Windows Analysis Report
https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f

Overview

General Information

Sample URL:	https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f
Analysis ID:	1430851
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n...	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.godaddy.com/domainfind/v1/redirect?key=parkweb&utm_source=godaddy&utm_medium=parkedpages&utm_campaign=x_dom-broker_parkedpages_x_x_invest_001&tmskey=dpp_dbs&domainToCheck=lokicollective.org&isc=GPPTCOM&itc=parkedpage_landers	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /project/a49165b009d6496f97753a8b1560239f HTTP/1.1Host: lokicollective.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lander HTTP/1.1Host: lokicollective.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lokicollective.org/project/a49165b009d6496f97753a8b1560239fAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag?o=5097926782615552&upapi=true HTTP/1.1Host: btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&gdabp=true HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag?o=5097926782615552&upapi=true HTTP/1.1Host: btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"99d9767dcb7d8390d77625c402e08999"If-Modified-Since: Wed, 24 Apr 2024 07:21:18 GMT
Source: global traffic	HTTP traffic detected: GET /mw/state?bt_env=prod HTTP/1.1Host: api.btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://lokicollective.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=2 HTTP/1.1Host: ad-delivery.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=1&e=0.7487263870397995 HTTP/1.1Host: ad-delivery.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=1&e=0.7487263870397995 HTTP/1.1Host: ad-delivery.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=2 HTTP/1.1Host: ad-delivery.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/parking/landers/lokicollective.org?trafficTarget=reseller&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Request-Id: 61c0a9b5-c62b-4b73-b621-8bf0d95d79besec-ch-ua-platform: "Windows"Accept: /Origin: https://lokicollective.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/parking/landers/lokicollective.org?trafficTarget=reseller&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /afs/ads?adsafe=low&adtest=off&psid=7949183650&pcsa=false&channel=non-expiry&domain_name=lokicollective.org&client=dp-godaddy1_xml&r=m&rpbu=https%3A%2F%2Flokicollective.org%2Flander&type=3&uiopt=true&swp=as-drid-oo-1885714186540894&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442&client_gdprApplies=0&format=r3&nocache=2191713946182951&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=120&dt=1713946182952&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=907&frm=0&uio=-&cont=relatedLinks&drt=0&jsid=caf&nfp=1&jsv=625314022&rurl=https%3A%2F%2Flokicollective.org%2Flander&referer=https%3A%2F%2Flokicollective.org%2Fproject%2Fa49165b009d6496f97753a8b1560239f HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/6JK7PkhQPjgGeBZqyHKCSWuJKD5ZJmF_kzmP9QlV1DY.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: lokicollective.org

Source: chromecache_73.2.dr	String found in binary or memory: https://btloader.com/tag?o=5097926782615552&upapi=true
Source: chromecache_68.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_68.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_73.2.dr	String found in binary or memory: https://img1.wsimg.com/parking-lander/static/css/main.8a1d19af.css
Source: chromecache_73.2.dr	String found in binary or memory: https://img1.wsimg.com/parking-lander/static/js/main.93aa74bd.js
Source: chromecache_60.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_60.2.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_68.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_68.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_60.2.dr	String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_68.2.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_67.2.dr, chromecache_77.2.dr	String found in binary or memory: https://www.godaddy.com/domainfind/v1/redirect?key=parkweb
Source: chromecache_73.2.dr	String found in binary or memory: https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
Source: chromecache_59.2.dr, chromecache_68.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__.
Source: chromecache_59.2.dr, chromecache_75.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/47@34/17

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2348,i,13184993882879258231,12380295596562542279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2348,i,13184993882879258231,12380295596562542279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.141.99	unknown	United States	15169	GOOGLEUS	false
74.125.137.113	unknown	United States	15169	GOOGLEUS	false
52.32.46.203	unknown	United States	16509	AMAZON-02US	false
130.211.23.194	api.btloader.com	United States	15169	GOOGLEUS	false
35.167.118.102	gddomainparking.com	United States	16509	AMAZON-02US	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
76.223.67.189	lokicollective.org	United States	16509	AMAZON-02US	false
172.67.69.19	ad-delivery.net	United States	13335	CLOUDFLARENETUS	false
74.125.137.102	www3.l.google.com	United States	15169	GOOGLEUS	false
172.67.41.60	btloader.com	United States	13335	CLOUDFLARENETUS	false
142.251.2.148	ad.doubleclick.net	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.4
192.168.2.23
192.168.2.13
192.168.2.15
192.168.2.14

Contacted Domains

Name	IP	Active
gddomainparking.com	35.167.118.102	true
bg.microsoft.map.fastly.net	199.232.210.172	true
www3.l.google.com	74.125.137.102	true
api.btloader.com	130.211.23.194	true
lokicollective.org	76.223.67.189	true
ad.doubleclick.net	142.251.2.148	true
www.google.com	142.250.141.104	true
btloader.com	172.67.41.60	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
ad-delivery.net	172.67.69.19	true
img1.wsimg.com	unknown	unknown
api.aws.parking.godaddy.com	unknown	unknown
www.godaddy.com	unknown	unknown
www.adsensecustomsearchads.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://btloader.com/tag?o=5097926782615552&upapi=true	false	0%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://api.btloader.com/mw/state?bt_env=prod	false	URL Reputation: safe	unknown
https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4	false		high
https://www.godaddy.com/domainfind/v1/redirect?key=parkweb&utm_source=godaddy&utm_medium=parkedpages&utm_campaign=x_dom-broker_parkedpages_x_x_invest_001&tmskey=dpp_dbs&domainToCheck=lokicollective.org&isc=GPPTCOM&itc=parkedpage_landers	false		high
https://www.google.com/recaptcha/api2/webworker.js?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC	false		high
about:blank	false	Avira URL Cloud: safe	low
https://www.google.com/js/bg/6JK7PkhQPjgGeBZqyHKCSWuJKD5ZJmF_kzmP9QlV1DY.js	false		high
https://ad.doubleclick.net/favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250	false		high
https://ad-delivery.net/px.gif?ch=2	false	URL Reputation: safe	unknown
https://lokicollective.org/lander	false		unknown
https://www.google.com/recaptcha/api.js	false		high
https://www.google.com/recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	false		high
https://ad-delivery.net/px.gif?ch=1&e=0.7487263870397995	false	Avira URL Cloud: safe	unknown
https://api.aws.parking.godaddy.com/v1/parking/landers/lokicollective.org?trafficTarget=reseller&abp=1&gdabp=true	false		high
https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f	false		unknown
https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 55	GIF image data, version 89a, 1 x 1	AD4B0F606E0F8465BC4C4C170B37E1A3	50B30FD5F87C85FE5CBA2635CB83316CA71250D7	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
Chrome Cache Entry: 56	GIF image data, version 89a, 1 x 1	AD4B0F606E0F8465BC4C4C170B37E1A3	50B30FD5F87C85FE5CBA2635CB83316CA71250D7	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
Chrome Cache Entry: 57	HTML document, ASCII text	4671F7FEEAEB2D864D8A62D75B1AB5FD	781FA8DE2A96558A7A08FD580AACC77AA316EF68	344B328E8A242197332F11CFA148CB2E8238B4F5F2D7C3107FDE1E828E6CFD07
Chrome Cache Entry: 58	ASCII text, with very long lines (390), with no line terminators	E5FCD6EC3A77D8EBF3EBF33D443FD7A4	BA47637C6ACB9479EDCA604E26C76D12D3897D4B	94C525AD5F26867FE6EF4ED8DFE03A5514FBED94DB5F18DF8CAE802B3C9EE289
Chrome Cache Entry: 59	ASCII text, with very long lines (1222), with no line terminators	E9AD011280352C75C6F9CF212C42AACD	05A41AC3A9E296E1D9E6251E6908EABFE9697D04	B5E1FFD95251B13685BD867DFB1759CEB8DE9E5FB874E052C856022B29DDA862
Chrome Cache Entry: 60	ASCII text, with very long lines (2247)	D4949377D933654F20623FAC5B393286	F7FB09F1A8BA0C3FAA7A05EAFA5D4D0CC5162017	00EE9E9008373561A50ED528754A5C81C3BD547862C99F1ACD44350CEFFBDD34
Chrome Cache Entry: 61	ASCII text, with no line terminators	A3144EE887752BC84252FAACD4DFFD83	172430F70BAEDA54BB9F533293E0E80A2DA5835D	8B87CFF79D0F8142D02D4A5991C83A5D59A7733BCB0EBEDD0DE57E559C6EAEFB
Chrome Cache Entry: 62	ASCII text, with very long lines (65465)	9E0C2ACC6884700DEF88042217CE0E2D	21176E4AE7B69BAF2939B14FFBDC04352281A432	9B5D7CF50FA1B5D3F15913AD67116CAD2E0760E9EFA514CE0FF6A89AF51346CB
Chrome Cache Entry: 63	C source, ASCII text, with very long lines (56290)	6B46202888665C62F3CD2316918BFEAA	A6A9E9192FF41967BC0B3F7353A1D2661ABF719B	843147E8FE42B68B85F87AB0D4FE7AC4756A48901BA617AC96F292C444F174E2
Chrome Cache Entry: 64	GIF image data, version 89a, 1 x 1	AD4B0F606E0F8465BC4C4C170B37E1A3	50B30FD5F87C85FE5CBA2635CB83316CA71250D7	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
Chrome Cache Entry: 65	MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors	4123CE1E1732F202F60292941FF1487D	9F12B11BDE582DAE37CE8C160537D919C561C464	D961B08E4321250926DE6F79087594975FE20AD1518DE8F91EB711AF5D1A6EF8
Chrome Cache Entry: 66	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 67	JSON data	0FA0B6241D7E757BA54E6607F92B23CA	68D0A8A0E0DFE5B1891F5E073FF0703AF12A7ADF	BFA3902DF876348A14435FD8864834408ED4FF96434B6F6819A1FFAF80874D4E
Chrome Cache Entry: 68	ASCII text, with very long lines (597)	8326C23D6B3EED35BC3E62F3294587FD	EDDA17E74E53E85073E5EAC9CB6BE2163DBFA23C	57F03D3BA66117EDC152646341120DD3A1D7D71B9A98A3723AF5A8AE61BCB3AB
Chrome Cache Entry: 69	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 70	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 71	ASCII text, with very long lines (17683)	7D07C2BBCB789E8A63340B6F449416E0	44856381D2A46155517776ADBB8B21B5EFE41FFD	E892BB3E48503E380678166AC87282496B89283E5926617F93398FF50955D436
Chrome Cache Entry: 72	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 73	HTML document, ASCII text, with very long lines (619)	259417E1F9EE538515E103E06552310A	2FC35CFAF0CEA7F5121114DF7E9D41A21A434EE3	6CE85C22DDE60FC6C6781F1495BC88DE7B906F2A2036CAF811739FDAFDE686E6
Chrome Cache Entry: 74	HTML document, ASCII text, with no line terminators	E89F75F918DBDCEE28604D4E09DD71D7	F9D9055E9878723A12063B47D4A1A5F58C3EB1E9	6DC9C7FC93BB488BB0520A6C780A8D3C0FB5486A4711ACA49B4C53FAC7393023
Chrome Cache Entry: 75	ASCII text, with no line terminators	C193745DEB63FE67F3AA6B578C40DD99	8A3ECC2696074E71D3B011C99B98CB25229E1A31	D41E076366E4207D57A5FD1725C2024F751C43AE4A3A8E93CC46DFB8462A3E5B
Chrome Cache Entry: 76	ASCII text, with very long lines (56412), with no line terminators	2C00B9F417B688224937053CD0C284A5	17B4C18EBC129055DD25F214C3F11E03E9DF2D82	1E754B107428162C65A26D399B66DB3DAAEA09616BF8620D9DE4BC689CE48EED
Chrome Cache Entry: 77	JSON data	0FA0B6241D7E757BA54E6607F92B23CA	68D0A8A0E0DFE5B1891F5E073FF0703AF12A7ADF	BFA3902DF876348A14435FD8864834408ED4FF96434B6F6819A1FFAF80874D4E
Chrome Cache Entry: 78	GIF image data, version 89a, 1 x 1	AD4B0F606E0F8465BC4C4C170B37E1A3	50B30FD5F87C85FE5CBA2635CB83316CA71250D7	CF4724B2F736ED1A0AE6BC28F1EAD963D9CD2C1FD87B6EF32E7799FC1C5C8BDA
Chrome Cache Entry: 79	ASCII text, with very long lines (2736)	E2009D689266387017B6648142516BD9	15535120C37EAB27B129C344A9DAC737D45844BB	0FE514C7010C6D8B9E44F011EEA7497F7E482A60E1498CE324F99729948D048D
Chrome Cache Entry: 80	MS Windows icon resource - 2 icons, 16x16, 16 colors, 32x32, 16 colors	4123CE1E1732F202F60292941FF1487D	9F12B11BDE582DAE37CE8C160537D919C561C464	D961B08E4321250926DE6F79087594975FE20AD1518DE8F91EB711AF5D1A6EF8

There are no high impact signatures.

Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n...	HTTP Parser: No favicon
Source: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n...	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4	HTTP Parser: No favicon
Source: https://www.google.com/recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b	HTTP Parser: No favicon
Source: https://www.godaddy.com/domainfind/v1/redirect?key=parkweb&utm_source=godaddy&utm_medium=parkedpages&utm_campaign=x_dom-broker_parkedpages_x_x_invest_001&tmskey=dpp_dbs&domainToCheck=lokicollective.org&isc=GPPTCOM&itc=parkedpage_landers	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.234.57
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /project/a49165b009d6496f97753a8b1560239f HTTP/1.1Host: lokicollective.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lander HTTP/1.1Host: lokicollective.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://lokicollective.org/project/a49165b009d6496f97753a8b1560239fAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag?o=5097926782615552&upapi=true HTTP/1.1Host: btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&gdabp=true HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tag?o=5097926782615552&upapi=true HTTP/1.1Host: btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"99d9767dcb7d8390d77625c402e08999"If-Modified-Since: Wed, 24 Apr 2024 07:21:18 GMT
Source: global traffic	HTTP traffic detected: GET /mw/state?bt_env=prod HTTP/1.1Host: api.btloader.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://lokicollective.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=2 HTTP/1.1Host: ad-delivery.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=1&e=0.7487263870397995 HTTP/1.1Host: ad-delivery.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Host: ad.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=1&e=0.7487263870397995 HTTP/1.1Host: ad-delivery.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /px.gif?ch=2 HTTP/1.1Host: ad-delivery.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico?ad=300x250&ad_box_=1&adnet=1&showad=1&size=250x250 HTTP/1.1Host: ad.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/parking/landers/lokicollective.org?trafficTarget=reseller&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36X-Request-Id: 61c0a9b5-c62b-4b73-b621-8bf0d95d79besec-ch-ua-platform: "Windows"Accept: /Origin: https://lokicollective.orgSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/parking/landers/lokicollective.org?trafficTarget=reseller&abp=1&gdabp=true HTTP/1.1Host: api.aws.parking.godaddy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /afs/ads?adsafe=low&adtest=off&psid=7949183650&pcsa=false&channel=non-expiry&domain_name=lokicollective.org&client=dp-godaddy1_xml&r=m&rpbu=https%3A%2F%2Flokicollective.org%2Flander&type=3&uiopt=true&swp=as-drid-oo-1885714186540894&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300002%2C17301437%2C17301439%2C17301442&client_gdprApplies=0&format=r3&nocache=2191713946182951&num=0&output=afd_ads&v=3&bsl=8&pac=2&u_his=1&u_tz=120&dt=1713946182952&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=907&frm=0&uio=-&cont=relatedLinks&drt=0&jsid=caf&nfp=1&jsv=625314022&rurl=https%3A%2F%2Flokicollective.org%2Flander&referer=https%3A%2F%2Flokicollective.org%2Fproject%2Fa49165b009d6496f97753a8b1560239f HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUM HTTP/1.1Host: www.google.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://lokicollective.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/webworker.js?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /js/bg/6JK7PkhQPjgGeBZqyHKCSWuJKD5ZJmF_kzmP9QlV1DY.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/api2/anchor?ar=1&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b&co=aHR0cHM6Ly93d3cuZ29vZ2xlLmNvbTo0NDM.&hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&size=normal&s=j2W-zPYREtJ7R_d3ca3-DEqDS4TWywyiEQXs3VODdvAU_WwjrKMhlbMC0CKkn8Js0MY8J0zIvQlaOVkQMUWk7b8eM2lMnT6BGU96xT2jQdhbe5IOn7N2URHTdRqGuZQdxM34x_-akS5yc7oqJeEmWq840hajNTjYfsu3G_WnfqH82NY4csO6wna6yF2BtN2zlqUfd0T-49KL32xroh7vxVjEhC2ueiLp8PbGLZE3in21voU1e9Aq06VZrYCAbA7PfALx94CdxzEALO5jYTT1br1iQm8dl_M&cb=bb71o3mwl9s4Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/api2/bframe?hl=en&v=QoukH5jSO3sKFzVEA7Vc8VgC&k=6LfwuyUTAAAAAOAmoS0fdqijC2PbbdH4kjq62Y1b HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CKq1yQEIi7bJAQiktskBCKmdygEIoOHKAQiWocsBCJz+zAEIhaDNAQi5ys0BCIrTzQEY9snNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.google.com/sorry/index?continue=https://www.adsensecustomsearchads.com/afs/ads%3Fadsafe%3Dlow%26adtest%3Doff%26psid%3D7949183650%26pcsa%3Dfalse%26channel%3Dnon-expiry%26domain_name%3Dlokicollective.org%26client%3Ddp-godaddy1_xml%26r%3Dm%26rpbu%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26type%3D3%26uiopt%3Dtrue%26swp%3Das-drid-oo-1885714186540894%26oe%3DUTF-8%26ie%3DUTF-8%26fexp%3D21404%252C17300002%252C17301437%252C17301439%252C17301442%26client_gdprApplies%3D0%26format%3Dr3%26nocache%3D2191713946182951%26num%3D0%26output%3Dafd_ads%26v%3D3%26bsl%3D8%26pac%3D2%26u_his%3D1%26u_tz%3D120%26dt%3D1713946182952%26u_w%3D1280%26u_h%3D1024%26biw%3D1280%26bih%3D907%26psw%3D1280%26psh%3D907%26frm%3D0%26uio%3D-%26cont%3DrelatedLinks%26drt%3D0%26jsid%3Dcaf%26nfp%3D1%26jsv%3D625314022%26rurl%3Dhttps%253A%252F%252Flokicollective.org%252Flander%26referer%3Dhttps%253A%252F%252Flokicollective.org%252Fproject%252Fa49165b009d6496f97753a8b1560239f&q=EgSaEGkkGMj8orEGIjChjlv2eA_teQtuSdrWpyLQhVYlN3ZJr2tp3B2XEz4n4q5yk15AQLFd7L8WViMwF0EyAXJKGVNPUlJZX0FCVVNJVkVfTkVUX01FU1NBR0VaAUMAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: lokicollective.org

Source: chromecache_73.2.dr	String found in binary or memory: https://btloader.com/tag?o=5097926782615552&upapi=true
Source: chromecache_68.2.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_68.2.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_68.2.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_60.2.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_73.2.dr	String found in binary or memory: https://img1.wsimg.com/parking-lander/static/css/main.8a1d19af.css
Source: chromecache_73.2.dr	String found in binary or memory: https://img1.wsimg.com/parking-lander/static/js/main.93aa74bd.js
Source: chromecache_60.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_60.2.dr	String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_68.2.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_68.2.dr	String found in binary or memory: https://recaptcha.net
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_68.2.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_60.2.dr	String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_68.2.dr	String found in binary or memory: https://www.apache.org/licenses/
Source: chromecache_67.2.dr, chromecache_77.2.dr	String found in binary or memory: https://www.godaddy.com/domainfind/v1/redirect?key=parkweb
Source: chromecache_73.2.dr	String found in binary or memory: https://www.google.com/adsense/domains/caf.js?abp=1&gdabp=true
Source: chromecache_59.2.dr, chromecache_68.2.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_68.2.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__.
Source: chromecache_59.2.dr, chromecache_75.2.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/QoukH5jSO3sKFzVEA7Vc8VgC/recaptcha__en.js

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49747 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.4:49752 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@19/47@34/17

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2348,i,13184993882879258231,12380295596562542279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2348,i,13184993882879258231,12380295596562542279,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1430851
Product:	CloudBasic
Start time:	10:08:44
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://lokicollective.org/project/a49165b009d6496f97753a8b1560239f