Windows Analysis Report
https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com

Overview

General Information

Sample URL:	https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com
Analysis ID:	1430867
Infos:

Detection

HTMLPhisher

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish10

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML title does not match URL

Stores files to the Windows start menu directory

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Phishing site detected (based on logo match)

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

Matcher: Template: postei matched

HTML body contains low number of good links

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: Title: does not match URL

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/	HTTP Parser: No favicon
Source: https://kmg.zaz.mybluehost.me/south/manage/Canada_fr/	HTTP Parser: No favicon

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: No <meta name="author".. found

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49715 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com HTTP/1.1Host: url.za.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/xoWRNKoEAKwPduYMk1dDQh2BNiEd7n2wLpzHtGfntaY0zf4QTgI4Yd-_7zM9sn9YSGmhjE9MvonWTgl37KzHVsgVNdhyq9qICtTMZel6-Gm9DYNGiUZPWWI-zKSjb58E2THL0qSOdFc-kp60XOkO98CHHh24g4cGG2AxG86Wcq1Cn8A4RjTw7wuvsm85nIxnkmsuhCQZ3ok8DKaa9NcEOIYHmiEfrTBY2Je65wT_BoiuXzrp-u0PmvvWsmkys-AqLI60ex-QHHuxFtGL_wMt512T_wuN1dyJrrPVSn7xtAnF1X3scV5rfCv6X6vM7QPvJt0KEP10J3tC3YewFJI4q7ngCwiwYdO1L_2kxZ1Uy7nCU3O-R0qH1N1GvrlMICsH1H9qV7YFpUCO0nChe0iQCIXThqB3olaZVdU8O-P3P78BpUlcFWX9d5dYcRNib9eUYfUEfHwzijO9mfKQhnekH-xO422dVavDE-1A5i4fGuHT9Z_rP-95A9KVWxta6DJmYFX4us-O520tiEwcQw2iQHp66a7BbJRPz-Oj1DF3PVUdAmu0p1HTkCNNUpZj5vyDL8qdU1afvxCcInhC88f-zK8DB7mRoTi1xKCk4e2QDXuJ5pMPMt_zvM3K-ZkT3dgPDj0sSIeZcdV7ywThjKmqPhyWFkoKyRu_tyTYnvYI_hPeCeTkLacLtW8fLr5gk6kZYfXSUIbjzGgscgIrBtt7TXq1g7MZfk3rf0iTepYFC0zCpwJAR55VV1LBfGxnyVc7vBqYqsSslxH-zx5xlDswj_R3xwk_wajnzBlWA3pD3S2PfQyIdLYstm2kqxAiaOZSc9o85AyY4LEd3YiS0PJQ9tlseUxrnzsKJvSAp42tfBhPTF6UnjfIxD2MxXWHz-TwjdI9KAHPMEMb_4r35nM-4-YGiQjcKZFU6ICR4EG8jYyct_YISleIcFkFnO7C-z6crgaNm9XhqfYY2cqL0kaaANbHXO1TOPTHg4zYtxVt1SU8t4man9IrHv_cANXNcjbpX_SfvW0GrqnSyoMnOZ0lW3fYClCx774wImai5sdBfwnE3YKUKkZc3-_ph90ye4QlqWFWrTuOROYas5ilxukGHP1QI_pAkUP7QDJ8lVhsBOu0kVTjYrRKn3TkwsO2M4j3etVZ1GkGu6n0WryA1aG2B3i_VZzMCkqiGJdI634ZliWPiYu3CehwcTqGMF7MbueWrD2jYCZ35dDtSsSJLZXhbJ3qNliFk_knwTuweAE7ccfP8W-A61xgFGpy7SGR8vOSPNTm5i0OTQfQbvm_FPv6oz8gGKPDjatYuk7bCXXS7yRdCggAH-9Y_1AKdEqjKGN_fApYbE_10scUR8s-XwhyaNbcCj0gcgUqcR47bV0pX9KAwswNrgB7dQIpZrDWrrJDYRAjWzR-9x2_MCQrT395YUoFhhhnzfC5EpE3vSX6j7RxfycbvfY3252BIy9F-Oz10s4eQnNQX4FAULPH9rvTQ5a2E8Lfh0xX9HQQ2rMlQLseC9GSINyF-z4Jj3026u5NT1hGtFTG3Ql4-CsaylaxyQ8q6FGZZ39bLvD0EDmYuKHvIB8JCH0SC48wZPpRS5--2OPKUCsyIReERniumaxJ5qeg_rMTMcdY9IXkby2PLqGEiIUGIoqJjIvJPKdj3bb-adreFyFARMkfwI0foVYbz2-zyk-BEVoGr3qsTKnO1ZxdzSAlcFBs9On_fpzlPCAQew4mUX0sWx9vHB4eaPn7TGDPniq6Lu9hFr8Vu_7UgZ4ugKZyMcA1qrZhFqDWq28DwjbqFPqkXFdVa3mjusWnVuvKmWe2Jddm2Bfdt9wwpf27NtPXnN6YzDgP3hWipO4QBsJaWKUNDthAoOTWx5vPJcxprwOQLNu6dZVAGURav7d8NCVKrnVwTePjaHAKUsv3HYWZEmGybM8gaEaFm_LAm-Zwf64xRn2mj58dWRnLwj1QtEVvw7p325QmceezVW9dYlw29zNdp7Rp29Hr4CsBRbKNGIyCBO63eArRXOYOQQKr8OVkO97DlWQVjtb_9RdcyMRD2bBCjZGJ4_Jjc1QyXwohD0lt_INphHaRXuXzdeeBga2R3A5gRLK4mUSIPC4F1MQxmK5nw-mApgGcAT61tLOarkeUCijhwJnJN5in1qbl74CoWQdJrurW160GGfxhYVvqbGL911AKCysg9Nmc9dXytqEFR4p3Mk-cdixXj0Ehv8fh8P6XiNa062lsq0AWL3V0A8gpj2BGLdxi7EmEcUy4LJCFVXVQExC0v9oWgnt225gjrAARCZJOF28AQKUAMAj9ALJ1ncm_2w7AewzU9CYeeK27JS9F_EaAxJBt9qGzvHnp8wSRyzdczdIT7m0hPLo5SRrP9j0qNw4E6wtBgIEXnDt6hdqNeAf2AI9FSGAjs_zPWEQTfJ6bezor6ggADRDgNTpAcfQHTW5Wxmz7MFRgsVwds6WODJOtRTXjbzAbFSoAwawGaciqapPKMD7Ku5NyX3_VvaqfkKFd1E7jjjProixKT7bwyOIf9VDSMx86eXgTAtnUg0ywWwaccjkl1KMjOg6HR-nXiMzbrLnTnFAweFfVByRwQOELEyj55FnZ5ykakgDERU24ZSn-QnryoBm4S4RVP2tqXK5Wm57HkbSho_Eg62VMKHHujTRit8F5iT0Wb8TLaMz6kcQ6zeYpb_Hy-LAqucrH_A65b4t6aVPVBOYd5jbtRyxvt3dPPkvjL4WC-jhV90egK5621NKWaHVccdGFOw-jAglEBQz5Cow-D9y4uscl5nDhYY82Ct2u6tX6hzRuZ-CpmfQzIRMciEsE5gg3ds5k-es7DxLEfOJ3A2f5hYeoa1CJ2SKfXTG81oJLJhYRF7sYtvCDHFyWNXRtupZ1bkKkB8ml7bygTctkq5S62Rfih-MKSu7r76zKlj8IMGw7uCbbQY8jsjUcjQNLjVkt91dRWsNcYd9aXPqfeu4fJFwRCIx52JmzEcq08DwGj
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-za.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-za.mimecast.com/ttpwpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecast-logo.png HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecast-logo.png HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-za.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-za.mimecast.com/ttpwpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/ttp/url/get-page-data HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/3042db97a8b16e515f3d7efec?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czo1OiJlbWFpbCI7aToxO2k6MTk7fXM6NToiZW1haWwiO2k6MTk7czo0OiJzdGF0IjtzOjIyOiI2NjI3ZDAxZjNiNmFiNzQ1NzM1NDEwIjtzOjQ6ImxlYWQiO3M6NToiMzM0NjgiO3M6NzoiY2hhbm5lbCI7YToxOntzOjU6ImVtYWlsIjtpOjE5O319& HTTP/1.1Host: mautic.joseeustasiorivera.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lists/lt.php?tid=KkoBU15SAgQCA0gADFJUGw1VC1sUUVsLUh0BVVpVU1RXUgVWVAFNU1NTA1BWUgcbWARXAhQEBAAAHQEICQdIAAMHAVNTDFUIAFdRGAVVVQIKWAZSFAVTWlwdDAhdAEhbUVAJS1YCVAJUVFdcAQ8HAg HTTP/1.1Host: aduiwui.hosted.phplist.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/ HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/bootstrap.min.css HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/jquery.js HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/index.css HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-viza.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/logo.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-mastercard.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/search.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/menu.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/user.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/bootstrap.min.js HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/search.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/logo.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-mastercard.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-viza.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/menu.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/user.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/Canada_fr/ HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /r/nicvwfju-3Jzcl9E28N5HDz4OffXMjteTYpbNvloFT5zMIVLYBasJLP-0m7ysyE6X9Dy1l_06fq1bB1c25OieLNTQiicCeT9qAlE5FVIm2GbShUPegN24SJA3QaKS7IkbP0sFRh_28ML1bxg1DineadwBRdxHJeWPtBs6K3VZo1OWeXOEworxsmcYsO1rvRpdmKxx2IACgstetB73Ui580n5p9St5P6S72giAq1e1it8X4D8EEC4_U7S_POzILJJ4bMxB2kqHQkOppFGIZYZYViw3o4TYQ4ryXH4U6mWU7ZPVCvZw4MD_n0nT9ebvmB_GrYOopN0X3-00gfUDmq1ZN9sFvJRXav9hSRJryGY0HXj_pgs9EQ6yN-ByTB6G3y5pcxUzxY-iKVUjqsfYkAZxNb7S1fe_uDL5IkoEbL6p0UAix0l4qYBllWf_W6pW81jE_R-knBuIBOQhOwok4g3Mtm0RD9G3_xkJc99-mETfyVxl9PxQc3CmAq6AyBd2wwdsTpWtqoACpcJTaUy3RDIk-ncLlFyJ4NrgTNtHGbUuRRCXQteZV0evO9UdNe3E4NWK7i02zgxhXoHAk9hWVrhjPct8mbYxtcNK2F1LEZlNRm53ZO2xIj_5fpfS7EpAwlpU9jpebStefLCkaPTFvf1IDB3QDPUDEBCzljj6J0An4ZhUrYTXEKHwh7Zh7RZDIO32GERZaBKYL__7dIPqM9WI8OH4X8VSOK7-VdgIoCIF3IcQ90Qs1a_WY1F6lp6xX4RnlJZ2_0-Rl4YPjfOizT006_QukLzC1GylhQWWpAw9rDXbVMHQ3JHl4ILWYpeG4hIGxVwq1btd1jsmhixpv4z-UWkGjNIi0BSY9hOi9XS5ZqlS1VMZsUFK6BjJIkStWEQrrx0Gf3c8dbt5I9u6MIxaqHGH_ou1DmIEI_cqynpT_jvDPmCZ9RQOgurC6Jtm1mQBxTGvRRDe--PQGS_BHs1riDbAQRXXEJ89gg_D-w4-5cTSn-U8jUuH4NZP2vRy1x2ifD2OTQS0tthhr3UzgQd9YIdEMKu0jWEKIizmsKpRJAajPXtmOo0Hhzxu1VBvcY5ZgBVyBdasiQUN9JjZhXhOvTkODAEWjdtIWxZXVKwYIOemBNS52AhebH-D9t05peTotiS3J5wUx7UqcB5rWVfsXATUIy90T3noy4j6O9cTDvypSs9Vy5Bya0wDL4bDcCUZW_Wu4Q4C8f7NhTCk7BJTamlkhzktUcjo3u3TFxfj42MI7brz09zFcRSYHnZWFsJ4L7vbJWZfJ-xC-m318kiGTkw3TakZ3EMwcVrWqiY9JiWNEvfKhBjmaht0Gs060RjsEMxVdbKErGGWoQPmVeKgjRqV4bf7pxNWonrMsSjtrBjuICiYhbZdcrTuAFs67wylq5BL-UR2QpQf6Oy7335Z2rO8uC6bqITcgKCCGGU-EdlXCrRt6qWVlCe1pCmqUB71mje-AJWfN9ZmXQNH3JeTBCY-PpZzTU6kKdofWf768mkdZ8RxRpAxj17ArEDncQQWPg0gEeNrbDh4EiUSYt3V6x_42RmuGDQBP8LAf8cNisINdxJ_cduee_RPiO1ikZ_H-hoMuwkww39um6aIfU27yCEuSBD-fSFQORv986Z4xYo-VmS3O2XDnpZwdlJ0rNiK8lukJ0R_agZqoYaFc7HrRLMbOgHkinsqOVNiznwWWv5GgnKyt4UNqH8WLMFSaNxaAc_EJy3z98KIvUcw76qbBX0HV8386v0n2Kg_Q6nl8aXpgJLYh3d5dEr3t-K2qQS8O-_Smby7NLPoQ7x29HwMLCzHRp7TmMPz87JcUzOfRiAs_Qm7hJ0QeAzRTwGiYbZMpxFU6zwfqcFhk-E2bn_1zhPFZ7Xri1ze_rjdjp6fdSRRg6n4PwNq8B9Lw4Z6Msi194JT2U15bkucUB5D8OASew1fOG9k31Iw8F1M32oPkYxV4DiduPsXuZ4UlgV8nf49QyCtClnaWcKa-Wp9BgL-Uy0_5oVGoIQ0jqjyC0aeHpnhp2t2UWF3kC2kjqxAh9vr8zkOX3zSDmXoqNodrk2NVlO62wayWlRnYr3gfE5kSofKsb-gyJ2AKhxtrVm2xAjkBgpT-2YquoqwuDvj7_DfHGg4ph-2oncL7KIbYp90AnZmGZU6hwqYpfOyTA31UQ8Ha-LbhTzU7_Kgb3zCyIL6ETrHSPpwqCwyKfS4-nxChMuVAPWsrKIfuFJlYQs6Ag1vVG2aAyoRjHS-N6ka0axZGNJm1wtCw-Emk_hCkJKDbNV7LamEsRlBnkhFZ5WplGrdAexpfoGe1hCb9cLMiTF3VF5UcwgrCiXRHkGfuQaiDHpLYCfz9BxQIAzhM5LpJvKkkaUo6BrHOJYPJ6rsRcKQqmkfigrVIZNkNF3Qks441GdDGP7nUwYoBCtnqYKZPt6aDzkpAaW2SfsVdggzMz8Bi6SxgFRhXFXLCLZ9C-5yxdH3lNqRTdKX67iLfucbjc6oqNyctnOjCMex8GYEvszWMc8DnGdlzosPMlSFZt_axqpJSqml9dbMhFazIWPpCusoax0RfMIHt92ct2uzo1f4cZRuU5ZUXdfVx6WxIVtVE0S_om-hkkcS6rq1o58FKs_GqoyW72OO9Mm4UPg6qfnVZiBI6AiZD5T7ubriCjBhplUGMkiSyLJSZJa2PWKKWYUhHZoXprBYbHNebMJqiLj5C3DU3UqsxfIs_8ZpWB3Da3oa3ypajCse2Mis1VJVvtBe6acYJCPEWoiRbHSpfBj4Mt_6tuchXwLs3p7s-fuwMXdeTdqZjtENkn8bmT6pCy-v_SYQ7FQP8dkLbFczA6g4-_eUy-EKvlp0FSM72a8_uR0__MkykVeBQKDtVO4n6KWqy91EjjeTg_Q9bPfjAUudYbO02xEzyaOB-RTo1aPFelvEuFMfmdD5Tvo3_TihIt8y1S8dZ94R8LRUah_TaYPXPBxn8KFe9YFNsWH_J53GagJKpJpD
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.WslTG9wNI9ZTr6hKRVV4HPL04rhPXNVA1qLeJRxlii5SsjSbNqhqy2WBF-2FXfAgx8QNdllbadoE4fVWjuZ-2B5UQ3G-2FlBvMbs5CBdX3YeYWOK-2F6q3iBRBBf6qXJxTT5lbFLe3Z4RjDqO-2BB57yfMFmy9YkiMdUd8WgrfAKeLTaXE21KhJJAshw67B0pZXnPJRm-2B8sgY0FPSPpFZpf-2BVxZJkRMTtx5UnOIWpHD-2BYDpIwbxry5M5LqYoQsmtSj9V9OHjLgxp2vW9Joe7JwCr4lezO6ar-2FkWn2L59g5abavealh7vSXHePJ4FFKKtEgz3SI6kNBkMzOmxrXVnRT0TMpsE1N9nU6yBUwjXsIs3IN5smI4J50m7iMblfiC57CPCP3qVYcpIr7AjW-2F9DozTZjyE9gqSg-3D-3DP9Kw_-2F6Nc-2Br04KTzJB7Zv6oU-2FxaH4pgk-2FOwAvvyHvoZunJLB98VVOJ7B9y1YRsavABbjaQ45TkFOzf4hWBNjl2HWyE4LUZXMNjHsifR-2BcDacpEWzBesgqKBmzfjorjKYZA-2FWPKjemOluG0buUOehztc5-2FP9UluQ0wqdkSUURDJgE9SbEJ-2BiFL8sNHMAbupoJprnU4ZPYDaADU0s1LnwlFYBmQJNk8k0q1AApLpokpmvmiTBE-3D HTTP/1.1Host: url3687.joseeustasiorivera.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: url.za.m.mimecastprotect.com

Source: unknown

HTTP traffic detected: POST /threshold/xls.aspx HTTP/1.1Origin: https://www.bing.comReferer: https://www.bing.com/AS/API/WindowsCortanaPane/V2/InitAccept: */*Accept-Language: en-CHContent-type: text/xmlX-Agent-DeviceId: 01000A410900D492X-BM-CBT: 1696428841X-BM-DateFormat: dd/MM/yyyyX-BM-DeviceDimensions: 784x984X-BM-DeviceDimensionsLogical: 784x984X-BM-DeviceScale: 100X-BM-DTZ: 120X-BM-Market: CHX-BM-Theme: 000000;0078d7X-BM-WindowsFlights: FX:117B9872,FX:119E26AD,FX:11C0E96C,FX:11C6E5C2,FX:11C7EB6A,FX:11C9408A,FX:11C940DB,FX:11CB9A9F,FX:11CB9AC1,FX:11CC111C,FX:11D5BFCD,FX:11DF5B12,FX:11DF5B75,FX:1240931B,FX:124B38D0,FX:127FC878,FX:1283FFE8,FX:12840617,FX:128979F9,FX:128EBD7E,FX:129135BB,FX:129E053F,FX:12A74DB5,FX:12AB734D,FX:12B8450E,FX:12BD6E73,FX:12C3331B,FX:12C7D66EX-Device-ClientSession: DB0AFB19004F47BC80E5208C7478FF22X-Device-isOptin: falseX-Device-MachineId: {92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A}X-Device-OSSKU: 48X-Device-Touch: falseX-DeviceID: 01000A410900D492X-MSEdge-ExternalExp: d-thshld39,d-thshld42,d-thshld77,d-thshld78,staticshX-MSEdge-ExternalExpType: JointCoordX-PositionerType: DesktopX-Search-AppId: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUIX-Search-CortanaAvailableCapabilities: NoneX-Search-SafeSearch: ModerateX-Search-TimeZone: Bias=-60; DaylightBias=-60; TimeZoneKeyName=W. Europe Standard TimeX-UserAgeClass: UnknownAccept-Encoding: gzip, deflate, brUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; Cortana 1.14.7.19041; 10.0.0.0.19045.2006) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/70.0.3538.102 Safari/537.36 Edge/18.19045Host: www.bing.comContent-Length: 2484Connection: Keep-AliveCache-Control: no-cacheCookie: MUID=2F4E96DB8B7049E59AD4484C3C00F7CF; _SS=SID=1A6DEABB468B65843EB5F91B47916435&CPID=1713946600033&AC=1&CPH=d1a4eb75; _EDGE_S=SID=1A6DEABB468B65843EB5F91B47916435; SRCHUID=V=2&GUID=3D32B8AC657C4AD781A584E283227995&dmnchg=1; SRCHD=AF=NOFORM; SRCHUSR=DOB=20231004; SRCHHPGUSR=SRCHLANG=en&IPMH=986d886c&IPMID=1696428841029&HV=1696428756; CortanaAppUID=5A290E2CC4B523E2D8B5E2E3E4CB7CB7; MUIDB=2F4E96DB8B7049E59AD4484C3C00F7CF

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Type: text/html; charset=utf-8Content-Length: 180ETag: W/"b4-Rx6/Sa3RjWBf0k8YjdRg8WXd70U"Vary: Accept-EncodingDate: Wed, 24 Apr 2024 08:17:28 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 08:17:51 GMTServer: nginx/1.21.6Content-Type: text/html; charset=iso-8859-1Content-Length: 315host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 08:18:01 GMTServer: nginx/1.21.6Content-Type: text/html; charset=iso-8859-1Content-Length: 315host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==

Source: chromecache_81.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_81.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49715 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@20/62@26/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1984,i,12593039912173914650,15885612422497244575,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1984,i,12593039912173914650,15885612422497244575,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
50.116.65.227	kmg.zaz.mybluehost.me	United States	46606	UNIFIEDLAYER-AS-1US	false
161.35.102.60	mautic.joseeustasiorivera.com	United States	14061	DIGITALOCEAN-ASNUS	false
45.33.29.14	aspen.phplist.com	United States	63949	LINODE-APLinodeLLCUS	false
41.74.196.103	url.za.m.mimecastprotect.com	South Africa	37235	MimecastSAZA	false
167.89.123.204	sendgrid.net	United States	11377	SENDGRIDUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
41.74.192.103	unknown	South Africa	37235	MimecastSAZA	false
41.74.196.11	security-za.mimecast.com	South Africa	37235	MimecastSAZA	false
142.250.141.147	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
aspen.phplist.com	45.33.29.14	true
security-za.mimecast.com	41.74.196.11	true
mautic.joseeustasiorivera.com	161.35.102.60	true
kmg.zaz.mybluehost.me	50.116.65.227	true
sendgrid.net	167.89.123.204	true
www.google.com	142.250.141.147	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
url.za.m.mimecastprotect.com	41.74.196.103	true
url3687.joseeustasiorivera.com	unknown	unknown
aduiwui.hosted.phplist.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://security-za.mimecast.com/ttpwp/resources/runtime.5257ca6e429949972959.js	false		high
https://security-za.mimecast.com/ttpwp/resources/styles.5257ca6e429949972959.js	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/icon-mastercard.png	false		high
https://mautic.joseeustasiorivera.com/r/3042db97a8b16e515f3d7efec?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czo1OiJlbWFpbCI7aToxO2k6MTk7fXM6NToiZW1haWwiO2k6MTk7czo0OiJzdGF0IjtzOjIyOiI2NjI3ZDAxZjNiNmFiNzQ1NzM1NDEwIjtzOjQ6ImxlYWQiO3M6NToiMzM0NjgiO3M6NzoiY2hhbm5lbCI7YToxOntzOjU6ImVtYWlsIjtpOjE5O319&	false	Avira URL Cloud: safe	unknown
https://security-za.mimecast.com/ttpwp/resources/images/mimecast-logo.png	false		high
https://security-za.mimecast.com/ttpwp/resources/main.5257ca6e429949972959.js	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/logo.png	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/menu.svg	false		high
https://aduiwui.hosted.phplist.com/lists/lt.php?tid=KkoBU15SAgQCA0gADFJUGw1VC1sUUVsLUh0BVVpVU1RXUgVWVAFNU1NTA1BWUgcbWARXAhQEBAAAHQEICQdIAAMHAVNTDFUIAFdRGAVVVQIKWAZSFAVTWlwdDAhdAEhbUVAJS1YCVAJUVFdcAQ8HAg	false		high
https://security-za.mimecast.com/ttpwp/resources/polyfills.5257ca6e429949972959.js	false		high
https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com	false		unknown
https://kmg.zaz.mybluehost.me/south/manage/ene/packeges/bootstrap.min.css	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/search.svg	false		high
https://security-za.mimecast.com/ttpwp	false		high
https://security-za.mimecast.com/api/ttp/url/get-page-data	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/packeges/jquery.js	false		high
https://security-za.mimecast.com/ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/user.svg	false		high
https://kmg.zaz.mybluehost.me/favicon.ico	false		high
https://security-za.mimecast.com/ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/packeges/bootstrap.min.js	false		high
https://security-za.mimecast.com/ttpwp/resources/images/favicon.ico	false		high
https://security-za.mimecast.com/ttpwp/resources/languages/en.json	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/packeges/index.css	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/images/icon-viza.png	false		high
https://kmg.zaz.mybluehost.me/south/manage/ene/	false		high
https://kmg.zaz.mybluehost.me/south/manage/Canada_fr/	false		high
https://security-za.mimecast.com/ttpwp/#/warn?key=UMMXfKARRP4MY8Zq3un416WIvD7PnDenWK6JwQXoannhc8NfEW5pwBF8Z9yCBamAX1GkAwjAb0kWFObzmyuka5uk9sZCP4TyjtHRKni4ByDoQrOb_BtseaWv7m1jziv3	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 07:16:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B9B274BAF802F34B7ACD67DE716B6D15	B22880863E409BCA2C3AC2E640332D0553EA0B8A	411AA1C566F7FFB7B06D37A93204D14CAC2B0E44122C6E8001BBB49CAB81B2AD
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 07:16:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A040B3628F3A5DB6D00FED70704D15EF	C361DBDCCE5FCDC7D6E76049BB195F6442EA3FBF	A3C6E4B3E3E65B682C4DC0B8A0B0C6F71F42CA6976A19CDBDDE32D1415EBB831
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	C24EF4EA818A2AB459F1C2BB34D4FA65	2822B2788F5A1C480A0A14C93697684DD9169401	84DB30ECC585E1957B007D9AD368AB296D427DD60216BA5ABE5CCC380DE14D9F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 07:16:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	57996CD980AD27BF18E24BF78463730D	5638CA937AEF4D14E6EF7AF89D4750D80C0059D9	4669DAC20A4AFD06F3A22711DBC48946C57B85083CC9D277D5E946AD20E7ACC3
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 07:16:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	D607B734272851D177A7B425B7F97334	0EBB11A14425C6A1C8CBE19503EF950BD359C514	886C40C2CCC094E1A12F12EEE55D2C4E610CA326C73A4C8E512BF4CCC8EE49F5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Apr 24 07:16:55 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F4F32FFA461975A64DD86DE65E9A47E8	59323F113485F9D2BC78DA64550156F9E3948F48	4E569539A47EAECD36F6573843236AE58CD034FC502CFD38851A41213D36943F
Chrome Cache Entry: 100	PNG image data, 733 x 325, 8-bit colormap, non-interlaced	22709B636915A8E12A81E5DE9E8A3C7E	02431BD4D847D6F53B700C344847977FFEF04E3A	3DBC551A5FA5C9437B97D632D86A3D9D46AFD13DF0247D9FEE74C9FE472292FB
Chrome Cache Entry: 101	PNG image data, 150 x 93, 8-bit/color RGB, non-interlaced	5D1100CF5CF58B6830FE686A793CA786	A415BB3D90E88BD48AFC1897CDC5622022DF71E0	3CCF9B38C48E021DE2191C3AF9E8BBA6F3EB8CBDF8763E85920D7F7248EB8577
Chrome Cache Entry: 102	gzip compressed data, from Unix, original size modulo 2^32 155758	8D439940F8C3625AF6AE3EB114868F72	7575057374C2DDA5728D7BD38E2F43F837DD4003	38DECC3E8ED16EE63395D27C577D5B6BA7F8830185B4D626BC072FBBD39AD585
Chrome Cache Entry: 103	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 104	PNG image data, 150 x 93, 8-bit/color RGB, non-interlaced	40A3EA6D4694396B3B7D5BE0AD2C900E	F7F58FC72AFBF5907D9FEBCB782A476C737EFC6A	6798395B760CC84EE69EEB14D0D23E49D334033D05F7C6CD20E2A358BFA5D0E2
Chrome Cache Entry: 105	SVG Scalable Vector Graphics image	6C1D1E2234738284B3AF018C4279B4BA	15BA5072C8687601DDCF4145FD492537B2B3D1FE	B8D34DE8DE0E7CFDC8B1AB414AAC93C814A47A0EB264761A10EBFE0AD12A5FF8
Chrome Cache Entry: 106	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 107	SVG Scalable Vector Graphics image	722C894FA6307BEEB05607BDBAC95A37	3284782B3AA1B00BCD24EE3F379328F22422DAF2	22566385067E3B9D672EEEEFE4AE56AF11389B988404F36B3ADAAC86D4A31788
Chrome Cache Entry: 108	PNG image data, 254 x 120, 8-bit/color RGBA, non-interlaced	EB9048F8FBF87B993E77B0AB95DAAA60	38B9F52981F1E3E7C0AA3F9C0773D971D28218BC	35175BBAB647CEC8479F295A98978D170CD7B62E5FD3F7B64DEFAE81B517B16A
Chrome Cache Entry: 76	PNG image data, 150 x 93, 8-bit/color RGB, non-interlaced	5D1100CF5CF58B6830FE686A793CA786	A415BB3D90E88BD48AFC1897CDC5622022DF71E0	3CCF9B38C48E021DE2191C3AF9E8BBA6F3EB8CBDF8763E85920D7F7248EB8577
Chrome Cache Entry: 77	SVG Scalable Vector Graphics image	F76EBEC217D1677449EF5BFC0863C378	C2ACB9BB4041B1995C0F5080A522CA1142798940	C73D5355AAEA905C2A68ECF3B76F689954BFCCE031E733F4B70DD12114C4C8A8
Chrome Cache Entry: 78	PNG image data, 150 x 93, 8-bit/color RGB, non-interlaced	40A3EA6D4694396B3B7D5BE0AD2C900E	F7F58FC72AFBF5907D9FEBCB782A476C737EFC6A	6798395B760CC84EE69EEB14D0D23E49D334033D05F7C6CD20E2A358BFA5D0E2
Chrome Cache Entry: 79	ASCII text, with no line terminators	0D021B2233681B4A3DEB7478B41FECC2	33DDA840E3CE73EFD7F3C7A2A21BAD97A68F57EA	98CC641659C770F6A0B19F1618EF66666977F315A9867AD1AA69C27D12FCB32E
Chrome Cache Entry: 80	SVG Scalable Vector Graphics image	F76EBEC217D1677449EF5BFC0863C378	C2ACB9BB4041B1995C0F5080A522CA1142798940	C73D5355AAEA905C2A68ECF3B76F689954BFCCE031E733F4B70DD12114C4C8A8
Chrome Cache Entry: 81	HTML document, ASCII text, with very long lines (2088)	C286C6FD6BFE7C3FAF59157B7AA0FD39	25D2FF78EB12EF3DB2A3907E8D2CE39C1C5505D9	1062224668A272A46FF501E338702C675FF7EF413009FF3FA8E5D42BA37A90C4
Chrome Cache Entry: 82	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 83	gzip compressed data, from Unix, original size modulo 2^32 58072	8717CB3B96FFFC269F1B7C43530B6B84	784CA14BF4D79218797363EDF7EE22895BCBD906	4EBC6DE1B88DA2FDC17BCEA772D10A1387A7E1762488483525200A5A389C108B
Chrome Cache Entry: 84	PNG image data, 733 x 325, 8-bit colormap, non-interlaced	22709B636915A8E12A81E5DE9E8A3C7E	02431BD4D847D6F53B700C344847977FFEF04E3A	3DBC551A5FA5C9437B97D632D86A3D9D46AFD13DF0247D9FEE74C9FE472292FB
Chrome Cache Entry: 85	Web Open Font Format (Version 2), TrueType, length 37608, version 1.0	E5231978386520AFD0019A8F5D007882	5E06725A18323ED9372E3E488D4F6DF1A56B3091	71BF29B23EAACC10ACE4DB7E3711FD8F16F199F8F5F8FF5895A0BB0C13546509
Chrome Cache Entry: 86	ASCII text, with very long lines (65536), with no line terminators	5F0D3A7E853059D6E1BF72263336A1B6	1D2860B87C7C0DFBC8A4BB72733BFA811108826D	C1C6725B64EE8DDB255DE008BDFFB528CB91B10DE40B67737E0B6DD9C47C6096
Chrome Cache Entry: 87	Web Open Font Format (Version 2), TrueType, length 137104, version 331.-31196	DBF1FC91F1BEEC2915123257EA4D58EF	D2A6D5D31334F6D0831F1C17D26E23FE0AA6A8DB	8D4D29042C23B5FCBED3AF690421776DE0F8AD3D308D66E24A9D80BCC8CCB522
Chrome Cache Entry: 88	ASCII text, with CRLF line terminators	041FB09535468AB471F9E3978B3C4D12	DF664B86B53FD1499E35DC174159D83DF8E36D12	006A54B007E1D10BC3250A653FEA2DC2BC044B251411AAAA83B8CAA142D5DB31
Chrome Cache Entry: 89	HTML document, ASCII text	B574A8D3BC4C6A4FE57E89008E9645A3	471EBF49ADD18D605FD24F188DD460F165DDEF45	3237A8FE51F94BBF3E3E38E4A8E0DC1A643F5DFB5C49D265A8B456CD646D6FCC
Chrome Cache Entry: 90	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	44385673EEF386EC121603CD302FD05F	C15A6D61054FFB16D8DF4DA943B545349FC82631	069E8A1E31ABA074CC28BC9D6D54C67495BD42A02115DC232BE7C8D9F83E40A8
Chrome Cache Entry: 91	PNG image data, 254 x 120, 8-bit/color RGBA, non-interlaced	EB9048F8FBF87B993E77B0AB95DAAA60	38B9F52981F1E3E7C0AA3F9C0773D971D28218BC	35175BBAB647CEC8479F295A98978D170CD7B62E5FD3F7B64DEFAE81B517B16A
Chrome Cache Entry: 92	ASCII text, with very long lines (65536), with no line terminators	0AF2F9447CC29B13B5986BB0B2DF1201	18A26C55CB12A8CB5A40738D63EBBADFF9C9E157	DD23B2D3B699647A55640F98703B96CF76473C19969E11AB05653DBDF5ABCE0C
Chrome Cache Entry: 93	SVG Scalable Vector Graphics image	6C1D1E2234738284B3AF018C4279B4BA	15BA5072C8687601DDCF4145FD492537B2B3D1FE	B8D34DE8DE0E7CFDC8B1AB414AAC93C814A47A0EB264761A10EBFE0AD12A5FF8
Chrome Cache Entry: 94	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 95	ASCII text, with very long lines (65450), with CRLF line terminators	2F772FED444D5489079F275BD01E26CC	A8927AC2830B2FDD4A729EB0EB7F80923539CEB9	2B381363DDA049F2D49A59037B228BC865D51FFB977C8F5C3547D5C28DE48E3A
Chrome Cache Entry: 96	JSON data	BEC66575E1C280E5041EFB0665141845	42893859EA2DE523193BD7CBD4173E52E9B402C1	0367BF9BDDF7F8747008FA412393A70E505BBFB63A0F6CEF23D319EE932B786A
Chrome Cache Entry: 97	ASCII text, with very long lines (1492), with no line terminators	3AD4DE7EFFAAC3D0048EF54F8491451F	B807DD524C22B9F6241B1EF14AD6902D5C9D9215	6C36E59711DF161A3D7A2D6FB3E5C17A8767A2F42AEADD9BF166830FDB8ACD5E
Chrome Cache Entry: 98	SVG Scalable Vector Graphics image	722C894FA6307BEEB05607BDBAC95A37	3284782B3AA1B00BCD24EE3F379328F22422DAF2	22566385067E3B9D672EEEEFE4AE56AF11389B988404F36B3ADAAC86D4A31788
Chrome Cache Entry: 99	ASCII text, with very long lines (65536), with no line terminators	A792F7BBECA0147C515D7ECAA5479B83	B6B6AB4BA9403B8934E36EF587C612F86180D18B	FA9682F24595628BABEF9DAC52F38DCB373C4EBA5E555339CC0666B67EEADDAE

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: 1.2.pages.csv, type: HTML

Phishing site detected (based on logo match)

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

Matcher: Template: postei matched

HTML body contains low number of good links

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: Number of links: 0

HTML title does not match URL

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: Title: does not match URL

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/	HTTP Parser: No favicon
Source: https://kmg.zaz.mybluehost.me/south/manage/Canada_fr/	HTTP Parser: No favicon

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: No <meta name="author".. found

Source: https://kmg.zaz.mybluehost.me/south/manage/ene/

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49715 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 23.1.237.91:443 -> 192.168.2.5:49721 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.6.29
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com HTTP/1.1Host: url.za.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/xoWRNKoEAKwPduYMk1dDQh2BNiEd7n2wLpzHtGfntaY0zf4QTgI4Yd-_7zM9sn9YSGmhjE9MvonWTgl37KzHVsgVNdhyq9qICtTMZel6-Gm9DYNGiUZPWWI-zKSjb58E2THL0qSOdFc-kp60XOkO98CHHh24g4cGG2AxG86Wcq1Cn8A4RjTw7wuvsm85nIxnkmsuhCQZ3ok8DKaa9NcEOIYHmiEfrTBY2Je65wT_BoiuXzrp-u0PmvvWsmkys-AqLI60ex-QHHuxFtGL_wMt512T_wuN1dyJrrPVSn7xtAnF1X3scV5rfCv6X6vM7QPvJt0KEP10J3tC3YewFJI4q7ngCwiwYdO1L_2kxZ1Uy7nCU3O-R0qH1N1GvrlMICsH1H9qV7YFpUCO0nChe0iQCIXThqB3olaZVdU8O-P3P78BpUlcFWX9d5dYcRNib9eUYfUEfHwzijO9mfKQhnekH-xO422dVavDE-1A5i4fGuHT9Z_rP-95A9KVWxta6DJmYFX4us-O520tiEwcQw2iQHp66a7BbJRPz-Oj1DF3PVUdAmu0p1HTkCNNUpZj5vyDL8qdU1afvxCcInhC88f-zK8DB7mRoTi1xKCk4e2QDXuJ5pMPMt_zvM3K-ZkT3dgPDj0sSIeZcdV7ywThjKmqPhyWFkoKyRu_tyTYnvYI_hPeCeTkLacLtW8fLr5gk6kZYfXSUIbjzGgscgIrBtt7TXq1g7MZfk3rf0iTepYFC0zCpwJAR55VV1LBfGxnyVc7vBqYqsSslxH-zx5xlDswj_R3xwk_wajnzBlWA3pD3S2PfQyIdLYstm2kqxAiaOZSc9o85AyY4LEd3YiS0PJQ9tlseUxrnzsKJvSAp42tfBhPTF6UnjfIxD2MxXWHz-TwjdI9KAHPMEMb_4r35nM-4-YGiQjcKZFU6ICR4EG8jYyct_YISleIcFkFnO7C-z6crgaNm9XhqfYY2cqL0kaaANbHXO1TOPTHg4zYtxVt1SU8t4man9IrHv_cANXNcjbpX_SfvW0GrqnSyoMnOZ0lW3fYClCx774wImai5sdBfwnE3YKUKkZc3-_ph90ye4QlqWFWrTuOROYas5ilxukGHP1QI_pAkUP7QDJ8lVhsBOu0kVTjYrRKn3TkwsO2M4j3etVZ1GkGu6n0WryA1aG2B3i_VZzMCkqiGJdI634ZliWPiYu3CehwcTqGMF7MbueWrD2jYCZ35dDtSsSJLZXhbJ3qNliFk_knwTuweAE7ccfP8W-A61xgFGpy7SGR8vOSPNTm5i0OTQfQbvm_FPv6oz8gGKPDjatYuk7bCXXS7yRdCggAH-9Y_1AKdEqjKGN_fApYbE_10scUR8s-XwhyaNbcCj0gcgUqcR47bV0pX9KAwswNrgB7dQIpZrDWrrJDYRAjWzR-9x2_MCQrT395YUoFhhhnzfC5EpE3vSX6j7RxfycbvfY3252BIy9F-Oz10s4eQnNQX4FAULPH9rvTQ5a2E8Lfh0xX9HQQ2rMlQLseC9GSINyF-z4Jj3026u5NT1hGtFTG3Ql4-CsaylaxyQ8q6FGZZ39bLvD0EDmYuKHvIB8JCH0SC48wZPpRS5--2OPKUCsyIReERniumaxJ5qeg_rMTMcdY9IXkby2PLqGEiIUGIoqJjIvJPKdj3bb-adreFyFARMkfwI0foVYbz2-zyk-BEVoGr3qsTKnO1ZxdzSAlcFBs9On_fpzlPCAQew4mUX0sWx9vHB4eaPn7TGDPniq6Lu9hFr8Vu_7UgZ4ugKZyMcA1qrZhFqDWq28DwjbqFPqkXFdVa3mjusWnVuvKmWe2Jddm2Bfdt9wwpf27NtPXnN6YzDgP3hWipO4QBsJaWKUNDthAoOTWx5vPJcxprwOQLNu6dZVAGURav7d8NCVKrnVwTePjaHAKUsv3HYWZEmGybM8gaEaFm_LAm-Zwf64xRn2mj58dWRnLwj1QtEVvw7p325QmceezVW9dYlw29zNdp7Rp29Hr4CsBRbKNGIyCBO63eArRXOYOQQKr8OVkO97DlWQVjtb_9RdcyMRD2bBCjZGJ4_Jjc1QyXwohD0lt_INphHaRXuXzdeeBga2R3A5gRLK4mUSIPC4F1MQxmK5nw-mApgGcAT61tLOarkeUCijhwJnJN5in1qbl74CoWQdJrurW160GGfxhYVvqbGL911AKCysg9Nmc9dXytqEFR4p3Mk-cdixXj0Ehv8fh8P6XiNa062lsq0AWL3V0A8gpj2BGLdxi7EmEcUy4LJCFVXVQExC0v9oWgnt225gjrAARCZJOF28AQKUAMAj9ALJ1ncm_2w7AewzU9CYeeK27JS9F_EaAxJBt9qGzvHnp8wSRyzdczdIT7m0hPLo5SRrP9j0qNw4E6wtBgIEXnDt6hdqNeAf2AI9FSGAjs_zPWEQTfJ6bezor6ggADRDgNTpAcfQHTW5Wxmz7MFRgsVwds6WODJOtRTXjbzAbFSoAwawGaciqapPKMD7Ku5NyX3_VvaqfkKFd1E7jjjProixKT7bwyOIf9VDSMx86eXgTAtnUg0ywWwaccjkl1KMjOg6HR-nXiMzbrLnTnFAweFfVByRwQOELEyj55FnZ5ykakgDERU24ZSn-QnryoBm4S4RVP2tqXK5Wm57HkbSho_Eg62VMKHHujTRit8F5iT0Wb8TLaMz6kcQ6zeYpb_Hy-LAqucrH_A65b4t6aVPVBOYd5jbtRyxvt3dPPkvjL4WC-jhV90egK5621NKWaHVccdGFOw-jAglEBQz5Cow-D9y4uscl5nDhYY82Ct2u6tX6hzRuZ-CpmfQzIRMciEsE5gg3ds5k-es7DxLEfOJ3A2f5hYeoa1CJ2SKfXTG81oJLJhYRF7sYtvCDHFyWNXRtupZ1bkKkB8ml7bygTctkq5S62Rfih-MKSu7r76zKlj8IMGw7uCbbQY8jsjUcjQNLjVkt91dRWsNcYd9aXPqfeu4fJFwRCIx52JmzEcq08DwGj
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /ttpwp HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/runtime.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/polyfills.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/styles.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/main.5257ca6e429949972959.js HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/fa-solid-900.54dfc8f551be346014e4.woff2 HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-za.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-za.mimecast.com/ttpwpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/plain, /Content-Type: application/jsonx-context-route: ttpwpsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecast-logo.png HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/mimecast-logo.png HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/mimecast-icons.bb1a2cd16db9345fc437.woff2?25417273 HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://security-za.mimecast.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://security-za.mimecast.com/ttpwpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/languages/en.json HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/ttp/url/get-page-data HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-za.mimecast.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ttpwp/resources/images/favicon.ico HTTP/1.1Host: security-za.mimecast.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/3042db97a8b16e515f3d7efec?ct=YTo1OntzOjY6InNvdXJjZSI7YToyOntpOjA7czo1OiJlbWFpbCI7aToxO2k6MTk7fXM6NToiZW1haWwiO2k6MTk7czo0OiJzdGF0IjtzOjIyOiI2NjI3ZDAxZjNiNmFiNzQ1NzM1NDEwIjtzOjQ6ImxlYWQiO3M6NToiMzM0NjgiO3M6NzoiY2hhbm5lbCI7YToxOntzOjU6ImVtYWlsIjtpOjE5O319& HTTP/1.1Host: mautic.joseeustasiorivera.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /lists/lt.php?tid=KkoBU15SAgQCA0gADFJUGw1VC1sUUVsLUh0BVVpVU1RXUgVWVAFNU1NTA1BWUgcbWARXAhQEBAAAHQEICQdIAAMHAVNTDFUIAFdRGAVVVQIKWAZSFAVTWlwdDAhdAEhbUVAJS1YCVAJUVFdcAQ8HAg HTTP/1.1Host: aduiwui.hosted.phplist.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/ HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/bootstrap.min.css HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/jquery.js HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/index.css HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-viza.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/logo.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-mastercard.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/search.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/menu.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/user.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/packeges/bootstrap.min.js HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/search.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/logo.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-mastercard.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/icon-viza.png HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://kmg.zaz.mybluehost.me/south/manage/ene/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/menu.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/ene/images/user.svg HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /south/manage/Canada_fr/ HTTP/1.1Host: kmg.zaz.mybluehost.meConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=58d1c669f95071befc3b01b0bdc8e5d1
Source: global traffic	HTTP traffic detected: GET /r/nicvwfju-3Jzcl9E28N5HDz4OffXMjteTYpbNvloFT5zMIVLYBasJLP-0m7ysyE6X9Dy1l_06fq1bB1c25OieLNTQiicCeT9qAlE5FVIm2GbShUPegN24SJA3QaKS7IkbP0sFRh_28ML1bxg1DineadwBRdxHJeWPtBs6K3VZo1OWeXOEworxsmcYsO1rvRpdmKxx2IACgstetB73Ui580n5p9St5P6S72giAq1e1it8X4D8EEC4_U7S_POzILJJ4bMxB2kqHQkOppFGIZYZYViw3o4TYQ4ryXH4U6mWU7ZPVCvZw4MD_n0nT9ebvmB_GrYOopN0X3-00gfUDmq1ZN9sFvJRXav9hSRJryGY0HXj_pgs9EQ6yN-ByTB6G3y5pcxUzxY-iKVUjqsfYkAZxNb7S1fe_uDL5IkoEbL6p0UAix0l4qYBllWf_W6pW81jE_R-knBuIBOQhOwok4g3Mtm0RD9G3_xkJc99-mETfyVxl9PxQc3CmAq6AyBd2wwdsTpWtqoACpcJTaUy3RDIk-ncLlFyJ4NrgTNtHGbUuRRCXQteZV0evO9UdNe3E4NWK7i02zgxhXoHAk9hWVrhjPct8mbYxtcNK2F1LEZlNRm53ZO2xIj_5fpfS7EpAwlpU9jpebStefLCkaPTFvf1IDB3QDPUDEBCzljj6J0An4ZhUrYTXEKHwh7Zh7RZDIO32GERZaBKYL__7dIPqM9WI8OH4X8VSOK7-VdgIoCIF3IcQ90Qs1a_WY1F6lp6xX4RnlJZ2_0-Rl4YPjfOizT006_QukLzC1GylhQWWpAw9rDXbVMHQ3JHl4ILWYpeG4hIGxVwq1btd1jsmhixpv4z-UWkGjNIi0BSY9hOi9XS5ZqlS1VMZsUFK6BjJIkStWEQrrx0Gf3c8dbt5I9u6MIxaqHGH_ou1DmIEI_cqynpT_jvDPmCZ9RQOgurC6Jtm1mQBxTGvRRDe--PQGS_BHs1riDbAQRXXEJ89gg_D-w4-5cTSn-U8jUuH4NZP2vRy1x2ifD2OTQS0tthhr3UzgQd9YIdEMKu0jWEKIizmsKpRJAajPXtmOo0Hhzxu1VBvcY5ZgBVyBdasiQUN9JjZhXhOvTkODAEWjdtIWxZXVKwYIOemBNS52AhebH-D9t05peTotiS3J5wUx7UqcB5rWVfsXATUIy90T3noy4j6O9cTDvypSs9Vy5Bya0wDL4bDcCUZW_Wu4Q4C8f7NhTCk7BJTamlkhzktUcjo3u3TFxfj42MI7brz09zFcRSYHnZWFsJ4L7vbJWZfJ-xC-m318kiGTkw3TakZ3EMwcVrWqiY9JiWNEvfKhBjmaht0Gs060RjsEMxVdbKErGGWoQPmVeKgjRqV4bf7pxNWonrMsSjtrBjuICiYhbZdcrTuAFs67wylq5BL-UR2QpQf6Oy7335Z2rO8uC6bqITcgKCCGGU-EdlXCrRt6qWVlCe1pCmqUB71mje-AJWfN9ZmXQNH3JeTBCY-PpZzTU6kKdofWf768mkdZ8RxRpAxj17ArEDncQQWPg0gEeNrbDh4EiUSYt3V6x_42RmuGDQBP8LAf8cNisINdxJ_cduee_RPiO1ikZ_H-hoMuwkww39um6aIfU27yCEuSBD-fSFQORv986Z4xYo-VmS3O2XDnpZwdlJ0rNiK8lukJ0R_agZqoYaFc7HrRLMbOgHkinsqOVNiznwWWv5GgnKyt4UNqH8WLMFSaNxaAc_EJy3z98KIvUcw76qbBX0HV8386v0n2Kg_Q6nl8aXpgJLYh3d5dEr3t-K2qQS8O-_Smby7NLPoQ7x29HwMLCzHRp7TmMPz87JcUzOfRiAs_Qm7hJ0QeAzRTwGiYbZMpxFU6zwfqcFhk-E2bn_1zhPFZ7Xri1ze_rjdjp6fdSRRg6n4PwNq8B9Lw4Z6Msi194JT2U15bkucUB5D8OASew1fOG9k31Iw8F1M32oPkYxV4DiduPsXuZ4UlgV8nf49QyCtClnaWcKa-Wp9BgL-Uy0_5oVGoIQ0jqjyC0aeHpnhp2t2UWF3kC2kjqxAh9vr8zkOX3zSDmXoqNodrk2NVlO62wayWlRnYr3gfE5kSofKsb-gyJ2AKhxtrVm2xAjkBgpT-2YquoqwuDvj7_DfHGg4ph-2oncL7KIbYp90AnZmGZU6hwqYpfOyTA31UQ8Ha-LbhTzU7_Kgb3zCyIL6ETrHSPpwqCwyKfS4-nxChMuVAPWsrKIfuFJlYQs6Ag1vVG2aAyoRjHS-N6ka0axZGNJm1wtCw-Emk_hCkJKDbNV7LamEsRlBnkhFZ5WplGrdAexpfoGe1hCb9cLMiTF3VF5UcwgrCiXRHkGfuQaiDHpLYCfz9BxQIAzhM5LpJvKkkaUo6BrHOJYPJ6rsRcKQqmkfigrVIZNkNF3Qks441GdDGP7nUwYoBCtnqYKZPt6aDzkpAaW2SfsVdggzMz8Bi6SxgFRhXFXLCLZ9C-5yxdH3lNqRTdKX67iLfucbjc6oqNyctnOjCMex8GYEvszWMc8DnGdlzosPMlSFZt_axqpJSqml9dbMhFazIWPpCusoax0RfMIHt92ct2uzo1f4cZRuU5ZUXdfVx6WxIVtVE0S_om-hkkcS6rq1o58FKs_GqoyW72OO9Mm4UPg6qfnVZiBI6AiZD5T7ubriCjBhplUGMkiSyLJSZJa2PWKKWYUhHZoXprBYbHNebMJqiLj5C3DU3UqsxfIs_8ZpWB3Da3oa3ypajCse2Mis1VJVvtBe6acYJCPEWoiRbHSpfBj4Mt_6tuchXwLs3p7s-fuwMXdeTdqZjtENkn8bmT6pCy-v_SYQ7FQP8dkLbFczA6g4-_eUy-EKvlp0FSM72a8_uR0__MkykVeBQKDtVO4n6KWqy91EjjeTg_Q9bPfjAUudYbO02xEzyaOB-RTo1aPFelvEuFMfmdD5Tvo3_TihIt8y1S8dZ94R8LRUah_TaYPXPBxn8KFe9YFNsWH_J53GagJKpJpD
Source: global traffic	HTTP traffic detected: GET /ls/click?upn=u001.WslTG9wNI9ZTr6hKRVV4HPL04rhPXNVA1qLeJRxlii5SsjSbNqhqy2WBF-2FXfAgx8QNdllbadoE4fVWjuZ-2B5UQ3G-2FlBvMbs5CBdX3YeYWOK-2F6q3iBRBBf6qXJxTT5lbFLe3Z4RjDqO-2BB57yfMFmy9YkiMdUd8WgrfAKeLTaXE21KhJJAshw67B0pZXnPJRm-2B8sgY0FPSPpFZpf-2BVxZJkRMTtx5UnOIWpHD-2BYDpIwbxry5M5LqYoQsmtSj9V9OHjLgxp2vW9Joe7JwCr4lezO6ar-2FkWn2L59g5abavealh7vSXHePJ4FFKKtEgz3SI6kNBkMzOmxrXVnRT0TMpsE1N9nU6yBUwjXsIs3IN5smI4J50m7iMblfiC57CPCP3qVYcpIr7AjW-2F9DozTZjyE9gqSg-3D-3DP9Kw_-2F6Nc-2Br04KTzJB7Zv6oU-2FxaH4pgk-2FOwAvvyHvoZunJLB98VVOJ7B9y1YRsavABbjaQ45TkFOzf4hWBNjl2HWyE4LUZXMNjHsifR-2BcDacpEWzBesgqKBmzfjorjKYZA-2FWPKjemOluG0buUOehztc5-2FP9UluQ0wqdkSUURDJgE9SbEJ-2BiFL8sNHMAbupoJprnU4ZPYDaADU0s1LnwlFYBmQJNk8k0q1AApLpokpmvmiTBE-3D HTTP/1.1Host: url3687.joseeustasiorivera.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: unknown

DNS traffic detected: queries for: url.za.m.mimecastprotect.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Foundx-content-type-options: nosniffx-xss-protection: 1; mode=blockx-frame-options: SAMEORIGINReferrer-Policy: no-referrerX-Robots-Tag: noindex, nofollowStrict-Transport-Security: max-age=31536000; includeSubDomains; preloadContent-Type: text/html; charset=utf-8Content-Length: 180ETag: W/"b4-Rx6/Sa3RjWBf0k8YjdRg8WXd70U"Vary: Accept-EncodingDate: Wed, 24 Apr 2024 08:17:28 GMTConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 08:17:51 GMTServer: nginx/1.21.6Content-Type: text/html; charset=iso-8859-1Content-Length: 315host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 08:18:01 GMTServer: nginx/1.21.6Content-Type: text/html; charset=iso-8859-1Content-Length: 315host-header: c2hhcmVkLmJsdWVob3N0LmNvbQ==

Source: chromecache_81.2.dr	String found in binary or memory: http://www.mimecast.com/
Source: chromecache_81.2.dr	String found in binary or memory: https://community.mimecast.com/docs/DOC-241

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49714 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.206.6.29:443 -> 192.168.2.5:49715 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.win@20/62@26/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1984,i,12593039912173914650,15885612422497244575,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2128 --field-trial-handle=1984,i,12593039912173914650,15885612422497244575,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1430867
Product:	CloudBasic
Start time:	10:16:03
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.za.m.mimecastprotect.com/s/oln8C66VVXhXmkXOs6FLej?domain=url3687.joseeustasiorivera.com