Windows Analysis Report
https://jll.aravo.com/aems/login.do

Overview

General Information

Sample URL:	https://jll.aravo.com/aems/login.do
Analysis ID:	1431051
Infos:

Detection

Score:	0
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

No high impact signatures.

Classification

Signatures

There are no high impact signatures.

Source: https://jll.aravo.com/aems/login.do

HTTP Parser: <input type="password" .../> found

Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found

Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49778 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246

Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/bootstrap.min.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/unauthenticated.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/fontello/css/fontello.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/fontello/css/animation.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/font-awesome-4.6.3/css/font-awesome.min.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/jquery-3.6.0.min.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/fastclick.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/jqBootstrapValidation.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/images/aravo_logo-2x.png HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/images/aravo_logo-2x.png HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=4 HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=4 HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.0.1713960072.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960080.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960089.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960089.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960100.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960109.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960109.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960120.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960120.0.0.0

Source: chromecache_64.2.dr

String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: jll.aravo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_65.2.dr	String found in binary or memory: http://ReactiveRaven.github.com/jqBootstrapValidation/
Source: chromecache_62.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_62.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_68.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_67.2.dr, chromecache_70.2.dr	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: chromecache_65.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php
Source: chromecache_65.2.dr	String found in binary or memory: http://stackoverflow.com/questions/359788/how-to-execute-a-javascript-function-when-i-have-its-name-
Source: chromecache_65.2.dr	String found in binary or memory: http://tinyurl.com/executeFunctionByName
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_59.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_69.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=922896
Source: chromecache_64.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/ftlabs/fastclick/issues/251
Source: chromecache_68.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_59.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_59.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_64.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_64.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_64.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_59.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_64.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49778 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/28@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2172,i,2557239446117328043,1594672359937540245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jll.aravo.com/aems/login.do"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2172,i,2557239446117328043,1594672359937540245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
67.192.161.8	prod.aravo.com	United States	33070	RMH-14US	false
74.125.137.104	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false

Private

IP
192.168.2.6

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
www.google.com	74.125.137.104	true
prod.aravo.com	67.192.161.8	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
jll.aravo.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://jll.aravo.com/simpletrade/default/css/fontello/css/fontello.css	false	high
https://jll.aravo.com/aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv	false	high
https://jll.aravo.com/simpletrade/default/js/jqBootstrapValidation.js	false	high
https://jll.aravo.com/favicon.ico?v=4	false	high
https://jll.aravo.com/simpletrade/default/js/fastclick.js	false	high
https://jll.aravo.com/aems/login.do	false	high
https://jll.aravo.com/simpletrade/default/css/bootstrap.min.css	false	high
https://jll.aravo.com/simpletrade/default/images/aravo_logo-2x.png	false	high
https://jll.aravo.com/simpletrade/default/css/font-awesome-4.6.3/css/font-awesome.min.css	false	high
https://jll.aravo.com/simpletrade/default/css/unauthenticated.css	false	high
https://jll.aravo.com/simpletrade/default/js/jquery-3.6.0.min.js	false	high
https://jll.aravo.com/aems/findaccount.do	false	high
https://jll.aravo.com/simpletrade/default/css/fontello/css/animation.css	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 59	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 60	Unicode text, UTF-8 text	9371CE155EB0C4DC82DEE9CCA2D16E0E	5DF8D78CB83FE1D6C208D0345070A2102B987BE8	D639C10BDD952EFA34DA5CDA5D4EA5B7DD349E8C86381203BD69FF13027C91E2
Chrome Cache Entry: 61	ASCII text, with very long lines (65447)	8FB8FEE4FCC3CC86FF6C724154C49C42	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
Chrome Cache Entry: 62	ASCII text, with very long lines (28900)	4083F5D376EB849A458CC790B53BA080	FB5B49426DEE7F1508500E698D1B3C6B04C8FCCE	008A1D103902F15FDB1C191FCB1CE8954330E7B8DE43D09ABB08555BA609F420
Chrome Cache Entry: 63	ASCII text, with no line terminators	3489A7B763D8CF6D32A5680104FD67BA	A37577B117056E91D0AB49E55C46D8F91D4B1E72	B7618FD00565D7878192EFC4EC2D4EDED935B8886CE9169D738AF49F22874ED7
Chrome Cache Entry: 64	ASCII text, with very long lines (5945)	118780D21ADFA644EAAF3C9142237E74	A5AECBE9BA67448C22C60C65CE1C877FFD56C8F2	F2368B52F985B38127F8EFE2D7A3A4676EA46376CDBBB1A9E94D0AEA73E2F357
Chrome Cache Entry: 65	ASCII text	857087DDDCCF870A79037A5EC9B7F609	F750F751BA876684281ECD1928C4C0AE03911A66	A558EF234334D648BCE5EAD94E0F80A2786C01108A7616231FC468E09DAA1A97
Chrome Cache Entry: 66	ASCII text	8C3DD52F349FA82B815D5D6A601C18F4	AB0E3377F0953940D96CCEBC0D9E2FDF93EC21EB	21D2FA12918C9A4BF122A721EAA0C25FD82272DB92CFAFC6489E2F22866E1945
Chrome Cache Entry: 67	PNG image data, 229 x 76, 8-bit/color RGBA, non-interlaced	0DC482276B560D04BE88197E6B8FFE48	45499F99F31B9FEFBBDC918082EB605ED9069C7E	AF5E22F76F036BAF7479C9C71E733C3720087D84BE3C28DDD0F334F86D322FE4
Chrome Cache Entry: 68	ASCII text, with very long lines (65371)	3AB3438F85AD9F9E27E1AF1FACF0A9C4	8BEC1BBA3E23ECBA22CFFB197A2D440AF410B15D	D699F303990CE9BD7D7C97E9BD3CAD6A46ECF2532F475CF22AE58213237821B9
Chrome Cache Entry: 69	ASCII text, with very long lines (382)	6E9D3B0DA74F2A4A7042B494CDAA7C2E	06CEF196733A710E77AD7E386CED6963F092DC55	1AA08CB3C7AA70D268D24D59C374C14AF7BD08E0AF8C85F8E4F60A2651F4BAB5
Chrome Cache Entry: 70	PNG image data, 229 x 76, 8-bit/color RGBA, non-interlaced	0DC482276B560D04BE88197E6B8FFE48	45499F99F31B9FEFBBDC918082EB605ED9069C7E	AF5E22F76F036BAF7479C9C71E733C3720087D84BE3C28DDD0F334F86D322FE4
Chrome Cache Entry: 71	ASCII text	5EFB6F925470166045BA28C25131F79A	181BBC89EC978981BF0EF8C7239710AE5B3AD6A1	C5221CFE37E6F0B011346164E7B3378C106807DC0D42FC0887440AB36C09E205
Chrome Cache Entry: 72	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	A0E58F28CB886910D77B08A226F65795	6EE8EF56F85DFF746F03A86E66044B7D562D8220	CA72733C26C5B13D7F4E24051642D4EB9C74BC2D31A184C6571B8B37614A0043
Chrome Cache Entry: 73	MS Windows icon resource - 4 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	A0E58F28CB886910D77B08A226F65795	6EE8EF56F85DFF746F03A86E66044B7D562D8220	CA72733C26C5B13D7F4E24051642D4EB9C74BC2D31A184C6571B8B37614A0043

There are no high impact signatures.

Source: https://jll.aravo.com/aems/login.do

HTTP Parser: <input type="password" .../> found

Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="author".. found

Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found
Source: https://jll.aravo.com/aems/login.do	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49778 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.64
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.1.246

Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/bootstrap.min.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/unauthenticated.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/fontello/css/fontello.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/fontello/css/animation.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/css/font-awesome-4.6.3/css/font-awesome.min.css HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/jquery-3.6.0.min.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/fastclick.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/js/jqBootstrapValidation.js HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/images/aravo_logo-2x.png HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /simpletrade/default/images/aravo_logo-2x.png HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=4 HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jll.aravo.com/aems/login.doAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1
Source: global traffic	HTTP traffic detected: GET /favicon.ico?v=4 HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.0.1713960072.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960080.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960089.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960089.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findaccount.do HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960100.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960109.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _gat=1; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960109.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/findpassword.do?btnCancel=true&cs=yks4Zxuaa-IhSYYKBL7klWVFg6lTUCzDQX3ET0rBrlc.arv HTTP/1.1Host: jll.aravo.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960120.0.0.0
Source: global traffic	HTTP traffic detected: GET /aems/login.do HTTP/1.1Host: jll.aravo.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=6B59B293AE567F53E1A15B8AEBF0CBB5; XSRF-TOKEN=85c0a062f830ff9957076d69c7d97d5303072278abbd7245a64a581bfd624d53; b1pi=!GgImqbfHFWvnxL91OXIWsuaD7FD62Rb6Py95TdRcdY2xssBT58KCQK2UTUnTxbcEjVCds3ZslW+aFg==; _ga=GA1.2.1281521345.1713960070; _gid=GA1.2.1687171908.1713960070; _ga_NG3F9CG84V=GS1.2.1713960072.1.1.1713960120.0.0.0

Source: chromecache_64.2.dr

Source: global traffic	DNS traffic detected: DNS query: jll.aravo.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com

Source: chromecache_65.2.dr	String found in binary or memory: http://ReactiveRaven.github.com/jqBootstrapValidation/
Source: chromecache_62.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_62.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_68.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_67.2.dr, chromecache_70.2.dr	String found in binary or memory: http://iptc.org/std/Iptc4xmpCore/1.0/xmlns/
Source: chromecache_65.2.dr	String found in binary or memory: http://opensource.org/licenses/mit-license.php
Source: chromecache_65.2.dr	String found in binary or memory: http://stackoverflow.com/questions/359788/how-to-execute-a-javascript-function-when-i-have-its-name-
Source: chromecache_65.2.dr	String found in binary or memory: http://tinyurl.com/executeFunctionByName
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_59.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_69.2.dr	String found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=922896
Source: chromecache_64.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_69.2.dr	String found in binary or memory: https://github.com/ftlabs/fastclick/issues/251
Source: chromecache_68.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_59.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_59.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_64.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_64.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_59.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_64.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_59.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_64.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49727 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49731 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.61.210.98:443 -> 192.168.2.6:49733 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49740 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 173.222.162.64:443 -> 192.168.2.6:49706 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49753 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49763 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.7.1.246:443 -> 192.168.2.6:49778 version: TLS 1.2

Source: classification engine

Classification label: clean0.win@22/28@6/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2172,i,2557239446117328043,1594672359937540245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://jll.aravo.com/aems/login.do"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2248 --field-trial-handle=2172,i,2557239446117328043,1594672359937540245,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1431051
Product:	CloudBasic
Start time:	14:00:12
Start date:	24.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://jll.aravo.com/aems/login.do

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://jll.aravo.com/aems/login.do

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://jll.aravo.com/aems/login.do