Windows Analysis Report http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t

Overview

General Information

Sample URL: http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t
Analysis ID: 532868
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 80
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Phishing site detected (based on favicon image match)
Yara detected HtmlPhish10
Antivirus detection for URL or domain
Phishing site detected (based on logo template match)
Phishing site detected (based on image similarity)
HTML body contains low number of good links
Invalid T&C link found
No HTML title found

Classification

AV Detection:

barindex
Antivirus / Scanner detection for submitted sample
Source: http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t SlashNext: detection malicious, Label: Fake Login Page type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on favicon image match)
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t Matcher: Template: microsoft matched with high similarity
Yara detected HtmlPhish10
Source: Yara match File source: 12440.0.pages.csv, type: HTML
Phishing site detected (based on logo template match)
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t Matcher: Template: microsoft matched
Phishing site detected (based on image similarity)
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t Matcher: Found strong image similarity, brand: Microsoft image: 12440.0.img.1.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD
HTML body contains low number of good links
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: Number of links: 0
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: Number of links: 0
Invalid T&C link found
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: Invalid link: Terms of use
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: Invalid link: Terms of use
No HTML title found
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: HTML title missing
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: HTML title missing
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: No <meta name="author".. found
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: No <meta name="author".. found
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: No <meta name="copyright".. found
Source: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 69.49.234.232:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 69.49.234.232:443 -> 192.168.2.7:49819 version: TLS 1.2
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /go.click?fh=1&xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP/1.1Host: logi103.xiti.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /go.click?fh=1&xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t&Rdt=On HTTP/1.1Host: logi103.xiti.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: idrxvr=D55B5665-9784-4112-B026-1029BC258872; atidx=D55B5665-9784-4112-B026-1029BC258872; atid=D55B5665-9784-4112-B026-1029BC258872
Source: global traffic HTTP traffic detected: GET /.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/vendors~app~embed~sandbox-startup.6e3433fd3.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/sandbox-startup.fbd015eab.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/vendors~app~codemirror-editor~monaco-editor~sandbox.5ca13c344.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/common-sandbox.a204cf2a2.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/browserfs12/browserfs.min.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/vendors~app~sandbox.711ae7310.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/vendors~sandbox.aefe8771e.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/default~app~embed~sandbox.89cd88ff9.chunk.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/sandbox.7e0c76a0e.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/banner.be879265d.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/watermark-button.be960f43b.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /static/js/babel.7.12.12.min.js HTTP/1.1Host: codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: application/signed-exchange;v=b3;q=0.9,*/*;q=0.8Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /babel-transpiler.9ffe416e.worker.js HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-aliveOrigin: https://tuq21.codesandbox.ioUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /babel-transpiler.9ffe416e.worker.js HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"61a8f72e-1fb464"If-Modified-Since: Thu, 02 Dec 2021 16:41:18 GMT
Source: global traffic HTTP traffic detected: GET /manifest.json HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /babel-transpiler.9ffe416e.worker.js HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"61a8f72e-1fb464"If-Modified-Since: Thu, 02 Dec 2021 16:41:18 GMT
Source: global traffic HTTP traffic detected: GET /API247?target=emaher@farmersbusinessnetwork.com HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /apple-touch-icon-152x152.png HTTP/1.1Host: tuq21.codesandbox.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /API247/?target=emaher@farmersbusinessnetwork.com HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/css/style.css HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/arrow_left.svg HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/enterpass.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/firstmsg1.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/forgpass.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/ellipsis_white.svg HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/ellipsis_grey.svg HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/inv-big-background.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29tAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/passwrd.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/sigin.png HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://achieverecoveryroom.com/API247/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /API247/images/favicon.ico HTTP/1.1Host: achieverecoveryroom.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=52704fe7dc6666eb2039a274f7bbf825
Source: global traffic HTTP traffic detected: GET /API247/images/arrow_left.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/enterpass.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/firstmsg1.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/forgpass.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/ellipsis_white.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /API247/images/ellipsis_grey.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: achieverecoveryroom.com
Source: global traffic HTTP traffic detected: GET /go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t HTTP/1.1Host: logi103.xiti.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: History.1.dr, History Provider Cache.1.dr, Current Session.1.dr String found in binary or memory: http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq2
Source: manifest.json0.1.dr, e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: data_2.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/?target=emaher
Source: Current Session.1.dr String found in binary or memory: https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/css/style.css
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/arrow_left.svg
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/ellipsis_grey.svg
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/ellipsis_white.svg
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/ellipsis_white.svg4R
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/enterpass.png
Source: Favicons.1.dr, data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/favicon.ico
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/firstmsg1.png
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/forgpass.png
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/inv-big-background.png
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/passwrd.png
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/passwrd.pngv
Source: data_1.2.dr String found in binary or memory: https://achieverecoveryroom.com/API247/images/sigin.png
Source: data_1.2.dr, History Provider Cache.1.dr String found in binary or memory: https://achieverecoveryroom.com/API247?target=emaher
Source: manifest.json0.1.dr, e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://apis.google.com
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://clients2.google.com
Source: manifest.json0.1.dr, manifest.json.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: data_2.2.dr String found in binary or memory: https://codesandbox.io/
Source: data_2.2.dr String found in binary or memory: https://codesandbox.io/s/
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/browserfs12/browserfs.min.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/babel.7.12.12.min.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/banner.be879265d.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/common-sandbox.a204cf2a2.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/default~app~embed~sandbox.89cd88ff9.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox-startup.fbd015eab.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/sandbox.7e0c76a0e.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~codemirror-editor~monaco-editor~sandbox.5ca13c344.chunk
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~embed~sandbox-startup.6e3433fd3.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.jsnf
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~app~sandbox.711ae7310.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/vendors~sandbox.aefe8771e.chunk.js
Source: data_1.2.dr String found in binary or memory: https://codesandbox.io/static/js/watermark-button.be960f43b.js
Source: manifest.json0.1.dr String found in binary or memory: https://content.googleapis.com
Source: 3f106f3c-cbc3-4ae9-8a1e-f04f3afe2a8d.tmp.2.dr, e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://dns.google
Source: manifest.json0.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://fonts.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://fonts.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: manifest.json0.1.dr String found in binary or memory: https://hangouts.google.com/
Source: History Provider Cache.1.dr String found in binary or memory: https://logi103.xiti.com/go.click?fh=1&xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https:
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://ogs.google.com
Source: manifest.json.1.dr, craw_window.js.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: data_1.2.dr String found in binary or memory: https://r4---sn-h0jeenl6.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: data_1.2.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: manifest.json.1.dr, craw_window.js.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_1.2.dr String found in binary or memory: https://secure.aadcdn.microsoftonline-p.com/ests/2.1.8148.16/content/images/microsoft_logo.svg?x=ee5
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://ssl.gstatic.com
Source: data_1.2.dr String found in binary or memory: https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597
Source: 000003.log4.1.dr String found in binary or memory: https://tuq21.codesandbox.io
Source: Current Session.1.dr String found in binary or memory: https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVy
Source: data_1.2.dr String found in binary or memory: https://tuq21.codesandbox.io/apple-touch-icon-152x152.png
Source: data_1.2.dr String found in binary or memory: https://tuq21.codesandbox.io/babel-transpiler.9ffe416e.worker.js
Source: data_1.2.dr String found in binary or memory: https://tuq21.codesandbox.io/manifest.json
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: manifest.json0.1.dr, e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://www.google.com
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com;
Source: craw_background.js.1.dr, craw_window.js.1.dr, e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: e46260f0-bc74-4526-b8b9-ff161be83a5a.tmp.2.dr String found in binary or memory: https://www.gstatic.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 69.49.234.232:443 -> 192.168.2.7:49820 version: TLS 1.2
Source: unknown HTTPS traffic detected: 69.49.234.232:443 -> 192.168.2.7:49819 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user~1\AppData\Local\Temp\dbce06e2-2914-491a-9465-cc12b6bc5182.tmp Jump to behavior
Source: classification engine Classification label: mal80.phis.win@24/159@11/12
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,11336664408232104208,2410557704945286700,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1568,11336664408232104208,2410557704945286700,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1916 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61A98A35-EE0.pma Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 532868 URL: http://logi103.xiti.com/go.... Startdate: 02/12/2021 Architecture: WINDOWS Score: 80 13 secure.aadcdn.microsoftonline-p.com 2->13 15 achieverecoveryroom.com 2->15 27 Antivirus detection for URL or domain 2->27 29 Antivirus / Scanner detection for submitted sample 2->29 31 Phishing site detected (based on favicon image match) 2->31 33 3 other signatures 2->33 7 chrome.exe 13 172 2->7         started        signatures3 process4 dnsIp5 17 192.168.2.1 unknown unknown 7->17 19 239.255.255.250 unknown Reserved 7->19 10 chrome.exe 24 7->10         started        process6 dnsIp7 21 achieverecoveryroom.com 69.49.234.232, 443, 49785, 49786 UNIFIEDLAYER-AS-1US United States 10->21 23 clients.l.google.com 142.250.203.110, 443, 49759, 49803 GOOGLEUS United States 10->23 25 11 other IPs or domains 10->25
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.18.23.207
 tuq21.codesandbox.io United States
13335 CLOUDFLARENETUS false
69.49.234.232
 achieverecoveryroom.com United States
46606 UNIFIEDLAYER-AS-1US false
142.250.203.110
 clients.l.google.com United States
15169 GOOGLEUS false
172.217.168.45
 accounts.google.com United States
15169 GOOGLEUS false
99.84.149.124
 logi103.xiti.com United States
16509 AMAZON-02US false
142.250.203.97
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.18.22.207
 codesandbox.io United States
13335 CLOUDFLARENETUS false
104.16.95.65
 static.cloudflareinsights.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
192.168.2.255
127.0.0.1

Contacted Domains

Name IP Active
static.cloudflareinsights.com 104.16.95.65 true
accounts.google.com 172.217.168.45 true
tuq21.codesandbox.io 104.18.23.207 true
codesandbox.io 104.18.22.207 true
achieverecoveryroom.com 69.49.234.232 true
logi103.xiti.com 99.84.149.124 true
clients.l.google.com 142.250.203.110 true
googlehosted.l.googleusercontent.com 142.250.203.97 true
clients2.googleusercontent.com unknown unknown
clients2.google.com unknown unknown
secure.aadcdn.microsoftonline-p.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://tuq21.codesandbox.io/manifest.json false
    		high
    https://codesandbox.io/static/js/babel.7.12.12.min.js false
      		high
      https://achieverecoveryroom.com/API247/images/ellipsis_grey.svg false
      • Avira URL Cloud: safe
      		 unknown
      https://achieverecoveryroom.com/API247/api.php false
      • Avira URL Cloud: safe
      		 unknown
      https://tuq21.codesandbox.io/apple-touch-icon-152x152.png false
        		high
        https://achieverecoveryroom.com/API247/css/style.css false
        • Avira URL Cloud: safe
        		 unknown
        https://logi103.xiti.com/go.click?fh=1&xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t&Rdt=On false
          		high
          https://codesandbox.io/static/js/sandbox-startup.fbd015eab.js false
            		high
            https://achieverecoveryroom.com/API247/images/arrow_left.svg false
            • Avira URL Cloud: safe
            		 unknown
            https://achieverecoveryroom.com/API247/?target=emaher@farmersbusinessnetwork.com false
            • Avira URL Cloud: safe
            		 unknown
            https://achieverecoveryroom.com/API247/images/passwrd.png false
            • Avira URL Cloud: safe
            		 unknown
            https://achieverecoveryroom.com/API247/images/enterpass.png false
            • Avira URL Cloud: safe
            		 unknown
            https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t false
              		high
              https://codesandbox.io/static/js/sandbox.7e0c76a0e.js false
                		high
                https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
                  		high
                  https://codesandbox.io/static/js/vendors~app~sandbox.711ae7310.chunk.js false
                    		high
                    https://logi103.xiti.com/go.click?fh=1&xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t false
                      		high
                      https://codesandbox.io/static/browserfs12/browserfs.min.js false
                        		high
                        https://achieverecoveryroom.com/API247/images/firstmsg1.png false
                        • Avira URL Cloud: safe
                        		 unknown
                        https://codesandbox.io/static/js/watermark-button.be960f43b.js false
                          		high
                          https://codesandbox.io/static/js/vendors~app~embed~sandbox-startup.6e3433fd3.chunk.js false
                            		high
                            https://achieverecoveryroom.com/API247/images/sigin.png false
                            • Avira URL Cloud: safe
                            		 unknown
                            https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t true
                            • SlashNext: Fake Login Page type: Phishing & Social Engineering
                            		 unknown
                            https://achieverecoveryroom.com/API247/images/inv-big-background.png false
                            • Avira URL Cloud: safe
                            		 unknown
                            http://logi103.xiti.com/go.click?xts=410711&s2=20&p=booklet_radon&clic=T&type=click&url=https://tuq21.codesandbox.io/.wewrewew.aHR0cHM6Ly9hY2hpZXZlcmVjb3Zlcnlyb29tLmNvbS9BUEkyNDc=.ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t false
                              		high
                              https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                                		high
                                https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
                                  		high
                                  https://codesandbox.io/static/js/vendors~app~codemirror-editor~monaco-editor~sandbox.5ca13c344.chunk.js false
                                    		high
                                    https://codesandbox.io/static/js/default~app~embed~sandbox.89cd88ff9.chunk.js false
                                      		high
                                      https://achieverecoveryroom.com/API247/images/forgpass.png false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      https://achieverecoveryroom.com/API247/images/favicon.ico false
                                      • Avira URL Cloud: safe
                                      		 unknown
                                      https://codesandbox.io/static/js/common-sandbox.a204cf2a2.chunk.js false
                                        		high
                                        https://achieverecoveryroom.com/API247/authorize_client_id:ix94a072-l6n9-caul-zfny-rf3ynhe972c8_7wu3rvo08pkbxlcenzmjgyd6ifah29t4s1q5foy9s5cv3tgemj1h76bxkpnaw024z8iurlqdmvrtusl0je4g8kia1obx7zdy65pcn9fhqw32?data=ZW1haGVyQGZhcm1lcnNidXNpbmVzc25ldHdvcmsuY29t true
                                        • SlashNext: Fake Login Page type: Phishing & Social Engineering
                                        		 unknown
                                        https://codesandbox.io/static/js/vendors~sandbox.aefe8771e.chunk.js false
                                          		high
                                          https://codesandbox.io/static/js/banner.be879265d.js false
                                            		high
                                            https://achieverecoveryroom.com/API247/images/ellipsis_white.svg false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://achieverecoveryroom.com/API247?target=emaher@farmersbusinessnetwork.com false
                                            • Avira URL Cloud: safe
                                            		 unknown
                                            https://tuq21.codesandbox.io/babel-transpiler.9ffe416e.worker.js false
                                              		high
                                              https://codesandbox.io/static/js/vendors~app~embed~sandbox~sandbox-startup.bcc15d438.chunk.js false
                                                		high
                                                https://static.cloudflareinsights.com/beacon.min.js/v64f9daad31f64f81be21cbef6184a5e31634941392597 false
                                                • Avira URL Cloud: safe
                                                		 unknown