Edit tour

Windows Analysis Report
http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf

Overview

General Information

Sample URL:	http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf
Analysis ID:	1622824
Infos:

Detection

Score:	60
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for dropped file

Found potential malicious PDF (bad image similarity)

AI detected suspicious Javascript

Drops files with a non-matching file extension (content does not match file extension)

HTML page contains hidden javascript code

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6120 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 2996 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2500,i,2021336863813958274,10206070511735306969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6544 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

Acrobat.exe (PID: 6148 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf" MD5: 24EAD1C46A47022347DC0F05F6EFBB8C)

AcroCEF.exe (PID: 2284 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

AcroCEF.exe (PID: 6556 cmdline: "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1600,i,16413146433532025322,16228865156436144857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8 MD5: 9B38E8E8B6DD9622D24B53E095C5D9BE)

chrome.exe (PID: 6748 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 4020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1948,i,2338278419331860507,10860131123284370180,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for dropped file

Source: C:\Users\user\Downloads\2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp	Avira: detection malicious, Label: HTML/Malicious.PDF.Gen2
Source: C:\Users\user\Downloads\downloaded.pdf.crdownload	Avira: detection malicious, Label: HTML/Malicious.PDF.Gen2

Phishing

AI detected suspicious Javascript

Source: 2.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: https://melurilexuki.urseghy.com/19048022028164012... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and the use of obfuscated code/URLs. The script appears to be engaging in malicious activities, such as redirecting to a suspicious domain and collecting user credentials. Overall, the script demonstrates a high level of risk and should be treated as potentially malicious.

Source: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none"><path fill="#B20F03" d="M16 3a13 13 0 1 0 13 13A13.015 13.015 0 0 0 16 3m0 24a11 11 0 1 1 11-11 11.01 11.01 0 0 1-11 11"/><path fill="#B20F03" d="M17.038 18.615H14.87L14.563 9.5h2....

Source: https://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: file:///C:/Users/user/Downloads/downloaded.pdf	HTTP Parser: No favicon
Source: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	HTTP Parser: No favicon
Source: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	HTTP Parser: No favicon
Source: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	HTTP Parser: No favicon
Source: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	HTTP Parser: No favicon
Source: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefej...	HTTP Parser: No favicon
Source: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefej...	HTTP Parser: No favicon

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf HTTP/1.1Host: uploads-ssl.webflow.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uploads-ssl.webflow.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdfAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf HTTP/1.1Host: uploads-ssl.webflow.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706a38ecdd43a6 HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&__cf_chl_rt_tk=eDLzJR7wv6zXNIqh_GZQ34LZCZOQPs5dpK4gB4rsv4s-1740410167-1.0.1.1-W7Vx86MRlsiWL0DctL6jsYch9c6ibU58k_KQGrvaE7IAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/b0e4a89976ce/api.js?onload=RGHt6&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://melurilexuki.urseghy.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikitAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/b0e4a89976ce/api.js?onload=RGHt6&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706a38ecdd43a6 HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/191709916:1740406321:hbifbq70cWUi9GGKg5_ZfgvkRu0F6c4pDeajZJ9n2QQ/91706a38ecdd43a6/tzIvlrb9OcGzbNojUsl00iM.qOiDwjcNbSNdGOw4Lbg-1740410167-1.2.1.1-tpYTK0BVGz0HzKHy0T7UaaaqwKGJbqDBySZOcp1yUr5.31Eg6P3Pfs.Zz.O8NX5P HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706a4e5cd7729f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706a4e5cd7729f&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikitAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1490551424:1740406284:a3XRnpVbsmTSqZM087RY7auMgVxb9nLaMs-CxvlqnAY/91706a4e5cd7729f/TuFdNwnHAlVTmOGng1p5J5N8V5znFXwAJeVCQBGcwjc-1740410170-1.1.1.1-.pxPblBu_vT_7SpX2UnQRHbDaCkCCWpAWU5w8p9Gb0jcjpCsD4ERTXC1.sqO_S5C HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/91706a4e5cd7729f/1740410173057/91f743929473608ce3801b23485f2504eab290b446364a439130ecd1cda59848/27S56fubV5DfXf0 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/91706a4e5cd7729f/1740410173059/7FrUJogf2EOiEPu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/91706a4e5cd7729f/1740410173059/7FrUJogf2EOiEPu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1490551424:1740406284:a3XRnpVbsmTSqZM087RY7auMgVxb9nLaMs-CxvlqnAY/91706a4e5cd7729f/TuFdNwnHAlVTmOGng1p5J5N8V5znFXwAJeVCQBGcwjc-1740410170-1.1.1.1-.pxPblBu_vT_7SpX2UnQRHbDaCkCCWpAWU5w8p9Gb0jcjpCsD4ERTXC1.sqO_S5C HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1490551424:1740406284:a3XRnpVbsmTSqZM087RY7auMgVxb9nLaMs-CxvlqnAY/91706a4e5cd7729f/TuFdNwnHAlVTmOGng1p5J5N8V5znFXwAJeVCQBGcwjc-1740410170-1.1.1.1-.pxPblBu_vT_7SpX2UnQRHbDaCkCCWpAWU5w8p9Gb0jcjpCsD4ERTXC1.sqO_S5C HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/191709916:1740406321:hbifbq70cWUi9GGKg5_ZfgvkRu0F6c4pDeajZJ9n2QQ/91706a38ecdd43a6/tzIvlrb9OcGzbNojUsl00iM.qOiDwjcNbSNdGOw4Lbg-1740410167-1.2.1.1-tpYTK0BVGz0HzKHy0T7UaaaqwKGJbqDBySZOcp1yUr5.31Eg6P3Pfs.Zz.O8NX5P HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&__cf_chl_tk=eDLzJR7wv6zXNIqh_GZQ34LZCZOQPs5dpK4gB4rsv4s-1740410167-1.0.1.1-W7Vx86MRlsiWL0DctL6jsYch9c6ibU58k_KQGrvaE7IAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/b0e4a89976ce/api.js?onload=RGHt6&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: http://melurilexuki.urseghy.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5jczk/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706ab8cef90fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5jczk/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5jczk/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706ab8cef90fa1&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/788372995:1740406396:PRiVM72jfZXuHb4i_FzBg030EgSm9AqMXiBq6xG1l3g/91706ab8cef90fa1/RT.blBc6oD0hgLxqLWf9UF0WnKUp.GttpOM6tVkjVwQ-1740410187-1.1.1.1-Za5Me9O3WZvmXXwF0bTcDJyrGy9HuYEW5n2tGkX0I0seqzYXxaI0MN5THGkHCiFs HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/91706ab8cef90fa1/1740410189470/OUzWr30czV7_6tT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5jczk/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/d/91706ab8cef90fa1/1740410189470/OUzWr30czV7_6tT HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/788372995:1740406396:PRiVM72jfZXuHb4i_FzBg030EgSm9AqMXiBq6xG1l3g/91706ab8cef90fa1/RT.blBc6oD0hgLxqLWf9UF0WnKUp.GttpOM6tVkjVwQ-1740410187-1.1.1.1-Za5Me9O3WZvmXXwF0bTcDJyrGy9HuYEW5n2tGkX0I0seqzYXxaI0MN5THGkHCiFs HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/788372995:1740406396:PRiVM72jfZXuHb4i_FzBg030EgSm9AqMXiBq6xG1l3g/91706ab8cef90fa1/RT.blBc6oD0hgLxqLWf9UF0WnKUp.GttpOM6tVkjVwQ-1740410187-1.1.1.1-Za5Me9O3WZvmXXwF0bTcDJyrGy9HuYEW5n2tGkX0I0seqzYXxaI0MN5THGkHCiFs HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=Y4UjJqero7yth3oMVl8zIMyf2PMs8EsVlSE72Pos8jI-1740410184-1.2.1.1-FXm0sDSvh3j3cA4UxX4R_Du209d2jwD.3AM883GmLHIKP8QIo2Voj4WoMHqGaZosbbA1wRukzQ6JJ4_C272A386C25ZARAikqCYN20pEZQxzrQMOpq5fIg_eQKO_1x0EsmwQdOt41IjhK8MD.dFHB.La7yZ3mjl_0g9_rHf.L5vbOwQERIfkYhe95_L6ym4RWDITeIk1QvG4ESbtaJ78S5NM6izIZbD4idiZJImeG_2wZQkMw83A39MGvnO0ecRR6LfNavzqeehrd08AdLxp31me6tmbjjXGgUjRhBvCbuzEmTZgoNJ0.iJwskovjfZdNNkm2jNqiVt7JD.YZ47.Jw; cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; _subid=1okijp670dee; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4
Source: global traffic	HTTP traffic detected: GET /wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=Y4UjJqero7yth3oMVl8zIMyf2PMs8EsVlSE72Pos8jI-1740410184-1.2.1.1-FXm0sDSvh3j3cA4UxX4R_Du209d2jwD.3AM883GmLHIKP8QIo2Voj4WoMHqGaZosbbA1wRukzQ6JJ4_C272A386C25ZARAikqCYN20pEZQxzrQMOpq5fIg_eQKO_1x0EsmwQdOt41IjhK8MD.dFHB.La7yZ3mjl_0g9_rHf.L5vbOwQERIfkYhe95_L6ym4RWDITeIk1QvG4ESbtaJ78S5NM6izIZbD4idiZJImeG_2wZQkMw83A39MGvnO0ecRR6LfNavzqeehrd08AdLxp31me6tmbjjXGgUjRhBvCbuzEmTZgoNJ0.iJwskovjfZdNNkm2jNqiVt7JD.YZ47.Jw; cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; _subid=1okijp670dee; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA
Source: global traffic	HTTP traffic detected: GET /wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=Y4UjJqero7yth3oMVl8zIMyf2PMs8EsVlSE72Pos8jI-1740410184-1.2.1.1-FXm0sDSvh3j3cA4UxX4R_Du209d2jwD.3AM883GmLHIKP8QIo2Voj4WoMHqGaZosbbA1wRukzQ6JJ4_C272A386C25ZARAikqCYN20pEZQxzrQMOpq5fIg_eQKO_1x0EsmwQdOt41IjhK8MD.dFHB.La7yZ3mjl_0g9_rHf.L5vbOwQERIfkYhe95_L6ym4RWDITeIk1QvG4ESbtaJ78S5NM6izIZbD4idiZJImeG_2wZQkMw83A39MGvnO0ecRR6LfNavzqeehrd08AdLxp31me6tmbjjXGgUjRhBvCbuzEmTZgoNJ0.iJwskovjfZdNNkm2jNqiVt7JD.YZ47.Jw; cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjox
Source: global traffic	HTTP traffic detected: GET /wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=Y4UjJqero7yth3oMVl8zIMyf2PMs8EsVlSE72Pos8jI-1740410184-1.2.1.1-FXm0sDSvh3j3cA4UxX4R_Du209d2jwD.3AM883GmLHIKP8QIo2Voj4WoMHqGaZosbbA1wRukzQ6JJ4_C272A386C25ZARAikqCYN20pEZQxzrQMOpq5fIg_eQKO_1x0EsmwQdOt41IjhK8MD.dFHB.La7yZ3mjl_0g9_rHf.L5vbOwQERIfkYhe95_L6ym4RWDITeIk1QvG4ESbtaJ78S5NM6izIZbD4idiZJImeG_2wZQkMw83A39MGvnO0ecRR6LfNavzqeehrd08AdLxp31me6tmbjjXGgUjRhBvCbuzEmTZgoNJ0.iJwskovjfZdNNkm2jNqiVt7JD.YZ47.Jw; cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjox
Source: global traffic	HTTP traffic detected: GET /wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=Y4UjJqero7yth3oMVl8zIMyf2PMs8EsVlSE72Pos8jI-1740410184-1.2.1.1-FXm0sDSvh3j3cA4UxX4R_Du209d2jwD.3AM883GmLHIKP8QIo2Voj4WoMHqGaZosbbA1wRukzQ6JJ4_C272A386C25ZARAikqCYN20pEZQxzrQMOpq5fIg_eQKO_1x0EsmwQdOt41IjhK8MD.dFHB.La7yZ3mjl_0g9_rHf.L5vbOwQERIfkYhe95_L6ym4RWDITeIk1QvG4ESbtaJ78S5NM6izIZbD4idiZJImeG_2wZQkMw83A39MGvnO0ecRR6LfNavzqeehrd08AdLxp31me6tmbjjXGgUjRhBvCbuzEmTZgoNJ0.iJwskovjfZdNNkm2jNqiVt7JD.YZ47.Jw; cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjox
Source: global traffic	HTTP traffic detected: GET /wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706aaa4ac64204 HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&__cf_chl_rt_tk=vKHEJ0QYQEqKbBqplEbubncW5eKGk_BP4D5EgS6krQM-1740410185-1.0.1.1-Jdkmy3E2NELJJy2FXD22xXeKcCm9ldIQB3_x37r6J_cAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706aaa4ac64204 HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikitAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1794753460:1740406285:ew9Rma6a6ek9_o-Shm4njg8YFfXDuXwHUsHLxAuUElI/91706aaa4ac64204/U_EQja.YkZEJIMtUDObrcDv49SPpZq05_QGTAA9YWXw-1740410185-1.2.1.1-jNyHjogUh3Poc5dfslrKaJZZqgJxREB3qzF44qwXvkdfKy1h11f_p39WXe4UbhCZ HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikitAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1794753460:1740406285:ew9Rma6a6ek9_o-Shm4njg8YFfXDuXwHUsHLxAuUElI/91706aaa4ac64204/U_EQja.YkZEJIMtUDObrcDv49SPpZq05_QGTAA9YWXw-1740410185-1.2.1.1-jNyHjogUh3Poc5dfslrKaJZZqgJxREB3qzF44qwXvkdfKy1h11f_p39WXe4UbhCZ HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: melurilexuki.urseghy.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&__cf_chl_tk=vKHEJ0QYQEqKbBqplEbubncW5eKGk_BP4D5EgS6krQM-1740410185-1.0.1.1-Jdkmy3E2NELJJy2FXD22xXeKcCm9ldIQB3_x37r6J_cAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Microsoft-CryptoAPI/10.0Host: x1.i.lencr.org

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: uploads-ssl.webflow.com
Source: global traffic	DNS traffic detected: DNS query: melurilexuki.urseghy.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: x1.i.lencr.org

Source: unknown

HTTP traffic detected: POST /report/v4?s=%2Bc6%2BpWqhpxF1KahhVKq0qq%2Bv6AeFLVCuYp3mT8FCYfUQzFCQkuHdjV7X7m1kBln3AK6puZh4dqiETGQIxjdTgjZTkTGKkTdqT1KFtzU6s7Bbl4iEyzzUr2rnFhIPggrJYvCKr89PrrbAbK0%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 931Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:15:51 GMTContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closex-amz-request-id: W0PPFVYZ3GBRVJ0Tx-amz-id-2: 5H4SwUmaLi3kRU9jMPwFQODLribajb1ueEth0QKFs2Gq9usFhSXWPnki2Vi+18gvz9drgo1cpbs=CF-Cache-Status: BYPASSAccess-Control-Allow-Origin: *Server: cloudflareCF-RAY: 917069d85f6a19cf-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="91706a382c638c75"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:07 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="91706a38ecdd43a6"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:09 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="91706a49c8c68cc5"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:13 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="91706a605fe85e67"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-timing: chlray;desc="91706aa599b77279"x-content-options: nosniffx-frame-options: SAMEORIGIN
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 15:17:32 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 24 Feb 2025 15:17:32 GMTSet-Cookie: _subid=1okijp670dfv; expires=Thu, 27 Mar 2025 15:17:32 GMT; path=/Set-Cookie: 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4; expires=Tue, 25 Feb 2025 15:17:32 GMT; path=/Vary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=X6B3PmLgSN3XmwoMCiG2f%2FJD7qCab9nlw4E6l1KHe%2FbFLiOScPsumr0cmzCxHH1h6HakIzyVTtFLM7ZU%2Bqxk3TdIoNMyC61ev7lVIJo7rb82Q4Kg2zQ%2FeeQthpVohBLAowyAr6Uam0YdUVY%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91706c4f3a5941c3-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2295&min_rtt=2292&rtt_var=866&sent=7&recv=9&lost=0&retrans=0&sent_bytes=2824&recv_bytes=3653&delivery_rate=1258078&cwnd=74&unsent_bytes=0&cid=d2b61ff8502899d8&ts=439&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 15:17:44 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 24 Feb 2025 15:17:44 GMTSet-Cookie: _subid=1okijp670dgd; expires=Thu, 27 Mar 2025 15:17:44 GMT; path=/Set-Cookie: 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4; expires=Tue, 25 Feb 2025 15:17:44 GMT; path=/Vary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=Unl7FaJKpY3QTBWmtn3kS06Y0TDbky4YxKS%2B3M1o0DC4QzE6PKVQXh%2B4Y1q%2FJLy4L%2BieYntFEbiiSRzR%2FY5E8HOvoD%2FZnZp9mAj8ju2cmZHfBvfqdyiG0Rn8eHa1XqJUwR6Gy0rQauRxqRU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91706c95ad1e4233-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1730&min_rtt=1720&rtt_var=665&sent=5&recv=8&lost=0&retrans=0&sent_bytes=2826&recv_bytes=3685&delivery_rate=1619523&cwnd=219&unsent_bytes=0&cid=0407f83d72eb4b29&ts=407&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 15:18:08 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 24 Feb 2025 15:18:08 GMTSet-Cookie: _subid=1okijp670dhj; expires=Thu, 27 Mar 2025 15:18:08 GMT; path=/Set-Cookie: 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4; expires=Tue, 25 Feb 2025 15:18:08 GMT; path=/Vary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=IR3%2B9sjN%2FpB5YbQsWEGKVqu8WIZ3vZNiH9uQKbGWBAajFrpn9eTajWFZNhIYK5%2FjOVm%2B%2BGZi00JG7fAhiIoJG3g2gh1uiB51wY3u7r4RlTXCvCOwiVydLNrlAX1g8pnFXAm9mWooTP%2FfMVw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91706d2e3d4e7cf6-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=2035&min_rtt=2035&rtt_var=763&sent=5&recv=9&lost=0&retrans=0&sent_bytes=2825&recv_bytes=3685&delivery_rate=1434889&cwnd=204&unsent_bytes=0&cid=eba47f7523e02ba7&ts=419&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 15:19:07 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 24 Feb 2025 15:19:07 GMTSet-Cookie: _subid=1okijp670djn; expires=Thu, 27 Mar 2025 15:19:07 GMT; path=/Set-Cookie: 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4; expires=Tue, 25 Feb 2025 15:19:07 GMT; path=/Vary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFrpALWyyAyeq3g5VJJohVVudkwOqdmuwgfChGeVV7XHraXNga4IoBvVrY6UqqMrAcaD8YXD80rRLWF3zaptMwk4sIUMt7SX9CEca6ZKVYQKZ6pAolJ6DseWSfz6U24E7dFCEo7PPIxJh%2Bk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 91706e9ccb9041ad-EWRalt-svc: h3=":443"; ma=86400server-timing: cfL4;desc="?proto=TCP&rtt=1736&min_rtt=1735&rtt_var=653&sent=6&recv=8&lost=0&retrans=0&sent_bytes=2824&recv_bytes=3685&delivery_rate=1672394&cwnd=189&unsent_bytes=0&cid=ee572cb21baf422c&ts=446&x=0"
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:26 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:28 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-Data Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 24 Feb 2025 15:16:45 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: keep-aliveSet-Cookie: cf_clearance=XJb2.TCObBgE4dZ3szawOBGSYcaj1oqhAudSTTzGvKM-1740410205-1.2.1.1-880W4fPLq5ruNAGQTnsiysdDcY8cMIk9BNQBG4X1FSMc0RXJON7EVomr0m8dnfM3qRGzexYYdYiRTz39SaCKFqOeS53txCsPgq5kVKo5N2_3xVEqkuKJnJn7zAL.8_PzFu.WtPtEjLMdstNY7iQD76EaYQLB6fh_NpBbD7lcrrCumsv0Xih3psE1_DvwPz9usKG2SCNJqnvLmZsIlOp.6WSe47ohJ51cqGGcNSd47MAEPmTOuiI5g7QXembWZvResH3V59bulAVKj8jLXZ7UROLI4dWnnTMeToEk0CYgqU3sxTdE1WwpJMf.nTtxJyqO7TINzNneS3IAea5IZvoxBQ; Path=/; Expires=Tue, 24-Feb-26 15:16:45 GMT; Domain=.urseghy.com; Priority=High; HttpOnlyCache-Control: no-cache, no-store, must-revalidateExpires: Mon, 24 Feb 2025 15:16:45 GMTSet-Cookie: _subid=1okijp670dee; expires=Thu, 27 Mar 2025 15:16:45 GMT; path=/Set-Cookie: 4ec93=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJkYXRhIjoie1wic3RyZWFtc1wiOntcIjg5NlwiOjE3NDA0MTAyMDV9LFwiY2FtcGFpZ25zXCI6e1wiNTNcIjoxNzQwNDEwMjA1fSxcInRpbWVcIjoxNzQwNDEwMjA1fSJ9.Q7whXStCkdN4MYDs0DLfwhypGgP4m_tXqDr9wekCkM4; expires=Tue, 25 Feb 2025 15:16:45 GMT; path=/Vary: Accept-Encodingcf-cache-status: DYNAMICReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflarData Raw: Data Ascii:
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 24 Feb 2025 15:16:45 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeaccept-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcf-mitigated: challengecritical-ch: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UAcross-origin-embedder-policy: require-corpcross-origin-opener-policy: same-origincross-origin-resource-policy: same-originorigin-agent-cluster: ?1permissions-policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()referrer-policy: same-originserver-Data Raw: Data Ascii:

Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://blog.zhutu.com/link.php?url=https://myconnect.waynesburg.edu/html/js/editor/fckeditor/editor/
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://byggsok.se/ExpoLogos/GotoURL?url=https://mdphd.ouhsc.edu/cfide/scripts/ajax/fckeditor/editor/
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://liyinmusic.com/vote/link.php?url=https://uploads-ssl.webflow.com/65dcb0216db9940bbada4d05/663
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://npokenshinkikou.org/?wptouch_switch=desktop&redirect=https://khazak.com/admin/fckeditor/edito
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://scooterdirect.com/https://5.imimg.com/data5/SELLER/Doc/2024/5/415188530/QQ/RX/AD/221250786/d3
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://www.consultor.com/control/control.php?n=universidumh&x=https://revelationministry.org/wysiwyg
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://www.oopsmovs.com/cgi-bin/a2/out.cgi?id=54&u=https://lum-prod.ec.gavilan.edu/html/js/editor/fc
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: http://www.unn.co.kr/Lib/func/BannerLink.asp?idx_Expend=183&ReturnURL=https://hoangbaokhoa.com/fcked
Source: 2D85F72862B55C4EADD9E66E06947F3D0.9.dr	String found in binary or memory: http://x1.i.lencr.org/
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://accounts.rightnowmedia.org/Account/Invite/9c193d93-3291-4a57-9b95-5f23e6b6e047?returnUrl=htt
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://after.ucoz.net/go?https://my.marist.edu/html/js/editor/fckeditor/editor/filemanager/browser/
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://black-friday-sale-uk.digidip.net/visit?url=https://languageartonline.com/includes/fckeditor/
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://bretagne.eanfh.com/links.do?c=0&t=5400&h=Login.html&g=0&dsmxs=569625690FEF01CD77A7F1A4BF57A9
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://frandroid.digidip.net/visit?url=https://mymc.glb.montgomerycollege.edu/html/js/editor/fckedi
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedi
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://notizia.vn/lich-thi-dau-world-cup-nu-2023-4626139?redirect=https://uploads-ssl.webflow.com/6
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://www.kurstap.az/kurstap/countSite/137?link=https://assets.website-files.com/65f016b15e7bf114d
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://www.lesmaisonsderetraite.fr/redirstat.asp?typ=PUBNT&id=428&chem=https://my.sunysuffolk.edu/h
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	String found in binary or memory: https://www.top50-solar.de/newsclick.php?id=109338&link=https://fsp.unc.edu/sites/all/libraries/fcke

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50100
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50116
Source: unknown	Network traffic detected: HTTP traffic on port 50120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50111
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50110
Source: unknown	Network traffic detected: HTTP traffic on port 50114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50115
Source: unknown	Network traffic detected: HTTP traffic on port 50096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50114
Source: unknown	Network traffic detected: HTTP traffic on port 50108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49887 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 50119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50129
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50120
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50124
Source: unknown	Network traffic detected: HTTP traffic on port 50111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50123
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50125
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50092
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50095
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50099
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 50123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 50117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49887
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 50124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 50092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown	Network traffic detected: HTTP traffic on port 49792 -> 443

System Summary

Found potential malicious PDF (bad image similarity)

Source: downloaded.pdf.crdownload.0.dr	Static PDF information: Image stream: 7
Source: 2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr	Static PDF information: Image stream: 7
Source: chromecache_263.2.dr	Static PDF information: Image stream: 7

Source: classification engine

Classification label: mal60.win@77/51@39/12

Source: chromecache_263.2.dr	Initial sample: https://www.lesmaisonsderetraite.fr/redirstat.asp?typ=PUBNT&id=428&chem=https://my.sunysuffolk.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://pavikigadan.skyangelus.com/f/52159&s_o=maisonsderetraite
Source: chromecache_263.2.dr	Initial sample: http://www.unn.co.kr/lib/func/bannerlink.asp?idx_expend=183&returnurl=https://hoangbaokhoa.com/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://zomujoxixebalu.ibcphoenix.com/f/55798204
Source: chromecache_263.2.dr	Initial sample: https://after.ucoz.net/go?https://my.marist.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://fodakeveriwo.supremainmobiliaria.com/f/88379679
Source: chromecache_263.2.dr	Initial sample: https://accounts.rightnowmedia.org/account/invite/9c193d93-3291-4a57-9b95-5f23e6b6e047?returnurl=https://assets.website-files.com/65dcada20a4b70d56961f91b/6632fb922cc5a61d25f7f95a_32656643117.pdf
Source: chromecache_263.2.dr	Initial sample: https://black-friday-sale-uk.digidip.net/visit?url=https://languageartonline.com/includes/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://rasanedupot.thiranmanamalai.com/f/9804&ref=carseat
Source: chromecache_263.2.dr	Initial sample: http://www.unn.co.kr/Lib/func/BannerLink.asp?idx_Expend=183&ReturnURL=https://hoangbaokhoa.com/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://zomujoxixebalu.ibcphoenix.com/f/55798204
Source: chromecache_263.2.dr	Initial sample: http://www.consultor.com/control/control.php?n=universidumh&x=https://revelationministry.org/wysiwyg/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://lufedef.theplazahotelbalanga.com/f/563938941
Source: chromecache_263.2.dr	Initial sample: https://bretagne.eanfh.com/links.do?c=0&t=5400&h=Login.html&g=0&dsmxs=569625690FEF01CD77A7F1A4BF57A997DF09B1EF&link=https://assets.website-files.com/66006200351a0e5dfaa727ed/6632fa116309b0a750496c16_1929757595.pdf
Source: chromecache_263.2.dr	Initial sample: http://www.oopsmovs.com/cgi-bin/a2/out.cgi?id=54&u=https://lum-prod.ec.gavilan.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://zudogo.supremainmobiliaria.com/f/82614
Source: chromecache_263.2.dr	Initial sample: https://frandroid.digidip.net/visit?url=https://mymc.glb.montgomerycollege.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://tedixewo.gfxtoolkit.com/f/407715023
Source: chromecache_263.2.dr	Initial sample: https://www.kurstap.az/kurstap/countsite/137?link=https://assets.website-files.com/65f016b15e7bf114d1ce0eae/6632fe0c406ac5b6bcbb6c5c_bupovaluno.pdf
Source: chromecache_263.2.dr	Initial sample: http://www.consultor.com/control/control.php?n=universidumh&x=https://revelationministry.org/wysiwyg/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://lufedef.theplazahotelbalanga.com/f/563938941
Source: chromecache_263.2.dr	Initial sample: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit
Source: chromecache_263.2.dr	Initial sample: http://scooterdirect.com/https://5.imimg.com/data5/seller/doc/2024/5/415188530/qq/rx/ad/221250786/d361e077-7b04-4ec2-a557-6c5f373a3356.pdf
Source: chromecache_263.2.dr	Initial sample: http://npokenshinkikou.org/?wptouch_switch=desktop&redirect=https://khazak.com/admin/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://zivimefodi.sharynideas.com/f/88119
Source: chromecache_263.2.dr	Initial sample: https://www.top50-solar.de/newsclick.php?id=109338&link=https://fsp.unc.edu/sites/all/libraries/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://ponuzunopanirof.supremainmobiliaria.com/f/122578154
Source: chromecache_263.2.dr	Initial sample: https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3a+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit
Source: chromecache_263.2.dr	Initial sample: http://npokenshinkikou.org/?wptouch_switch=desktop&redirect=https://khazak.com/admin/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://zivimefodi.sharynideas.com/f/88119
Source: chromecache_263.2.dr	Initial sample: https://www.kurstap.az/kurstap/countSite/137?link=https://assets.website-files.com/65f016b15e7bf114d1ce0eae/6632fe0c406ac5b6bcbb6c5c_bupovaluno.pdf
Source: chromecache_263.2.dr	Initial sample: http://byggsok.se/expologos/gotourl?url=https://mdphd.ouhsc.edu/cfide/scripts/ajax/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://sonada.skyangelus.com/f/54089541&pagename=byggsok-searchresult_project.asp&customernr=1138936&deliverynr=238031&logotype=indecon.gif&actiontext=url_banner
Source: chromecache_263.2.dr	Initial sample: http://blog.zhutu.com/link.php?url=https://myconnect.waynesburg.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://javafovadaxi.thiranmanamalai.com/f/10505
Source: chromecache_263.2.dr	Initial sample: http://blog.zhutu.com/link.php?url=https://myconnect.waynesburg.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://javafovadaxi.thiranmanamalai.com/f/10505
Source: chromecache_263.2.dr	Initial sample: https://frandroid.digidip.net/visit?url=https://mymc.glb.montgomerycollege.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://tedixewo.gfxtoolkit.com/f/407715023
Source: chromecache_263.2.dr	Initial sample: https://black-friday-sale-uk.digidip.net/visit?url=https://languageartonline.com/includes/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://rasanedupot.thiranmanamalai.com/f/9804&ref=carseat
Source: chromecache_263.2.dr	Initial sample: https://notizia.vn/lich-thi-dau-world-cup-nu-2023-4626139?redirect=https://uploads-ssl.webflow.com/66000c4413d5a8d681cda800/6632fd786d37ff42737eb1d6_vozusok.pdf
Source: chromecache_263.2.dr	Initial sample: https://accounts.rightnowmedia.org/Account/Invite/9c193d93-3291-4a57-9b95-5f23e6b6e047?returnUrl=https://assets.website-files.com/65dcada20a4b70d56961f91b/6632fb922cc5a61d25f7f95a_32656643117.pdf
Source: chromecache_263.2.dr	Initial sample: http://www.oopsmovs.com/cgi-bin/a2/out.cgi?id=54&u=https://lum-prod.ec.gavilan.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://zudogo.supremainmobiliaria.com/f/82614
Source: chromecache_263.2.dr	Initial sample: https://www.lesmaisonsderetraite.fr/redirstat.asp?typ=pubnt&id=428&chem=https://my.sunysuffolk.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://pavikigadan.skyangelus.com/f/52159&s_o=maisonsderetraite
Source: chromecache_263.2.dr	Initial sample: https://bretagne.eanfh.com/links.do?c=0&t=5400&h=login.html&g=0&dsmxs=569625690fef01cd77a7f1a4bf57a997df09b1ef&link=https://assets.website-files.com/66006200351a0e5dfaa727ed/6632fa116309b0a750496c16_1929757595.pdf
Source: chromecache_263.2.dr	Initial sample: https://www.top50-solar.de/newsclick.php?id=109338&link=https://fsp.unc.edu/sites/all/libraries/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://ponuzunopanirof.supremainmobiliaria.com/f/122578154
Source: chromecache_263.2.dr	Initial sample: https://after.ucoz.net/go?https://my.marist.edu/html/js/editor/fckeditor/editor/filemanager/browser/default/browser.html?connector=https://fodakeveriwo.supremainmobiliaria.com/f/88379679
Source: chromecache_263.2.dr	Initial sample: http://byggsok.se/ExpoLogos/GotoURL?url=https://mdphd.ouhsc.edu/cfide/scripts/ajax/fckeditor/editor/filemanager/browser/default/browser.html?Connector=https://sonada.skyangelus.com/f/54089541&pageName=Byggsok-Searchresult_project.asp&customerNr=1138936&deliveryNr=238031&logotype=indecon.gif&actionText=URL_Banner
Source: chromecache_263.2.dr	Initial sample: http://liyinmusic.com/vote/link.php?url=https://uploads-ssl.webflow.com/65dcb0216db9940bbada4d05/6632f94cc9e737b98d04c26e_41138204355.pdf
Source: chromecache_263.2.dr	Initial sample: http://scooterdirect.com/https://5.imimg.com/data5/SELLER/Doc/2024/5/415188530/QQ/RX/AD/221250786/d361e077-7b04-4ec2-a557-6c5f373a3356.pdf

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\Downloads\a4ff087e-092e-40e1-9960-80863697e8fd.tmp

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

File created: C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-24 10-17-04-544.log

Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\SystemCertificates\CA

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2500,i,2021336863813958274,10206070511735306969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf"
Source: unknown	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe" "C:\Users\user\Downloads\downloaded.pdf"
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1600,i,16413146433532025322,16228865156436144857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1948,i,2338278419331860507,10860131123284370180,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2512 --field-trial-handle=2500,i,2021336863813958274,10206070511735306969,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --backgroundcolor=16777215	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe "C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --log-severity=disable --user-agent-product="ReaderServices/23.6.20320 Chrome/105.0.0.0" --lang=en-US --user-data-dir="C:\Users\user\AppData\Local\CEF\User Data" --log-file="C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\debug.log" --mojo-platform-channel-handle=2104 --field-trial-handle=1600,i,16413146433532025322,16228865156436144857,131072 --disable-features=BackForwardCache,CalculateNativeWinOcclusion,WinUseBrowserSpellChecker /prefetch:8	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1948,i,2338278419331860507,10860131123284370180,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe

File opened: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\crash_reporter.cfg

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 263
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: Chrome Cache Entry: 263			Jump to dropped file

Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\Acrobat.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior
Source: C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe	Process information set: NOOPENFILEERRORBOX	Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	1 Spearphishing Link	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	11 Masquerading	OS Credential Dumping	1 System Information Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf	0%	Avira URL Cloud	safe

Dropped Files

Source	Detection	Scanner	Label	Link
C:\Users\user\Downloads\2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp	100%	Avira	HTML/Malicious.PDF.Gen2
C:\Users\user\Downloads\downloaded.pdf.crdownload	100%	Avira	HTML/Malicious.PDF.Gen2

Source	Detection	Scanner	Label
http://liyinmusic.com/vote/link.php?url=https://uploads-ssl.webflow.com/65dcb0216db9940bbada4d05/663	0%	Avira URL Cloud	safe
https://black-friday-sale-uk.digidip.net/visit?url=https://languageartonline.com/includes/fckeditor/	0%	Avira URL Cloud	safe
http://www.consultor.com/control/control.php?n=universidumh&x=https://revelationministry.org/wysiwyg	0%	Avira URL Cloud	safe
https://melurilexuki.urseghy.com/favicon.ico	0%	Avira URL Cloud	safe
https://accounts.rightnowmedia.org/Account/Invite/9c193d93-3291-4a57-9b95-5f23e6b6e047?returnUrl=htt	0%	Avira URL Cloud	safe
http://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706aaa4ac64204	0%	Avira URL Cloud	safe
https://notizia.vn/lich-thi-dau-world-cup-nu-2023-4626139?redirect=https://uploads-ssl.webflow.com/6	0%	Avira URL Cloud	safe
https://after.ucoz.net/go?https://my.marist.edu/html/js/editor/fckeditor/editor/filemanager/browser/	0%	Avira URL Cloud	safe
http://www.oopsmovs.com/cgi-bin/a2/out.cgi?id=54&u=https://lum-prod.ec.gavilan.edu/html/js/editor/fc	0%	Avira URL Cloud	safe
http://melurilexuki.urseghy.com/favicon.ico	0%	Avira URL Cloud	safe
http://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1794753460:1740406285:ew9Rma6a6ek9_o-Shm4njg8YFfXDuXwHUsHLxAuUElI/91706aaa4ac64204/U_EQja.YkZEJIMtUDObrcDv49SPpZq05_QGTAA9YWXw-1740410185-1.2.1.1-jNyHjogUh3Poc5dfslrKaJZZqgJxREB3qzF44qwXvkdfKy1h11f_p39WXe4UbhCZ	0%	Avira URL Cloud	safe
https://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/flow/ov1/191709916:1740406321:hbifbq70cWUi9GGKg5_ZfgvkRu0F6c4pDeajZJ9n2QQ/91706a38ecdd43a6/tzIvlrb9OcGzbNojUsl00iM.qOiDwjcNbSNdGOw4Lbg-1740410167-1.2.1.1-tpYTK0BVGz0HzKHy0T7UaaaqwKGJbqDBySZOcp1yUr5.31Eg6P3Pfs.Zz.O8NX5P	0%	Avira URL Cloud	safe
https://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	0%	Avira URL Cloud	safe
https://www.kurstap.az/kurstap/countSite/137?link=https://assets.website-files.com/65f016b15e7bf114d	0%	Avira URL Cloud	safe
https://bretagne.eanfh.com/links.do?c=0&t=5400&h=Login.html&g=0&dsmxs=569625690FEF01CD77A7F1A4BF57A9	0%	Avira URL Cloud	safe
http://npokenshinkikou.org/?wptouch_switch=desktop&redirect=https://khazak.com/admin/fckeditor/edito	0%	Avira URL Cloud	safe
http://scooterdirect.com/https://5.imimg.com/data5/SELLER/Doc/2024/5/415188530/QQ/RX/AD/221250786/d3	0%	Avira URL Cloud	safe
https://frandroid.digidip.net/visit?url=https://mymc.glb.montgomerycollege.edu/html/js/editor/fckedi	0%	Avira URL Cloud	safe
https://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706a38ecdd43a6	0%	Avira URL Cloud	safe
https://www.lesmaisonsderetraite.fr/redirstat.asp?typ=PUBNT&id=428&chem=https://my.sunysuffolk.edu/h	0%	Avira URL Cloud	safe
https://www.top50-solar.de/newsclick.php?id=109338&link=https://fsp.unc.edu/sites/all/libraries/fcke	0%	Avira URL Cloud	safe
http://blog.zhutu.com/link.php?url=https://myconnect.waynesburg.edu/html/js/editor/fckeditor/editor/	0%	Avira URL Cloud	safe
https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedi	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
e8652.dscx.akamaiedge.net	2.19.245.44	true	false	high
melurilexuki.urseghy.com	188.114.97.3	true	false	high
challenges.cloudflare.com	104.18.94.41	true	false	high
www.google.com	172.217.18.4	true	false	high
uploads-ssl.webflow.com	172.64.153.109	true	false	high
x1.i.lencr.org	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://melurilexuki.urseghy.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://melurilexuki.urseghy.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/91706ab8cef90fa1/1740410189470/OUzWr30czV7_6tT	false		high
http://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706aaa4ac64204	false	Avira URL Cloud: safe	unknown
http://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1794753460:1740406285:ew9Rma6a6ek9_o-Shm4njg8YFfXDuXwHUsHLxAuUElI/91706aaa4ac64204/U_EQja.YkZEJIMtUDObrcDv49SPpZq05_QGTAA9YWXw-1740410185-1.2.1.1-jNyHjogUh3Poc5dfslrKaJZZqgJxREB3qzF44qwXvkdfKy1h11f_p39WXe4UbhCZ	false	Avira URL Cloud: safe	unknown
https://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf	false		high
https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	false		unknown
http://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	false		unknown
https://uploads-ssl.webflow.com/favicon.ico	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/91706a4e5cd7729f/1740410173057/91f743929473608ce3801b23485f2504eab290b446364a439130ecd1cda59848/27S56fubV5DfXf0	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706a4e5cd7729f&lang=auto	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1	false		high
https://a.nel.cloudflare.com/report/v4?s=X6B3PmLgSN3XmwoMCiG2f%2FJD7qCab9nlw4E6l1KHe%2FbFLiOScPsumr0cmzCxHH1h6HakIzyVTtFLM7ZU%2Bqxk3TdIoNMyC61ev7lVIJo7rb82Q4Kg2zQ%2FeeQthpVohBLAowyAr6Uam0YdUVY%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/788372995:1740406396:PRiVM72jfZXuHb4i_FzBg030EgSm9AqMXiBq6xG1l3g/91706ab8cef90fa1/RT.blBc6oD0hgLxqLWf9UF0WnKUp.GttpOM6tVkjVwQ-1740410187-1.1.1.1-Za5Me9O3WZvmXXwF0bTcDJyrGy9HuYEW5n2tGkX0I0seqzYXxaI0MN5THGkHCiFs	false		high
https://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=91706a38ecdd43a6	false	Avira URL Cloud: safe	unknown
https://melurilexuki.urseghy.com/wf?gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit&gabusenagexoxowigejofagupijufisakiradedixozesemarudulironanevatujavusibakigiwezezabotexulub=zopijajidamasekalasumosimelinitelanaviramijoxutasakanajokinezapibipinoxobixalumibekilixolujemubetepopasojagiguxubodafivixuwozerezumedapetezaduwadiwenovipinalizowivuwepolekigafenuvojodilisesuladenepapemirase&utm_term=rtnetlink+answers%3A+operation+not+supported&fozomufaganumaxodasesufadosixulijit=kipowujejubopamolugumowiwixoxivazoredajuwusidodukonupizoxugulebejobiwokefekokuwojadopefejemakanolinosupumiwofulovupupikit	false	Avira URL Cloud: safe	unknown
file:///C:/Users/user/Downloads/downloaded.pdf	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/vgqhc/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=91706ab8cef90fa1&lang=auto	false		high
https://melurilexuki.urseghy.com/cdn-cgi/challenge-platform/h/b/flow/ov1/191709916:1740406321:hbifbq70cWUi9GGKg5_ZfgvkRu0F6c4pDeajZJ9n2QQ/91706a38ecdd43a6/tzIvlrb9OcGzbNojUsl00iM.qOiDwjcNbSNdGOw4Lbg-1740410167-1.2.1.1-tpYTK0BVGz0HzKHy0T7UaaaqwKGJbqDBySZOcp1yUr5.31Eg6P3Pfs.Zz.O8NX5P	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv/5jczk/0x4AAAAAAADnPIDROrmt1Wwj/light/fbE/new/normal/auto/	false		high
https://a.nel.cloudflare.com/report/v4?s=%2Bc6%2BpWqhpxF1KahhVKq0qq%2Bv6AeFLVCuYp3mT8FCYfUQzFCQkuHdjV7X7m1kBln3AK6puZh4dqiETGQIxjdTgjZTkTGKkTdqT1KFtzU6s7Bbl4iEyzzUr2rnFhIPggrJYvCKr89PrrbAbK0%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=SFrpALWyyAyeq3g5VJJohVVudkwOqdmuwgfChGeVV7XHraXNga4IoBvVrY6UqqMrAcaD8YXD80rRLWF3zaptMwk4sIUMt7SX9CEca6ZKVYQKZ6pAolJ6DseWSfz6U24E7dFCEo7PPIxJh%2Bk%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=IR3%2B9sjN%2FpB5YbQsWEGKVqu8WIZ3vZNiH9uQKbGWBAajFrpn9eTajWFZNhIYK5%2FjOVm%2B%2BGZi00JG7fAhiIoJG3g2gh1uiB51wY3u7r4RlTXCvCOwiVydLNrlAX1g8pnFXAm9mWooTP%2FfMVw%3D	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/d/91706a4e5cd7729f/1740410173059/7FrUJogf2EOiEPu	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://notizia.vn/lich-thi-dau-world-cup-nu-2023-4626139?redirect=https://uploads-ssl.webflow.com/6	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://www.oopsmovs.com/cgi-bin/a2/out.cgi?id=54&u=https://lum-prod.ec.gavilan.edu/html/js/editor/fc	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://x1.i.lencr.org/	2D85F72862B55C4EADD9E66E06947F3D0.9.dr	false		high
https://after.ucoz.net/go?https://my.marist.edu/html/js/editor/fckeditor/editor/filemanager/browser/	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://www.consultor.com/control/control.php?n=universidumh&x=https://revelationministry.org/wysiwyg	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://accounts.rightnowmedia.org/Account/Invite/9c193d93-3291-4a57-9b95-5f23e6b6e047?returnUrl=htt	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://black-friday-sale-uk.digidip.net/visit?url=https://languageartonline.com/includes/fckeditor/	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://liyinmusic.com/vote/link.php?url=https://uploads-ssl.webflow.com/65dcb0216db9940bbada4d05/663	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://www.kurstap.az/kurstap/countSite/137?link=https://assets.website-files.com/65f016b15e7bf114d	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://npokenshinkikou.org/?wptouch_switch=desktop&redirect=https://khazak.com/admin/fckeditor/edito	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://bretagne.eanfh.com/links.do?c=0&t=5400&h=Login.html&g=0&dsmxs=569625690FEF01CD77A7F1A4BF57A9	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://scooterdirect.com/https://5.imimg.com/data5/SELLER/Doc/2024/5/415188530/QQ/RX/AD/221250786/d3	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://frandroid.digidip.net/visit?url=https://mymc.glb.montgomerycollege.edu/html/js/editor/fckedi	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://www.lesmaisonsderetraite.fr/redirstat.asp?typ=PUBNT&id=428&chem=https://my.sunysuffolk.edu/h	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://www.top50-solar.de/newsclick.php?id=109338&link=https://fsp.unc.edu/sites/all/libraries/fcke	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
http://blog.zhutu.com/link.php?url=https://myconnect.waynesburg.edu/html/js/editor/fckeditor/editor/	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown
https://melurilexuki.urseghy.com/19048022028164012954598648?gabusenagexoxowigejofagupijufisakiradedi	2ae7da4b-4ca0-4a78-8e08-80c082227f99.tmp.0.dr, downloaded.pdf.crdownload.0.dr, chromecache_263.2.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.94.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
2.19.245.44	e8652.dscx.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
172.64.153.109	uploads-ssl.webflow.com	United States	13335	CLOUDFLARENETUS	false
104.18.95.41	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
188.114.97.3	melurilexuki.urseghy.com	European Union	13335	CLOUDFLARENETUS	false
188.114.96.3	unknown	European Union	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.4
192.168.2.24

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1622824
Start date and time:	2025-02-24 16:14:44 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 31s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal60.win@77/51@39/12
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found PDF document Close Viewer

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.99, 142.250.185.142, 64.233.184.84, 216.58.212.142, 142.250.185.174, 142.250.185.238, 2.16.100.168, 2.23.77.188, 142.250.186.142, 142.250.186.174, 172.217.16.206, 142.250.184.206, 216.58.206.78, 172.217.18.3, 142.250.184.238, 172.217.16.142, 2.19.104.203, 2.19.11.121, 2.19.11.122, 52.22.41.97, 3.219.243.226, 52.6.155.20, 3.233.129.217, 162.159.61.3, 172.64.41.3, 2.22.242.123, 2.22.242.136, 2.22.242.11, 142.250.181.227, 172.217.18.14, 66.102.1.84, 142.250.74.206, 216.58.212.170, 142.250.186.170, 142.250.186.74, 216.58.206.74, 172.217.16.202, 142.250.186.138, 216.58.206.42, 142.250.186.42, 142.250.186.106, 142.250.185.234, 142.250.184.202, 172.217.18.106, 142.250.184.234, 142.250.74.202, 172.217.18.10, 142.250.181.234, 142.250.181.238, 172.217.16.195, 142.250.186.78, 216.58.206.46, 172.217.23.110, 142.250.186.46, 92.123.18.162, 4.175.87.197, 13.107.246.60, 54.224.241.105, 104.126.112.182
Excluded domains from analysis (whitelisted): clients1.google.com, e4578.dscg.akamaiedge.net, chrome.cloudflare-dns.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, acroipm2.adobe.com.edgesuite.net, ctldl.windowsupdate.com, clientservices.googleapis.com, p13n.adobe.io, acroipm2.adobe.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, armmf.adobe.com, ssl-delivery.adobe.com.edgekey.net, a122.dscd.akamai.net, update.googleapis.com, clients.l.google.com, geo2.adobe.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf

Simulations

Behavior and APIs

Time	Type	Description
10:17:09	API Interceptor	1x Sleep call for process: AcroCEF.exe modified

Process:	C:\Program Files\Adobe\Acrobat DC\Acrobat\acrocef_1\AcroCEF.exe
File Type:	ASCII text
Category:	dropped
Size (bytes):	289
Entropy (8bit):	5.19380023736081
Encrypted:	false
SSDEEP:	6:iOXQ99I+q2Pwkn2nKuAl9OmbnIFUtFQ93lWZmw7Q93IVkwOwkn2nKuAl9OmbjLJ:729I+vYfHAahFUtso/y4V5JfHAaSJ
MD5:	80F504662A11D005AF484490DC9B8B93
SHA1:	C1E42BC91B4115D8E214B533D50A98F4C365BDCA
SHA-256:	3C27A0431B45C0D5B2DD89AF79EB6AEF2255D50D2DEA64F182F80843980A468C
SHA-512:	5D12B9A4577AEC87624F65B2A4F246EE054702D52787297CE411E5A456F5B985970CCC416B86CBA21B09656F88D3B2E918F8F5A17FF9FDAFC8974E27B8854093
Malicious:	false
Reputation:	low
Preview:	2025/02/24-10:17:02.783 80c Reusing MANIFEST C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/MANIFEST-000001.2025/02/24-10:17:02.789 80c Recovering log #3.2025/02/24-10:17:02.789 80c Reusing old log C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache/000003.log .

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Persistence and Installation Behavior

Hooking and other Techniques for Hiding and Protection

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Local Storage\leveldb\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\8d2fcb97-a413-4734-a005-565f62874294.tmp

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Network\Network Persistent State (copy)

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\000003.log

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG

C:\Users\user\AppData\LocalLow\Adobe\AcroCef\DC\Acrobat\Cache\Session Storage\LOG.old (copy)

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ConnectorIcons\icon-250224151707Z-195.bmp

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages

C:\Users\user\AppData\LocalLow\Adobe\Acrobat\DC\ReaderMessages-journal

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\Content\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\LocalLow\Microsoft\CryptnetUrlCache\MetaData\2D85F72862B55C4EADD9E66E06947F3D

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Files\TESTING

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\SOPHIA.json

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SharedDataEvents-journal

C:\Users\user\AppData\Local\Adobe\Acrobat\DC\UserCache64.bin

C:\Users\user\AppData\Local\Temp\MSI849be.LOG

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6 2025-02-24 10-17-04-544.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\NGL\NGLClient_AcrobatReader123.6.20320.6.log

C:\Users\user\AppData\Local\Temp\acrobat_sbx\acroNGLLog.txt

C:\Users\user\AppData\Local\Temp\acrocef_low\94f19a8d-c1d1-4541-8b12-d88e6063d9a5.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\a248ae9d-032f-4c94-815a-fa1cc98de06f.tmp

C:\Users\user\AppData\Local\Temp\acrocef_low\a5e7c023-1a1f-4246-87f2-12f310ea8279.tmp

Windows Analysis Report
http://uploads-ssl.webflow.com/660018002a32edee7a11d41b/66335b965a5a96f03bd82400_kasuwidavogog.pdf