Windows Analysis Report
https://nitftts.com/

Overview

General Information

Sample URL:	https://nitftts.com/
Analysis ID:	1431010
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	84
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected Html Dropper

Yara detected HtmlPhish10

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Phishing site or detected (based on various text indicators)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://nitftts.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://nitftts.com/captcha/logo.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/js/50a7606a8c86a1db2bb01d897809a42f6628ea102bdae	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/captcha/style.css	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/ASSETS/img/sig-op.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/CAPQU1Xc1dVRXRSSzFVNjFi	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/boot/50a7606a8c86a1db2bb01d897809a42f6628ea102bdad	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/jq/50a7606a8c86a1db2bb01d897809a42f6628ea102bdaa	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/ASSETS/img/m_.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/cdn-cgi/challenge-platform/h/b/rc/8795adcf5e2909ef	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/APP-50a7606a8c86a1db2bb01d897809a42f6628ea128933f/50a7606a8c86a1db2bb01d897809a42f6628ea1289341	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/1	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368	Avira URL Cloud: Label: phishing

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72	Matcher: Template: microsoft matched
Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72#	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.2

OCR Text: Verifying... CLOUDFLARE Microsoft

HTML body contains low number of good links

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal

HTML title does not match URL

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Title: 1fb6467e996b565a0124b1b9877f24bb6628ea0fabd51 does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal	HTTP Parser: No favicon
Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72	HTTP Parser: No favicon

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: No <meta name="author".. found

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8795adcf5e2909ef HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8795adcf5e2909ef/1713957366113/84f88a0c89df63f7cdf084e844a1fd21c6dd4d0dcab5ab55090a93a557e868a2/XHZ0rMU7K6gyIab HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8795adcf5e2909ef/1713957366115/vXPllqWhCijzGzO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8795adcf5e2909ef/1713957366115/vXPllqWhCijzGzO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/8795adcf5e2909ef HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nitftts.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /CAPQU1Xc1dVRXRSSzFVNjFi HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72 HTTP/1.1Host: nitftts.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /jq/50a7606a8c86a1db2bb01d897809a42f6628ea102bdaa HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /boot/50a7606a8c86a1db2bb01d897809a42f6628ea102bdad HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /js/50a7606a8c86a1db2bb01d897809a42f6628ea102bdae HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /APP-50a7606a8c86a1db2bb01d897809a42f6628ea128933f/50a7606a8c86a1db2bb01d897809a42f6628ea1289341 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ

Source: unknown

DNS traffic detected: queries for: nitftts.com

Source: unknown

HTTP traffic detected: POST /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveContent-Length: 2556sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Content-type: application/x-www-form-urlencodedsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36CF-Challenge: 5d2bd94c96bf356sec-ch-ua-platform: "Windows"Accept: */*Origin: https://challenges.cloudflare.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 24 Apr 2024 11:16:34 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p6md0ypBTEz3xEG35oTBCrBGE8c8%2FOVohO4V8RW0daZsxWhXtjzVisUHrn4okMyOF9ayoQu7aSNaw3Fr0j0acJtCv11ldZ6eTNSFESxCZjoQI0jlQJyY4dQkDieaIw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8795ae928c0b2f7b-LAXalt-svc: h3=":443"; ma=86400

Source: chromecache_55.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_55.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_55.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.troj.win@18/41@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2244,i,13643226679431463270,17493560958199353772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nitftts.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2244,i,13643226679431463270,17493560958199353772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.21.8.118	unknown	United States	13335	CLOUDFLARENETUS	false
104.17.3.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.130.113	nitftts.com	United States	13335	CLOUDFLARENETUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.141.104	www.google.com	United States	15169	GOOGLEUS	false
104.17.2.184	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
code.jquery.com	151.101.194.137	true
nitftts.com	172.67.130.113	true
challenges.cloudflare.com	104.17.3.184	true
www.google.com	142.250.141.104	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://nitftts.com/captcha/logo.svg	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/js/50a7606a8c86a1db2bb01d897809a42f6628ea102bdae	false	Avira URL Cloud: phishing	unknown
https://code.jquery.com/jquery-3.6.0.min.js	false		high
https://a.nel.cloudflare.com/report/v4?s=ipSIby7098fLCsp%2Bf%2Fsy9Qd9vCf%2BJdeRQIobrjoSpsK3T2u7YXuM0fi1mJ2ysEYRzoxCqxemxfpZqAvv64XUBB7l9kdi0ijO92%2FNICRUJk0R0WV%2FNdYTV2IYRV8tuQ%3D%3D	false		high
https://nitftts.com/ASSETS/img/sig-op.svg	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/captcha/style.css	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/CAPQU1Xc1dVRXRSSzFVNjFi	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72#	true		unknown
https://nitftts.com/jq/50a7606a8c86a1db2bb01d897809a42f6628ea102bdaa	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/boot/50a7606a8c86a1db2bb01d897809a42f6628ea102bdad	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72	true		unknown
https://nitftts.com/ASSETS/img/m_.svg	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/cdn-cgi/challenge-platform/h/b/rc/8795adcf5e2909ef	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8795adcf5e2909ef	false		high
https://nitftts.com/x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/APP-50a7606a8c86a1db2bb01d897809a42f6628ea128933f/50a7606a8c86a1db2bb01d897809a42f6628ea1289341	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368	false	Avira URL Cloud: phishing	unknown
https://nitftts.com/1	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8795adcf5e2909ef/1713957366113/84f88a0c89df63f7cdf084e844a1fd21c6dd4d0dcab5ab55090a93a557e868a2/XHZ0rMU7K6gyIab	false		high
https://nitftts.com/	true		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 50	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 51	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 52	ASCII text, with very long lines (65536), with no line terminators	8E6B0F88563F9C33F78BCE65CF287DF7	EF7765CD2A7D64ED27DD7344702597AFF6F8C397	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
Chrome Cache Entry: 53	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 54	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 55	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 56	PNG image data, 37 x 16, 8-bit/color RGB, non-interlaced	E4914D7B82856AB8079AE7E82A9A77CD	FFCDFCDF6E7C0EDCA579402DA3C714A5C0728F67	C4A37C4CE64B37556AE47027CB2B9DA2E4B72D0FB17D69D2D5695587F249EFFB
Chrome Cache Entry: 57	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 58	ASCII text, with very long lines (42414)	F94A2211CE789A95A7C67E8C660D63E8	F1FC19B6BCB96D0A905BF3192AAFF0885FF9F36F	926DC3302F99EC05E4206E965DDEB7250F5910A8C38E82C7BEAFB724BBAAF37B
Chrome Cache Entry: 59	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 60	ASCII text, with very long lines (7043), with no line terminators	B6C202188699B897BB727A68EDD24665	FF3B891E06C983DCA277C1D7D874C8EB8084EB96	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
Chrome Cache Entry: 61	SVG Scalable Vector Graphics image	7D2B8F25545A2894E2721E9FE528E34C	D0DAE76F4BF5C04ACD5FCDF1BCB12908099E328C	797BDA35D13E5130FE5A14E0069C31B46EC1AF6EA47F2D300309803BB4D2608C
Chrome Cache Entry: 62	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 63	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 64	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 65	HTML document, ASCII text, with very long lines (4020)	D34D7CB736583079FE045D8FF8268D5B	42F59742B91D8ED3FA03A9DCDF0D1E9CDD7BEC62	1FABA0E0D8E6807111F1A7D25E26ECA7193017DE30E5CA120BF59E27F58DEFF3
Chrome Cache Entry: 66	ASCII text, with no line terminators	011B17B116126E6E0C4A9B0DE9145805	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
Chrome Cache Entry: 67	ASCII text, with very long lines (3379)	59087D72EEDCB7650C9D5D6088440DD3	97B607FCE11F640E5764699038E50A76EB98944B	E0E3FB0FE5CA541950CF8DD213FBE9E8957A3DB0010B515AD01ADFF6CA908A3E
Chrome Cache Entry: 68	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 69	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 70	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 71	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 72	PNG image data, 37 x 16, 8-bit/color RGB, non-interlaced	E4914D7B82856AB8079AE7E82A9A77CD	FFCDFCDF6E7C0EDCA579402DA3C714A5C0728F67	C4A37C4CE64B37556AE47027CB2B9DA2E4B72D0FB17D69D2D5695587F249EFFB
Chrome Cache Entry: 73	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://nitftts.com/

Avira URL Cloud: detection malicious, Label: phishing

Antivirus detection for URL or domain

Source: https://nitftts.com/captcha/logo.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/js/50a7606a8c86a1db2bb01d897809a42f6628ea102bdae	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/captcha/style.css	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/ASSETS/img/sig-op.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/CAPQU1Xc1dVRXRSSzFVNjFi	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/boot/50a7606a8c86a1db2bb01d897809a42f6628ea102bdad	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/jq/50a7606a8c86a1db2bb01d897809a42f6628ea102bdaa	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/ASSETS/img/m_.svg	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/cdn-cgi/challenge-platform/h/b/rc/8795adcf5e2909ef	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/APP-50a7606a8c86a1db2bb01d897809a42f6628ea128933f/50a7606a8c86a1db2bb01d897809a42f6628ea1289341	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/1	Avira URL Cloud: Label: phishing
Source: https://nitftts.com/o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368	Avira URL Cloud: Label: phishing

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72	Matcher: Template: microsoft matched
Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72#	Matcher: Template: microsoft matched

Phishing site or detected (based on various text indicators)

Source: Chrome DOM: 0.2

OCR Text: Verifying... CLOUDFLARE Microsoft

HTML body contains low number of good links

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal

HTTP Parser: Base64 decoded: http://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal

HTML title does not match URL

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Title: 1fb6467e996b565a0124b1b9877f24bb6628ea0fabd51 does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal	HTTP Parser: No favicon
Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72	HTTP Parser: No favicon

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: No <meta name="author".. found

Source: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/style.css HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/471dc2adc340/api.js?render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /captcha/logo.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8795adcf5e2909ef HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8795adcf5e2909ef/1713957366113/84f88a0c89df63f7cdf084e844a1fd21c6dd4d0dcab5ab55090a93a557e868a2/XHZ0rMU7K6gyIab HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8795adcf5e2909ef/1713957366115/vXPllqWhCijzGzO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/7if7r/0x4AAAAAAAYGcVauMJH_lBO9/auto/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8795adcf5e2909ef/1713957366115/vXPllqWhCijzGzO HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/177504864:1713953655:1-kQE4z2DtYF_KYErIBhkhFNwz7cGxKXdgqBf6ZSgzY/8795adcf5e2909ef/5d2bd94c96bf356 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/rc/8795adcf5e2909ef HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: nitftts.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /CAPQU1Xc1dVRXRSSzFVNjFi HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72 HTTP/1.1Host: nitftts.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://nitftts.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /jq/50a7606a8c86a1db2bb01d897809a42f6628ea102bdaa HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /boot/50a7606a8c86a1db2bb01d897809a42f6628ea102bdad HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /js/50a7606a8c86a1db2bb01d897809a42f6628ea102bdae HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /APP-50a7606a8c86a1db2bb01d897809a42f6628ea128933f/50a7606a8c86a1db2bb01d897809a42f6628ea1289341 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346 HTTP/1.1Host: nitftts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://nitftts.com/024407056a4bd44a76e3518653fce74f6628ea0fabd71LOG024407056a4bd44a76e3518653fce74f6628ea0fabd72Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /o/50a7606a8c86a1db2bb01d897809a42f6628ea1289368 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /x/50a7606a8c86a1db2bb01d897809a42f6628ea1289346 HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: nitftts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=852e87e393c72239ae4b69b7ecbe84ed; cf_clearance=pZu1j5CX7kqVNduu1jTxpjboZ.QhGfbaeWSy59Q2hFs-1713957389-1.0.1.1-zZiEW8bpupfHvblJAlq4MQ68XzPmWzjxQxirgmZ0TG32Mgn1MKBz.v3PLNssocqNwKz1ZAtp.TXWR2B5xK4aQQ

Source: unknown

DNS traffic detected: queries for: nitftts.com

Source: unknown

Source: global traffic

Source: chromecache_55.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_55.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_55.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.4:49747 version: TLS 1.2

Source: classification engine

Classification label: mal84.phis.troj.win@18/41@16/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2244,i,13643226679431463270,17493560958199353772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://nitftts.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2428 --field-trial-handle=2244,i,13643226679431463270,17493560958199353772,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 3.6.pages.csv, type: HTML
Source: Yara match	File source: 2.5.pages.csv, type: HTML

ID:	1431010
Product:	CloudBasic
Start time:	13:15:07
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://nitftts.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://nitftts.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://nitftts.com/