Windows Analysis Report https://express.adobe.com/page/hkJAopeNt4zI5/

Overview

General Information

Sample URL: https://express.adobe.com/page/hkJAopeNt4zI5/
Analysis ID: 553299
Infos:

Most interesting Screenshot:

Detection

HTMLPhisher
Score: 84
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Phishing site detected (based on shot template match)
Antivirus detection for URL or domain
Yara detected HtmlPhish29
Yara detected HtmlPhish7
Phishing site detected (based on image similarity)
No HTML title found
HTML body contains low number of good links
Invalid T&C link found

Classification

AV Detection:

barindex
Antivirus detection for URL or domain
Source: https://jamesviewzzhe.buzz/Doc/FBG/ SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php SlashNext: Label: Fake Login Page type: Phishing & Social Engineering
Source: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php SlashNext: Label: Fake Login Page type: Phishing & Social Engineering

Phishing:

barindex
Phishing site detected (based on shot template match)
Source: https://jamesviewzzhe.buzz/Doc/FBG/ Matcher: Template: onedrive matched
Yara detected HtmlPhish29
Source: Yara match File source: 46832.0.pages.csv, type: HTML
Source: Yara match File source: 56203.1.pages.csv, type: HTML
Yara detected HtmlPhish7
Source: Yara match File source: 80410.2.pages.csv, type: HTML
Source: Yara match File source: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cache\data_2, type: DROPPED
Phishing site detected (based on image similarity)
Source: https://jamesviewzzhe.buzz/Doc/FBG/ Matcher: Found strong image similarity, brand: Microsoft image: 80410.2.img.1.gfk.csv FFC68AE7FD5A2D7A7CEC7185717B6E88
No HTML title found
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: HTML title missing
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: HTML title missing
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: HTML title missing
Source: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php HTTP Parser: HTML title missing
Source: https://jamesviewzzhe.buzz/Doc/FBG/webmail.php HTTP Parser: HTML title missing
HTML body contains low number of good links
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: Number of links: 1
Source: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php HTTP Parser: Number of links: 0
Source: https://jamesviewzzhe.buzz/Doc/FBG/webmail.php HTTP Parser: Number of links: 0
Invalid T&C link found
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: Invalid link: Terms
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: Invalid link: Privacy & Cookies
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: No <meta name="author".. found
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: No <meta name="author".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: No <meta name="author".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php HTTP Parser: No <meta name="author".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/webmail.php HTTP Parser: No <meta name="author".. found
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: No <meta name="copyright".. found
Source: https://express.adobe.com/page/hkJAopeNt4zI5/ HTTP Parser: No <meta name="copyright".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/office.php HTTP Parser: No <meta name="copyright".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php HTTP Parser: No <meta name="copyright".. found
Source: https://jamesviewzzhe.buzz/Doc/FBG/webmail.php HTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
Source: unknown HTTPS traffic detected: 13.224.96.6:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.96.6:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.47.175:443 -> 192.168.2.3:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.47.175:443 -> 192.168.2.3:49868 version: TLS 1.2

Networking:

barindex
Snort IDS alert for network traffic (e.g. based on Emerging Threat rules)
Source: Traffic Snort IDS: 1560 WEB-MISC /doc/ access 192.168.2.3:49845 -> 104.21.47.175:80
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49863
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49981
Source: unknown Network traffic detected: HTTP traffic on port 49949 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49906 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49857
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 49950 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49850
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49964 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49909 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49981 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49943 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49849
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49848
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49869 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49901 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49966
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49964
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49840
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 49947 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49966 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49850 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49963 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49839
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49838
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49951
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49950
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49870 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49856 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49942
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49951 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49871 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49965 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49942 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown Network traffic detected: HTTP traffic on port 49868 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49960 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 49848 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49905 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 49838 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49863 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49840 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49880
Source: unknown Network traffic detected: HTTP traffic on port 49857 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49982 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 49979 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49923 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49871
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49870
Source: unknown Network traffic detected: HTTP traffic on port 49959 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49909
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 49962 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49905
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49869
Source: unknown Network traffic detected: HTTP traffic on port 49903 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49868
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49866
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Fri, 14 Jan 2022 15:14:00 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSExpect-CT: max-age=604800, report-uri="https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct"Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=nV%2F924aZ5FYXNqA1KnYZ86CYjUBnvpjdDu%2Bcds87EaedNBVlrb2N6OyCLvs6HIEJZbRG2964uBsN5ZeIKszZZv0NsBsiOw85nq1rD%2BcJ3KLopBh%2FwHRrp%2FOSsAHh9dDJCKSOUpU%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 6cd7cfbe9def40b7-CDGalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400, h3-28=":443"; ma=86400, h3-27=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundContent-Type: text/htmlContent-Length: 14797Connection: closeDate: Fri, 14 Jan 2022 15:14:03 GMTLast-Modified: Thu, 13 Jan 2022 18:15:38 GMTETag: "f0f36f724742ca6e2f3c7497e9b6e5a9"Cache-Control: max-age=31536000Content-Encoding: gzipx-amz-version-id: i6jr9ly82NbqfmnUx7oiWtS2MRQipckpAccept-Ranges: bytesServer: AmazonS3X-Cache: Error from cloudfrontVia: 1.1 0c476b4e93e7b13a5f68b185a8e9753c.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ZRH50-C1X-Amz-Cf-Id: Oyy3n6RyCu_idL7VItin7Pdc7mCG2gDVLMwMVC5EX414C58TwTM9Ug==
Source: angular.js.1.dr String found in binary or memory: http://angularjs.org
Source: data_3.3.dr String found in binary or memory: http://crl.pki.goog/gsr1/gsr1.crl0;
Source: data_3.3.dr String found in binary or memory: http://crl.pki.goog/gtsr1/gtsr1.crl0W
Source: data_3.3.dr String found in binary or memory: http://crls.pki.goog/gts1c3/QqFxbi9M48c.crl0
Source: angular.js.1.dr String found in binary or memory: http://errors.angularjs.org/1.6.4-local
Source: data_2.3.dr, History.1.dr, data_1.3.dr String found in binary or memory: http://jamesviewzzhe.buzz/Doc/FBG/
Source: data_1.3.dr String found in binary or memory: http://jamesviewzzhe.buzz/Doc/FBG/.
Source: data_2.3.dr String found in binary or memory: http://jamesviewzzhe.buzz/Doc/FBG/CF-Cache-Status:
Source: History.1.dr String found in binary or memory: http://jamesviewzzhe.buzz/Doc/FBG/One
Source: pnacl_public_x86_64_pnacl_sz_nexe.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr String found in binary or memory: http://llvm.org/):
Source: data_3.3.dr String found in binary or memory: http://ocsp.pki.goog/gsr10)
Source: data_3.3.dr String found in binary or memory: http://ocsp.pki.goog/gts1c301
Source: data_3.3.dr String found in binary or memory: http://ocsp.pki.goog/gtsr100
Source: data_3.3.dr String found in binary or memory: http://pki.goog/gsr1/gsr1.crt02
Source: data_3.3.dr String found in binary or memory: http://pki.goog/repo/certs/gts1c3.der0
Source: data_3.3.dr String found in binary or memory: http://pki.goog/repo/certs/gtsr1.der04
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://tools.ietf.org/html/rfc1950
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions
Source: mirroring_hangouts.js.1.dr String found in binary or memory: http://www.ietf.org/id/draft-holmer-rmcat-transport-wide-cc-extensions-01
Source: Reporting and NEL.3.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=6zegje6ArNw49T5kEePBFneU3c8Jl6dFw3uyY1Zea5xTOFLjKdAZMr5eyQk
Source: Reporting and NEL.3.dr String found in binary or memory: https://a.nel.cloudflare.com/report/v3?s=eKV3cFBniHpR3vzT1E1k3FO3cyXRlYp1sdd%2FLmr5hdvt5xqSHr9W2%2BF
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, manifest.json.1.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://accounts.google.com
Source: craw_window.js.1.dr String found in binary or memory: https://accounts.google.com/MergeSession
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, manifest.json.1.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://apis.google.com
Source: mirroring_common.js.1.dr String found in binary or memory: https://apis.google.com/js/client.js
Source: mirroring_common.js.1.dr String found in binary or memory: https://castedumessaging-pa.googleapis.com/v1
Source: Network Action Predictor.1.dr String found in binary or memory: https://cdnjs.cloudflare.com/
Source: data_1.3.dr, data_3.3.dr String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/tether/1.4.0/js/tether.min.js
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-clang.git
Source: pnacl_public_x86_64_libcrt_platform_a.1.dr, pnacl_public_x86_64_pnacl_llc_nexe.1.dr String found in binary or memory: https://chromium.googlesource.com/a/native_client/pnacl-llvm.git
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://clients2.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://clients2.google.com/cr/report
Source: manifest.json0.1.dr, manifest.json.1.dr, manifest.json1.1.dr String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://clients2.googleusercontent.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://clients6.google.com
Source: pnacl_public_x86_64_ld_nexe.1.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry
Source: pnacl_public_x86_64_ld_nexe.1.dr String found in binary or memory: https://code.google.com/p/nativeclient/issues/entry%s:
Source: Network Action Predictor.1.dr String found in binary or memory: https://code.jquery.com/
Source: data_3.3.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.slim.min.js
Source: data_1.3.dr String found in binary or memory: https://code.jquery.com/jquery-3.1.1.slim.min.jsY8
Source: 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://content-autofill.googleapis.com
Source: data_1.3.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCQMDk1y6wILFEgk
Source: data_1.3.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCTp7MtQi5mLpEgk
Source: data_1.3.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIfCVrKUPjAmU8MEgk
Source: data_1.3.dr String found in binary or memory: https://content-autofill.googleapis.com/v1/pages/Chc2LjEuMTcxNS4xNDQyL2VuIChHR0xMKRIqCQTetEILVb0sEgk
Source: manifest.json.1.dr String found in binary or memory: https://content.googleapis.com
Source: common.js.1.dr, mirroring_cast_streaming.js.1.dr String found in binary or memory: https://crash.corp.google.com/samples?reportid=&q=
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://creativecommons.org/publicdomain/zero/1.0/.
Source: data_2.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/apps-themes
Source: data_2.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/apps-themesCross-Origin-Resource-Policy:
Source: Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/IdentityListAccountsHttp/external
Source: data_2.3.dr, Reporting and NEL.3.dr String found in binary or memory: https://csp.withgoogle.com/csp/report-to/apps-themes
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, c5343a33-2aa8-49a7-b6e5-17c525a9ea82.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr, ddda8ed4-c355-4a26-b6e7-4505ea376d04.tmp.3.dr String found in binary or memory: https://dns.google
Source: mirroring_common.js.1.dr String found in binary or memory: https://docs.google.com
Source: manifest.json.1.dr String found in binary or memory: https://feedback.googleusercontent.com
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://fonts.googleapis.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://fonts.googleapis.com/
Source: data_1.3.dr, data_3.3.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Open
Source: manifest.json.1.dr String found in binary or memory: https://fonts.googleapis.com;
Source: data_3.3.dr String found in binary or memory: https://fonts.gstatic.com
Source: data_1.3.dr String found in binary or memory: https://fonts.gstatic.com/s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2
Source: manifest.json.1.dr String found in binary or memory: https://fonts.gstatic.com;
Source: angular.js.1.dr, material_css_min.css.1.dr String found in binary or memory: https://github.com/angular/material
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://github.com/madler/zlib/blob/master/zlib.h
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://hangouts.clients6.google.com
Source: manifest.json.1.dr String found in binary or memory: https://hangouts.google.com/
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://hangouts.google.com/hangouts/_/logpref
Source: Network Action Predictor.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/
Source: History.1.dr, data_1.3.dr, Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/99
Source: History.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/One
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/Report-To:
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/css/bootstrap.min.css
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/css/bootstrap.min.css4
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/css/style.css
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/css/style.css)
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/Onedrive-logo.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/Onedrive-logo.png$
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/landing-devices-bg.jpg
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/mail.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/microbg.jpg
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/microsoftlogo.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/office.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/officebg.jpg
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/officebg.jpg%
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/officelogo.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/outlook.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/images/webmaillogo.png
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/js/bootstrap.min.js
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php
Source: History.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpSign
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/office.php
Source: History.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/office.phpOne
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/webmail.php
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/webmail.phpI
Source: History.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG/webmail.phpOne
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBG=
Source: Current Session.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBGI
Source: History.1.dr String found in binary or memory: https://jamesviewzzhe.buzz/Doc/FBGOne
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js
Source: data_1.3.dr String found in binary or memory: https://jamesviewzzhe.buzz/favicon.ico
Source: Network Action Predictor.1.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/
Source: data_1.3.dr, data_3.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css
Source: data_1.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css:
Source: data_1.3.dr, data_3.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.js
Source: data_1.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/js/bootstrap.min.jsC
Source: data_1.3.dr, data_3.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css
Source: data_1.3.dr String found in binary or memory: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0
Source: mirroring_common.js.1.dr String found in binary or memory: https://meet.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://meetings.clients6.google.com
Source: mirroring_common.js.1.dr String found in binary or memory: https://networktraversal.googleapis.com/v1alpha
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://ogs.google.com
Source: Network Action Predictor.1.dr String found in binary or memory: https://page.adobespark-assets.com/
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/experiments/chrome/chrome.js
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/lato.gz.js
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/museo-slab.gz.js
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/museo-slab.gz.jsO
Source: Favicons.1.dr, data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico9
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/left-arrow.png
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/lightbox_close
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/images/right-arrow.png
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/noscript.gz.css
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/runtime-prod.gz.js
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css
Source: data_1.3.dr String found in binary or memory: https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: data_3.3.dr String found in binary or memory: https://pki.goog/repository/0
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://play.google.com
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://preprod-hangouts-googleapis.sandbox.google.com
Source: 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com
Source: data_3.3.dr String found in binary or memory: https://r4---sn-4g5lznle.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic?cms_redirect=yes&mh=I2&mip=84.17
Source: 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://redirector.gvt1.com
Source: data_1.3.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic
Source: data_1.3.dr String found in binary or memory: https://redirector.gvt1.com/edgedl/chrome/dict/en-us-9-0.bdic8lq
Source: manifest.json0.1.dr, craw_window.js.1.dr String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: data_3.3.dr String found in binary or memory: https://signup.live.com
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://ssl.gstatic.com
Source: messages.json83.1.dr, messages.json19.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json37.1.dr, messages.json77.1.dr, messages.json21.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json20.1.dr, messages.json38.1.dr, messages.json24.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json76.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json56.1.dr, messages.json7.1.dr, messages.json84.1.dr, messages.json70.1.dr, messages.json35.1.dr, messages.json23.1.dr, messages.json68.1.dr, messages.json6.1.dr, messages.json79.1.dr, messages.json2.1.dr, messages.json59.1.dr, messages.json71.1.dr, messages.json82.1.dr, messages.json36.1.dr, messages.json81.1.dr, messages.json58.1.dr, messages.json5.1.dr, messages.json78.1.dr, messages.json66.1.dr, messages.json43.1.dr, messages.json67.1.dr, messages.json0.1.dr, messages.json.1.dr, messages.json57.1.dr, messages.json88.1.dr, messages.json51.1.dr String found in binary or memory: https://support.google.com/chromecast/answer/2998456
Source: messages.json83.1.dr, messages.json19.1.dr, feedback.html.1.dr, messages.json80.1.dr, messages.json22.1.dr, messages.json73.1.dr, messages.json37.1.dr, messages.json77.1.dr, messages.json21.1.dr, messages.json74.1.dr, messages.json9.1.dr, messages.json75.1.dr, messages.json85.1.dr, messages.json20.1.dr, messages.json38.1.dr, messages.json24.1.dr, messages.json8.1.dr, messages.json87.1.dr, messages.json86.1.dr, messages.json44.1.dr, messages.json76.1.dr, messages.json69.1.dr, messages.json1.1.dr, messages.json18.1.dr, messages.json56.1.dr, messages.json7.1.dr, messages.json84.1.dr, messages.json70.1.dr, messages.json35.1.dr, messages.json23.1.dr, messages.json68.1.dr, messages.json6.1.dr, messages.json79.1.dr, messages.json2.1.dr, messages.json59.1.dr, messages.json71.1.dr, messages.json82.1.dr, messages.json36.1.dr, messages.json81.1.dr, messages.json58.1.dr, messages.json5.1.dr, messages.json78.1.dr, messages.json66.1.dr, messages.json43.1.dr, messages.json67.1.dr, messages.json0.1.dr, messages.json.1.dr, messages.json57.1.dr, messages.json88.1.dr, messages.json51.1.dr String found in binary or memory: https://support.google.com/chromecast/troubleshooter/2995236
Source: Network Action Predictor.1.dr String found in binary or memory: https://use.typekit.net/
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/180254/00000000000000000001522c/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/180c9d/00000000000000003b9b3f8a/27/l?primer=7fa3915bdafdf03041871920a205b
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/220823/000000000000000000015231/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/37eaae/00000000000000003b9b3f83/27/l?primer=7fa3915bdafdf03041871920a205b
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/53dec0/0000000000000000000100fe/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/696cdf/00000000000000000000ec0a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/949f99/00000000000000003b9b3068/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/97fbd1/00000000000000003b9b3f88/27/l?primer=7fa3915bdafdf03041871920a205b
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/a2df1e/00000000000000000001522a/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/b0c5f5/00000000000000003b9b3f85/27/l?primer=7fa3915bdafdf03041871920a205b
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/bdde80/00000000000000000001522d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/bf4171/00000000000000000000ec0d/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/c225e2/000000000000000000011aff/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/ea0e14/000000000000000000010141/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/af/efba8b/000000000000000000015236/27/l?primer=7cdcb44be4a7db8877ffa5c0007b8
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/gom8xuo.js
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/oea2wtv.js
Source: data_1.3.dr String found in binary or memory: https://use.typekit.net/onz5gap.js
Source: craw_background.js.1.dr, craw_window.js.1.dr String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, manifest.json.1.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://www.google.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.google.com/
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.1.dr String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.1.dr String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: mirroring_hangouts.js.1.dr String found in binary or memory: https://www.google.com/log?format=json&hasfast=true
Source: feedback_script.js.1.dr String found in binary or memory: https://www.google.com/tools/feedback
Source: manifest.json.1.dr String found in binary or memory: https://www.google.com;
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, craw_background.js.1.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr, craw_window.js.1.dr String found in binary or memory: https://www.googleapis.com
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/calendar.readonly
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/cast-edu-messaging
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/clouddevices
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/hangouts.readonly
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/meetings
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/plus.peopleapi.readwrite
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json0.1.dr String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: manifest.json.1.dr String found in binary or memory: https://www.googleapis.com/auth/userinfo.email
Source: mirroring_common.js.1.dr String found in binary or memory: https://www.googleapis.com/calendar/v3
Source: mirroring_common.js.1.dr String found in binary or memory: https://www.googleapis.com/hangouts/v1
Source: 8dc99252-a7db-405f-a4d2-318a503348ca.tmp.3.dr, 938d606a-f13f-4dd2-8537-fc26d2724349.tmp.3.dr, db1bada1-1419-463b-9465-e34a48a4d925.tmp.3.dr String found in binary or memory: https://www.gstatic.com
Source: common.js.1.dr String found in binary or memory: https://www.gstatic.com/hangouts_echo_detector/release/%
Source: manifest.json.1.dr String found in binary or memory: https://www.gstatic.com;
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/ HTTP/1.1Host: express.adobe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/runtime.gz.css HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/base-fonts.gz.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/font-subgroup-kits/museo-slab.gz.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/font-subgroup-kits/lato.gz.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/typekit-load.gz.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/runtime-prod.gz.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/images/e52e3974-f40f-43c0-9ac2-b70196e541f2.png?asset_id=25df052f-6216-4351-8a34-94c29433d8a6&img_etag=%22478538465f8d2d06b074775605e3abc3%22&size=1024 HTTP/1.1Host: express.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /experiments/chrome/chrome.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/right-arrow.png HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/left-arrow.png HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/lightbox_close@2x.png HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/images/9c33b71b-d8e1-48aa-95bd-59e31eefc1b6.jpg?asset_id=4dc86fc4-4724-4bf8-b092-15cad3c1c328&img_etag=%22d98521c635c8945cfcf964fa541e10ae%22&size=1024 HTTP/1.1Host: express.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/favicon.ico HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/images/e52e3974-f40f-43c0-9ac2-b70196e541f2.png?asset_id=25df052f-6216-4351-8a34-94c29433d8a6&img_etag=%22478538465f8d2d06b074775605e3abc3%22&size=2560 HTTP/1.1Host: express.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/images/9c33b71b-d8e1-48aa-95bd-59e31eefc1b6.jpg?asset_id=4dc86fc4-4724-4bf8-b092-15cad3c1c328&img_etag=%22d98521c635c8945cfcf964fa541e10ae%22&size=3327 HTTP/1.1Host: express.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/right-arrow.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.com
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/left-arrow.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.com
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/lightbox_close@2x.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.com
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/favicon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.com
Source: global traffic HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/?page-mode=static HTTP/1.1Host: express.adobe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/noscript.gz.css HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://express.adobe.com/page/hkJAopeNt4zI5/?page-mode=staticAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/right-arrow.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.comIf-Modified-Since: Mon, 13 Dec 2021 15:27:59 GMTIf-None-Match: "0521a80da93dacc1cd2104b8c3828421"
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/left-arrow.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: page.adobespark-assets.comIf-Modified-Since: Mon, 13 Dec 2021 15:27:58 GMTIf-None-Match: "5ce00c645964cf02667d083a32cec874"
Source: global traffic HTTP traffic detected: GET /Doc/FBG HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/ HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/bootstrap.min.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/style.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/js/bootstrap.min.js HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/Onedrive-logo.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ajax/libs/tether/1.4.0/js/tether.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveOrigin: https://jamesviewzzhe.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/landing-devices-bg.jpg HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/office.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/outlook.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/mail.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/opensans/v27/memvYaGs126MiZpBA-UvWbX2vVnXBbObj2OVTS-muw.woff2 HTTP/1.1Host: fonts.gstatic.comConnection: keep-aliveOrigin: https://jamesviewzzhe.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://fonts.googleapis.com/css?family=Open+Sans:300,300i,400,400i,600,600i,700,700i,800,800iAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/landing-devices-bg.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jamesviewzzhe.buzz
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/Onedrive-logo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jamesviewzzhe.buzz
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: express.adobe.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://express.adobe.com/page/hkJAopeNt4zI5/images/9c33b71b-d8e1-48aa-95bd-59e31eefc1b6.jpg?asset_id=4dc86fc4-4724-4bf8-b092-15cad3c1c328&img_etag=%22d98521c635c8945cfcf964fa541e10ae%22&size=1024Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5 HTTP/1.1Host: express.adobe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/ HTTP/1.1Host: express.adobe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "baaf4d3d7306833d24101a7806386eba"
Source: global traffic HTTP traffic detected: GET /experiments/chrome/chrome.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "3090c705a28f8a5b952fdacc3797cef7"If-Modified-Since: Mon, 10 Jan 2022 21:42:22 GMT
Source: global traffic HTTP traffic detected: GET /runtime/1.22/images/right-arrow.png HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://page.adobespark-assets.com/runtime/1.22/runtime.gz.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "0521a80da93dacc1cd2104b8c3828421"If-Modified-Since: Mon, 13 Dec 2021 15:27:59 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/ HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/bootstrap.min.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/style.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/js/bootstrap.min.js HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/Onedrive-logo.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/office.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/landing-devices-bg.jpg HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/outlook.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/mail.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /page/hkJAopeNt4zI5/ HTTP/1.1Host: express.adobe.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "baaf4d3d7306833d24101a7806386eba"
Source: global traffic HTTP traffic detected: GET /experiments/chrome/chrome.js HTTP/1.1Host: page.adobespark-assets.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://express.adobe.com/page/hkJAopeNt4zI5/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "3090c705a28f8a5b952fdacc3797cef7"If-Modified-Since: Mon, 10 Jan 2022 21:42:22 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/office.php HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/style.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/officebg.jpg HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0-alpha.6/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://jamesviewzzhe.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bootstrap/4.0.0-alpha.6/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://jamesviewzzhe.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /font-awesome/4.7.0/css/font-awesome.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/officelogo.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/microsoftlogo.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/office.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /font-awesome/4.7.0/fonts/fontawesome-webfont.woff2?v=4.7.0 HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveOrigin: https://jamesviewzzhe.buzzUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/officelogo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jamesviewzzhe.buzz
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/microsoftlogo.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jamesviewzzhe.buzz
Source: global traffic HTTP traffic detected: GET /Doc/FBG/microsoft.php HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/bootstrap.min.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/style.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/officebg.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: jamesviewzzhe.buzz
Source: global traffic HTTP traffic detected: GET /Doc/FBG/js/bootstrap.min.js HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://jamesviewzzhe.buzz/Doc/FBG/microsoft.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/microbg.jpg HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/css/style.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/webmail.php HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/css/style.css HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://jamesviewzzhe.buzz/Doc/FBG/webmail.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Mon, 05 Mar 2018 11:51:50 GMT
Source: global traffic HTTP traffic detected: GET /Doc/FBG/images/webmaillogo.png HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://jamesviewzzhe.buzz/Doc/FBG/webmail.phpAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/ HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /Doc/FBG/ HTTP/1.1Host: jamesviewzzhe.buzzConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: unknown HTTPS traffic detected: 13.224.96.6:443 -> 192.168.2.3:49808 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.224.96.6:443 -> 192.168.2.3:49805 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.47.175:443 -> 192.168.2.3:49869 version: TLS 1.2
Source: unknown HTTPS traffic detected: 104.21.47.175:443 -> 192.168.2.3:49868 version: TLS 1.2
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://express.adobe.com/page/hkJAopeNt4zI5/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,18307856838126916977,11189579393534020525,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1560,18307856838126916977,11189579393534020525,131072 --lang=en-US --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1920 /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-61E211B3-19F4.pma Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Local\Temp\2e072261-1015-4dd6-900b-7d33941bf0ee.tmp Jump to behavior
Source: classification engine Classification label: mal84.phis.win@41/256@13/13
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries\en-US-9-0.bdic Jump to behavior
windows-stand
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.47.175
 jamesviewzzhe.buzz United States
13335 CLOUDFLARENETUS true
13.224.96.19
 express-prod.adobeprojectm.com United States
16509 AMAZON-02US false
142.250.184.205
 accounts.google.com United States
15169 GOOGLEUS false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
172.217.16.142
 clients.l.google.com United States
15169 GOOGLEUS false
142.250.186.163
 gstaticadssl.l.google.com United States
15169 GOOGLEUS false
13.224.96.6
 page.adobespark-assets.com United States
16509 AMAZON-02US false
104.18.11.207
 maxcdn.bootstrapcdn.com United States
13335 CLOUDFLARENETUS false
142.250.181.225
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
104.16.19.94
 cdnjs.cloudflare.com United States
13335 CLOUDFLARENETUS false

Private
IP
192.168.2.1
127.0.0.1

Contacted Domains

Name IP Active
gstaticadssl.l.google.com 142.250.186.163 true
a.nel.cloudflare.com 35.190.80.1 true
accounts.google.com 142.250.184.205 true
cdnjs.cloudflare.com 104.16.19.94 true
express-prod.adobeprojectm.com 13.224.96.19 true
maxcdn.bootstrapcdn.com 104.18.11.207 true
clients.l.google.com 172.217.16.142 true
jamesviewzzhe.buzz 104.21.47.175 true
page.adobespark-assets.com 13.224.96.6 true
googlehosted.l.googleusercontent.com 142.250.181.225 true
clients2.googleusercontent.com unknown unknown
use.typekit.net unknown unknown
clients2.google.com unknown unknown
p.typekit.net unknown unknown
code.jquery.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://jamesviewzzhe.buzz/Doc/FBG/images/webmaillogo.png true
  • Avira URL Cloud: safe
 unknown
https://jamesviewzzhe.buzz/Doc/FBG/images/office.png true
  • Avira URL Cloud: safe
 unknown
https://page.adobespark-assets.com/runtime/1.22/images/left-arrow.png false
  • 0%, Virustotal, Browse
  • Avira URL Cloud: safe
 unknown
https://page.adobespark-assets.com/runtime/1.22/typekit-load.gz.js false
  • URL Reputation: safe
 unknown
https://page.adobespark-assets.com/runtime/1.22/base-fonts.gz.js false
  • URL Reputation: safe
 unknown
https://jamesviewzzhe.buzz/Doc/FBG/images/outlook.png true
  • Avira URL Cloud: safe
 unknown
https://jamesviewzzhe.buzz/favicon.ico true
  • Avira URL Cloud: safe
 unknown
https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css false
    		high
    https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/lato.gz.js false
    • Avira URL Cloud: safe
    		 unknown
    https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php true
    • SlashNext: Fake Login Page type: Phishing & Social Engineering
    		 unknown
    https://jamesviewzzhe.buzz/cdn-cgi/scripts/5c5dd728/cloudflare-static/email-decode.min.js true
    • Avira URL Cloud: safe
    		 unknown
    https://jamesviewzzhe.buzz/Doc/FBG/css/bootstrap.min.css true
    • Avira URL Cloud: safe
    		 unknown
    https://jamesviewzzhe.buzz/Doc/FBG/js/bootstrap.min.js true
    • Avira URL Cloud: safe
    		 unknown
    https://page.adobespark-assets.com/runtime/1.22/font-subgroup-kits/museo-slab.gz.js false
    • Avira URL Cloud: safe
    		 unknown
    https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
      		high
      https://jamesviewzzhe.buzz/Doc/FBG/webmail.php true
        		unknown
        https://jamesviewzzhe.buzz/Doc/FBG/ true
        • SlashNext: Fake Login Page type: Phishing & Social Engineering
        		 unknown
        https://jamesviewzzhe.buzz/Doc/FBG/ true
        • SlashNext: Fake Login Page type: Phishing & Social Engineering
        		 unknown
        https://page.adobespark-assets.com/runtime/1.22/images/right-arrow.png false
        • Avira URL Cloud: safe
        		 unknown
        https://jamesviewzzhe.buzz/Doc/FBG/images/officelogo.png true
        • Avira URL Cloud: safe
        		 unknown
        https://jamesviewzzhe.buzz/Doc/FBG/microsoft.php true
        • SlashNext: Fake Login Page type: Phishing & Social Engineering
        		 unknown
        https://page.adobespark-assets.com/runtime/1.22/runtime.gz.css false
        • URL Reputation: safe
        		 unknown
        https://a.nel.cloudflare.com/report/v3?s=nV%2F924aZ5FYXNqA1KnYZ86CYjUBnvpjdDu%2Bcds87EaedNBVlrb2N6OyCLvs6HIEJZbRG2964uBsN5ZeIKszZZv0NsBsiOw85nq1rD%2BcJ3KLopBh%2FwHRrp%2FOSsAHh9dDJCKSOUpU%3D false
          		high
          https://jamesviewzzhe.buzz/Doc/FBG/office.php true
          • SlashNext: Fake Login Page type: Phishing & Social Engineering
          		 unknown
          https://maxcdn.bootstrapcdn.com/bootstrap/4.0.0-alpha.6/css/bootstrap.min.css false
            		high
            http://jamesviewzzhe.buzz/Doc/FBG/ true
            • Avira URL Cloud: safe
            		 unknown
            https://jamesviewzzhe.buzz/Doc/FBG/webmail.php true
              		unknown
              https://jamesviewzzhe.buzz/Doc/FBG/images/landing-devices-bg.jpg true
              • Avira URL Cloud: safe
              		 unknown
              https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx false
                		high
                https://page.adobespark-assets.com/runtime/1.22/images/favicon.ico false
                • URL Reputation: safe
                		 unknown