Windows Analysis Report
https://clc.li/bsLRU

Overview

General Information

Sample URL:	https://clc.li/bsLRU
Analysis ID:	1431813
Infos:

Detection

HTMLPhisher

Score:	80
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Yara detected HtmlPhish10

Yara detected Phisher

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://clc.li/bsLRU

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://unisonroad.com

Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: https://tensewire.net/	Virustotal: Detection: 5%			Perma Link
Source: https://unisonroad.com	Virustotal: Detection: 9%			Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: dropped/chromecache_88, type: DROPPED

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_70, type: DROPPED

Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bsLRU HTTP/1.1Host: clc.liConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0/0/0/d44549cb847e1e460ab518fbf82bb4e2/akdim HTTP/1.1Host: marginmasks.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?s1=350359&s2=1174009843&s3=7090&s4=1&s10=4550 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://marginmasks.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343?_ax=w HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/fontawesome_pro/css/all.min.css HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/css/dublin/dist/common-hybrid.css?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /inc/msg.v3.js?662a9f54742ee HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343?_ax=w HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/product/697/images/messmaster.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/company/55/images/kohls-logo-purple.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/flags/flag-us.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/fontawesome_pro/webfonts/fa-solid-900.woff2 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://tensewire.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://tensewire.net/assets/vendors/fontawesome_pro/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/jquery-3.4.1.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/functions.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/gbvar.js?v=60 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/intl_functions.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/product/697/images/messmaster.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/company/55/images/kohls-logo-purple.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/flags/flag-us.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/dublin/dist/common-hybrid.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /scripts/push/v9e118mez8 HTTP/1.1Host: trk-adulvion.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/ci21.jpg HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci1.jpg HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: tensewire.netConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci1.jpg HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci21.jpg HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343 HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET //scripts/pg/v9e118mez8 HTTP/1.1Host: trk-amropode.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //scripts/sw/v9e118mez8 HTTP/1.1Host: trk-amropode.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /register/event_log/v9e118mez8 HTTP/1.1Host: event.trk-adulvion.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_64.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_64.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")\|\|LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_90.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clc.li
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: marginmasks.com
Source: global traffic	DNS traffic detected: DNS query: tensewire.net
Source: global traffic	DNS traffic detected: DNS query: trk-adulvion.com
Source: global traffic	DNS traffic detected: DNS query: trk-amropode.com
Source: global traffic	DNS traffic detected: DNS query: event.trk-adulvion.com

Source: unknown

HTTP traffic detected: POST / HTTP/1.1Host: tensewire.netConnection: keep-aliveContent-Length: 41sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://tensewire.netSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef

Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_94.2.dr, chromecache_66.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_94.2.dr, chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_94.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_70.2.dr	String found in binary or memory: https://tensewire.net/?s1=350359&s2=1174009843&s3=7090&s4=1&s10=4550
Source: chromecache_80.2.dr	String found in binary or memory: https://trk-adulvion.com/scripts/push/v9e118mez8
Source: chromecache_79.2.dr	String found in binary or memory: https://trk-amropode.com//scripts/pg/v9e118mez8
Source: chromecache_79.2.dr	String found in binary or memory: https://trk-amropode.com//scripts/sw/v9e118mez8
Source: chromecache_77.2.dr	String found in binary or memory: https://unisonroad.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_64.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@18/56@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2216,i,6873913864203263267,792881258309955960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clc.li/bsLRU"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2216,i,6873913864203263267,792881258309955960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
31.24.251.250	marginmasks.com	France	29608	WAN2MANY-ASFR	false
172.67.128.112	clc.li	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.21.47.80	tensewire.net	United States	13335	CLOUDFLARENETUS	false
142.250.9.99	www.google.com	United States	15169	GOOGLEUS	false
104.21.80.104	trk-adulvion.com	United States	13335	CLOUDFLARENETUS	false
104.21.22.140	trk-amropode.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
tensewire.net	104.21.47.80	true
trk-amropode.com	104.21.22.140	true
www.google.com	142.250.9.99	true
trk-adulvion.com	104.21.80.104	true
event.trk-adulvion.com	104.21.80.104	true
marginmasks.com	31.24.251.250	true
clc.li	172.67.128.112	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343?_ax=w	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/images/flags/flag-us.png	false	Avira URL Cloud: safe	unknown
https://event.trk-adulvion.com/register/event_log/v9e118mez8	false	URL Reputation: safe	unknown
https://tensewire.net/assets/js/gbvar.js?v=60	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/js/functions.js?v=454576b4f6c63244067eabf05b8f71b6	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/images/ci1.jpg	false	Avira URL Cloud: safe	unknown
https://trk-amropode.com//scripts/pg/v9e118mez8	false	URL Reputation: safe	unknown
https://tensewire.net/service-worker.js	false	Avira URL Cloud: safe	unknown
https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	false		unknown
https://clc.li/bsLRU	true		unknown
https://tensewire.net/assets/js/dublin/dist/common-hybrid.js?v=454576b4f6c63244067eabf05b8f71b6	false	Avira URL Cloud: safe	unknown
https://tensewire.net/?s1=350359&s2=1174009843&s3=7090&s4=1&s10=4550	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/vendors/jquery-3.4.1.min.js	false	Avira URL Cloud: safe	unknown
https://marginmasks.com/0/0/0/d44549cb847e1e460ab518fbf82bb4e2/akdim	false	3%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://tensewire.net/assets/js/intl_functions.js?v=454576b4f6c63244067eabf05b8f71b6	false	Avira URL Cloud: safe	unknown
https://tensewire.net/	false	5%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://tensewire.net/assets/images/ci21.jpg	false	Avira URL Cloud: safe	unknown
https://tensewire.net/inc/msg.v3.js?662a9f54742ee	false	Avira URL Cloud: safe	unknown
https://tensewire.net/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css	false	Avira URL Cloud: safe	unknown
https://tensewire.net/uploads/archive/product/697/images/messmaster.png	false	Avira URL Cloud: safe	unknown
https://tensewire.net/favicon.ico	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/css/dublin/dist/common-hybrid.css?v=454576b4f6c63244067eabf05b8f71b6	false	Avira URL Cloud: safe	unknown
https://tensewire.net/assets/vendors/fontawesome_pro/css/all.min.css	false	Avira URL Cloud: safe	unknown
https://tensewire.net/uploads/archive/company/55/images/kohls-logo-purple.png	false	Avira URL Cloud: safe	unknown
https://trk-amropode.com//scripts/sw/v9e118mez8	false	URL Reputation: safe	unknown
https://trk-adulvion.com/scripts/push/v9e118mez8	false	URL Reputation: safe	unknown
https://tensewire.net/assets/vendors/fontawesome_pro/webfonts/fa-solid-900.woff2	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 64	ASCII text, with very long lines (3034)	2208FB395C259BAEDBBF3F5014A45D67	6A455660C4D2AFBFD2CC39AD1CA2AEDFD79E4480	F45B565D89689C0F97460174658164C9B35AC9CE0E72C4165B1CD01C083CFF71
Chrome Cache Entry: 65	PNG image data, 400 x 373, 8-bit/color RGBA, non-interlaced	B532C629482B1E0DA3C6745865E819AE	847B0088D6D3C327CC569EB3D31E8EDFCA393E77	DE68FD82DCF271E7CC020002EDDC83B6372B54E2D2806F7159994072409789B1
Chrome Cache Entry: 66	ASCII text, with very long lines (65326)	023B3876BB73AA541367FC40A193D2B7	8ED2D6350D23F857D92805737D0F97C675DE666B	F77C0D1739B618EDC4A01CA3F6B2990B01A3009030AF49EE8CF68E83052DF194
Chrome Cache Entry: 67	ASCII text, with very long lines (52784)	A8FC5D253FE103D62359CF6A0E48C37D	DEDDAC3D35D991C666D5C696EE07A0033C0B01A9	378E3D27861E7F79D6F20368F92C4D875F80F0D4A3FAA69A24F088B3BB8F8994
Chrome Cache Entry: 68	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3	4D036644BEBAF0AFBA1EC39FE3C51E72	FB4867B0324DB747CF571A04B55069EC1F9F5D6F	5157378A4441BC07C005F21B99D77D0C6406D86A2A55EECA84304941F8645182
Chrome Cache Entry: 69	Unicode text, UTF-8 text, with very long lines (63162), with no line terminators	EE2940EACD6B7DA4BD5D186CA2052CAA	1969356AE5E04D9BE2A14DCD845B36DA83C4354D	BA166F4F23A50ED951D93710144182516832AB03C0F918436A1D084A83F69BFE
Chrome Cache Entry: 70	HTML document, ASCII text, with no line terminators	BC02CD1CAF7ABA5B3229CD391B601B35	244C587331698E666D49D072DC27D86E36C0824A	8E208D003D6FAEE985FB27603E62889F1FA99137DDD7EC97E6F4227A0DB04FCB
Chrome Cache Entry: 71	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3	4D036644BEBAF0AFBA1EC39FE3C51E72	FB4867B0324DB747CF571A04B55069EC1F9F5D6F	5157378A4441BC07C005F21B99D77D0C6406D86A2A55EECA84304941F8645182
Chrome Cache Entry: 72	Web Open Font Format (Version 2), TrueType, length 327824, version 772.1280	E0F1F10202002BF91422FD3768C2D744	EC47D73D219D2ADB2971F85450FD1824D38A2DB3	BDB9CA4674E16A180AD38BA1B55EA1224A38677E604F5C5E560B85194970B85A
Chrome Cache Entry: 73	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced	091B619442EA29606ED35C4C5E8E607F	280E7541AD56AAFA899A004B41FD69731565CE89	0E34D082CCDC00408C7C4DDDA543F1247F981EBC756C8458E2B6321D8A4D42A9
Chrome Cache Entry: 74	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3	0CEF7DE4AD132A1171112B50837071C1	AFF4ED042AA90335E87075F7477D856F4097DF9E	6B3771113EA2C584837A3B4036F7F8F810C11E8B02F78E98EED712C82618077A
Chrome Cache Entry: 75	PNG image data, 500 x 83, 8-bit/color RGBA, non-interlaced	F1CE9018B0B0E131BD2ED0E5B68CFE41	B69DB2E912C438FB0595A245A1C043567A9720F1	6397F628A28671D7CFF67CC61337AE3592E014D873A3BB1E916DBED7AE23E48E
Chrome Cache Entry: 76	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	9E3E8B6D89D426AD950F5144D15921E6	6CEFE5C7CA4A97D2118FB849F37F4FFA4F9F0EE0	703063F5CFEBF76BD6190DD87052D6664D3A0FCF474D837D89F6B7FAE7A8F3B5
Chrome Cache Entry: 77	ASCII text, with no line terminators	6C03F9677F6D355F944DA7BA9F9DE637	87CA44DE54C62EA37F32B3265FED3C4E06DDAFD2	9FA2BBB4C27F55E1D9EF824FDFCB1459B34974B50426301FAC1B5F8D8F8790B1
Chrome Cache Entry: 78	HTML document, ASCII text, with very long lines (1238)	9E8F56E8E1806253BA01A95CFC3D392C	A8AF90D7482E1E99D03DE6BF88FED2315C5DD728	2595496FE48DF6FCF9B1BC57C29A744C121EB4DD11566466BC13D2E52E6BBCC8
Chrome Cache Entry: 79	ASCII text	DADDB8DD93581B2A7AAEFBE288201329	21126B6FF6264E35B26E999BF6919D2FFD737138	4E911E16BD2595C34E3BA5BE105178E317B17B4A716BD8BAD3595B0D496E3545
Chrome Cache Entry: 80	ASCII text	FED66FB89ACBA82DD74138EBD750C23B	1266EAE7ABAFB19A2714D9FB00D05CC263ADD748	72B629CD526729BD25E6091B21E3E3ED6E16E17FB549A700F029F0C5693B0F4F
Chrome Cache Entry: 81	PNG image data, 400 x 373, 8-bit/color RGBA, non-interlaced	B532C629482B1E0DA3C6745865E819AE	847B0088D6D3C327CC569EB3D31E8EDFCA393E77	DE68FD82DCF271E7CC020002EDDC83B6372B54E2D2806F7159994072409789B1
Chrome Cache Entry: 82	PNG image data, 50 x 50, 8-bit/color RGBA, non-interlaced	091B619442EA29606ED35C4C5E8E607F	280E7541AD56AAFA899A004B41FD69731565CE89	0E34D082CCDC00408C7C4DDDA543F1247F981EBC756C8458E2B6321D8A4D42A9
Chrome Cache Entry: 83	ASCII text	C6CFEE7C77F3BE97471B0085C419DB20	4721A5B719C68098856A28CA1307F68581588853	5A2E118A815E6DE6042A2E004718938E3068FFDF3FCA85010A37FCAAA72D49AE
Chrome Cache Entry: 84	PNG image data, 500 x 83, 8-bit/color RGBA, non-interlaced	F1CE9018B0B0E131BD2ED0E5B68CFE41	B69DB2E912C438FB0595A245A1C043567A9720F1	6397F628A28671D7CFF67CC61337AE3592E014D873A3BB1E916DBED7AE23E48E
Chrome Cache Entry: 85	ASCII text, with very long lines (8016)	703C1F556759CE071B6B39F9998CDF8D	0DBEBD991CBC9BC53151FE296A461E31F2D6E389	6DE3851925DDD0DCD2C115F28A49C3F33408457E94BE117ED29E3FA397B008E2
Chrome Cache Entry: 86	ASCII text	902FFAF82918FE85CD11E44A6F153F9E	05E19338A1E4795106E8C2188EEC970BA2A72ECB	F6A4ABFC08F9D1C5A888415F75AAD862E519A2283D43E2677F0090ED475870CD
Chrome Cache Entry: 87	MS Windows icon resource - 3 icons, 16x16, 32 bits/pixel, 32x32, 32 bits/pixel	9E3E8B6D89D426AD950F5144D15921E6	6CEFE5C7CA4A97D2118FB849F37F4FFA4F9F0EE0	703063F5CFEBF76BD6190DD87052D6664D3A0FCF474D837D89F6B7FAE7A8F3B5
Chrome Cache Entry: 88	ASCII text, with very long lines (65536), with no line terminators	924045A9895CDF90565159EBEAE3A4A2	0166C85277FAC72CD507FF53ADF45BD71F650816	E4075ECE2D9B064C092F3DD28FF67615E3188B03D580BF8AD72B2DB1098D95E1
Chrome Cache Entry: 89	ASCII text, with very long lines (7321)	D7389F6C79E28FAF16D96B0D2346E056	1523089C9B42EB35F91354DC02D3F7A9488EF583	23B333974694CD7A3512EBC085F87C3C7FD29D7F80361657036275D26D292C76
Chrome Cache Entry: 90	ASCII text, with very long lines (2212)	644AB05952B9EA3B9D1E91791EAB369E	72FAC07A4E2D95683CD3D81DFE06264A7482B63F	936F1866D8844721E4576DD0FC58E58EA481F0B0A69A32D9E583201B6A5075FA
Chrome Cache Entry: 91	ASCII text, with very long lines (65451)	F832E36068AB203A3F89B1795480D0D7	2115753CA5FB7032AEC498DB7BB5DCA624DBE6BE	4C24DFD28784AD2BEFB3DAFAAC6BF1ED4E7CD58CCE713D9A0B228D426E812BAF
Chrome Cache Entry: 92	ASCII text, with very long lines (11692)	1C0B7E8036B9B3C37FD6F52A71D30192	6188D0796F99BB2D87CEBCC6B219890EC6B42763	560FA7174BA624B91BCBC9865C38D59544FA09BFD2CAC1DE279224222AFCF283
Chrome Cache Entry: 93	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=0], baseline, precision 8, 50x50, components 3	0CEF7DE4AD132A1171112B50837071C1	AFF4ED042AA90335E87075F7477D856F4097DF9E	6B3771113EA2C584837A3B4036F7F8F810C11E8B02F78E98EED712C82618077A
Chrome Cache Entry: 94	ASCII text, with very long lines (62961)	F20FA8B102F205141295CDEFD6FFE449	0C4E8445F6F0C9611DC1C13DC6F085EB4BCACA0B	D8968086F7509DF34C3278563DAB87399DA4F9DCDFB419818E3A309EEDC70B88

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://clc.li/bsLRU

SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://unisonroad.com

Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: https://tensewire.net/	Virustotal: Detection: 5%			Perma Link
Source: https://unisonroad.com	Virustotal: Detection: 9%			Perma Link

Phishing

Yara detected HtmlPhish10

Source: Yara match

File source: dropped/chromecache_88, type: DROPPED

Yara detected Phisher

Source: Yara match

File source: dropped/chromecache_70, type: DROPPED

Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon
Source: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343	HTTP Parser: No favicon

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	TCP traffic detected without corresponding DNS query: 184.24.36.112
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /bsLRU HTTP/1.1Host: clc.liConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0/0/0/d44549cb847e1e460ab518fbf82bb4e2/akdim HTTP/1.1Host: marginmasks.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?s1=350359&s2=1174009843&s3=7090&s4=1&s10=4550 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://marginmasks.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343?_ax=w HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /assets/vendors/bootstrap-4.5.3/css/bootstrap.min.css HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/fontawesome_pro/css/all.min.css HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/css/dublin/dist/common-hybrid.css?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /inc/msg.v3.js?662a9f54742ee HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343?_ax=w HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/product/697/images/messmaster.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/company/55/images/kohls-logo-purple.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/flags/flag-us.png HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/fontawesome_pro/webfonts/fa-solid-900.woff2 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://tensewire.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://tensewire.net/assets/vendors/fontawesome_pro/css/all.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/jquery-3.4.1.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/vendors/bootstrap-4.5.3/js/bootstrap.min.js HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/functions.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/gbvar.js?v=60 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/intl_functions.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/product/697/images/messmaster.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /uploads/archive/company/55/images/kohls-logo-purple.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/flags/flag-us.png HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/js/dublin/dist/common-hybrid.js?v=454576b4f6c63244067eabf05b8f71b6 HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /scripts/push/v9e118mez8 HTTP/1.1Host: trk-adulvion.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/images/ci21.jpg HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci1.jpg HTTP/1.1Host: tensewire.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: tensewire.netConnection: keep-aliveCache-Control: max-age=0Accept: /Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://tensewire.net/3a36ef2959e87b2ca27c8f04b726a343User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci1.jpg HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /assets/images/ci21.jpg HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET /3a36ef2959e87b2ca27c8f04b726a343 HTTP/1.1Host: tensewire.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=ee22049cb2431a7edf3dbdfcc8e5d0ef
Source: global traffic	HTTP traffic detected: GET //scripts/pg/v9e118mez8 HTTP/1.1Host: trk-amropode.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET //scripts/sw/v9e118mez8 HTTP/1.1Host: trk-amropode.comConnection: keep-aliveCache-Control: max-age=0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tensewire.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /register/event_log/v9e118mez8 HTTP/1.1Host: event.trk-adulvion.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_64.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_64.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")\|\|LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_90.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: clc.li
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: marginmasks.com
Source: global traffic	DNS traffic detected: DNS query: tensewire.net
Source: global traffic	DNS traffic detected: DNS query: trk-adulvion.com
Source: global traffic	DNS traffic detected: DNS query: trk-amropode.com
Source: global traffic	DNS traffic detected: DNS query: event.trk-adulvion.com

Source: unknown

Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_64.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_94.2.dr, chromecache_66.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_94.2.dr, chromecache_66.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_94.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_64.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_70.2.dr	String found in binary or memory: https://tensewire.net/?s1=350359&s2=1174009843&s3=7090&s4=1&s10=4550
Source: chromecache_80.2.dr	String found in binary or memory: https://trk-adulvion.com/scripts/push/v9e118mez8
Source: chromecache_79.2.dr	String found in binary or memory: https://trk-amropode.com//scripts/pg/v9e118mez8
Source: chromecache_79.2.dr	String found in binary or memory: https://trk-amropode.com//scripts/sw/v9e118mez8
Source: chromecache_77.2.dr	String found in binary or memory: https://unisonroad.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_90.2.dr, chromecache_64.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_64.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_64.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.24.36.112:443 -> 192.168.2.4:49745 version: TLS 1.2

Source: classification engine

Classification label: mal80.phis.win@18/56@18/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2216,i,6873913864203263267,792881258309955960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://clc.li/bsLRU"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2288 --field-trial-handle=2216,i,6873913864203263267,792881258309955960,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1431813
Product:	CloudBasic
Start time:	20:21:11
Start date:	25.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://clc.li/bsLRU

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://clc.li/bsLRU

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://clc.li/bsLRU