Windows Analysis Report
http://wildcard.tagumnationaltradeschool.com/encryption.htm

Overview

General Information

Sample URL:	http://wildcard.tagumnationaltradeschool.com/encryption.htm
Analysis ID:	1417363
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden URLs or javascript code

Classification

Signatures

HTML page contains hidden URLs or javascript code

Source: https://vxr.ox5w.com/vErhAoyb/

HTTP Parser: Base64 decoded: <!DOCTYPE html><html lang="en"><head> <script src="https://code.jquery.com/jquery-3.6.0.min.js"></script> <script src="https://challenges.cloudflare.com/turnstile/v0/api.js?render=explicit"></script> <meta http-equiv="X-UA-Compatible" c...

Source: http://wildcard.tagumnationaltradeschool.com/encryption.htm	HTTP Parser: No favicon
Source: https://vxr.ox5w.com/vErhAoyb/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.215.0.176
Source: unknown	TCP traffic detected without corresponding DNS query: 23.215.0.176
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: HTTP/1.1 200 OKConnection: Keep-AliveKeep-Alive: timeout=5, max=100content-type: text/htmllast-modified: Thu, 28 Mar 2024 18:42:25 GMTaccept-ranges: bytescontent-encoding: gzipvary: Accept-Encodingcontent-length: 2550date: Fri, 29 Mar 2024 03:43:47 GMTserver: LiteSpeedData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 99 5d 73 da 58 12 86 ef f7 57 38 53 bb 75 50 c9 35 91 40 7c 2d 61 b6 c0 06 8c 6d 8c c1 c6 06 33 de 14 88 2f c7 18 58 90 07 9c c4 ff 7d eb 69 b9 05 8e 93 ec ec c5 d6 e6 82 92 74 8e ba df 7e fb ed ee 23 e7 c3 bb c3 fa c1 65 e7 bc b4 37 09 1e a6 bf 7d 08 7f 57 fe f2 6e 11 fc f6 97 bd 97 7f 7f f4 96 7b 9d e2 a8 d6 69 ef e5 f7 7e f9 25 17 2d 8c 1e 67 7e 70 37 9f ed 7d 74 36 5e 72 e0 c6 47 b1 8f ce 66 98 4a 39 a3 cc fe 47 67 93 4c c6 dd 94 67 7d f1 e7 b3 55 c0 a6 78 22 9b 1d c6 f3 31 7d 31 66 7d 99 0e c3 95 a1 93 e8 c7 f3 ef de 75 6f 73 cb 61 f0 b8 9c 45 d6 b1 99 4c 24 d2 5e 12 9b 9e 9b 4d a4 06 3b 36 dd a1 eb 3a f1 7c 64 e3 1f 3b c6 ef 04 d0 9b 57 92 7d 2f e9 64 f2 d1 52 d7 f4 16 c6 36 8b a9 b1 cd 93 b9 dd 71 d8 5b 8e 1f 1f 86 b3 60 65 29 aa e8 a5 fc ec 71 3a dd 8f ac e5 9e 9f ff be e3 f9 79 67 bf c6 d6 bd dd 8f f0 e6 9e 73 cf 31 cb e2 41 22 dd 4b f5 dd 7c 44 4f 2c 98 dc ad f6 77 6c 6d 2d 85 5b bb 26 98 1b db 5c 04 c6 36 cb 3b 63 9b d9 d8 dc c6 ac ae 59 0d 8d 6d 7a 4b 63 1b 7f 62 6e 63 26 16 33 b6 89 fd 6a 6c 63 5b af 7f fe 6a ac 1f 5a f1 79 3c 5b 19 db 04 98 7a f4 b9 e2 d9 32 a4 26 04 f1 df ba cb 3d 5b b9 e8 e5 98 95 db 26 23 93 ee bb c9 ef 69 22 39 f4 12 c9 de 0f 35 91 e8 8d fa 6e 1a 06 e3 d9 84 93 74 77 75 96 cd a4 b3 7e 3e b2 f1 56 13 6f 5e 71 33 c3 78 4a 34 11 2e 7d 47 13 2f 0e bf ab 89 f0 a5 48 13 a1 b5 9f 68 42 63 0b 35 11 e2 dd d1 84 eb 8c 52 89 7e 3e a2 e7 8d 26 b6 f4 b9 7e cf 73 f3 6f d9 4b f8 6e 32 95 c9 05 cb a7 2f d1 5d be ac db cc 92 e4 05 8f a4 75 66 6c f3 fb 26 ee 90 be 11 4f 66 92 72 34 31 67 2d 66 bd 6c 30 76 cc 7c 79 36 b6 f9 d5 d7 b5 95 c8 87 97 7c ae e6 a8 21 f6 fb 26 1e e7 f1 5b 17 ec 99 60 78 f5 b2 c7 8a bd ac 58 c6 b2 8d 95 33 56 cc ca 3d fb bd c0 9f 40 b9 9b cd f6 bc 9e b5 13 c1 fa 6e 36 98 af 73 cf 3b 45 11 06 fa 2c bc a5 dd 78 7c 98 8f 78 89 09 9b 83 ac 93 4a 3a f9 68 7d 57 e3 73 12 3c 34 b7 3f 5f fd fa f5 8b d8 f7 bc 81 37 88 e7 bb 66 ca 96 b1 d9 37 eb 5e 18 df be b9 23 c8 d1 dc ec 9b 21 2c 2c c3 92 d9 37 c3 0d ec c0 c5 82 f0 ef c4 b8 d9 37 01 6f f6 43 07 fb 61 ad f5 fc d0 5d 6e 34 5f c6 5e f2 d8 1f 39 49 2f 99 77 36 4e 2e ba fb 10 41 e9 9a e9 30 ac 5d db 04 13 73 bb dd 63 db bb 05 91 1e a4 d2 c9 ad 9e 7e 5e e5 5d b3 e0 d9 3c d0 9f a7 45 88 ab 6b fa d2 29 06 2f 4d 52 6c 85 82 f5 d2 a3 c1 28 bf c5 15 e1 10 81 27 d3 71 37 25 7a 0e 73 d1 8d 5e b9 fd fa 35 c2 97 8b ae ba e6 e3 47 08 db c2 e0 f6 63 98 26 0d e1 47 58 d4 c4 77 fa 5b 3e c2 f2 dd e5 6f 6d ca ce 1d 09 ed c0 ce 6f 51 3f 87 ad 2d ac d9 98 95 d3 02 cc f6 93 99 44 de 98 5c 34 14 f3 bd 60 de df ce c8 68 ab 97 89 f7 47 22 d0 70 64 be c9 ea 8e 1e 12 a3 be 97 8e ab 1e c2 bb 0f 91 c9 ef e9 21 dc 83 1e 22 54 76 fe 22 58 de cd c6 5d 33 12 8a 1f 8c 6d

Source: global traffic	HTTP traffic detected: GET /vErhAoyb/ HTTP/1.1Host: vxr.ox5w.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://wildcard.tagumnationaltradeschool.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/dc6b543c1346/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bcdba569793b7a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/86bcdba569793b7a/1711683832894/MCaq6yw_y9q6eFy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/86bcdba569793b7a/1711683832894/MCaq6yw_y9q6eFy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /HQJEUHALACHQYHUTHVRMFJQFTNHVEUGUKZASJAGPTFSCQNOGGOJSOYyr6vJiNsjoQJScnkgbkuftxveb?acxoaCRSTPRLPQFIYRAPOWUTCNUKJUGCPCVATBBLMDMVSFQBGMHAGRBBWDWHSFvmiqvhgwtrfcbwmesefxoaajgjybppwurp HTTP/1.1Host: vxr.ox5w.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://vxr.ox5w.com/vErhAoyb/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFvNTVyWHRwaEZ1ZTBIY3FrWlpOVnc9PSIsInZhbHVlIjoiNS9SYklZNEtJTVE3cFFXazBmUXFPVllaay9GWFM5emRmS0hFNmJsVWMvSEQzekRTYzAyL1g1OWFkcFRnYk5DY0h6cUM1ZXBXZ0tteVArekVLSXZIUXVINFhaYTdrdGJaWnU5MFhpenlXNDkvZnAyVEVXaHhtK1pYVUxzRHNMZ3ciLCJtYWMiOiI3YWZjMDQ5N2Y3MjZjZmQzODI3MzZhNjA4MTMxMGQxOTI0ZmMxOGE4YTE3YzYzNzc2NWMwZWM1ZmVhZjc2NmM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhuUHFPVWhnWGcwbW5wSFBvY2p0UUE9PSIsInZhbHVlIjoiN1BFRVc1RllGYTdKK01DVExkditxRllqMEZnbTQ1YSsrUWQ1TS9sM3R1YWh2Q0RxaG5oSFk5ckFxeGRwaEFKZ2JGak5nQ0pRY3lSV29PMm03ZkZWSXNMVU5XMWZEaWhOeDVKYkNnWnhDbmhsWVgzV2J6cVA2ZzI1bjVxMXlQcTIiLCJtYWMiOiI5OTA5NWUwYmExMjNhZDRjZTQ1MjhlMDdhMzQ2NjQxNmMzNTQwNzcyMmVjZTkwZjg2MDJkZWMxNDE2Yzc4NWMxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /soHJOXDQ2OlpbFCWg60ey5c84q4qe9MXoXNi5Gjmo HTTP/1.1Host: vxr.ox5w.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFvNTVyWHRwaEZ1ZTBIY3FrWlpOVnc9PSIsInZhbHVlIjoiNS9SYklZNEtJTVE3cFFXazBmUXFPVllaay9GWFM5emRmS0hFNmJsVWMvSEQzekRTYzAyL1g1OWFkcFRnYk5DY0h6cUM1ZXBXZ0tteVArekVLSXZIUXVINFhaYTdrdGJaWnU5MFhpenlXNDkvZnAyVEVXaHhtK1pYVUxzRHNMZ3ciLCJtYWMiOiI3YWZjMDQ5N2Y3MjZjZmQzODI3MzZhNjA4MTMxMGQxOTI0ZmMxOGE4YTE3YzYzNzc2NWMwZWM1ZmVhZjc2NmM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhuUHFPVWhnWGcwbW5wSFBvY2p0UUE9PSIsInZhbHVlIjoiN1BFRVc1RllGYTdKK01DVExkditxRllqMEZnbTQ1YSsrUWQ1TS9sM3R1YWh2Q0RxaG5oSFk5ckFxeGRwaEFKZ2JGak5nQ0pRY3lSV29PMm03ZkZWSXNMVU5XMWZEaWhOeDVKYkNnWnhDbmhsWVgzV2J6cVA2ZzI1bjVxMXlQcTIiLCJtYWMiOiI5OTA5NWUwYmExMjNhZDRjZTQ1MjhlMDdhMzQ2NjQxNmMzNTQwNzcyMmVjZTkwZjg2MDJkZWMxNDE2Yzc4NWMxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /encryption.htm HTTP/1.1Host: wildcard.tagumnationaltradeschool.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wildcard.tagumnationaltradeschool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wildcard.tagumnationaltradeschool.com/encryption.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: wildcard.tagumnationaltradeschool.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2587sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 6e9014182cd00d5sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 03:44:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvSXLq4ZueRVTzA%2BDFmo358DlLuGal6tas%2B1tZu9shwxUAzg6ZtHqJ0CiBjfEf1LSeRtnaW79YTzGut71izYbTgcF29DY3LkBoKvOrNWllqS3iToiar7JlUPY62wWQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 86bcdc1859155770-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 03:44:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2B80Ta9jblbg6ejxGUFut5isveRGQqfHa%2Bv%2FFzoUPpLXbt59Zw0BHgFLqF5de6TnluZC1rP0ard5%2BEmUKNv5tSjdBjrENQc8JXLDK5JzaB6iCE%2BO1Q6UC0e2h3SoEQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 86bcdc19789672ef-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 29 Mar 2024 03:43:52 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/14@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2024,i,12877383773421390629,14288830172986290803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wildcard.tagumnationaltradeschool.com/encryption.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2024,i,12877383773421390629,14288830172986290803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.251.16.103	www.google.com	United States	15169	GOOGLEUS	false
172.67.181.184	vxr.ox5w.com	United States	13335	CLOUDFLARENETUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.23.58.128	wildcard.tagumnationaltradeschool.com	United States	32748	STEADFASTUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
wildcard.tagumnationaltradeschool.com	198.23.58.128	true
vxr.ox5w.com	172.67.181.184	true
code.jquery.com	151.101.130.137	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.251.16.103	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=HvSXLq4ZueRVTzA%2BDFmo358DlLuGal6tas%2B1tZu9shwxUAzg6ZtHqJ0CiBjfEf1LSeRtnaW79YTzGut71izYbTgcF29DY3LkBoKvOrNWllqS3iToiar7JlUPY62wWQ%3D%3D	false		high
http://wildcard.tagumnationaltradeschool.com/encryption.htm	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/i/86bcdba569793b7a/1711683832894/MCaq6yw_y9q6eFy	false		high
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bcdba569793b7a	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal	false		high
https://vxr.ox5w.com/vErhAoyb/	false		unknown
https://vxr.ox5w.com/HQJEUHALACHQYHUTHVRMFJQFTNHVEUGUKZASJAGPTFSCQNOGGOJSOYyr6vJiNsjoQJScnkgbkuftxveb?acxoaCRSTPRLPQFIYRAPOWUTCNUKJUGCPCVATBBLMDMVSFQBGMHAGRBBWDWHSFvmiqvhgwtrfcbwmesefxoaajgjybppwurp	false		unknown
https://vxr.ox5w.com/soHJOXDQ2OlpbFCWg60ey5c84q4qe9MXoXNi5Gjmo	false	Avira URL Cloud: safe	unknown
http://wildcard.tagumnationaltradeschool.com/favicon.ico	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 45	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 46	gzip compressed data, from Unix, original size modulo 2^32 6178	385BAB1C5D01EC4A29A692B4B042D469	D7BBC27813C4900AA882560E7D7E178613FEE570	6FB0C9226228FCFBF575133E7C6C7B047EB01E0287969CCF402B73D4C2ABB05D
Chrome Cache Entry: 47	HTML document, ASCII text, with very long lines (6078), with no line terminators	E51D27A2A3CB21F40343BC5428535D4B	4A7A041FD5FC52C69618FA2B16CF2F520012F29E	5FB1804D45F923A3CE92AD9FF385C3D475640731A6EB5EC01350B47B8FB68D41
Chrome Cache Entry: 48	PNG image data, 55 x 38, 8-bit/color RGB, non-interlaced	DD242D731EE05B40905546A4B6AF4387	0EAF8ABBE50D5797FDF460F052358FD93834E7D9	95435D9B11468EF2768DA8C4426EBA372219B93CF34C4421A5449E6A642D8A8E
Chrome Cache Entry: 49	PNG image data, 55 x 38, 8-bit/color RGB, non-interlaced	DD242D731EE05B40905546A4B6AF4387	0EAF8ABBE50D5797FDF460F052358FD93834E7D9	95435D9B11468EF2768DA8C4426EBA372219B93CF34C4421A5449E6A642D8A8E
Chrome Cache Entry: 50	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 51	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 52	ASCII text, with very long lines (39928)	7F3FE50B0F2AD92528FF217C1B608B27	54FC4814C739C7142EF4A5B562140EE764BCBDFC	D2E584D67A5B1A868363ED5E83A72EA6BC2CAD8A052F64583D0FE95E7FA36E97

HTML page contains hidden URLs or javascript code

Source: https://vxr.ox5w.com/vErhAoyb/

Source: http://wildcard.tagumnationaltradeschool.com/encryption.htm	HTTP Parser: No favicon
Source: https://vxr.ox5w.com/vErhAoyb/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.221.242.90
Source: unknown	TCP traffic detected without corresponding DNS query: 23.215.0.176
Source: unknown	TCP traffic detected without corresponding DNS query: 23.215.0.176
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

Source: global traffic	HTTP traffic detected: GET /vErhAoyb/ HTTP/1.1Host: vxr.ox5w.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://wildcard.tagumnationaltradeschool.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/dc6b543c1346/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://vxr.ox5w.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=86bcdba569793b7a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/86bcdba569793b7a/1711683832894/MCaq6yw_y9q6eFy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv0/0/25djt/0x4AAAAAAAVqaOp0CxXNNQOg/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/i/86bcdba569793b7a/1711683832894/MCaq6yw_y9q6eFy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/489335247:1711681868:sMktTyikAgxgswsLkmfDSmecDBy5s81pm0cBjKYUIqw/86bcdba569793b7a/6e9014182cd00d5 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /HQJEUHALACHQYHUTHVRMFJQFTNHVEUGUKZASJAGPTFSCQNOGGOJSOYyr6vJiNsjoQJScnkgbkuftxveb?acxoaCRSTPRLPQFIYRAPOWUTCNUKJUGCPCVATBBLMDMVSFQBGMHAGRBBWDWHSFvmiqvhgwtrfcbwmesefxoaajgjybppwurp HTTP/1.1Host: vxr.ox5w.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: iframeReferer: https://vxr.ox5w.com/vErhAoyb/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFvNTVyWHRwaEZ1ZTBIY3FrWlpOVnc9PSIsInZhbHVlIjoiNS9SYklZNEtJTVE3cFFXazBmUXFPVllaay9GWFM5emRmS0hFNmJsVWMvSEQzekRTYzAyL1g1OWFkcFRnYk5DY0h6cUM1ZXBXZ0tteVArekVLSXZIUXVINFhaYTdrdGJaWnU5MFhpenlXNDkvZnAyVEVXaHhtK1pYVUxzRHNMZ3ciLCJtYWMiOiI3YWZjMDQ5N2Y3MjZjZmQzODI3MzZhNjA4MTMxMGQxOTI0ZmMxOGE4YTE3YzYzNzc2NWMwZWM1ZmVhZjc2NmM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhuUHFPVWhnWGcwbW5wSFBvY2p0UUE9PSIsInZhbHVlIjoiN1BFRVc1RllGYTdKK01DVExkditxRllqMEZnbTQ1YSsrUWQ1TS9sM3R1YWh2Q0RxaG5oSFk5ckFxeGRwaEFKZ2JGak5nQ0pRY3lSV29PMm03ZkZWSXNMVU5XMWZEaWhOeDVKYkNnWnhDbmhsWVgzV2J6cVA2ZzI1bjVxMXlQcTIiLCJtYWMiOiI5OTA5NWUwYmExMjNhZDRjZTQ1MjhlMDdhMzQ2NjQxNmMzNTQwNzcyMmVjZTkwZjg2MDJkZWMxNDE2Yzc4NWMxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /soHJOXDQ2OlpbFCWg60ey5c84q4qe9MXoXNi5Gjmo HTTP/1.1Host: vxr.ox5w.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XSRF-TOKEN=eyJpdiI6IkFvNTVyWHRwaEZ1ZTBIY3FrWlpOVnc9PSIsInZhbHVlIjoiNS9SYklZNEtJTVE3cFFXazBmUXFPVllaay9GWFM5emRmS0hFNmJsVWMvSEQzekRTYzAyL1g1OWFkcFRnYk5DY0h6cUM1ZXBXZ0tteVArekVLSXZIUXVINFhaYTdrdGJaWnU5MFhpenlXNDkvZnAyVEVXaHhtK1pYVUxzRHNMZ3ciLCJtYWMiOiI3YWZjMDQ5N2Y3MjZjZmQzODI3MzZhNjA4MTMxMGQxOTI0ZmMxOGE4YTE3YzYzNzc2NWMwZWM1ZmVhZjc2NmM4IiwidGFnIjoiIn0%3D; laravel_session=eyJpdiI6IkhuUHFPVWhnWGcwbW5wSFBvY2p0UUE9PSIsInZhbHVlIjoiN1BFRVc1RllGYTdKK01DVExkditxRllqMEZnbTQ1YSsrUWQ1TS9sM3R1YWh2Q0RxaG5oSFk5ckFxeGRwaEFKZ2JGak5nQ0pRY3lSV29PMm03ZkZWSXNMVU5XMWZEaWhOeDVKYkNnWnhDbmhsWVgzV2J6cVA2ZzI1bjVxMXlQcTIiLCJtYWMiOiI5OTA5NWUwYmExMjNhZDRjZTQ1MjhlMDdhMzQ2NjQxNmMzNTQwNzcyMmVjZTkwZjg2MDJkZWMxNDE2Yzc4NWMxIiwidGFnIjoiIn0%3D
Source: global traffic	HTTP traffic detected: GET /encryption.htm HTTP/1.1Host: wildcard.tagumnationaltradeschool.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: wildcard.tagumnationaltradeschool.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://wildcard.tagumnationaltradeschool.com/encryption.htmAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: wildcard.tagumnationaltradeschool.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 03:44:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=HvSXLq4ZueRVTzA%2BDFmo358DlLuGal6tas%2B1tZu9shwxUAzg6ZtHqJ0CiBjfEf1LSeRtnaW79YTzGut71izYbTgcF29DY3LkBoKvOrNWllqS3iToiar7JlUPY62wWQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 86bcdc1859155770-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 29 Mar 2024 03:44:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccess-Control-Allow-Origin: *X-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=T%2B80Ta9jblbg6ejxGUFut5isveRGQqfHa%2Bv%2FFzoUPpLXbt59Zw0BHgFLqF5de6TnluZC1rP0ard5%2BEmUKNv5tSjdBjrENQc8JXLDK5JzaB6iCE%2BO1Q6UC0e2h3SoEQ%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}alt-svc: h3=":443"; ma=86400Server: cloudflareCF-RAY: 86bcdc19789672ef-IAD
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundConnection: Keep-AliveKeep-Alive: timeout=5, max=100cache-control: private, no-cache, no-store, must-revalidate, max-age=0pragma: no-cachecontent-type: text/htmlcontent-length: 1251date: Fri, 29 Mar 2024 03:43:52 GMTserver: LiteSpeedData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 31 30 30 25 22 3e 0a 3c 68 65 61 64 3e 0a 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 73 68 72 69 6e 6b 2d 74 6f 2d 66 69 74 3d 6e 6f 22 20 2f 3e 0a 3c 74 69 74 6c 65 3e 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 74 69 74 6c 65 3e 3c 73 74 79 6c 65 3e 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 64 61 72 6b 29 7b 62 6f 64 79 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 30 30 30 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 3c 2f 73 74 79 6c 65 3e 3c 2f 68 65 61 64 3e 0a 3c 62 6f 64 79 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 20 23 34 34 34 3b 20 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 3a 20 6e 6f 72 6d 61 6c 20 31 34 70 78 2f 32 30 70 78 20 41 72 69 61 6c 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 73 61 6e 73 2d 73 65 72 69 66 3b 20 68 65 69 67 68 74 3a 31 30 30 25 3b 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 22 3e 0a 3c 64 69 76 20 73 74 79 6c 65 3d 22 68 65 69 67 68 74 3a 61 75 74 6f 3b 20 6d 69 6e 2d 68 65 69 67 68 74 3a 31 30 30 25 3b 20 22 3e 20 20 20 20 20 3c 64 69 76 20 73 74 79 6c 65 3d 22 74 65 78 74 2d 61 6c 69 67 6e 3a 20 63 65 6e 74 65 72 3b 20 77 69 64 74 68 3a 38 30 30 70 78 3b 20 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 20 2d 34 30 30 70 78 3b 20 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 20 74 6f 70 3a 20 33 30 25 3b 20 6c 65 66 74 3a 35 30 25 3b 22 3e 0a 20 20 20 20 20 20 20 20 3c 68 31 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 3a 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 35 30 70 78 3b 20 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 35 30 70 78 3b 20 66 6f 6e 74 2d 77 65 69 67 68 74 3a 62 6f 6c 64 3b 22 3e 34 30 34 3c 2f 68 31 3e 0a 3c 68 32 20 73 74 79 6c 65 3d 22 6d 61 72 67 69 6e 2d 74 6f 70 3a 32 30 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 20 33 30 70 78 3b 22 3e 4e 6f 74 20 46 6f 75 6e 64 0d 0a 3c 2f 68 32 3e 0a 3c 70 3e 54 68 65 20 72 65 73 6f 75 72 63 65 20 72 65 71 75 65 73 74 65 64 20 63 6f 75 6c 64 20 6e 6f 74 20 62 65 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 21 3c 2f 70 3e 0a 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 64 69 76 20 73 74 79 6c 65 3d 22 63 6f 6c 6f 72 3a 23 66 30 66 30 66 30 3b 20 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6d 61 72 67 69 6e 3a 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 30 70 78 20 33 30 70 78 20 30 70 78 20 33 30 70 78 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 63 6c 65 61 72 3a 62 6f 74 68 3b 68 65 69 67 68 74 3a 31 30 30 70 78 3b 6d 61 72

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.221.242.90:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/14@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2024,i,12877383773421390629,14288830172986290803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://wildcard.tagumnationaltradeschool.com/encryption.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2204 --field-trial-handle=2024,i,12877383773421390629,14288830172986290803,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1417363
Product:	CloudBasic
Start time:	04:42:57
Start date:	29.03.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://wildcard.tagumnationaltradeschool.com/encryption.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://wildcard.tagumnationaltradeschool.com/encryption.htm

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://wildcard.tagumnationaltradeschool.com/encryption.htm