Windows Analysis Report
https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWF

Overview

General Information

Sample URL:	https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXp
Analysis ID:	1426818
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Stores files to the Windows start menu directory

Classification

Signatures

Source: https://widgets.wp.com/3rd-party-cookie-check/complete.html

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49739 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: www.hr-benefits.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?m=1712700713g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGpkbGJgbmgAARI0u2Q== HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??/wp-includes/css/dashicons.min.css,/wp-includes/css/admin-bar.min.css?m=1712700713 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5oZG5gYG5oUkWAK87IhY= HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/scripts/bundle.min.js?m=1693396320g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/admin-bar-v2.css?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/noticons/noticons.css?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/notes-common-lite.min.js?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/admin-bar-v2.js?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/sophos-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/secondary-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.3.4 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /3rd-party-cookie-check/index.html HTTP/1.1Host: widgets.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-book-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-light-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-medium-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /3rd-party-cookie-check/complete.html HTTP/1.1Host: widgets.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://widgets.wp.com/3rd-party-cookie-check/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wpcom-thirdparty-cookie-check=ok
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/sophos-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/secondary-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/05/cropped-sophos.png?w=32 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/05/cropped-sophos.png?w=32 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /course/insider-threats_en-us/ HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sensei/assets/dist/blocks/single-course.css?m=1706617386g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/course/insider-threats_en-us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_sec_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Ca225ffba48e08ba5fa046df47748203899210cd513bd31ff804dfb23e1319ad5; wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJyNj9EKwjAMRX/Imk2EPYnfMttspLbpTFplf2+RCRN0+JSHew43Fx6TIbahOFTwCo40wx3ZJYEaTSnMA4VQGZS8j8R7rzvYkARHrGyfkxgpnCniP9qqaxN3KRrB3s1ryibOyBmmUEZiBUVWJOhVMS/eJSR7VbCpiKJJJYe6CAZ5me5bnb8VlHk5v376gEyksQ5/7z3HU9u1h65puvbon0qYhpk= HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/course/insider-threats_en-us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en

Source: unknown

DNS traffic detected: queries for: www.hr-benefits.site

Source: chromecache_95.7.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_95.7.dr	String found in binary or memory: http://fontawesome.io/license

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/51@20/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1708,i,8188062310035751016,12932038185904332002,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1708,i,8188062310035751016,12932038185904332002,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
192.0.66.2	staysafe.sophos.com	United States	2635	AUTOMATTICUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
192.0.77.32	widgets.wp.com	United States	2635	AUTOMATTICUS	false
176.34.132.70	www.hr-benefits.site	Ireland	16509	AMAZON-02US	false
142.251.15.104	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.9

Contacted Domains

Name	IP	Active
secure.gravatar.com	192.0.73.2	true
staysafe.sophos.com	192.0.66.2	true
lb.wordpress.com	192.0.78.12	true
www.google.com	142.251.15.104	true
widgets.wp.com	192.0.77.32	true
s0.wp.com	192.0.77.32	true
www.hr-benefits.site	176.34.132.70	true
www.sophos.com	unknown	unknown
v0.wordpress.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://staysafe.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGpkbGJgbmgAARI0u2Q==	false	high
https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.js?ver=13.1.3-202416-lite	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-light-webfont.ttf	false	high
https://widgets.wp.com/3rd-party-cookie-check/complete.html	false	high
https://s0.wp.com/i/noticons/noticons.css?ver=13.1.3-202416-lite	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/images/sophos-logo.png	false	high
https://staysafe.sophos.com/wp-content/plugins/sensei/assets/dist/blocks/single-course.css?m=1706617386g	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/images/secondary-logo.png	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-medium-webfont.ttf	false	high
https://staysafe.sophos.com/_static/??/wp-includes/css/dashicons.min.css,/wp-includes/css/admin-bar.min.css?m=1712700713	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/scripts/bundle.min.js?m=1693396320g	false	high
https://staysafe.sophos.com/wp-content/uploads/2018/05/cropped-sophos.png?w=32	false	high
https://staysafe.sophos.com/wp-includes/js/wp-emoji-release.min.js?ver=6.3.4	false	high
https://widgets.wp.com/3rd-party-cookie-check/index.html	false	high
https://s0.wp.com/wp-content/mu-plugins/notes/notes-common-lite.min.js?ver=13.1.3-202416-lite	false	high
https://staysafe.sophos.com/_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5oZG5gYG5oUkWAK87IhY=	false	high
https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690	false	high
https://s0.wp.com/wp-content/mu-plugins/notes/admin-bar-v2.css?ver=13.1.3-202416-lite	false	high
https://staysafe.sophos.com/wp-content/themes/phishthreat/assets/fonts/flama-book-webfont.ttf	false	high
https://staysafe.sophos.com/course/insider-threats_en-us/	false	high
https://staysafe.sophos.com/_static/??-eJyNj9EKwjAMRX/Imk2EPYnfMttspLbpTFplf2+RCRN0+JSHew43Fx6TIbahOFTwCo40wx3ZJYEaTSnMA4VQGZS8j8R7rzvYkARHrGyfkxgpnCniP9qqaxN3KRrB3s1ryibOyBmmUEZiBUVWJOhVMS/eJSR7VbCpiKJJJYe6CAZ5me5bnb8VlHk5v376gEyksQ5/7z3HU9u1h65puvbon0qYhpk=	false	high
https://staysafe.sophos.com/wp-includes/css/dist/block-library/style.min.css?m=1712700713g	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	8B9330104911AE31D3F2AEF049B29B3F	2115D4C0E3CF583F90671F383D3763E3A1D5FA1B	B86CFD2D8EC1B5DA88A7059AC55D6A90D303108335D008505493D3EC3B1365C3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	89CF6A8E1F2E639B98A219C6308012C5	FAE8E3CBC45A052C1427AD679472D2A3F8520C92	96AB7E890AE7A403CBF35EB3CEBB7DCBF18456F22067BE02FEAAEC8F6F977230
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:56:51 2023, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	23517347D637F25BED3EC46627B63F99	5A5A81C7D2ED5E24D8E9BFB893AA919E5C9E851C	4F33066C2B101DBC59FFDE6C0F573DFC748FDD460CB01BC7AF4F2FFB22993C53
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	10C647A7EA71177BDA154DF94C81F2C0	6F41BB3102CC6A10EE261D42FCF5C15AB125A9B2	B4AB18418F342B970EC3706CDED46FD9FC23AAEAAA8C809F33B07F0081A1643B
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	E3621A57FE2BCE0C6E6F38F8C52A3F6B	A5160B6DDCEE48927BF4584E0BFC835A067DACDF	2C90170701DF87BD1E0401416CD26A69778F9A010F0A1909192F4FBC5F5BF760
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Apr 16 14:04:30 2024, atime=Wed Sep 27 08:36:55 2023, length=1210144, window=hide	D2708E480077756E0FABA8B504760645	6A73A7244C5FE36390CE08521B6CE084631669C0	C1A964C4C2B51415B094AA4562C60900785C4B8CFE198441E08BA2791FBD5894
Chrome Cache Entry: 100	ASCII text, with very long lines (15521), with no line terminators	7BF3EFD430A9A0592C41552968D38FF7	2E85EA74DC08DFABB4855E4A087535A335B442F2	3D2C10CF69410C10177FC6E56937D05151B182841FA6AEE36F651D587D91FBB8
Chrome Cache Entry: 77	ASCII text, with very long lines (7975), with no line terminators	4E9A5CB5F0D63C8DA6E69E8B22D3BDE9	30E063784D25CD6D6FF6EA69F7F6F16D729ECEEB	C89BB8BD38945957ACC3F29B01C32C8899B4292A1581DF8D8DE3D12325A7D279
Chrome Cache Entry: 78	HTML document, ASCII text	35878A92715EE0C3D6EC1945AE48DA47	FFF099A6A9E8F94EEEF1DD88A4D1E9DAB2ABA104	3CAB0A784535B131CE2D494A2D80CE60A547923FF5CD20D473A16F1E9A7E74C3
Chrome Cache Entry: 79	Unicode text, UTF-8 text, with very long lines (32455)	560C2C235388452692FB62A12A40BD31	50A7828306354A5CB344639719B273E2CDBEA8E2	F2739B1B517C79B3E12A60208FA46865F4218199AB1B60B19AB99BD6B31A31B8
Chrome Cache Entry: 80	ASCII text, with very long lines (10160), with no line terminators	E2C8333BF54D6DC30D2872373AA5FD5B	48C99B3B57AA403244D87C4F56024D8F9345BD2C	71D0854E14A9745350D9BBD9E48CA0AAB186E8594165014036B875B14E8D1E1E
Chrome Cache Entry: 81	PNG image data, 232 x 79, 8-bit/color RGBA, non-interlaced	2331489F7BC6B96920DD813763A1429A	FC4E8224BFBAC7926B78049D2646C3E6D8E21644	5940CB8B477258B23E3D3E2136F22EC12FF9D26964E54E81A4D4582CEB032169
Chrome Cache Entry: 82	ASCII text, with very long lines (9622), with no line terminators	81C9B49922B1F8C989792BECA06A6DF5	C2FD5C196F547A29814F95BE5AB2C280020E84C4	60C9CB195617129AE893102A55091A9076D63EECEDE4D75EB9AA64DB954E838D
Chrome Cache Entry: 83	TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano. All rights reserved.Flama MediumRegular3.000;FTF;2008;	C36C9BFF0058169764CDD623D766BBF0	4AC0EBDD7220DAF6BEF31BE7F73A81C020EE11FB	EC341C00863F513A04B66DB10C2180649AB00B68275DB6DCD7ABDF6BD780B947
Chrome Cache Entry: 84	TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano. All rights reserved.Flama BookRegular3.000;FTF;2008;Fl	641EDD13D09C2DF0F917586436534528	5A5F1F414D23344E9F61A4EE351613121AE91F3D	D088C5E7CCC85FEDA2E2F398F4188C8C49F6C0178E75E2E758F9A9C4E3FDDFF0
Chrome Cache Entry: 85	PNG image data, 200 x 198, 8-bit/color RGBA, non-interlaced	DE229B86DDF40EBCA0B165A6CB928C61	7358E6BD2C4335D570256B9D3D890FB860D0A0F5	8A4007FCBDBB05010EEB3B8401048E2C6AEF424FF851D25C8409FFE08EB6F526
Chrome Cache Entry: 86	ASCII text, with very long lines (15718)	4CC444663C1E69CB8AC7B909E7192BCA	D00DDC5B9526193FA99BC3995A6D05F995452EA1	4F79A89D16A5F717110FE080C0BF90B7E05FF95A4C4983F64D33110BF5F9C230
Chrome Cache Entry: 87	HTML document, ASCII text	4D46FF759FB252FC9E9F62AE7C6258D8	518D10082A1EFC7908BFA7E2468672289F894FBC	F11FFC348C54566E5436BC503BCC7D67F72463098CB0E16FC930844CD0D41E78
Chrome Cache Entry: 88	TrueType Font data, 19 tables, 1st "FFTM", 19 names, Microsoft, language 0x409, Copyright (c) 2008 by M\207rio Feliciano. All rights reserved.Flama LightRegular3.000;FTF;2008;F	89959A05E65954D1F83878EC49D56E88	6948DE7CE5D1092B568F37045970DF5E850CCA0D	1EEE700208FDDC9DBEA7FD453E8A1DBACA020A9C0DEDB43F985F3FD1DDCBDA2D
Chrome Cache Entry: 89	PNG image data, 232 x 79, 8-bit/color RGBA, non-interlaced	2331489F7BC6B96920DD813763A1429A	FC4E8224BFBAC7926B78049D2646C3E6D8E21644	5940CB8B477258B23E3D3E2136F22EC12FF9D26964E54E81A4D4582CEB032169
Chrome Cache Entry: 90	RIFF (little-endian) data, Web/P image	4E782A6F303E59F55B738CCA25CE91AA	4FC64BF289C49DDE50B46538DB1FDD6C4A523049	DF786EF94901849D01D86E36709E172641AB69AE2A47088C916AB921683F42B6
Chrome Cache Entry: 91	PNG image data, 200 x 198, 8-bit/color RGBA, non-interlaced	DE229B86DDF40EBCA0B165A6CB928C61	7358E6BD2C4335D570256B9D3D890FB860D0A0F5	8A4007FCBDBB05010EEB3B8401048E2C6AEF424FF851D25C8409FFE08EB6F526
Chrome Cache Entry: 92	ASCII text, with very long lines (1021), with no line terminators	A4B7B29AEF4C2DB12B7F80F503E8A372	D739D356EBBFE1B4745A878D0C7596D11922E67E	23021FFFDCC409DF4DD188FA05830DB2606E1CC01D63EFEEF913F2C617B4AC71
Chrome Cache Entry: 93	Unicode text, UTF-8 text, with very long lines (32997), with no line terminators	CC51B38E8142620927301C59FFE84644	E0F14F1DD795376F384B859857A29271FF7DC0B1	83041828A60B0BD1F3E73AF0E2F0E2FF9B0192F32254F1DD19C6B78ED411DD8D
Chrome Cache Entry: 94	ASCII text, with very long lines (10255), with no line terminators	AF60F6EF1155F22FCB12D20AAD000A11	64C45A590B6991CCA4654946C83B2873F7BB4638	1A002A628C76FDE962C9EF47A1DCCA7F929E4CF5884CBBBA44613A5C0E1E6E91
Chrome Cache Entry: 95	Unicode text, UTF-8 text, with very long lines (47648), with CRLF, LF line terminators	5664D2DDF3850CED74218D926A766FD7	2658F85006CDC0FCB04146E639FBD47DCB64A6CC	AD16299E0150BB2226B43D64F29E68B186CABE5BC892B9963163D67BFF54BAF2
Chrome Cache Entry: 96	ASCII text, with very long lines (65447)	3D84664F55848458A89E508D634869E4	98B03A57F36BF697D65AE3EEC49A53A58C3F87FE	EA15EB7F6C01551306BAAD1FC7CEAB62FA63A26CBA6C52ACB925E9DC1537637C
Chrome Cache Entry: 97	ASCII text, with very long lines (53449)	03C0F2128C8DD615B1691C168F1D4456	DEFA44BED1F35EC899CFD358CA911390BCA53E67	67447C3656CAAD630373253691F3E8F64467EAFD6E7305C9B0E98111B0B41694
Chrome Cache Entry: 98	PNG image data, 32 x 32, 8-bit colormap, non-interlaced	4F9C2EC7AE23190879FC113DC1443F56	66C09770624E026DE25F0309B9E624268A3D59A2	D5F6DA250C4F8DBCD802F337E93FB3F3B95F368A83617AAF7F677284798249EF
Chrome Cache Entry: 99	ASCII text, with very long lines (59060)	1EA95123DAAAC3F1CBF4E422EC295412	976E9D5BD78D034A7D85BA0EAAFD256377E11742	B920600D683E8E16FFA8252C62D9F08A577E1E3C40DFB67B20EA5A7F27F0A51C

Source: https://widgets.wp.com/3rd-party-cookie-check/complete.html

HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49739 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.209
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 23.220.189.216
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.11
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: www.hr-benefits.siteConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c
Source: global traffic	HTTP traffic detected: GET /wp-includes/css/dist/block-library/style.min.css?m=1712700713g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJzTLy/QzcxLzilNSS3WzyrWz01NyUxMzUnNTc0rQeEU5CRWphbp5qSmJyZX6uVm5uklFxfr6OPTDpRD5sM02efaGpobGpkbGJgbmgAARI0u2Q== HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??/wp-includes/css/dashicons.min.css,/wp-includes/css/admin-bar.min.css?m=1712700713 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJzTLy/QzcxLzilNSS3WzwKiwtLUokoopZebmaeXVayjj0+Rbm5melFiSSpUsX2uraG5oZG5gYG5oUkWAK87IhY= HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/scripts/bundle.min.js?m=1693396320g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/admin-bar-v2.css?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /i/noticons/noticons.css?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/notes-common-lite.min.js?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/mu-plugins/notes/admin-bar-v2.js?ver=13.1.3-202416-lite HTTP/1.1Host: s0.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/sophos-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/secondary-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-includes/js/wp-emoji-release.min.js?ver=6.3.4 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /3rd-party-cookie-check/index.html HTTP/1.1Host: widgets.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://staysafe.sophos.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-book-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-light-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/fonts/flama-medium-webfont.ttf HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://staysafe.sophos.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://staysafe.sophos.com/_static/??/wp-content/themes/phishthreat/assets/css/master.min.css,/wp-content/mu-plugins/jetpack-13.1/css/jetpack.css?m=1712607690Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /3rd-party-cookie-check/complete.html HTTP/1.1Host: widgets.wp.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://widgets.wp.com/3rd-party-cookie-check/index.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wpcom-thirdparty-cookie-check=ok
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/sophos-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/themes/phishthreat/assets/images/secondary-logo.png HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/05/cropped-sophos.png?w=32 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://staysafe.sophos.com/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/uploads/2018/05/cropped-sophos.png?w=32 HTTP/1.1Host: staysafe.sophos.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0 HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /course/insider-threats_en-us/ HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /wp-content/plugins/sensei/assets/dist/blocks/single-course.css?m=1706617386g HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://staysafe.sophos.com/course/insider-threats_en-us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_sec_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Ca225ffba48e08ba5fa046df47748203899210cd513bd31ff804dfb23e1319ad5; wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en
Source: global traffic	HTTP traffic detected: GET /_static/??-eJyNj9EKwjAMRX/Imk2EPYnfMttspLbpTFplf2+RCRN0+JSHew43Fx6TIbahOFTwCo40wx3ZJYEaTSnMA4VQGZS8j8R7rzvYkARHrGyfkxgpnCniP9qqaxN3KRrB3s1ryibOyBmmUEZiBUVWJOhVMS/eJSR7VbCpiKJJJYe6CAZ5me5bnb8VlHk5v376gEyksQ5/7z3HU9u1h65puvbon0qYhpk= HTTP/1.1Host: staysafe.sophos.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://staysafe.sophos.com/course/insider-threats_en-us/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: wordpress_logged_in_756c12a83cfbec080e0017373d6ae55f=fa296d2f-58ed-4622-9c2f-d60de85ce8a2%7C1713452672%7CWSjVBarglEIarA8fr4iP9zElHTohFbR1N4WmM1unQN4%7Cf203ff8b1bd8f98675f49ffc1114db790a5872a63b93e4e3a791fea262ab107c; pll_language=en

Source: unknown

DNS traffic detected: queries for: www.hr-benefits.site

Source: chromecache_95.7.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_95.7.dr	String found in binary or memory: http://fontawesome.io/license

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746

Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49734 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.220.189.216:443 -> 192.168.2.9:49739 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/51@20/6

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1708,i,8188062310035751016,12932038185904332002,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.hr-benefits.site/?t=eyJhbGciOiJIUzI1NiJ9.eyJ0cmFja2luZ190b2tlbiI6ImZhMjk2ZDJmLTU4ZWQtNDYyMi05YzJmLWQ2MGRlODVjZThhMiIsImNlbGwiOiJodHRwczovLzIxZzZqZnZoeTYuZXhlY3V0ZS1hcGkudXMtZWFzdC0yLmFtYXpvbmF3cy5jb20vcHJvZC9hcGkvcGhpc2hpbmdjYW1wYWlnbiIsImNhbXBhaWduX3Rva2VuIjoiYmU1ZTQxOGQtZmRiNi00N2IwLWFmZjItN2Y4ZTcxMjQ4ZmVhIiwidGVzdF90b2tlbiI6ZmFsc2UsImV4dGVybmFsX3RyYWluaW5nIjpmYWxzZSwiZGlyZWN0X2RlbGl2ZXJ5Ijp0cnVlLCJpYXQiOjE3MTMyNzgzNjksImlzcyI6Imh0dHBzOi8vYXBwLnBoaXNodGhyZWF0LmNvbSIsImV4cCI6MTcyMTA1NDM2OX0.Qa0DWnRj-q6Y-9K9dNCNoX-fwlEkDB9HInaE65rddd0"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2164 --field-trial-handle=1708,i,8188062310035751016,12932038185904332002,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.4.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1426818
Product:	CloudBasic
Start time:	17:03:38
Start date:	16.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs