Windows Analysis Report
https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe

Overview

General Information

Sample URL:	https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe
Analysis ID:	1428960
Infos:

Detection

Score:	1
Range:	0 - 100
Whitelisted:	false
Confidence:	80%

Signatures

HTML page contains hidden URLs or javascript code

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

HTML page contains hidden URLs or javascript code

Source: https://allianceimpressed.com/

HTTP Parser: Base64 decoded: https://allianceimpressed.com/

Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49750 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49721 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49750 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe HTTP/1.1Host: click.pstmrk.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3lXVfWLG6V HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ec/gAAAAABmIWKq_dM96_2BoT4McX52BSyyFAjhguS4bWjfY53J8r0noDqUsDmcAlKqFNXkT4hIFVsWBdwi1w8ED3-RJVWgX48BU4uY8nkls4vwILtPagL5LmNB1UK68SeeQfPg6tnrmGZHc02Wzh7hmv9xaY8ZjHX9qkqPLTzAH-SljTWppuT-yNFW0tXaYNxe66A4dXrk3KYMMoRnJKinAPmkUllsGWHZ-NM5E-9zkwthBYzgi-gs4oCNJuYkqv938Rz5jCwsXNtzsyOq9jSjD99tpPP5nK5z6_gQiMUc3XoJJehSD6_zsyCZtFAifJvQxUVHtAGRTJBUePz35a-LALgHKhMYK-Qli1SiI5Ddz5-uqYiy2xB6ePJT1AQzOroBGG-Fnt5vL_VO HTTP/1.1Host: q2a9nc.fi07.fdske.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Xgx873JADT HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc=bed21b18-dd99-41c9-8627-40d38468b33c
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=876fbcf0ddd312e1 HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://allianceimpressed.com/?__cf_chl_rt_tk=SQAW4FctVwR9WSyRID5.4CgmyT6agFMxUDgxxE0eOyE-1713559523-0.0.1.1-1279Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://allianceimpressed.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876fbcfe0ff26754 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/876fbcfe0ff26754/1713559527717/5416f52a1645c3bf5fcc5b5284d36dcdd012c576c3bf5edd65eae67b2e8b3458/XvfycEm0cRtOJZX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876fbcfe0ff26754/1713559527724/WLqG-SGRMY1Z_5h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876fbcfe0ff26754/1713559527724/WLqG-SGRMY1Z_5h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/?__cf_chl_tk=SQAW4FctVwR9WSyRID5.4CgmyT6agFMxUDgxxE0eOyE-1713559523-0.0.1.1-1279Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/876fbd8f3c6512f1 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=oD9cxvBmo_ja6YmjnVWCR5SB7vY1iwCelYodZ4lTEjw-1713559551-1.0.1.1-joxBucg1nxxwQgF2V4B42OZkHCElbxXGcx80rPdglTP4i5tZcQwsKzNa810TNejbLxwWWILd6KGQ6z7WDnoeNQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=oD9cxvBmo_ja6YmjnVWCR5SB7vY1iwCelYodZ4lTEjw-1713559551-1.0.1.1-joxBucg1nxxwQgF2V4B42OZkHCElbxXGcx80rPdglTP4i5tZcQwsKzNa810TNejbLxwWWILd6KGQ6z7WDnoeNQ
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/876fbd986bd9139a HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=Xjc0.ji2L6x7odvlfD8ozcwV3vO5IIF8TnVV5_Gvb24-1713559551-1.0.1.1-lgfnuNtOeBSz.4WCQiPHGjpewTIbXSVrwdj3SRJndKoLFBR9hBrjmusn8_r8EplkpmkFeIUC6xO8hraySWlbcA

Source: unknown

DNS traffic detected: queries for: click.pstmrk.it

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveContent-Length: 1974sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"Content-type: application/x-www-form-urlencodedsec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""CF-Challenge: 65cebf336253f48sec-ch-ua-platform: "Windows"Accept: */*Origin: https://allianceimpressed.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16324Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: nSUP4jKd4EH40J20P5uMvQZlkwNWm68QbmUFP8ezzVEyonhyOkdSQsnEzwIqZJceiklDSyIOpxKZggmFVij3ztH6vB8NFHtr6Z60omRaJrqeEWmP2TZPO3ZoF5QCNivHl5IPR2z0Ldg8hS/zsoFQyQ==$1SzR9l/lY8O4ZquFIOahHA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:25 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16480Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: gw2/IArHs5WJjhRdZqIjLhibFTz028pBG1RnzeAiutgMKAgQXCkw9nCp1pG8t7k5odJcGcpI5vLu/1EMkdELmRgFVzHcxSvztV4fcqzb/hyEWM+wN7l6HbgB8JotCSqkQ/uXXF0l87Ip2gQ2AEPc0g==$Ar9pVVP5kaNyvvbbY8h+hw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16480Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: IfTGpdJJiMn7NDRuBrEJpCs547b3uZ5y7EvcPriwMNuenqlW19ylWM2wYGQ2fW5/kg11e2cs+QwR540WWD70Xlbm8pd5h4VcsJGbYVg3DMfQgR/WfQPzk/c07+jIBC95FPZmf0FB7jclcZXErtpNPQ==$pVG9f3/O+hhVHMNmQji/xQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16565Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 3G28gnHxv9lllG/sCKtZy8b3HtFjFjXMjt5U+BBz+3fOFyxB4BsPQNmXD6/ninqZBP95M+d353dP8EbWY6CXTH0LuHKIheqiSneOUzZ8B3MrW3lytXAuUCe73TydqmNmblnCxGG9cOWJDa8E0AnFYg==$abvRUd0HN/EAfaSBiBckoQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Fri, 19 Apr 2024 20:45:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; path=/; expires=Sat, 19-Apr-25 20:45:49 GMT; domain=.allianceimpressed.com; HttpOnly; Secure; SameSite=NoneX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockSet-Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;X-Frame-Options: SAMEORIGINCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: 0CF-Cache-Status: DYNAMIC
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 20:45:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zAnqzUZ%2F%2FnxK6hYELNvtG26phwJ1BMF19poMkrSfey4O8BkiqviHyo%2FM19bmuEMr3Gz4z3gc93FR14bru%2BqaHNvaNYu7dViiF0leSWUYsI1goUUzTMjgwD4w1PqZ4CKK5YwG%2FQ4TQaI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 876fbd986bd9139a-ATLalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 20:45:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1jT4fONXf0fXHGNnVvt8OwWydJTNkHd5LzIQV%2FzeukXudhGVNC29CUr3jZxu6ELoc0QAzpAh52tk%2FwWMZD38P70532vfAY7TYA2do3prkRhIC6w5xjl%2BIKvqgnsoW94WYD5LABaAacg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 876fbd9f0b8f8bb7-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_72.2.dr	String found in binary or memory: https://allianceimpressed.com
Source: chromecache_66.2.dr	String found in binary or memory: https://q2a9nc.fi07.fdske.com/ec/gAAAAABmIWKq_dM96_2BoT4McX52BSyyFAjhguS4bWjfY53J8r0noDqUsDmcAlKqFNX

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@23/26@22/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2004,i,1810114582751248947,4925308050516260128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2004,i,1810114582751248947,4925308050516260128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
3.128.242.51	click.pstmrk.it	United States	16509	AMAZON-02US	false
172.67.153.74	allianceimpressed.com	United States	13335	CLOUDFLARENETUS	false
104.244.42.5	t.co	United States	13414	TWITTERUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.251.15.106	www.google.com	United States	15169	GOOGLEUS	false
13.226.100.37	djwxuafo2dd79.cloudfront.net	United States	16509	AMAZON-02US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
a.nel.cloudflare.com	35.190.80.1	true
t.co	104.244.42.5	true
allianceimpressed.com	172.67.153.74	true
djwxuafo2dd79.cloudfront.net	13.226.100.37	true
challenges.cloudflare.com	104.17.3.184	true
click.pstmrk.it	3.128.242.51	true
www.google.com	142.251.15.106	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
q2a9nc.fi07.fdske.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/876fbcfe0ff26754/1713559527717/5416f52a1645c3bf5fcc5b5284d36dcdd012c576c3bf5edd65eae67b2e8b3458/XvfycEm0cRtOJZX	false	high
https://a.nel.cloudflare.com/report/v4?s=35e5ckc0LoZT2PUohuwGi1o2C65i0WSM9iZ5t0Cu2VwX73d5QYBOjc3HzpdaMRpPHV4Su4N7lmzDc8vfkW5nafkg0ALutLl%2Fe018LpJtk673aayShmTwbrMqAtu%2F2AgumFlBXmL7wYI%3D	false	high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722	false	high
https://t.co/3lXVfWLG6V	false	high
https://allianceimpressed.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js	false	unknown
https://allianceimpressed.com/cdn-cgi/challenge-platform/h/b/jsd/r/876fbd986bd9139a	false	unknown
https://q2a9nc.fi07.fdske.com/ec/gAAAAABmIWKq_dM96_2BoT4McX52BSyyFAjhguS4bWjfY53J8r0noDqUsDmcAlKqFNXkT4hIFVsWBdwi1w8ED3-RJVWgX48BU4uY8nkls4vwILtPagL5LmNB1UK68SeeQfPg6tnrmGZHc02Wzh7hmv9xaY8ZjHX9qkqPLTzAH-SljTWppuT-yNFW0tXaYNxe66A4dXrk3KYMMoRnJKinAPmkUllsGWHZ-NM5E-9zkwthBYzgi-gs4oCNJuYkqv938Rz5jCwsXNtzsyOq9jSjD99tpPP5nK5z6_gQiMUc3XoJJehSD6_zsyCZtFAifJvQxUVHtAGRTJBUePz35a-LALgHKhMYK-Qli1SiI5Ddz5-uqYiy2xB6ePJT1AQzOroBGG-Fnt5vL_VO	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876fbcfe0ff26754	false	high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	high
https://allianceimpressed.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	unknown
https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe	false	unknown
https://allianceimpressed.com/favicon.ico	false	unknown
https://t.co/Xgx873JADT	false	high
https://allianceimpressed.com/cdn-cgi/challenge-platform/h/b/jsd/r/876fbd8f3c6512f1	false	unknown
https://a.nel.cloudflare.com/report/v4?s=nYh8%2F6XrGzr0mnLF5%2BmzHa2nHvE9JMgSBhRlbMtuBS9fHz%2BElkIEtHrIjlW4Sb2XtY8wJlKJN3OnrJ2InUxH%2FabYPpME%2BpRWNAo1DcPvwiiTLM0tExV6iCIdJkrdhlbPePeziBZM8ko%3D	false	high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	false	high
about:blank	false	low
https://allianceimpressed.com/cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48	false	unknown
https://a.nel.cloudflare.com/report/v4?s=1jT4fONXf0fXHGNnVvt8OwWydJTNkHd5LzIQV%2FzeukXudhGVNC29CUr3jZxu6ELoc0QAzpAh52tk%2FwWMZD38P70532vfAY7TYA2do3prkRhIC6w5xjl%2BIKvqgnsoW94WYD5LABaAacg%3D	false	high
https://allianceimpressed.com/	false	unknown
https://allianceimpressed.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=876fbcf0ddd312e1	false	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/876fbcfe0ff26754/1713559527724/WLqG-SGRMY1Z_5h	false	high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 19:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9729922C03DEE916F8DD823DDE421CF8	FCC5F7063266126C1A59C2E30C52E081A38CEB50	C74006143BECA19BD73F199B945A69EADD12C3406E5076C47ED1DD222083BAF5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 19:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BBCA33E36253825122193210D0D4E0F5	FA25F58406BFB8BB2AEFA1B6134428FDE06EE034	F3AEA37793801B733AFB55E862FED14597228A0EB29D2907618F1A0696AD2A51
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	307632C3D79BB27979AB6185540839EB	157E21B6B7778367066455BC3EB0BB781D47F76D	38E30CF849F0A2E35785340F530B991285C4DE902DF3FA46FA5CEA2017986DC2
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 19:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1BEB351F1A5F43F189295CB38FF44B9F	F60EA3056AE618D159AC12F49517372F33658DD3	193A2962D9DBB8FFAE9FFD13B5B67FB7CB65333B899A4BFCCB180A33991FF95D
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 19:45:20 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	01CE9670E80EBFE1A568603D204202F5	CE02A7542B93A2DB26893DBD022A2661FC2ABD00	0C3FBA560EB760A8BE7AC29F80BF803A07C4B32EBAE8A878913D6706B8C5F2D0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Apr 19 19:45:19 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9E92BE47B4363516B67DE8389824E3B4	6E32479880F2A00B94FB48ED80EB291C38357318	AF528E091629DAB935CD5DCA8A2D27CFDDCEAC29192C205BB0385F90F8C09101
Chrome Cache Entry: 63	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 64	HTML document, ASCII text, with very long lines (6168)	A908E106A22AD5D4F7291CD32322049F	B6B94E927612C6650250A3EA2E84C34B07B98B42	E2E2031DE05727BD4659D14DE53CAFC29C33BE68F0FC16DF4E60395C05460F7A
Chrome Cache Entry: 65	PNG image data, 16 x 71, 8-bit/color RGB, non-interlaced	6FC6A49A76808617F245A73A9BF8698B	03B0B654A793F853714CEC7AFACE81039DF62EC6	2496D4A8508A8790B8A94F2E69EBD0AB14AFEC07614060ACAD5493881028B0B2
Chrome Cache Entry: 66	HTML document, ASCII text, with very long lines (1443), with no line terminators	E966F3F4B8127B99CB0EE7BBBEB0B77C	5DDDF1C8A4A2C2ACF14C813ACF179D382FD8CFA3	DBC92CEAB2D12247692755329238B1B43190A8B2BD6EC91272D1C46353E95BF2
Chrome Cache Entry: 67	ASCII text, with very long lines (42414)	F94A2211CE789A95A7C67E8C660D63E8	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
Chrome Cache Entry: 68	HTML document, ASCII text, with very long lines (1375), with no line terminators	6CAB2D7C3681C91E539E4EC00694D1C9	179B02C71D625C326A27D99C50FA420D220BD280	1629AAC79BB23CE98DCBB0016EEBDB62142943E3E1BB0C49B9F234DF65062329
Chrome Cache Entry: 69	HTML document, ASCII text, with no line terminators	6147CA10712E483B5EE714D29C21E439	7BFFD4014EFE0ACE62D03599877153159E2A01B6	E5128B5E331CAD19DF2F67041FFC85BF716D6E6106DEA098C37524593FB268E9
Chrome Cache Entry: 70	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 71	PNG image data, 16 x 71, 8-bit/color RGB, non-interlaced	6FC6A49A76808617F245A73A9BF8698B	03B0B654A793F853714CEC7AFACE81039DF62EC6	2496D4A8508A8790B8A94F2E69EBD0AB14AFEC07614060ACAD5493881028B0B2
Chrome Cache Entry: 72	HTML document, ASCII text, with no line terminators	4AB9FE3BA4A96F8A4AE6AB64AF675F63	597BB2D135B3041ACCC1BDEF12CB3C0F931CC894	2C1F03398DD70EAD8E61EF7B21A172604FA7BDA4C34518820F17E129A723B92E
Chrome Cache Entry: 73	ASCII text, with very long lines (7855), with no line terminators	EE4AE830CC78F0CCD925F481BB1A7701	143E945217FAA7383526B766B68B9EE521B16E7B	4849D145DCFE26342B3CF632399BB43E845AD0636CA51C6495D7C2FAFCC55CFE

HTML page contains hidden URLs or javascript code

Source: https://allianceimpressed.com/

HTTP Parser: Base64 decoded: https://allianceimpressed.com/

Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://allianceimpressed.com/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	HTTP Parser: No favicon

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49750 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49721 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49750 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 184.31.62.93
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe HTTP/1.1Host: click.pstmrk.itConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3lXVfWLG6V HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ec/gAAAAABmIWKq_dM96_2BoT4McX52BSyyFAjhguS4bWjfY53J8r0noDqUsDmcAlKqFNXkT4hIFVsWBdwi1w8ED3-RJVWgX48BU4uY8nkls4vwILtPagL5LmNB1UK68SeeQfPg6tnrmGZHc02Wzh7hmv9xaY8ZjHX9qkqPLTzAH-SljTWppuT-yNFW0tXaYNxe66A4dXrk3KYMMoRnJKinAPmkUllsGWHZ-NM5E-9zkwthBYzgi-gs4oCNJuYkqv938Rz5jCwsXNtzsyOq9jSjD99tpPP5nK5z6_gQiMUc3XoJJehSD6_zsyCZtFAifJvQxUVHtAGRTJBUePz35a-LALgHKhMYK-Qli1SiI5Ddz5-uqYiy2xB6ePJT1AQzOroBGG-Fnt5vL_VO HTTP/1.1Host: q2a9nc.fi07.fdske.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /Xgx873JADT HTTP/1.1Host: t.coConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc=bed21b18-dd99-41c9-8627-40d38468b33c
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://t.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=876fbcf0ddd312e1 HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://allianceimpressed.com/?__cf_chl_rt_tk=SQAW4FctVwR9WSyRID5.4CgmyT6agFMxUDgxxE0eOyE-1713559523-0.0.1.1-1279Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?onload=ZbqNq8&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://allianceimpressed.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=876fbcfe0ff26754 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/876fbcfe0ff26754/1713559527717/5416f52a1645c3bf5fcc5b5284d36dcdd012c576c3bf5edd65eae67b2e8b3458/XvfycEm0cRtOJZX HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876fbcfe0ff26754/1713559527724/WLqG-SGRMY1Z_5h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/mwee7/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/876fbcfe0ff26754/1713559527724/WLqG-SGRMY1Z_5h HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1595238390:1713557396:0l73k--Ts5Ec8iH7IHIdNLECRmOKsWGGhlMoyoMjPNE/876fbcfe0ff26754/49d52afbf33f722 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/194807937:1713557415:t6IB0qA9J_EiNTy1-V6ISSkWXiiQOxdJc-JTwEabuyQ/876fbcf0ddd312e1/65cebf336253f48 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/?__cf_chl_tk=SQAW4FctVwR9WSyRID5.4CgmyT6agFMxUDgxxE0eOyE-1713559523-0.0.1.1-1279Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/471dc2adc340/main.js HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/876fbd8f3c6512f1 HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=oD9cxvBmo_ja6YmjnVWCR5SB7vY1iwCelYodZ4lTEjw-1713559551-1.0.1.1-joxBucg1nxxwQgF2V4B42OZkHCElbxXGcx80rPdglTP4i5tZcQwsKzNa810TNejbLxwWWILd6KGQ6z7WDnoeNQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: allianceimpressed.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://allianceimpressed.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=oD9cxvBmo_ja6YmjnVWCR5SB7vY1iwCelYodZ4lTEjw-1713559551-1.0.1.1-joxBucg1nxxwQgF2V4B42OZkHCElbxXGcx80rPdglTP4i5tZcQwsKzNa810TNejbLxwWWILd6KGQ6z7WDnoeNQ
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/876fbd986bd9139a HTTP/1.1Host: allianceimpressed.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; _AjWrkfId3ezFO-74CRUO2uzZk4=kKTpxQn76QIUeZPoDqcp4h_DB2E; ZpeNcbMHW61I2Mdrwvbri2aRgBc=1713559547; di9twD3G95XiK2IqVPRAk-5wYqA=1713645947; _JcmFChHBXWPCSHMbxtaNDLb_Nk=xpY1ftppVHMCwuAfxZ0iVwFDtTo; cf_clearance=Xjc0.ji2L6x7odvlfD8ozcwV3vO5IIF8TnVV5_Gvb24-1713559551-1.0.1.1-lgfnuNtOeBSz.4WCQiPHGjpewTIbXSVrwdj3SRJndKoLFBR9hBrjmusn8_r8EplkpmkFeIUC6xO8hraySWlbcA

Source: unknown

DNS traffic detected: queries for: click.pstmrk.it

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:23 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16324Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: nSUP4jKd4EH40J20P5uMvQZlkwNWm68QbmUFP8ezzVEyonhyOkdSQsnEzwIqZJceiklDSyIOpxKZggmFVij3ztH6vB8NFHtr6Z60omRaJrqeEWmP2TZPO3ZoF5QCNivHl5IPR2z0Ldg8hS/zsoFQyQ==$1SzR9l/lY8O4ZquFIOahHA==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:25 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16480Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: gw2/IArHs5WJjhRdZqIjLhibFTz028pBG1RnzeAiutgMKAgQXCkw9nCp1pG8t7k5odJcGcpI5vLu/1EMkdELmRgFVzHcxSvztV4fcqzb/hyEWM+wN7l6HbgB8JotCSqkQ/uXXF0l87Ip2gQ2AEPc0g==$Ar9pVVP5kaNyvvbbY8h+hw==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16480Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: IfTGpdJJiMn7NDRuBrEJpCs547b3uZ5y7EvcPriwMNuenqlW19ylWM2wYGQ2fW5/kg11e2cs+QwR540WWD70Xlbm8pd5h4VcsJGbYVg3DMfQgR/WfQPzk/c07+jIBC95FPZmf0FB7jclcZXErtpNPQ==$pVG9f3/O+hhVHMNmQji/xQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Fri, 19 Apr 2024 20:45:49 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16565Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINcf-mitigated: challengecf-chl-out: 3G28gnHxv9lllG/sCKtZy8b3HtFjFjXMjt5U+BBz+3fOFyxB4BsPQNmXD6/ninqZBP95M+d353dP8EbWY6CXTH0LuHKIheqiSneOUzZ8B3MrW3lytXAuUCe73TydqmNmblnCxGG9cOWJDa8E0AnFYg==$abvRUd0HN/EAfaSBiBckoQ==Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 503 Service UnavailableDate: Fri, 19 Apr 2024 20:45:49 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeSet-Cookie: cf_clearance=cTKjBxMhTIRQq3_K.LCUnplZbXvAdpxJgt2n3e3Je9c-1713559523-1.0.1.1-YId9Fg0tQ0p6x_kYoGBTIeI1un084pcKfPg2qYrm.ieZcd.0EPYtYm4FBRG2Z5uSWd10vlzAfQxgtJCH_CP9Jg; path=/; expires=Sat, 19-Apr-25 20:45:49 GMT; domain=.allianceimpressed.com; HttpOnly; Secure; SameSite=NoneX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockSet-Cookie: 1rIfYDWJV8OR7ZJR-0-hzq2aKU8=YUIi9CmuVsP02DD7caUrNNIjXlE; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: Ts35FoRSh-5uOoGmfxOj_-s6Wok=1713559544; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: AshzEUtSZNK_1xqFiOQsdLNhNeg=1713645944; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;Set-Cookie: 7tJx76CuWxGCTIUL9Dwunam_8lc=drRwvdrp0bxiMxHiROI6WcR7bhA; path=/; expires=Sat, 20-Apr-24 20:45:44 GMT; Max-Age=86400;X-Frame-Options: SAMEORIGINCache-Control: public, max-age=0 no-store, no-cache, must-revalidate, post-check=0, pre-check=0Pragma: no-cacheExpires: 0CF-Cache-Status: DYNAMIC
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 20:45:51 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCF-Cache-Status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=zAnqzUZ%2F%2FnxK6hYELNvtG26phwJ1BMF19poMkrSfey4O8BkiqviHyo%2FM19bmuEMr3Gz4z3gc93FR14bru%2BqaHNvaNYu7dViiF0leSWUYsI1goUUzTMjgwD4w1PqZ4CKK5YwG%2FQ4TQaI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 876fbd986bd9139a-ATLalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 19 Apr 2024 20:45:52 GMTContent-Type: text/htmlTransfer-Encoding: chunkedConnection: closeVary: Accept-EncodingX-Content-Type-Options: nosniffX-Content-Type-Options: nosniffX-XSS-Protection: 1; mode=blockX-XSS-Protection: 1; mode=blockCache-Control: public, max-age=315360000, stale-while-revalidate=315360000, stale-if-error=315360000, immutablePragma: publicCF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=1jT4fONXf0fXHGNnVvt8OwWydJTNkHd5LzIQV%2FzeukXudhGVNC29CUr3jZxu6ELoc0QAzpAh52tk%2FwWMZD38P70532vfAY7TYA2do3prkRhIC6w5xjl%2BIKvqgnsoW94WYD5LABaAacg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 876fbd9f0b8f8bb7-ATLalt-svc: h3=":443"; ma=86400

Source: chromecache_72.2.dr	String found in binary or memory: https://allianceimpressed.com
Source: chromecache_66.2.dr	String found in binary or memory: https://q2a9nc.fi07.fdske.com/ec/gAAAAABmIWKq_dM96_2BoT4McX52BSyyFAjhguS4bWjfY53J8r0noDqUsDmcAlKqFNX

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49718 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.31.62.93:443 -> 192.168.2.5:49721 version: TLS 1.2

Source: classification engine

Classification label: clean1.win@23/26@22/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2004,i,1810114582751248947,4925308050516260128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2112 --field-trial-handle=2004,i,1810114582751248947,4925308050516260128,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1428960
Product:	CloudBasic
Start time:	22:44:28
Start date:	19.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://click.pstmrk.it/3s/t.co%2F3lXVfWLG6V/gMTC/8MG0AQ/AQ/f175d876-71c7-4d90-ade1-29d2995a6655/1/Mea-rrcbqe