Windows Analysis Report
https://frimac2.z13.web.core.windows.net/

Overview

General Information

Sample URL:	https://frimac2.z13.web.core.windows.net/
Analysis ID:	1432394
Infos:

Detection

TechSupportScam

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected TechSupportScam

Classification

Signatures

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_127, type: DROPPED

Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.20
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.20
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /boot+1-888-357-9850strap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /57319e009c52c0bc56e39866/default HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /code?code=a7400ed6d3f8ef9dff8b932728043756 HTTP/1.1Host: edgecdn.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-main.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-vendor.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-vendors.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-common.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-runtime.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-app.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://frimac2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/languages/en.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYDyZ HTTP/1.1Host: vsa56.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: UshmtBHbRSnc347qEKmXjQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/min-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/bubble-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/message-preview.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYEEQ HTTP/1.1Host: vsa90.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: pNlYETHcgxrTYs52fNoPww==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/max-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYEW1 HTTP/1.1Host: vsa104.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: akQjCvIpgtZuV3UQ8oLuVg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYFAf HTTP/1.1Host: vsa85.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: eJo/QvM4otQdh6S8WXaKDQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYFSV HTTP/1.1Host: vsa85.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: HQPrU3GdycYbfAShpS0jhA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_99.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_99.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=iA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},lA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_99.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")\|\|LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_136.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_99.2.dr	String found in binary or memory: var NB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var h=Fz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: embed.tawk.to
Source: global traffic	DNS traffic detected: DNS query: edgecdn.dev
Source: global traffic	DNS traffic detected: DNS query: va.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa56.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa90.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa104.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa85.tawk.to

Source: unknown

HTTP traffic detected: POST /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveContent-Length: 195sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/json; charset=utf-8Accept: */*Origin: https://frimac2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 26 Apr 2024 22:31:11 GMTContent-Type: application/javascript; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-EncodingVary: Accept-EncodingCDN-PullZone: 252412CDN-Uid: b1941f61-b576-4f40-80de-5677acb38f74CDN-RequestCountryCode: USAccess-Control-Allow-Origin: *Cache-Control: no-cacheCDN-ProxyVer: 1.04CDN-RequestPullSuccess: TrueCDN-RequestPullCode: 404CDN-CachedAt: 04/26/2024 15:07:06CDN-EdgeStorageId: 845timing-allow-origin: *cross-origin-resource-policy: cross-originX-Content-Type-Options: nosniffCDN-Status: 404CDN-RequestId: 55c31d900d7fd09f6ddded606a7dd5dcCDN-Cache: MISSCF-Cache-Status: HITAge: 26629Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadServer: cloudflareCF-RAY: 87aa05866e1f4249-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_95.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_95.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_127.2.dr	String found in binary or memory: http://www.hitsteps.com/
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_127.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_127.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_127.2.dr	String found in binary or memory: https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
Source: chromecache_127.2.dr	String found in binary or memory: https://embed.tawk.to/57319e009c52c0bc56e39866/default
Source: chromecache_90.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-arr-find-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-entries-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-event-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-iterator-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-object-values-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-promise-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js
Source: chromecache_109.2.dr, chromecache_100.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_109.2.dr, chromecache_100.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_100.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_127.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Source: chromecache_136.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_127.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/boot
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-L8V34Z2LQF
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-P31V82TK4L
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_121.2.dr, chromecache_129.2.dr	String found in binary or memory: https://www.tawk.to/?utm_source=tawk-messenger&utm_medium=link&utm_campaign=referral&utm_term=57319e
Source: chromecache_99.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_127, type: DROPPED

Source: classification engine

Classification label: mal48.phis.win@16/117@28/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2176,i,2724295210524159303,2702105258062751285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://frimac2.z13.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2176,i,2724295210524159303,2702105258062751285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.1.229	jsdelivr.map.fastly.net	United States	54113	FASTLYUS	false
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.10.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
172.67.193.253	edgecdn.dev	United States	13335	CLOUDFLARENETUS	false
104.22.25.131	vsa90.tawk.to	United States	13335	CLOUDFLARENETUS	false
104.18.11.207	stackpath.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
142.251.40.132	www.google.com	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
172.67.38.66	vsa104.tawk.to	United States	13335	CLOUDFLARENETUS	false
104.22.24.131	embed.tawk.to	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
jsdelivr.map.fastly.net	151.101.1.229	true
stackpath.bootstrapcdn.com	104.18.11.207	true
vsa90.tawk.to	104.22.25.131	true
maxcdn.bootstrapcdn.com	104.18.10.207	true
edgecdn.dev	172.67.193.253	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
vsa104.tawk.to	172.67.38.66	true
embed.tawk.to	104.22.24.131	true
va.tawk.to	104.22.24.131	true
bg.microsoft.map.fastly.net	199.232.214.172	true
vsa56.tawk.to	104.22.24.131	true
cdnjs.cloudflare.com	104.17.24.14	true
vsa85.tawk.to	104.22.24.131	true
www.google.com	142.251.40.132	true
cdn.jsdelivr.net	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css	false		high
https://embed.tawk.to/57319e009c52c0bc56e39866/default	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/max-widget.css	false		high
about:blank	false	Avira URL Cloud: safe	low
https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756	false	Avira URL Cloud: safe	unknown
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js	false		high
https://va.tawk.to/v1/session/start	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js	false		high
https://va.tawk.to/v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null	false		high
https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/bubble-widget.css	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/min-widget.css	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/languages/en.js	false		high
https://stackpath.bootstrapcdn.com/boot+1-888-357-9850strap/4.5.2/js/bootstrap.min.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js	false		high
https://cdn.jsdelivr.net/emojione/2.2.7/lib/js/emojione.min.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js	false		high
https://cdn.jsdelivr.net/npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js	false		high
https://embed.tawk.to/_s/v4/assets/images/attention-grabbers/62-r-br.svg	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js	false		high
https://embed.tawk.to/_s/v4/app/6625f366c87/css/message-preview.css	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text, with very long lines (65446), with CRLF line terminators	1887EA35E4AC68786CE2A6823837E2AE	DC2691AADC57DE15FBE08D6FA56258B3C3E1C7D9	FA805C54BA0B9E7F04D5987DE200248A7DCF979D8842C90AE4DA9A98B73F52B3
Chrome Cache Entry: 101	ASCII text, with very long lines (32014)	7BB7AAC0CAC89A90304AF1C72EB4F50D	729F6F8CA5787D89743B0ED7EB27FD76406BF985	F5C06455E539DCD889F7F05D709B5ADC76C444099FE57F431365AF2FC57E803B
Chrome Cache Entry: 102	PNG image data, 27 x 28, 8-bit colormap, non-interlaced	35629CC2ADC804353A548305F1217206	CDA6E89C5F6A644683AEA6999A5D11E00DC64275	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
Chrome Cache Entry: 103	ASCII text	9D96D694079AF413F073FE36DDBB8542	1539453060585121DB9E797C1636B91A535E60F7	0DAFE30F37039D8C53A70C12F09A00A5DB144F1D1175E7ECBC4500ACEE4082DC
Chrome Cache Entry: 104	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced	57301BE4C3697F4C66598A4072471CFB	A40272B64A0FC68E54152672F0BF42989EA6CD31	122F24453C31161F4CD4454E92F0A14CF92A1D077BF53F5CB5D7145BC28EA4E9
Chrome Cache Entry: 105	Unicode text, UTF-8 text, with very long lines (65458)	5FF5B56DD253D3FD717915B2773593D3	3FCB89ABD877241F130E2712B54233763D0D2B03	162951E9132B74BF11C97D7F234D998954DF2729C604E2925291A28699ACA260
Chrome Cache Entry: 106	ASCII text, with very long lines (535), with no line terminators	C506281367048D4A134C9AFFBC68C8C6	FFA331EB81694501D6FF64AE2D1F7E667529C3BA	7E0A886153A50F34ADEB6D141B542D08A6338C5E3BADA9FC3CCF88D0580356DF
Chrome Cache Entry: 107	PNG image data, 33 x 31, 8-bit colormap, non-interlaced	905D91C276116928FA306EA732723FA9	092604F6A8786E46A7DEE06065D29D2896FCF568	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
Chrome Cache Entry: 108	ASCII text, with very long lines (5945)	DE38173356938DC467880A025590AA69	7CD921A1465F2BFEE61B447342659B2D0A7DC47B	ACA53E594401A0630E988DFAA6DD621BB2E5FF289E4B1FAF27F190B2091B1A41
Chrome Cache Entry: 109	Unicode text, UTF-8 text, with very long lines (65335)	5B42276B3039EAF18CC199CB4C8DB7B8	719956AA52DB4C8AFDC5C0CFB3CBDEAD6258B8A6	932EA15108928991BCF0C0A46415FC652DE5FFC0158C35205357B90C65EEB386
Chrome Cache Entry: 110	PNG image data, 254 x 71, 8-bit/color RGBA, non-interlaced	16A5ADFEFC0ECFC8ED6ED1582134B2AA	67DC4757E76A84D90DFE5416C562C4DA3AA02C61	55045C1493DCEF8CA7F39E91E0926FC1EE6329196D5032F4ECA40126FB910F3B
Chrome Cache Entry: 111	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	2CD03A547F00CAD010F9038619DF45DE	912F919836A77A514C76B990ACEAF5E930A24024	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
Chrome Cache Entry: 112	SVG Scalable Vector Graphics image	9F9370510AE706972F6BCA868CD18E3E	969B1F3FBF8D448E51E1D1ED5329540B1A9B77D1	3CF0BE5FFCD530F43FA3A3B316EDDCF5C9A064C883432032415F462DF545D79D
Chrome Cache Entry: 113	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3	4BF52EB9B3EFCE840ADD1A90D83A40E5	6348A7617DFCE3165E07AF53A48DF7892D62FFE1	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
Chrome Cache Entry: 114	ASCII text, with very long lines (5945)	44D6B5B8DDEF57C17489560412BBAD3F	8C24D413B94FE89BB4B547CC86E1AB080ADDCA63	20F5E468E0172B99664CD09183065109796FFBE709A2BE40150BA4CEEE28E82F
Chrome Cache Entry: 115	ASCII text, with very long lines (18229), with no line terminators	6BF62C737DEC7D16542425992BE5986C	7F5EC461A46E4526FCF8ED0A24F758BD0168E5B0	2DEAAE9C5E06DF6C98B9775E2A5FBB66EAB1A591458F9D1982E8F0E350FDB59E
Chrome Cache Entry: 116	ASCII text, with very long lines (9929), with no line terminators	70AEC2DD89CAC4933594C25B71D61F46	3DFE6F517BD57ABBEA46DD4DA776E80270D9DB5F	CD50385CEF163EB376D93E7B1E07FE467DE23B60C98373F7D69448214D3E9CDD
Chrome Cache Entry: 117	HTML document, ASCII text, with very long lines (321), with no line terminators	C97714501817C22276163D64A7D3410A	E441786F6C400FF22CC9970B1F81818D70FF436E	4471C341E0E9C625437E11050AD4AB9B7BC293955E7E5145BFDB0786D86EDAAA
Chrome Cache Entry: 118	ASCII text, with CRLF line terminators	44FAF5859194204C9CC88DB4518D50EA	1A2A1B76B67B9483EA92E96978A1E8C394294931	BE76654BB0CEE25E448B33B0F153BAE61295821338EB858BE5B91BACDB564AEA
Chrome Cache Entry: 119	ASCII text, with very long lines (699), with no line terminators	838903127A65EC440893B4945C40CA4A	827F3E5341F56FA4473D53B788AF41EC6BF21B8B	89F08C4A66C9A737C6155B8313E87B36687FE65BFC9A1BA1783AEACE487BCDE3
Chrome Cache Entry: 120	ASCII text, with very long lines (906), with no line terminators	1C5ECF371149FECA23BD895BA9DFEC4D	6F6213AE4C63D959441572D232F0425467ED05DE	FB193C2BCF1A14030CEA8D72BAA20AB7B1CF88F9E90ADB31895279BEEDF6BF84
Chrome Cache Entry: 121	JSON data	A91BD06948B589428DFA825D7B0CB4CB	F12307D1E696084535E87AE6A4A5490C69C8CF5A	8144D6E972F7EC12683996F7E7C4BB884F2FABA23EBDACC448185E2D042A5C78
Chrome Cache Entry: 122	ASCII text, with no line terminators	4CF09A531C260F6F06378FD2521C1B24	CD708E55317C517E02C97C54D62E1F99952C5773	D8637AFC3E6A2A5512A1D6914980BA597263C1D015C8C6940ED04F59447F9D0E
Chrome Cache Entry: 123	PNG image data, 77 x 72, 8-bit colormap, non-interlaced	D648C1837D01495ECCD63E053491F72A	991D8F6C72777239472410D6129FD5F25ED9D134	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
Chrome Cache Entry: 124	ASCII text, with no line terminators	EC331136E75314D2030EE013B6069921	6B7428B8B15616A67F767D42964AF94FCBE2A803	A7358DF6B7B60280F2A0D7CD5B70A9F1DFA4FCE5C31FB1A24FB2F109AF7EE977
Chrome Cache Entry: 125	ASCII text, with very long lines (40772), with no line terminators	96BE1F6983C01FE07004E163E0C6CE8A	46334521CA7C554FB7608E4E93CBA4C6FAC72F77	26C00C91AA26F8A81DC41FE7CA0DB1DFD849180200596138437F2CA57357DD0F
Chrome Cache Entry: 126	PNG image data, 27 x 28, 8-bit colormap, non-interlaced	35629CC2ADC804353A548305F1217206	CDA6E89C5F6A644683AEA6999A5D11E00DC64275	C1D52E31F7FC13CBB3EFCA8B0EC937DDD97A5EC545C4DAD26193429DB10D8662
Chrome Cache Entry: 127	HTML document, Unicode text, UTF-8 text, with CRLF, LF line terminators	F1ED77149DE791DF1EBFE43D5DE9BA59	F2C242DD846AAD3353172E1B2CC4D8611A79BCD4	CD2C4A3DC43AE4808BECD9774C8897A5BD9331214977DA2905023BCB98DDA83B
Chrome Cache Entry: 128	assembler source, ASCII text, with CRLF line terminators	F6DB8CA9B3EE49C27EDBA6C1C0E82CCF	815CEBD80B73D3F386A34AC530C13E42BD3D2F92	5745A7467A952F4FDF36D3D4ABB88C5587E9D159F3F0E325C25AAB2875933BB7
Chrome Cache Entry: 129	JSON data	A91BD06948B589428DFA825D7B0CB4CB	F12307D1E696084535E87AE6A4A5490C69C8CF5A	8144D6E972F7EC12683996F7E7C4BB884F2FABA23EBDACC448185E2D042A5C78
Chrome Cache Entry: 130	ASCII text, with very long lines (24751), with no line terminators	D4F9AD34FAE3BA64CBC48057DC47E968	F8D0D55DC6E9B5D53F74B0B8BFC5E2EDBDB0618D	2B5B9F68ACE12B789B1371204754547021DCBF3E9DF630E7E22B49EE56E05B8C
Chrome Cache Entry: 131	ASCII text, with very long lines (13521), with no line terminators	950518E32FD92957181F766F08D3CF98	9FE20C86B818D3576E9D70E6ED091964CB8B7427	2F56F47D64037D5AA3A96B50C840580E5549FEE6F9FAFFF8AF3D1821D189FA5C
Chrome Cache Entry: 132	PNG image data, 47 x 46, 8-bit/color RGBA, non-interlaced	57301BE4C3697F4C66598A4072471CFB	A40272B64A0FC68E54152672F0BF42989EA6CD31	122F24453C31161F4CD4454E92F0A14CF92A1D077BF53F5CB5D7145BC28EA4E9
Chrome Cache Entry: 133	SVG Scalable Vector Graphics image	9F9370510AE706972F6BCA868CD18E3E	969B1F3FBF8D448E51E1D1ED5329540B1A9B77D1	3CF0BE5FFCD530F43FA3A3B316EDDCF5C9A064C883432032415F462DF545D79D
Chrome Cache Entry: 134	PNG image data, 1920 x 4123, 8-bit colormap, non-interlaced	9E2FBC1F14C1CAA8BBA2F4A34DB3131A	010C089F55A5448A2E464ECE898FAA24BD4FDB43	480B5166C50E6FD5DE664840081DAFE628F32DD575AFA771DF0E8C6E088BA1A4
Chrome Cache Entry: 135	ASCII text, with very long lines (11139), with no line terminators	2C0A34EB401CADF7CBFF6278FEE2648E	DBE67F8390375E1C733D456B2F99573EF65557A0	46C6D4802A043D5E6E655091ECBB961110943825F54F74F5364AD786A234976E
Chrome Cache Entry: 136	ASCII text, with very long lines (5945)	5AA935D789EAF24CE8AE58C905C3B665	06860BE3505C0110589649C10FADE00D1E7CDC9C	5F870E92CF2819D3DAFCBD160B3456687BAB208D418B882076BD0465EF4D736A
Chrome Cache Entry: 137	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced	BE42AD7752720327D28BF52DBDBB64C2	F4CCE31B9236319AA9C87FEE038638D1DE12C07D	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
Chrome Cache Entry: 138	PNG image data, 1920 x 4123, 8-bit colormap, non-interlaced	9E2FBC1F14C1CAA8BBA2F4A34DB3131A	010C089F55A5448A2E464ECE898FAA24BD4FDB43	480B5166C50E6FD5DE664840081DAFE628F32DD575AFA771DF0E8C6E088BA1A4
Chrome Cache Entry: 139	PNG image data, 77 x 63, 8-bit colormap, non-interlaced	B0495EDE4C875843FEC037C794E9FF9A	C813AEFBA255A5CC53AEA7811F987CCB551C3128	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
Chrome Cache Entry: 140	ASCII text, with very long lines (65472)	3B341E35B39F6195793ECAF5DB7C1D63	3EF56ED9AC8BFBF5347DC4592653703F59763083	548669D6434F5204DCA25B9A6F8A02F63301B8C1B58A717B91FEC8B6C2918305
Chrome Cache Entry: 141	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	1C3D5911E95C767EF9550243BB2C0945	78B1E6E8BCC67D5B2A8F78D7030C0684DCFFE098	28A21016BDF4EC9B77DD794ECA44ABD4B2A73BD79CAD53641F6D9F1140E96B3C
Chrome Cache Entry: 142	PNG image data, 254 x 71, 8-bit/color RGBA, non-interlaced	16A5ADFEFC0ECFC8ED6ED1582134B2AA	67DC4757E76A84D90DFE5416C562C4DA3AA02C61	55045C1493DCEF8CA7F39E91E0926FC1EE6329196D5032F4ECA40126FB910F3B
Chrome Cache Entry: 143	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced	51147EB9734C3C0CAF22AA77A80D96F0	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
Chrome Cache Entry: 144	PNG image data, 77 x 72, 8-bit colormap, non-interlaced	D648C1837D01495ECCD63E053491F72A	991D8F6C72777239472410D6129FD5F25ED9D134	9EDBF56B360080F5D6765DCE77353B8130E9F8316AD34C68F6C2792CDC446321
Chrome Cache Entry: 145	PNG image data, 2080 x 2080, 8-bit/color RGBA, non-interlaced	BE42AD7752720327D28BF52DBDBB64C2	F4CCE31B9236319AA9C87FEE038638D1DE12C07D	C3AD6AA1C03FD108854F008CFEC2753BA623E1470A4D61798B5D8C050E474868
Chrome Cache Entry: 146	ASCII text, with very long lines (18963), with no line terminators	4F773FE8050DCFD8FD096E061EED08A7	0921110716284E797A40855B98B113B683FADB51	29704F658E0A24AF40A7EC9F1BA5800E7BF3366DE3FEAE6E044BD20C28C89018
Chrome Cache Entry: 147	PNG image data, 42 x 702, 8-bit grayscale, non-interlaced	51147EB9734C3C0CAF22AA77A80D96F0	DC33807CD0C0C35BB98D8E23EFE2D625137A43F5	92D8510869B3D581401A93130FA72E4B54C5BF28DC8005994C5248D9AFBFC37B
Chrome Cache Entry: 148	ASCII text, with very long lines (5945)	7D353D9248243688E3804FF3BC640740	5326DE4935A4CF5F9AE48BA8AF21E16596686A05	8CBCC75838747FB5C941D5D1AD61221075CD2A9B632929648586C10DBF39B9DE
Chrome Cache Entry: 149	ASCII text, with no line terminators	E736E189EDB5D0D9D5B8E7F23DD9114A	BCABEE193F13756FA9154FC492FE420C47140343	13CF82E6F9D48221CD55F8B3C3D206F7BDB83F291034B478E484CCFEF7D500DD
Chrome Cache Entry: 150	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	1C3D5911E95C767EF9550243BB2C0945	78B1E6E8BCC67D5B2A8F78D7030C0684DCFFE098	28A21016BDF4EC9B77DD794ECA44ABD4B2A73BD79CAD53641F6D9F1140E96B3C
Chrome Cache Entry: 151	ASCII text, with no line terminators	DA5BB1DC647470204DF0E49F5AFAC2DE	F5CBF596CA5E4FE208E4C55AF6E45B71F9FEBBE8	705186BECC9E0A306A6B4867AE2768AA9DD3B8C12393D9F9C52029E9A6FCF31C
Chrome Cache Entry: 152	JSON data	7464AA9E0B5A66DC886A358AAD59678F	2154BA86166207B449C10ECC6C20D57461CDD49B	8EA23781867D642ED7D4974A3690A73769FD8E81A16FB63BC64F7F9F0F25D94D
Chrome Cache Entry: 87	ASCII text, with CRLF, LF line terminators	7F37A030886EC7FCE1D065EC482789EE	661AD608AC1513E2CCDEC4CD55EB552A8604C8F6	75B20E74E3EFFA00E4B62B9DA6DF7D7542D91CB4B50078B8365112D556A73A7E
Chrome Cache Entry: 88	PNG image data, 63 x 70, 8-bit colormap, non-interlaced	2CD03A547F00CAD010F9038619DF45DE	912F919836A77A514C76B990ACEAF5E930A24024	C56A8AE4818963E0D71EDA4EBF46B4F2CDD3A238537DC8E99711FB690D272A73
Chrome Cache Entry: 89	Unicode text, UTF-8 text, with very long lines (65464)	1C73B4EB89BBE24ECF154B671DDBCAFC	75E59EC09164B620648BE5CC80048372E6C62AA5	972DE8C5257C5C31F0AE45016595089022E4F82E766CEC78FB40C997BFBAC75F
Chrome Cache Entry: 90	ASCII text, with very long lines (2306), with no line terminators	D1DC816C161B3A7313B3D42F478F140A	66E30073FF65F5B96FED00992224F97DD93453BC	CC6265BB78FC4F136D1E4843B385D90A1FABA320821361B71895DCAF2077630F
Chrome Cache Entry: 91	ASCII text, with very long lines (65536), with no line terminators	AA429D098305EFEB3D236B3872F2DA79	E0D6E416EB7C1C8F10EC76F835EDA23D5C1D0AB0	5285275760CE24F97FC85A2AA7A705E2BFCDEBE875A6028441382D2CA36B3F1C
Chrome Cache Entry: 92	ASCII text, with very long lines (32180)	7F9FB969CE353C5D77707836391EB28D	62C4042E9EBC691A5372D653B424512A561D1670	2051D61446D4DBFFB03727031022A08C84528AB44D203A7669C101E5FBDD5515
Chrome Cache Entry: 93	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=12, height=39, bps=158, PhotometricIntepretation=RGB, orientation=upper-left, width=180], baseline, precision 8, 180x39, components 3	4BF52EB9B3EFCE840ADD1A90D83A40E5	6348A7617DFCE3165E07AF53A48DF7892D62FFE1	A85F1E749A829C5C909837844C6B53CE0A9AE2ADB7C8EAC0E7B96C372C679A0D
Chrome Cache Entry: 94	PNG image data, 33 x 31, 8-bit colormap, non-interlaced	905D91C276116928FA306EA732723FA9	092604F6A8786E46A7DEE06065D29D2896FCF568	9CFFD13C2CE05EBE032709A88FA59504E1218A12B175EC40D5AAB280C18BE51E
Chrome Cache Entry: 95	ASCII text, with very long lines (27303)	4FBD15CB6047AF93373F4F895639C8BF	12D6861075DE8E293265FF6FF03B1F3ADCB44C76	DDD92F10AD162C7449EFF0ACAF40598C05B1111739587EDB75E5326B6697C5D5
Chrome Cache Entry: 96	ASCII text, with very long lines (65464)	44934D48F839E3143311BC044E6E0D89	A96C3D95BE19A80330977ACEAD67FD9B92AC6E4B	500D20E95A2ED662891673D812FE9A71E2E2C31B170BCD331C33B97114879FA6
Chrome Cache Entry: 97	PNG image data, 77 x 63, 8-bit colormap, non-interlaced	B0495EDE4C875843FEC037C794E9FF9A	C813AEFBA255A5CC53AEA7811F987CCB551C3128	52B762D47C066E16300675D56CC359B504FFD3239438C96EB973864311BB7B79
Chrome Cache Entry: 98	Audio file with ID3 version 2.3.0, contains:\012- MPEG ADTS, layer III, v2, 64 kbps, 22.05 kHz, Monaural	0116152611DD51432E852781F8CC7E82	2408D3D281B25649894F78A4E19F7F8A8AC735F9	FC59BBB18F923747B9CD3F3B23537FF09C5AD2FDFC1505A4800A3F269A234E65
Chrome Cache Entry: 99	ASCII text, with very long lines (5945)	8C2BDE218B82652B7DD9984EF625C306	DA72F6B1D26F608B996B412E6B86DD4E3A3526D3	3C2704C257D40475372C7B30D1A572FAD63B6DE5E38D6AB9A6FB7FE1906367CA

Phishing

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_127, type: DROPPED

Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon
Source: about:blank	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.20
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.121.20
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ajax/libs/jquery/2.1.3/jquery.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /font-awesome/4.5.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /boot+1-888-357-9850strap/4.5.2/js/bootstrap.min.js HTTP/1.1Host: stackpath.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/bootstrap@5.3.0-alpha1/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /57319e009c52c0bc56e39866/default HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /code?code=a7400ed6d3f8ef9dff8b932728043756 HTTP/1.1Host: edgecdn.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-main.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-vendor.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-vendors.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-common.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-runtime.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-app.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://frimac2.z13.web.core.windows.netsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://frimac2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/languages/en.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/widget-settings?propertyId=57319e009c52c0bc56e39866&widgetId=default&sv=null HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2c776523.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-9294da6c.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-f1565420.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b383d.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYDyZ HTTP/1.1Host: vsa56.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: UshmtBHbRSnc347qEKmXjQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-48f3b594.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-4fe9d5dd.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/min-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/bubble-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/message-preview.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-2d0b9454.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/js/twk-chunk-24d8db78.js HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /emojione/2.2.7/lib/js/emojione.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://frimac2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYEEQ HTTP/1.1Host: vsa90.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: pNlYETHcgxrTYs52fNoPww==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /_s/v4/app/6625f366c87/css/max-widget.css HTTP/1.1Host: embed.tawk.toConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /_s/v4/assets/images/attention-grabbers/62-r-br.svg HTTP/1.1Host: embed.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYEW1 HTTP/1.1Host: vsa104.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: akQjCvIpgtZuV3UQ8oLuVg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYFAf HTTP/1.1Host: vsa85.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: eJo/QvM4otQdh6S8WXaKDQ==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /s/?k=662c2b3aa3c8d40bf99caf64&cver=0&pop=false&asver=925&tkn=eyJhbGciOiJFUzI1NiIsInR5cCI6IkpXVCIsImtpZCI6InZpc2l0b3ItYXBwbGljYXRpb24tc2VydmVyLTIwMjEwMjIifQ.eyJwaWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYiLCJ2aWQiOiI1NzMxOWUwMDljNTJjMGJjNTZlMzk4NjYtWWtRZEt5eG5DMGdoUXptdm1EOWlVIiwic2lkIjoiNjYyYzJiM2FhM2M4ZDQwYmY5OWNhZjY0IiwiaWF0IjoxNzE0MTcwNjgyLCJleHAiOjE3MTQxNzI0ODIsImp0aSI6Im1ocGlVd00zYjE4OUtmMjhHWHo0dCJ9.UQ9B3fn_DloCS4csUpOp4LUQ4g_NFCMn98xiOci6wYlZ8qAYwsp1Wvbhs7NrFUE9NwHhiD5LFSA_BmpNqQDQGQ&EIO=3&transport=websocket&__t=OySYFSV HTTP/1.1Host: vsa85.tawk.toConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Upgrade: websocketOrigin: https://frimac2.z13.web.core.windows.netSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Sec-WebSocket-Key: HQPrU3GdycYbfAShpS0jhA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/session/start HTTP/1.1Host: va.tawk.toConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_99.2.dr	String found in binary or memory: Math.round(p);v["gtm.videoCurrentTime"]=Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Qj:function(){e=zb()},sd:function(){d()}}};var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_99.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var h=iA(a,c,e);M(121);if("https://www.facebook.com/tr/"===h["gtm.elementUrl"])return M(122),!0;if(d&&f){for(var m=Jb(b,g.length),n=0;n<g.length;++n)g[n](h,m);return m.done}for(var p=0;p<g.length;++p)g[p](h,function(){});return!0},lA=function(){var a=[],b=function(c){return pb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_99.2.dr	String found in binary or memory: e\|\|f\|\|g.length\|\|h.length))return;var n={Xg:d,Vg:e,Wg:f,Ih:g,Jh:h,ye:m,Ab:b},p=D.YT,q=function(){IC(n)};if(p)return p.ready&&p.ready(q),b;var r=D.onYouTubeIframeAPIReady;D.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(LC(w,"iframe_api")\|\|LC(w,"player_api"))return b}for(var x=H.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!CC&&JC(x[A],n.ye))return tc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_136.2.dr	String found in binary or memory: return b}yC.J="internal.enableAutoEventOnTimer";var dc=ka(["data-gtm-yt-inspected-"]),AC=["www.youtube.com","www.youtube-nocookie.com"],BC,CC=!1; equals www.youtube.com (Youtube)
Source: chromecache_99.2.dr	String found in binary or memory: var NB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var h=Fz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);M(121);if("https://www.facebook.com/tr/"===m)return M(122),!0;h["gtm.elementUrl"]=m;h["gtm.formCanceled"]=c;null!=a.getAttribute("name")&&(h["gtm.interactedFormName"]=a.getAttribute("name"));e&&(h["gtm.formSubmitElement"]=e,h["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!uy(h,vy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: stackpath.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: embed.tawk.to
Source: global traffic	DNS traffic detected: DNS query: edgecdn.dev
Source: global traffic	DNS traffic detected: DNS query: va.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa56.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa90.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa104.tawk.to
Source: global traffic	DNS traffic detected: DNS query: vsa85.tawk.to

Source: unknown

Source: global traffic

Source: chromecache_95.2.dr	String found in binary or memory: http://fontawesome.io
Source: chromecache_95.2.dr	String found in binary or memory: http://fontawesome.io/license
Source: chromecache_127.2.dr	String found in binary or memory: http://www.hitsteps.com/
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_127.2.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap
Source: chromecache_127.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_127.2.dr	String found in binary or memory: https://edgecdn.dev/code?code=a7400ed6d3f8ef9dff8b932728043756
Source: chromecache_127.2.dr	String found in binary or memory: https://embed.tawk.to/57319e009c52c0bc56e39866/default
Source: chromecache_90.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-app.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-arr-find-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-common.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-chunk-vendors.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-entries-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-event-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-iterator-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-main.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-object-values-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-promise-polyfill.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-runtime.js
Source: chromecache_103.2.dr	String found in binary or memory: https://embed.tawk.to/_s/v4/app/6625f366c87/js/twk-vendor.js
Source: chromecache_109.2.dr, chromecache_100.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_109.2.dr, chromecache_100.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_100.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_127.2.dr	String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.5.0/css/font-awesome.min.css
Source: chromecache_136.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_127.2.dr	String found in binary or memory: https://stackpath.bootstrapcdn.com/boot
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_136.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-4FXBGDDKSQ
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-L8V34Z2LQF
Source: chromecache_127.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-P31V82TK4L
Source: chromecache_108.2.dr, chromecache_148.2.dr, chromecache_114.2.dr, chromecache_99.2.dr, chromecache_136.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_121.2.dr, chromecache_129.2.dr	String found in binary or memory: https://www.tawk.to/?utm_source=tawk-messenger&utm_medium=link&utm_campaign=referral&utm_term=57319e
Source: chromecache_99.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Spam, unwanted Advertisements and Ransom Demands

Yara detected TechSupportScam

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: 0.9.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML
Source: Yara match	File source: 0.7.pages.csv, type: HTML
Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_127, type: DROPPED

Source: classification engine

Classification label: mal48.phis.win@16/117@28/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2176,i,2724295210524159303,2702105258062751285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://frimac2.z13.web.core.windows.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2384 --field-trial-handle=2176,i,2724295210524159303,2702105258062751285,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1432394
Product:	CloudBasic
Start time:	00:30:14
Start date:	27.04.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://frimac2.z13.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://frimac2.z13.web.core.windows.net/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

Spam, unwanted Advertisements and Ransom Demands

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://frimac2.z13.web.core.windows.net/