Windows Analysis Report
https://id-email.ionanalytics.com/CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346

Overview

General Information

Sample URL:	https://id-email.ionanalytics.com/CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ce
Analysis ID:	1417427
Infos:

Detection

Score:	2
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Classification

Signatures

Detected hidden input values containing email addresses (often used in phishing pages)

Source: https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==

HTTP Parser: devriendt.bert@deme-group.com

HTML body contains low number of good links

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: Number of links: 1
Source: https://id.ionanalytics.com/	HTTP Parser: Number of links: 1

HTML page contains hidden URLs or javascript code

HTTP Parser: Base64 decoded: {"canUse":{"selfSignUp":false,"password":true,"sentinel":false,"domainSSO":false,"sso":false},"selfSignUpLink":"","ssoLoginLink":"","sentinelLoginLink":"","username":"devriendt.bert@deme-group.com","onSuccess":"https://infralogic.inframationnews.com/","u3...

HTTP Parser: <input type="password" .../> found

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/	HTTP Parser: No <meta name="author".. found

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49777 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346 HTTP/1.1Host: id-email.ionanalytics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /c/hotjar-3507811.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /modules.ad6500eebe72fe1c39dd.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: bQ7s/0nJNJdSpWFBTqIvpA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /ppms.js HTTP/1.1Host: mergermarkettest.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: r6BT74KM1MeSajVd/WVthg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V7fMuet+UMKewBE&MD=UYEK5bPz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: EoxGZCEgITMlHH1ayHS1uA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: okuPDnEEVkObyqmDymA32w==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ== HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: waSessionId=5cb73fd4-846a-4756-b725-fd31710a9cef; _hjSessionUser_3507811=eyJpZCI6IjYzYWZmNjhjLTljNTQtNTljYi1hMGVlLTRhNWEyMzgwZTNhMyIsImNyZWF0ZWQiOjE3MTE3MDA1NzQ0NDYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_3507811=eyJpZCI6IjFlMzA2NWU3LTQwODctNDE2Mi04MWNjLTgwMzcxZWQwYWI2OSIsImMiOjE3MTE3MDA1NzQ0NDcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; stg_traffic_source_priority=1; _pk_ses.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=*; stg_last_interaction=Fri%2C%2029%20Mar%202024%2008:23:17%20GMT; stg_returning_visitor=Fri%2C%2029%20Mar%202024%2008:23:17%20GMT; _pk_id.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=1b5a4b5ad270b6e5.1711700576.1.1711700598.1711700576.
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: W/"e3b84521e96e2398-b33e744fe54f468b"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Nkt1N/o6fyLer7hBU+o+jQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Ln7UvMDrnCLBhVYG9/VR8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: c/MA5d3ii5q8DWXR1U/7AQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V7fMuet+UMKewBE&MD=UYEK5bPz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: b3z/x+ee3Wc61zIqeJUTeg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: JG2jwkjC5yATr1tyIDpR8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGK_1mbAGIjCStCGhZC3jgEhrFre9uXdzQCsUVjuq_PZRCkZdW2k2EUBIY5I-MAjarZ0oixEXr64yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGK_1mbAGIjCI4kR4dLWUdi7dd3tqMTMQGwKxwhBS70NkGsaL9aZt5AkDo6aVIsTqoPLmdSU9KpAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGK_1mbAGIjCynJsh_tEy1xv9cjEmf68CIHTsHQRwICEy-QQZxbKiYl5orc5p_XWCos3FTmp95lQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: id.ionanalytics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: waSessionId=5cb73fd4-846a-4756-b725-fd31710a9cef; _hjSessionUser_3507811=eyJpZCI6IjYzYWZmNjhjLTljNTQtNTljYi1hMGVlLTRhNWEyMzgwZTNhMyIsImNyZWF0ZWQiOjE3MTE3MDA1NzQ0NDYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_3507811=eyJpZCI6IjFlMzA2NWU3LTQwODctNDE2Mi04MWNjLTgwMzcxZWQwYWI2OSIsImMiOjE3MTE3MDA1NzQ0NDcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; stg_traffic_source_priority=1; _pk_ses.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=*; stg_last_interaction=Fri%2C%2029%20Mar%202024%2008:24:06%20GMT; stg_returning_visitor=Fri%2C%2029%20Mar%202024%2008:24:06%20GMT; _pk_id.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=1b5a4b5ad270b6e5.1711700576.1.1711700650.1711700576.
Source: global traffic	HTTP traffic detected: GET /c/hotjar-3507811.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/aafc17b60db04595424399c582ade5b8
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"e3b84521e96e2398-b33e744fe54f468b"
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: L0Llt7iEPrNWr/jqs8+Uiw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: NQqzjZwgWyrN6KCs3BjOxw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: TAsvbQsqr1ukzjc5o7Jr8Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: sPXvOF4GAH4y3cOj0VmDYw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: coDNN3+IudmvCNw0+IyRNg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: id-email.ionanalytics.com

Source: unknown

HTTP traffic detected: POST /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveContent-Length: 10667sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain; charset=UTF-8Accept: */*Origin: https://id.ionanalytics.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_81.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_81.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: chromecache_87.1.dr	String found in binary or memory: https://github.com/piwik/piwik/blob/master/js/piwik.js
Source: chromecache_87.1.dr	String found in binary or memory: https://opensource.org/licenses/BSD-3-Clause
Source: chromecache_81.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_81.1.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_84.1.dr	String found in binary or memory: https://www.acuris.com/wat/v2/data
Source: chromecache_84.1.dr	String found in binary or memory: https://www.acuris.com/wat/v2/data-event
Source: chromecache_81.1.dr, chromecache_82.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_81.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: chromecache_82.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49777 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@19/38@46/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://id-email.ionanalytics.com/CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,1929288360669841973,16240257488727477855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,1929288360669841973,16240257488727477855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
18.160.10.95	unknown	United States	3	MIT-GATEWAYSUS	false
172.253.115.104	unknown	United States	15169	GOOGLEUS	false
52.51.163.76	unknown	United States	16509	AMAZON-02US	false
99.80.178.51	unknown	United States	16509	AMAZON-02US	false
20.93.211.47	pp-public-p-euw.piwik.pro	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
34.246.5.139	pacman-content-live.live.eks.hotjar.com	United States	16509	AMAZON-02US	false
18.160.18.112	script.hotjar.com	United States	3	MIT-GATEWAYSUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
18.160.18.77	unknown	United States	3	MIT-GATEWAYSUS	false
142.251.16.99	www.google.com	United States	15169	GOOGLEUS	false
18.160.10.71	d39h0d4ddiuzgv.cloudfront.net	United States	3	MIT-GATEWAYSUS	false
18.160.41.49	static-cdn.hotjar.com	United States	3	MIT-GATEWAYSUS	false
52.85.132.113	d1s9uddj7jio9l.cloudfront.net	United States	16509	AMAZON-02US	false
54.217.194.45	wsky-live.live.eks.hotjar.com	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16
192.168.2.23

Contacted Domains

Name	IP	Active
pacman-content-live.live.eks.hotjar.com	34.246.5.139	true
d39h0d4ddiuzgv.cloudfront.net	18.160.10.71	true
script.hotjar.com	18.160.18.112	true
d1s9uddj7jio9l.cloudfront.net	52.85.132.113	true
www.google.com	142.251.16.99	true
pp-public-p-euw.piwik.pro	20.93.211.47	true
wsky-live.live.eks.hotjar.com	54.217.194.45	true
static-cdn.hotjar.com	18.160.41.49	true
content.hotjar.io	unknown	unknown
id-email.ionanalytics.com	unknown	unknown
mergermarket.piwik.pro	unknown	unknown
mergermarkettest.piwik.pro	unknown	unknown
static.hotjar.com	unknown	unknown
id.ionanalytics.com	unknown	unknown
www.acuris.com	unknown	unknown
ws.hotjar.com	unknown	unknown
cdn.mmgcache.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://www.google.com/sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGK_1mbAGIjCStCGhZC3jgEhrFre9uXdzQCsUVjuq_PZRCkZdW2k2EUBIY5I-MAjarZ0oixEXr64yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://content.hotjar.io/?site_id=3507811&gzip=1	false	Avira URL Cloud: safe	unknown
https://mergermarkettest.piwik.pro/ppms.php	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==	false		unknown
https://mergermarkettest.piwik.pro/ppms.js	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGK_1mbAGIjCI4kR4dLWUdi7dd3tqMTMQGwKxwhBS70NkGsaL9aZt5AkDo6aVIsTqoPLmdSU9KpAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	false		unknown
https://www.google.com/async/newtab_promos	false		high
about:blank	false	Avira URL Cloud: safe	low
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://ws.hotjar.com/api/v2/client/ws?v=6&site_id=3507811	false		high
https://www.google.com/async/ddljson?async=ntp:2	false		high
https://id-email.ionanalytics.com/CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346	false		unknown
https://id.ionanalytics.com/login?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	false	Avira URL Cloud: safe	unknown
https://static.hotjar.com/c/hotjar-3507811.js?sv=6	false		high
https://id.ionanalytics.com/	false		unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/recaptcha/api.js	false		high
https://id.ionanalytics.com/signin	false	Avira URL Cloud: safe	unknown
https://script.hotjar.com/modules.ad6500eebe72fe1c39dd.js	false		high
https://www.google.com/async/newtab_ogb?hl=en-US&async=fixed:0	false		high
https://www.google.com/sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGK_1mbAGIjCynJsh_tEy1xv9cjEmf68CIHTsHQRwICEy-QQZxbKiYl5orc5p_XWCos3FTmp95lQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM	false		high
https://mergermarket.piwik.pro/containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 07:22:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6A4CE9323F237D66014AC2BE023006F2	5DC4408565A6468CD9518708D6FC63670EDA1BE1	5849349328321300C7FC05339EEAA3C88E8A76AE6060F9437255E97F8A682420
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 07:22:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	88125B9F8D09760E2B815C952531C927	A72674E659CD5A3A67CD6ACB3B195865C34213F7	ADAF1E2BE80A9FF599BDB79A24CB8F314CB3E9E108335D904C2C25CA04A2F575
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	2BAEFC8B6C0C3469D4AB6A5A86569D3E	FDA8F9E0366740B05C6600D72680F436326C3328	8951394222249464CC11DF2A8D9E0E60AEC0633AA567E307189B89A09FA0365D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 07:22:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A3D799AEE14F833992EDAACC5551ACE7	BC41A9BE4030A256B605E222E84A46C5E7751ACA	4C3D233AC49FFA99C696FC22E5BD82EF1864856552A867C9A809C1EB1D21A065
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 07:22:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9EC03D478EF6161A8DD4C98DC35AFC6A	DD9F84FF690D4B4F87102988FA673FBB0565655C	B8999A96A76F7B4B574A2B58336F26270FAC93B7FB4BD823E72D7B971E0A1486
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Mar 29 07:22:52 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	FC482897DEBE96A92A8A8F83C0B8E6B5	0E93C61113271E9FC868F10358C6F85A5738C789	C46004D70396FE8C471471AEE38FCE1062CAF5E4A046A78DB11C1304C241F998
Chrome Cache Entry: 73	ASCII text, with very long lines (1995), with no line terminators	3A4681190C30F156C68AE117A3DC4727	9CA031D57222B72A2FD98B3BFEA8859CA8745348	A786696672DABD9E1C68CB31EAA154938C776CC835ED3381B29658717F13F300
Chrome Cache Entry: 74	ASCII text, with very long lines (2806)	DE1A49574238E6E4A67D4B678A982C7F	CBCBEE8353C11812C334975BD74CABECCD7B3591	3CC971A4CF25F272CD7072078D7FD1902ED8C396F5703E817DFD807CCAB7B97C
Chrome Cache Entry: 75	HTML document, Unicode text, UTF-8 text, with very long lines (53464)	010019B1D9B9946CCAD38B9667CF8106	5946D055527C5D2A53237C79DDA2CD6E60B6910A	0FE0770CA7A956A1B8EB3B51DB9815F0F673D674DE184C06BA2197D0A21D8D2F
Chrome Cache Entry: 76	Web Open Font Format (Version 2), TrueType, length 14892, version 1.0	9EC6DEAF6BADA919E20B98F9F7B718B1	501D36403AD8205E4644532600019ECB10F5CB0A	7B348B30EA1FE43857E68FC462C29E5C6E63C97666AF75135C4396A272E54762
Chrome Cache Entry: 77	ASCII text	D1BD2CCAECEA11E5B03418E0AFEED55F	10323192DFB9FFA9B1CD0658A352EBEE9352B208	55BE8B195B7C6725B1BDC62B22AF9F95F2ED7F2DD160A6E3D7AC0177ADD6E2F9
Chrome Cache Entry: 78	ASCII text, with very long lines (7780)	AAFC17B60DB04595424399C582ADE5B8	54F6624E31230C6A780BA512A74225702D77B9BA	F4FA782D557A3E0454BD48EEBACEAF6A3DCADFE9B7BAB48DC22A44CB8368F91A
Chrome Cache Entry: 79	ASCII text, with very long lines (4793)	18FE4BE24D862441EB70E6AE90E6EEE2	C83ECD3EB2A0B6B2809CA3FF75C7AB6AD1ABEFCD	984AF944A3931F7B4E242571523F4856F84010A51E0B292332591781E0636513
Chrome Cache Entry: 80	ASCII text, with no line terminators	FE184B555AD8EDD7BCC09D4D1639BCC7	89E75A9ABF922F47F005D0179B8082D46A627940	925A101A196323B041A86AA117AB90CD956A157FAC0001C91E004848E912005B
Chrome Cache Entry: 81	ASCII text, with very long lines (596)	48C590D47C8B1868CECAB334E9A34CBE	5F1A9F94294EC337F657AC2EBEC1C74E097CE5B3	F3756825DF5194A174B7A55EBD3B484C276766EEF21343D34B053B98ED386801
Chrome Cache Entry: 82	ASCII text, with very long lines (1222), with no line terminators	13F205D907EAAD06744379FF66C6ECDB	096C28C619C99714192E2161A60315A404BC0618	15347086A4C3F7A12D7AE800FA711B988A1C1C1572262D53B9295D1E1A089E8A
Chrome Cache Entry: 83	ASCII text, with no line terminators	825644F747BAAB2C00E420DBBC39E4B3	10588307553E766AB3C7D328D948DC6754893CEF	7C41B898C5DA0CFA4AA049B65EF50248BCE9A72D24BEF4C723786431921B75AA
Chrome Cache Entry: 84	ASCII text, with very long lines (4512), with no line terminators	E535138217B764CB8D011AF629D9BFC4	D437D4A162B4C3A09049AF8EF19FB14EC9AC3C9E	99442AF6886AD78B731FC1A27A0E83386546D090739015CF6063EDC09C95CE13
Chrome Cache Entry: 85	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	CC3A7665543D83897A02B021101F9776	471B6CF9A181878CC90264DDF94A508A1386B904	853FD4633CD64FEAC3AD5813CE51A9EC9375BDA340507A05092AA1D389A7C9DB
Chrome Cache Entry: 86	ASCII text, with very long lines (65450)	645FC548E91F44AA4E1226EE86502370	E4075A2E73B3AB050D85F985847E5DB554B3B2C2	6265CA724F73E24568A94C7EA752B44E491C10231BFC8E80E86CD3F02EAB2E71
Chrome Cache Entry: 87	data	7155C484CB5BD2AE3C3FE468883AEC08	34852A7CE8B02D5F65F2D7AA87455E62A085F7DD	90C1259C518E899EF16D991AAD8E9A079E275295BDC623A764E0E5872C719404
Chrome Cache Entry: 88	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	CC3A7665543D83897A02B021101F9776	471B6CF9A181878CC90264DDF94A508A1386B904	853FD4633CD64FEAC3AD5813CE51A9EC9375BDA340507A05092AA1D389A7C9DB
Chrome Cache Entry: 89	ASCII text, with no line terminators	15AF598C38B4EC7933DCDFA9E0F81B97	CC4809534C75FBF5EEDD1A58B92C83460E78A148	C2CBA7643A7B74CADD54B6AC18D8D84AF1812A95D2924EC370379DF057C71709

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: devriendt.bert@deme-group.com

HTML body contains low number of good links

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: Number of links: 1
Source: https://id.ionanalytics.com/	HTTP Parser: Number of links: 1

HTML page contains hidden URLs or javascript code

HTTP Parser: <input type="password" .../> found

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==	HTTP Parser: No <meta name="author".. found
Source: https://id.ionanalytics.com/	HTTP Parser: No <meta name="author".. found

Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ==	HTTP Parser: No <meta name="copyright".. found
Source: https://id.ionanalytics.com/	HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49777 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.21.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 40.127.169.103
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 23.62.24.116
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346 HTTP/1.1Host: id-email.ionanalytics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /login?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.com HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEIucrNAQiJ080BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /c/hotjar-3507811.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /modules.ad6500eebe72fe1c39dd.js HTTP/1.1Host: script.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: bQ7s/0nJNJdSpWFBTqIvpA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /ppms.js HTTP/1.1Host: mergermarkettest.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: r6BT74KM1MeSajVd/WVthg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V7fMuet+UMKewBE&MD=UYEK5bPz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: EoxGZCEgITMlHH1ayHS1uA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: okuPDnEEVkObyqmDymA32w==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /signin/with-password?request=eyJjYW5Vc2UiOnsic2VsZlNpZ25VcCI6ZmFsc2UsInBhc3N3b3JkIjp0cnVlLCJzZW50aW5lbCI6ZmFsc2UsImRvbWFpblNTTyI6ZmFsc2UsInNzbyI6ZmFsc2V9LCJzZWxmU2lnblVwTGluayI6IiIsInNzb0xvZ2luTGluayI6IiIsInNlbnRpbmVsTG9naW5MaW5rIjoiIiwidXNlcm5hbWUiOiJkZXZyaWVuZHQuYmVydEBkZW1lLWdyb3VwLmNvbSIsIm9uU3VjY2VzcyI6Imh0dHBzOi8vaW5mcmFsb2dpYy5pbmZyYW1hdGlvbm5ld3MuY29tLyIsInUzaWQiOiI4QzI2MEExMS0zNEQ0LTRGQUUtQjAxRS1DOEZDMzU5QkExMDEifQ== HTTP/1.1Host: id.ionanalytics.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://id.ionanalytics.com/signin?onSuccess=https%3A%2F%2Finfralogic.inframationnews.com&username=devriendt.bert%40deme-group.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: waSessionId=5cb73fd4-846a-4756-b725-fd31710a9cef; _hjSessionUser_3507811=eyJpZCI6IjYzYWZmNjhjLTljNTQtNTljYi1hMGVlLTRhNWEyMzgwZTNhMyIsImNyZWF0ZWQiOjE3MTE3MDA1NzQ0NDYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_3507811=eyJpZCI6IjFlMzA2NWU3LTQwODctNDE2Mi04MWNjLTgwMzcxZWQwYWI2OSIsImMiOjE3MTE3MDA1NzQ0NDcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; stg_traffic_source_priority=1; _pk_ses.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=*; stg_last_interaction=Fri%2C%2029%20Mar%202024%2008:23:17%20GMT; stg_returning_visitor=Fri%2C%2029%20Mar%202024%2008:23:17%20GMT; _pk_id.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=1b5a4b5ad270b6e5.1711700576.1.1711700598.1711700576.
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"If-None-Match: W/"e3b84521e96e2398-b33e744fe54f468b"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Nkt1N/o6fyLer7hBU+o+jQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: Ln7UvMDrnCLBhVYG9/VR8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: c/MA5d3ii5q8DWXR1U/7AQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=V7fMuet+UMKewBE&MD=UYEK5bPz HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: b3z/x+ee3Wc61zIqeJUTeg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: JG2jwkjC5yATr1tyIDpR8g==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=20&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/ddljson?async=ntp:2 HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_ogb?hl=en-US&async=fixed:0 HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /async/newtab_promos HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/ddljson%3Fasync%3Dntp:2&q=EgRmpTArGK_1mbAGIjCStCGhZC3jgEhrFre9uXdzQCsUVjuq_PZRCkZdW2k2EUBIY5I-MAjarZ0oixEXr64yAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_ogb%3Fhl%3Den-US%26async%3Dfixed:0&hl=en-US&q=EgRmpTArGK_1mbAGIjCI4kR4dLWUdi7dd3tqMTMQGwKxwhBS70NkGsaL9aZt5AkDo6aVIsTqoPLmdSU9KpAyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.google.com/async/newtab_promos&q=EgRmpTArGK_1mbAGIjCynJsh_tEy1xv9cjEmf68CIHTsHQRwICEy-QQZxbKiYl5orc5p_XWCos3FTmp95lQyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&oft=1&pgcl=7&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CIu2yQEIprbJAQipncoBCLbgygEIlaHLAQj2mM0BCIWgzQEI3L3NAQi5ys0BCMfRzQEIidPNAQjc080BCMvWzQEI9NbNAQiK180BCKfYzQEI+cDUFRi60s0BGMvYzQEY642lFw==Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: NID=511=LtGInZ4I4WDrCvCHQBVMHOy4a-sqzpSrMO-Rwr8ezStTz_kfoi2bri7uGdXfNvskAEO_Tj5Jkwl0XSN-qA6MYiGShcDB_vNQOl1bpl3aua7gMrDRvWsHLpAuFBlBnNxTMeen95XElzx3r4myG8p8sgSHdx4NBawYGaI5oFn_dZ8; 1P_JAR=2024-03-29-08
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: id.ionanalytics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: waSessionId=5cb73fd4-846a-4756-b725-fd31710a9cef; _hjSessionUser_3507811=eyJpZCI6IjYzYWZmNjhjLTljNTQtNTljYi1hMGVlLTRhNWEyMzgwZTNhMyIsImNyZWF0ZWQiOjE3MTE3MDA1NzQ0NDYsImV4aXN0aW5nIjp0cnVlfQ==; _hjSession_3507811=eyJpZCI6IjFlMzA2NWU3LTQwODctNDE2Mi04MWNjLTgwMzcxZWQwYWI2OSIsImMiOjE3MTE3MDA1NzQ0NDcsInMiOjEsInIiOjEsInNiIjowLCJzciI6MCwic2UiOjAsImZzIjoxLCJzcCI6MH0=; stg_traffic_source_priority=1; _pk_ses.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=*; stg_last_interaction=Fri%2C%2029%20Mar%202024%2008:24:06%20GMT; stg_returning_visitor=Fri%2C%2029%20Mar%202024%2008:24:06%20GMT; _pk_id.ae0e8b73-d9b9-41ee-8b68-1d346224590e.081e=1b5a4b5ad270b6e5.1711700576.1.1711700650.1711700576.
Source: global traffic	HTTP traffic detected: GET /c/hotjar-3507811.js?sv=6 HTTP/1.1Host: static.hotjar.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/aafc17b60db04595424399c582ade5b8
Source: global traffic	HTTP traffic detected: GET /containers/ae0e8b73-d9b9-41ee-8b68-1d346224590e.js HTTP/1.1Host: mergermarket.piwik.proConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://id.ionanalytics.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"e3b84521e96e2398-b33e744fe54f468b"
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: L0Llt7iEPrNWr/jqs8+Uiw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /?site_id=3507811&gzip=1 HTTP/1.1Host: content.hotjar.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: NQqzjZwgWyrN6KCs3BjOxw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: TAsvbQsqr1ukzjc5o7Jr8Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: sPXvOF4GAH4y3cOj0VmDYw==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /api/v2/client/ws?v=6&site_id=3507811 HTTP/1.1Host: ws.hotjar.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://id.ionanalytics.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: coDNN3+IudmvCNw0+IyRNg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits

Source: unknown

DNS traffic detected: queries for: id-email.ionanalytics.com

Source: unknown

Source: chromecache_81.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_81.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_81.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qN67lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNK7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNa7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qNq7lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qO67lqDY.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qOK7l.woff2)
Source: chromecache_77.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/sourcesanspro/v22/6xK3dSBYKcSV-LCoeQqfX1RYOo3qPK7lqDY.woff2)
Source: chromecache_87.1.dr	String found in binary or memory: https://github.com/piwik/piwik/blob/master/js/piwik.js
Source: chromecache_87.1.dr	String found in binary or memory: https://opensource.org/licenses/BSD-3-Clause
Source: chromecache_81.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_81.1.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_81.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_84.1.dr	String found in binary or memory: https://www.acuris.com/wat/v2/data
Source: chromecache_84.1.dr	String found in binary or memory: https://www.acuris.com/wat/v2/data-event
Source: chromecache_81.1.dr, chromecache_82.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_81.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__.
Source: chromecache_82.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/moV1mTgQ6S91nuTnmll4Y9yf/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 40.127.169.103:443 -> 192.168.2.16:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.62.24.116:443 -> 192.168.2.16:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 52.165.165.26:443 -> 192.168.2.16:49777 version: TLS 1.2

Source: classification engine

Classification label: clean2.win@19/38@46/16

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://id-email.ionanalytics.com/CL0/https:%2F%2Fid.ionanalytics.com%2Flogin%3FonSuccess=https%253A%252F%252Finfralogic.inframationnews.com%26username=devriendt.bert%2540deme-group.com/1/0102018e88ced0fe-cb606eee-fcae-4fd7-b4a9-38d3a172b419-000000/l6-2lleUmNe9ZxyHCVS2Mdut-i3h7ExbYUjZ-Qg_ss4=346
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,1929288360669841973,16240257488727477855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2172 --field-trial-handle=1912,i,1929288360669841973,16240257488727477855,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1417427
Product:	CloudBasic
Start time:	09:22:22
Start date:	29.03.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs