virustotalBrowse
cec02.euc.gasmobi.edgetcdn.com0%virustotalBrowse
astrulitzorem.com0%virustotalBrowse
realcenter-mobileapps2.com0%virustotalBrowse
confirmeo.com0%virustotalBrowse
handbalzephyr.nl0%virustotalBrowse
eslitrezo.com0%virustotalBrowse
ico.minently.com0%virustotalBrowse
track.fungiers.com0%virustotalBrowse
s1-4d678282a7.kiwitrack.pro0%virustotalBrowse
bidstraff.com0%virustotalBrowse

URLs

SourceDetectionScannerLabelLink
http://handbalzephyr.nl/rolstoel-handbal/0%Avira URL Cloudsafe
http://handbalzephyr.nl/Root0%Avira URL Cloudsafe
http://realcenter-mobileapps2.com/away.php?u=0q782k7&o=1apk8b8&f=10%Avira URL Cloudsafe
http://handbalzephyr.nl/kohler-systems-support/0%Avira URL Cloudsafe
http://handbalzephyr.nl/papier-inzameling/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/homepage-photo.png);0%Avira URL Cloudsafe
http://take-prizes-here12.com/?u=0q782k7&o=1apk8b80%virustotalBrowse
http://take-prizes-here12.com/?u=0q782k7&o=1apk8b80%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/image3-500x500.jpg0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/themes/handbalzephyr/js/fancybox2/jquery.fancybox.pack.js0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/JPG-5780-500x331.jpg0%Avira URL Cloudsafe
http://handbalzephyr.nl/teams/meisjes-e-jeugd/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/teamuitje-b-jeugd-500x308.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/LOGO-oetelaar1-190x80.png0%Avira URL Cloudsafe
http://track.fungiers.com/offer.png0%virustotalBrowse
http://track.fungiers.com/offer.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/ZorgkwekerijLieseind1-190x80.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/hetbrabantsgevoel2-190x80.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/?s=0%Avira URL Cloudsafe
http://handbalzephyr.nl/handbal-promo/0%Avira URL Cloudsafe
https://best.prizedealleapps2.com/away.php?u=0q782k7&o=1apk8b8&f=132.info/?utm_medium=ccb1966b9d7c2c0%Avira URL Cloudsafe
http://handbalzephyr.nl/competitie/0%Avira URL Cloudsafe
https://best.prizedeal32.info/?utm_term=670177497?lp=video1&cid=598329178&uid=6&ts=0&eid=m20190612220%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/plugins/easy-media-gallery/css/styles/mediabox/Light.css0%Avira URL Cloudsafe
https://best.prizedeal32.info/proc.php?7fd970a484e435f7b3fefa3de005424e7017883b0%Avira URL Cloudsafe
https://best.prizedeal32.info/?utm_term=670177497aa9b59248365d547186e&s1=dvx&cid=67017749747906642710%Avira URL Cloudsafe
http://arre.work/click/1/2bfc4836-39f4-4d02-a86d-4e3287fca7490%virustotalBrowse
http://arre.work/click/1/2bfc4836-39f4-4d02-a86d-4e3287fca7490%Avira URL Cloudsafe
https://minently.com/R0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/independer3-190x80.png0%Avira URL Cloudsafe
https://best.prizedeal32.info/?utm_term=67017749764271&clickverify=1&utm_content=fdc2c69a9caf9dad9390%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-includes/js/jquery/jquery.js?ver=1.11.10%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/Worstenbrood1.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/teams/gemengd-f-jeugd/0%Avira URL Cloudsafe
http://handbalzephyr.nl/externe-links/0%Avira URL Cloudsafe
http://handbalzephyr.nl/teams/0%Avira URL Cloudsafe
http://www.climavision.nl/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/plugins/contact-form-7/includes/js/jquery.form.min.js?ver=3.51.0-2014.06.200%Avira URL Cloudsafe
http://handbalzephyr.nl/scheidsrechters/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.2.10%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/plugins/tablepress/css/default.min.css?ver=1.5.10%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/reset.css0%Avira URL Cloudsafe
https://up.trkgenius.com/in.php?campaign=58500fec724faa9b59248365d547186e&s1=dvx&cid=6701774974790660%Avira URL Cloudsafe
http://handbalzephyr.nl/informatie/handbal-spelregels/0%Avira URL Cloudsafe
http://handbalzephyr.nl/category/persartikelen/0%Avira URL Cloudsafe
https://minently.com/RnSda/rDN3/ojdn/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ?qDo=WW_M0%Avira URL Cloudsafe
http://handbalzephyr.nl/teams/jongens-b-jeugd/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/themes/handbalzephyr/images/logo.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/informatie/nhv-gedragcodes/0%Avira URL Cloudsafe
https://ico.minently.com/kt/ch/46/favicon.ico0%Avira URL Cloudsafe
https://best.prizedeal32.info/?utm_term=6701774970%Avira URL Cloudsafe
https://confirmeo.com/?lp=video1&cid=598329178&uid=6&ts=0&eid=m2019061222-e6f8551ee0ed026df24ea8ffc30%Avira URL Cloudsafe
http://handbalzephyr.nl/2018/03/01/worstenbroodjes-actie-carnaval-2018/0%Avira URL Cloudsafe
http://handbalzephyr.nl/trainers-en-coaches/0%Avira URL Cloudsafe
http://handbalzephyr.nl/informatie/sponsoring/0%Avira URL Cloudsafe
http://handbalzephyr.nl/overig-kader/0%Avira URL Cloudsafe
http://handbalzephyr.nl/materiaalbeheer/0%Avira URL Cloudsafe
http://eslitrezo.com/kt/ch/46/favicon.ico?0%Avira URL Cloudsafe
http://handbalzephyr.nl/2019/01/30/worstenbroodjes/0%Avira URL Cloudsafe
http://handbalzephyr.nl/2018/04/06/fotos-uit-de-oude-doos/0%Avira URL Cloudsafe
http://handbalzephyr.nl0%virustotalBrowse
http://handbalzephyr.nl0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/homepage-photo.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/LOGO-tve2-190x80.png0%Avira URL Cloudsafe
http://sweeps3513.wtfll/ife55.life/7213144471/?u=0q782k7&o=1apk8b8&f=1Root0%Avira URL Cloudsafe
http://handbalzephyr.nl/teams/heren/0%Avira URL Cloudsafe
http://handbalzephyr.nl/2018/05/22/interland-rolstoelhandbal/0%Avira URL Cloudsafe
http://pink-koala.mnyt0%Avira URL Cloudsafe
http://handbalzephyr.nl/2018/04/16/verkiezingen-vereniging-van-het-jaar/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/Kohler-Systems-Support-190x80.png0%Avira URL Cloudsafe
http://handbalzephyr.nl/agenda/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/plugins/easy-media-gallery/includes/js/func/html5.js0%Avira URL Cloudsafe
http://ghozylab.com/0%virustotalBrowse
http://ghozylab.com/0%Avira URL Cloudsafe
http://handbalzephyr.nl/commissies/toernooi-commissie/0%Avira URL Cloudsafe
http://handbalzephyr.nl/2019/01/17/helden-van-b-jeugd-strijden-tegen-elkaar-op-kartbaan-uden/0%Avira URL Cloudsafe
https://best.prizedeal32.info/?utm_medium=ccb1966b9d7c2c6b97aced65bb3ff188a3ca62cc&utm_campaign=main0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/plugins/contact-form-7/includes/js/scripts.js?ver=4.0.10%Avira URL Cloudsafe
http://handbalzephyr.nl/2018/01/29/carnavalstraining-7-februari-voor-f-en-e-jeugd/0%Avira URL Cloudsafe
https://www.nummorum.net/0%Avira URL Cloudsafe
http://handbalzephyr.nl/2019/01/30/papier-inzameling-3/0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/themes/handbalzephyr/css/main.css0%Avira URL Cloudsafe
http://handbalzephyr.nl/wedstrijdverslagen/dames/0%Avira URL Cloudsafe
http://handbalzephyr.nl/sponsoren-2/0%Avira URL Cloudsafe
https://minently.com/RnSda/rDN3/uSJk/-nsy66txxVnGc0ElKPrtTzsMg30bj4cJhDxLx7UbqKtnp3qUggtUPQ/_jIz7aUk0%Avira URL Cloudsafe
http://handbalzephyr.nl/wp-content/uploads/figaro3-190x80.png0%Avira URL Cloudsafe

Yara Overview

Initial Sample

No yara matches

PCAP (Network Traffic)

No yara matches

Dropped Files

No yara matches

Memory Dumps

No yara matches

Unpacked PEs

No yara matches

Joe Sandbox View / Context

IPs

No context

Domains

No context

ASN

No context

JA3 Fingerprints

No context

Dropped Files

No context

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.