Windows Analysis Report
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1

Overview

General Information

Sample URL:	https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs
Analysis ID:	612087
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus detection for URL or domain

HTML body contains low number of good links

No HTML title found

Classification

Signatures

AV Detection

Antivirus detection for URL or domain

Source: https://oboe-apple-ak4h.squarespace.com/

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: Number of links: 0
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: Number of links: 0

No HTML title found

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: HTML title missing
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: HTML title missing

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="author".. found
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="author".. found

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.168.66:443 -> 192.168.2.4:49826 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: linkprotect.cudasvc.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094326Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b13df5d5b2eb4ab7a176dc1e6a064042&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: l7LuH5lPQEGBp9Dp.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094326Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8817c09b9c1045ab8b8ed3444b0536c4&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: l7LuH5lPQEGBp9Dp.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1 HTTP/1.1Host: linkprotect.cudasvc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /dHJHbyeW HTTP/1.1Host: lnkd.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: oboe-apple-ak4h.squarespace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /@sqs/polyfiller/1.2.2/modern.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/common-f187567915dc2115ff027-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/style-loader-runtime-3b32196fd63237cb77125-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/dialog-1e8b04c974609e8e985b2-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/system-page-94b0f3e81d61dd89e26a8-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/extract-css-runtime-df0bcb3fb161c9761a2a8-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/extract-css-moment-js-vendor-0c99b8bf7f3dd5358b2f5-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/cldr-resource-pack-51def4af8f210f9d1e4fa-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/moment-js-vendor-ac5d1bbd5d874f86c9e4f-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-vendors-stable-21627972afe15f645442b-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-vendors-c272c2ec8813c3bee50d8-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-0e08083b5772fd73dc017-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/dialog-6e1c1029ac29409594c81-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/system-page-a3ef43d7fe9ded32fe3e9-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/images-v6/damask/logomark-dark.png?20181218 HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets.squarespace.com/universal/styles-compressed/system-page-94b0f3e81d61dd89e26a8-min.en-US.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oboe-apple-ak4h.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: crumb=BTB1pMMt9MxUNzg4NzQ1YjQ2MjBkZWUxMDU1NDUzZTUyMzZjOGY1
Source: global traffic	HTTP traffic detected: GET /universal/images-v6/damask/logomark-dark.png?20181218 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: assets.squarespace.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220420T130048Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=2c7bb86e4abe4881b74130092bf3f279&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1480008&metered=false&nettype=ethernet&npid=sc-280815&oemName=kwhwso%2C%20Inc.&oemid=kwhwso%2C%20Inc.&ossku=Professional&smBiosDm=kwhwso7%2C1&tl=2&tsu=1480008&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAATNMIiw4t4oKS+jkCFzCoXCF0MpNFLB/6J/OGT25j+T3+3TT/wMDcInK1rTXZnlI6v1+nLTCK2D+sbvqm8gPXDVwYPcXCiG1M2DEnEmOkLkXYZOlsDnx0D+8nuI3LfOH5Nc8k82L6oofJigAsKl9n0RCRsctAIYIGvZSp9BcGsoCNea6QGIuU/r/SRaVXW9h+9g03gOhDyyWx/nrBG66J5BErICmknYW/0ZDRWdbW06fMmLc9J4Wr+TIfEIUOO84xSz4Kch67Rha55IM/OriILKfrHBCjPe/n9UyFKHwDxxKuP7qoCT7BMGHGl874qPx39wuGd4MhMTIuXJ5cUh7zmoDZgAACOcUSBqIBXEZsAGTkxMAh4cVT5CALiMLHmXUITJ4xtkGki9+ukKnmN8CbMI5uBRGQ9iip/JvJo2Q/e0VlrfHR+mOVFwTGbFeOIV3NeX8R69pri5HtH44hOXLRbX1BSTm4ItSkJXypM3hXmK/FP8Qxc1zveK5GbjxteYQuB1dbHTPyzWxXNjMHeKl8zxRwSzk5YktkVkHpEdEdXhpkYd1E8ujeMIUdbp6A/EHgBrw+AZ5ZpvReWBIsSc3SCV/bvMLU0nGt8Z3T5tQUJy/K2KEKXp6IX6nYFnkMC0f/QeK+n47cZ53yShTo7qg0sM1gQgcUVJlVTDU/q0BxzQPTlxnQ/m3GQL9TIKqpOdBXa1XGQ7Bo1ILZ10ywDLUtuNnr7qlG3S8Oybd61vacFERJbONFkXcLp5QpZZxyzSj0drFRI0ZoC+dONzzvsfLrZyayOFoOa0TVGptKzb7Uq1/YZofmETHGOI6frEBnEt3d91gB7n7EHM3J13IRc1SGGWPp08DT0rbCAesro/8QJERH25xT1PFjWKf/xnmaEeqLoZofDrB3xhae82EJLubQpAEftDjI1Gc80KGzk4ea4bYAQ==&p=Cache-Control: no-cacheMS-CV: aIa1bOxXK0Sn0M0y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220420T130048Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=4dbadd3dc2b249afbc0220d1b9ee33e8&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1480008&metered=false&nettype=ethernet&npid=sc-338389&oemName=kwhwso%2C%20Inc.&oemid=kwhwso%2C%20Inc.&ossku=Professional&smBiosDm=kwhwso7%2C1&tl=2&tsu=1480008&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZJNSsZjrT4GTaOMjMqo2flpK3YFvHCresYqTD3r6KixLMkc7+PoWx2068Ty7+7hg3XShLN3bYZ9JpuhHuqxqs9frO6jfdkT5YbUoTqOhPT0pVEdURDUvFipcbDtS7S1og/19orjWktpckXBS5wmexVIbvtzk7Ud4+i+9dDeVcyAE0+mOzbVFtLuM6ZuTcZYC28W2uvezn3jeTbf0SdvT3BcvSfVt/8XdnHGrWaACN7in4HWvWgAlILEfeCNlkAXEAGr8YKKleu95vmrfjV67eRNrb8sQfH2wGTksBel7g1+cRoKFv7DNt1O6Vvp1Wd6cZ/4gjaS9Eyo5gchxKt7I1YDZgAACGNHzlslPlYdsAEQHVs8wodWFDOtlvRHc5SUrs7+Wthtzw4+Eg3BEbvbZ9Uk4geWV5s+FdZVupS/SeeucpBN2pLVfbDq6P4ZGvDC8bO3rnqAhjs0aRBCOifpm36sXsFXK3FqdGYVfqBu3cDh+Hs7SI+01b2EVpTM69BpcCeyvKKFEfXXfyhHnzE+mTWKSjDzW2lXFZ1XNqxACAXOb7sTOcOiBFRs2TPIZ4Uge0VL1orV75u+FgLLERH8t2anQV8mo2cg5sVT9Op11EWm0p+fjV15S05Ujz+4BNtZfJVgCggRZ8T1SvUy+qUWsVuqFDWiXMhIpYqMalJH8xwpAncyc8LFCNFBXa1w9IRfl+bsH/T4zu5JoVhT7qfS0AZoKw0TKFGo8rkxYeRc3TXNSnY6Ze1RFyUvaSUSCyi5H8gi0DcPQd/77bCjGnPs++CvAhauyjbtsjXuzdBgnki9SxB1jx9XbHKe0BHBJp/y/1/ZRzSHTMbmKh8oYXKYFeeQS0xkTWbUrdwnCyW0yJL2XgbefXRkgjeky8opdH02x8hYlvm0Nn6qcIukK1snBHxwc3Y8RthZJj1asj/4CuvYAQ==&p=Cache-Control: no-cacheMS-CV: aIa1bOxXK0Sn0M0y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAge: 1Content-Length: 3374Content-Type: text/html;charset=utf-8Date: Wed, 20 Apr 2022 13:00:19 GMTExpires: Thu, 01 Jan 1970 00:00:00 GMTServer: SquarespaceSet-Cookie: crumb=BTB1pMMt9MxUNzg4NzQ1YjQ2MjBkZWUxMDU1NDUzZTUyMzZjOGY1;Path=/Strict-Transport-Security: max-age=43200X-Content-Type-Options: nosniffX-Contextid: LC8IJqa5/vilYNSVgX-Frame-Options: SAMEORIGINConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: max-age=300, s-maxage=300Content-Type: text/html;charset=utf-8Date: Wed, 20 Apr 2022 13:00:24 GMTServer: SquarespaceStrict-Transport-Security: max-age=43200X-Content-Type-Options: nosniffX-Contextid: 8Bsgqwfl/xDSMxdNXConnection: closeTransfer-Encoding: chunked

Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr, d74a6b8d-23cd-4801-8e8a-1ac19d5d834a.tmp.1.dr	String found in binary or memory: https://dns.google
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8

Source: unknown	HTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.168.66:443 -> 192.168.2.4:49826 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\fd91426c-4b6e-40fb-9573-6d7e95672421.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.win@23/82@8/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,10851749055932200213,7518070639550175363,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,10851749055932200213,7518070639550175363,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-626003DE-1340.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
151.101.0.237	static.squarespace.map.fastly.net	United States	54113	FASTLYUS	false
142.250.185.205	accounts.google.com	United States	15169	GOOGLEUS	false
13.107.42.14	lnkd.in	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
198.185.159.177	oboe-apple-ak4h.squarespace.com	United States	53831	SQUARESPACEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
3.123.244.1	linkprotect.cudasvc.com	United States	16509	AMAZON-02US	false
142.250.74.193	googlehosted.l.googleusercontent.com	United States	15169	GOOGLEUS	false
142.250.184.238	clients.l.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.1
192.168.2.4
192.168.2.3
127.0.0.1

Contacted Domains

Name	IP	Active
lnkd.in	13.107.42.14	true
accounts.google.com	142.250.185.205	true
static.squarespace.map.fastly.net	151.101.0.237	true
clients.l.google.com	142.250.184.238	true
linkprotect.cudasvc.com	3.123.244.1	true
oboe-apple-ak4h.squarespace.com	198.185.159.177	true
googlehosted.l.googleusercontent.com	142.250.74.193	true
clients2.googleusercontent.com	unknown	unknown
clients2.google.com	unknown	unknown
assets.squarespace.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://assets.squarespace.com/universal/scripts-compressed/extract-css-runtime-df0bcb3fb161c9761a2a8-min.en-US.js	false		high
https://oboe-apple-ak4h.squarespace.com/	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://assets.squarespace.com/universal/scripts-compressed/moment-js-vendor-ac5d1bbd5d874f86c9e4f-min.en-US.js	false		high
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://oboe-apple-ak4h.squarespace.com/	false	SlashNext: Credential Stealing type: Phishing & Social Engineering	high
https://assets.squarespace.com/universal/styles-compressed/system-page-94b0f3e81d61dd89e26a8-min.en-US.css	false		high
https://assets.squarespace.com/universal/scripts-compressed/system-page-a3ef43d7fe9ded32fe3e9-min.en-US.js	false		high
https://assets.squarespace.com/universal/scripts-compressed/extract-css-moment-js-vendor-0c99b8bf7f3dd5358b2f5-min.en-US.js	false		high
https://assets.squarespace.com/universal/scripts-compressed/cldr-resource-pack-51def4af8f210f9d1e4fa-min.en-US.js	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://clients2.googleusercontent.com/crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx	false		high
https://lnkd.in/dHJHbyeW	false	Avira URL Cloud: safe	unknown
https://assets.squarespace.com/@sqs/polyfiller/1.2.2/modern.js	false		high
https://assets.squarespace.com/universal/scripts-compressed/common-0e08083b5772fd73dc017-min.en-US.js	false		high
https://assets.squarespace.com/universal/scripts-compressed/style-loader-runtime-3b32196fd63237cb77125-min.en-US.js	false		high
https://assets.squarespace.com/universal/scripts-compressed/common-vendors-c272c2ec8813c3bee50d8-min.en-US.js	false		high
https://assets.squarespace.com/universal/images-v6/damask/logomark-dark.png?20181218	false		high
https://assets.squarespace.com/universal/scripts-compressed/dialog-6e1c1029ac29409594c81-min.en-US.js	false		high
https://assets.squarespace.com/universal/styles-compressed/dialog-1e8b04c974609e8e985b2-min.en-US.css	false		high
https://oboe-apple-ak4h.squarespace.com/favicon.ico	false		high
https://assets.squarespace.com/universal/styles-compressed/common-f187567915dc2115ff027-min.en-US.css	false		high
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1	false		unknown
https://assets.squarespace.com/universal/scripts-compressed/common-vendors-stable-21627972afe15f645442b-min.en-US.js	false		high

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Google\Chrome\User Data\4f8c100c-77e8-44d1-83e3-b19d6a3e5dab.tmp	data	B0DAE0D6DC654D1C0D6D47709E2C67F7	90932BF7A38916635AD641ADEE978970959E3B96	B54374E332BC1E35CB4E7120F47FC78DB549C789BF17BACF0E4B6C510E439FB7
C:\Users\user\AppData\Local\Google\Chrome\User Data\Crashpad\settings.dat	data	7AE9008C2AA5ED3E5ED52743E082F5BF	CD90099842F51474494BFC490433578A89C1B539	94E7D9BF431A0E3F0FD02F0FBA7321F43DD8B523E3D32092AFC474D3FD5ABF62
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\0b11c2eb-9f70-4df5-a3e2-8f713c8a45f1.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	B59B2583BE551A6FDF8656A06D1D752E	9BC446A66E117EA2AF13BBBE4191DFBDB2BFAB3D	07E164EE0DE7B6AE2578F517FBBADBA0B08E26E9656D0F1F1B3619C71D7A1D59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\51b52ba5-b5fd-44ab-b1f7-f77db3997df0.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\5d86ff21-7d9e-4427-97ff-857a4271d171.tmp	UTF-8 Unicode text, with very long lines, with no line terminators	85064CA25C5A513730CF0E0D477D4815	D207D7D93E2AF955172723E5090085E14C1763B8	D646D14ED0E3636845C9D1C6B63332B283BF9DD95B33CE377825EBFCA772072F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\6745b2cc-693c-495f-9721-8707a786d9c5.tmp	ASCII text, with very long lines, with no line terminators	45018E1F2A6B4461B8F4D9EA155E677E	623979008BA4DC8AD09937FF9FBBB7B67B71699B	1C8CE0AD59EEC149E6B96DCD00A840F29D54D7030EE80D433E7A86D0C6F54157
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\000003.log	data	51A2CBB807F5085530DEC18E45CB8569	7AD88CD3DE5844C7FC269C4500228A630016AB5B	1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG	ASCII text	64D1E4D3B868B0E875AE2CFBF6999BBE	43D06D60129EE2047F8ED641A61F4B50B7580654	E4EE436ADD7969CE26C2A15DC0083E75DF64080F2F6A0010C61D7F85FECF4FBB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.old (copy)	ASCII text	64D1E4D3B868B0E875AE2CFBF6999BBE	43D06D60129EE2047F8ED641A61F4B50B7580654	E4EE436ADD7969CE26C2A15DC0083E75DF64080F2F6A0010C61D7F85FECF4FBB
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	494384A177157C36E9017D1FFB39F0BF	CE5D9754A70CD84CEE77C9180DB92C69715BE105	07CF0A5189FAD30A4AA721F4F6DA1B15100991115833EACFA1E2DC84A1B54337
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Preferences (copy)	ASCII text, with very long lines, with no line terminators	45018E1F2A6B4461B8F4D9EA155E677E	623979008BA4DC8AD09937FF9FBBB7B67B71699B	1C8CE0AD59EEC149E6B96DCD00A840F29D54D7030EE80D433E7A86D0C6F54157
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences (copy)	UTF-8 Unicode text, with very long lines, with no line terminators	85064CA25C5A513730CF0E0D477D4815	D207D7D93E2AF955172723E5090085E14C1763B8	D646D14ED0E3636845C9D1C6B63332B283BF9DD95B33CE377825EBFCA772072F
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\GPUCache\data_1	data	F50F89A0A91564D0B8A211F8921AA7DE	112403A17DD69D5B9018B8CEDE023CB3B54EAB7D	B1E963D702392FB7224786E7D56D43973E9B9EFD1B89C17814D7C558FFC0CDEC
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\Network Persistent State (copy)	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\gfdkimpbcpahaombhbimeihdjnejgicl\def\d74a6b8d-23cd-4801-8e8a-1ac19d5d834a.tmp	ASCII text, with very long lines, with no line terminators	8CA9278965B437DFC789E755E4C61B82	5776B6C90CA1D2DDC765ED673B5E6DC8E167F0D6	A57D9231244C1FBDE58A1BF50CAD3A1E3EA28D042BFA272782B65139446E7C51
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\000004.dbtmp	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\data_reduction_proxy_leveldb\CURRENT (copy)	ASCII text	6752A1D65B201C13B62EA44016EB221F	58ECF154D01A62233ED7FB494ACE3C3D4FFCE08B	0861415CADA612EA5834D56E2CF1055D3E63979B69EB71D32AE9AE394D8306CD
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Browser	data	DE9EF0C5BCC012A3A1131988DEE272D8	FA9CCBDC969AC9E1474FCE773234B28D50951CD8	3615498FBEF408A96BF30E01C318DAC2D5451B054998119080E7FAAC5995F590
C:\Users\user\AppData\Local\Google\Chrome\User Data\Last Version	ASCII text, with no line terminators	C422F72BA41F662A919ED0B70E5C3289	AAD27C14B27F56B6E7C744A8EC5B1A7D767D7632	02E71EB4C587FEB7EE00CE8600F97411C2774C2FC34CB95B92D5538E7F30DA59
C:\Users\user\AppData\Local\Google\Chrome\User Data\Local State (copy)	ASCII text, with very long lines, with no line terminators	B6BF803452FF9061473B8DA3E08AD1A4	ABFBC9EB31F747FC538CE2D9BBEECD24F09E1A4D	A2CB5BE7B68C2E9440E0CAACBF507051252BFEF28B71BBF4047579C378894844
C:\Users\user\AppData\Local\Google\Chrome\User Data\Module Info Cache (copy)	data	B0DAE0D6DC654D1C0D6D47709E2C67F7	90932BF7A38916635AD641ADEE978970959E3B96	B54374E332BC1E35CB4E7120F47FC78DB549C789BF17BACF0E4B6C510E439FB7
C:\Users\user\AppData\Local\Google\Chrome\User Data\df19b8f3-58e5-4440-978c-18dc0ec8328d.tmp	ASCII text, with very long lines, with no line terminators	B6BF803452FF9061473B8DA3E08AD1A4	ABFBC9EB31F747FC538CE2D9BBEECD24F09E1A4D	A2CB5BE7B68C2E9440E0CAACBF507051252BFEF28B71BBF4047579C378894844
C:\Users\user\AppData\Local\Google\Chrome\User Data\e8be2431-f73c-41f2-96e3-f4bca57ee18c.tmp	ASCII text, with very long lines, with no line terminators	B6BF803452FF9061473B8DA3E08AD1A4	ABFBC9EB31F747FC538CE2D9BBEECD24F09E1A4D	A2CB5BE7B68C2E9440E0CAACBF507051252BFEF28B71BBF4047579C378894844
C:\Users\user\AppData\Local\Temp\15a6095b-20f9-493f-8f68-3f46dacb0fed.tmp	very short file (no magic)	5058F1AF8388633F609CADB75A75DC9D	3A52CE780950D4D969792A2559CD519D7EE8C727	CDB4EE2AEA69CC6A83331BBE96DC2CAA9A299D21329EFB0336FC02A82E1839A8
C:\Users\user\AppData\Local\Temp\42b3962d-1605-4b85-b6f1-c687d504e48b.tmp	Google Chrome extension, version 3	A11D5CAF6BF849AEB84B0C95B1C3B7CF	27F410CCBD75852C01C7464A1FD7EF8C29BE3916	D0E62ACE64AFC334330A7AC3A2CC657914FEB321F1F89AEE11D2A6D0E7D81C31
C:\Users\user\AppData\Local\Temp\fd91426c-4b6e-40fb-9573-6d7e95672421.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\bg\messages.json	UTF-8 Unicode text, with CRLF line terminators	6F8E288A9AD5B1ED8633B430E2B4D4CA	F671D3D4BEFA431D1946D706F4192D44E29B6F08	A114E2783D0E9B12155017323BA70838F0F82A71C7EE8DC1F115AE36991241F8
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\ca\messages.json	UTF-8 Unicode text, with CRLF line terminators	1FDAFC926391BD580B655FBAF46ED260	C95743C3F43B2B099FEBEBC5BD850F0C20E820AC	C67898B67F9C9209EAFDA6532B62D5789863CFB855998DD6A70E7775316CEC20
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\cs\messages.json	UTF-8 Unicode text, with CRLF line terminators	76DEC64ED1556180B452A13C83171883	CFB1E56FD587BCDC459C1D9A683B71F9849058F9	32290D69A90E6BAAC428B10382C99221B12773BB9A184F3B93DFB48A4F6D7A40
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\da\messages.json	UTF-8 Unicode text, with CRLF line terminators	238B97A36E411E42FF37CEFAF2927ED1	4E47AC90BA24C8F4724D9293FA40CFD4ADA66FE0	4977D4A053542FF66967FAED6B06585DD70E68E20BFEB533B66FE3287F9655D9
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\de\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B3E916E8C1991AA0453CBA00FEDCAAA	D6366D15912E40CA107FD42BFE9579C3336A51F9	A62FFAB910E31531758EEE48B2CC71A8857BEC3021DEAD50B668CBA3C8667053
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\el\messages.json	UTF-8 Unicode text, with CRLF line terminators	05C437A322C1148B5F78B2F341339147	AB53003A678E44A170E73711FBD9949833BBF3AA	A052C32B4FCAC61152EB0ADB2C260FB6A8256AD104AA0013DB93E9798D41A070
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\en\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\en_GB\messages.json	ASCII text, with CRLF line terminators	91F5BC87FD478A007EC68C4E8ADF11AC	D07DD49E4EF3B36DAD7D038B7E999AE850C5BEF6	92F1246C21DD5FD7266EBFD65798C61E403D01A816CC3CF780DB5C8AA2E3D9C9
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\es\messages.json	UTF-8 Unicode text, with CRLF line terminators	82719BD3999AD66193A9B0BB525F97CD	41194D511F1ACC16C1CA828AC81C18C8C6B47287	4DB9B2721E625C18B9E05C04B31AF5D9694712F1CAAF6219ABE34BB08E5DB1C7
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\es_419\messages.json	UTF-8 Unicode text, with CRLF line terminators	6B2583D8D1C147E36A69A88009CBEBC7	4D4DEEB4BE6AA0181825F3371A761ABC5B4D5937	6659BC3705311D7641A73995DCFEA80C7734F2F4EBBC3787B3892A240348324F
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\et\messages.json	UTF-8 Unicode text, with CRLF line terminators	CFF6CB76EC724B17C1BC920726CB35A7	14ED068251D65A840F00C05409D705259D329FFC	C85800BF45942FCC7FD6B1DF929C25F9CC2A977A6678966BD03D4B6B69889AFD
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\fi\messages.json	UTF-8 Unicode text, with CRLF line terminators	3A01FEE829445C482D1721FF63153D16	F3EAAADDC03F943FC88B30B67F534AA13E3336DD	0BDE54B20845124113383B6EB81E43A0F05E4EB0C44BEE3C1DFAC4CC5FEC2836
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\fil\messages.json	ASCII text, with CRLF line terminators	57AF5B654270A945BDA8053A83353A06	EEEF7A4F869F97CF471A05D345E74F982D15E167	EC002ED92359F67818B49455DFC579E140368E6A004080AF022FD4F57F6B03F2
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\fr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8D11C90F44A6585B57B933AB38D1FFF8	3F9D44EA8807069A32AACA2AAAD02FD892E6CC90	599491F8C52B945C16C441ADF45BFD45AFAE046DA07757D97C56AF4DE75ED3B5
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\hi\messages.json	UTF-8 Unicode text, with CRLF line terminators	E376D757C8FD66AC70A7D2D49760B94E	1525C5B1312D409604F097768503298EC440CC4D	8106D98C4F8DA16DB698444409558E29CC96735E188BFA303C333A5D99231C1D
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\hr\messages.json	UTF-8 Unicode text, with CRLF line terminators	8185D0490C86363602A137F9A261CC50	5BD933B874441CEACB9201CCC941FF67BAED6DC0	A2B2EC359A9DD9DCCCE02859CE1E738BD30FAA4A05F1DC522893FFDF722BBC15
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\hu\messages.json	UTF-8 Unicode text, with CRLF line terminators	85609CF8623582A8376C206556ED2131	1E16EB70DB5E59BB684866FF3E3925C2DEF25A12	32A249749F12ADB6A220BF9ADC272C7E5D9AD5497A38B0086D961E3ABA17FBC6
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\id\messages.json	ASCII text, with very long lines	9008516AA1D8F8C2B8ECE70B7E4963AD	EA7AD4BE77A80A4B9FB1E59A340010830E494747	89CAB0AF2B53C6ABEB93C8C628DDCBDD286A7A2672FE03440411BB654E3A0675
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\it\messages.json	ASCII text, with very long lines	BB9C32BA62DDA02F9471C64B5F9CF916	9825037D5D9185C58456CDD887C77B10A41D8C84	43A0B113D3773BA78F82BB9E42DDC46F6892D0FBBB351F94A7C105E4A146E9C1
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\ja\messages.json	ASCII text, with very long lines	96C8CBD161D3CE9CB1A46CB2CD0C6583	78BBFCF035B5B620E353C8E520653ADD3F4E7DB8	81D8F1D9F72B3139BC5D9845BCF82990308FB6175D07514D8238B1E6D5D02E8A
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\ko\messages.json	ASCII text, with very long lines	3CAF23A8EA2332D78B725B6C99EC3202	95C3504F55A929449EF2E3AB92014562AACD39AD	BFE72BBC492B9018A599CB6575366696E431E6A38400E4B2ED06EAE3340D3AE5
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\lt\messages.json	ASCII text, with very long lines	41F2D63952202E528DBBB683B480F99C	9DD998542DBE6609299D4A5A25364A32FA7D7865	FF7C083CD1E6134DD8263C634336EB852274BAD1BFAD18762814C42BC65309D8
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\lv\messages.json	ASCII text, with very long lines	1D21ED2D46338636E24401F6E56E326F	24497EDB25724BC4A57823C5CD06F50DB9647DD4	434A375C32B8A21C435511C551F740FD4D170EC528A8F4EFC3D798EA4A07B606
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\nb\messages.json	ASCII text, with very long lines	8F0168B9A546D5A99FD8A262C975C80E	B0718071BD0B7251D4459E9C87DF50C14622FBD6	F03FA7384DF79EBA6E0274D570996030F595A3BF6B781929DD9DB6593262E41F
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\nl\messages.json	ASCII text, with very long lines	E7F74DCE7B6411E4E0D95E9252CF74FA	33CC6C73C5F8D0144C0260C2E5A9BD0DB3EF6477	3564AEF46C01602B19CC29FD8A79676C543427EDE98206D0C91B33AF0CCF3977
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\pl\messages.json	ASCII text, with very long lines	E16649D87E4CA6462192CF78EBE543EC	53097D592B13F3C1370366B25024EA72208B136A	EB435F7460A63576CA1ECB51948E7A3AD5168D2F175AE2B5836D469672923D84
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\pt_BR\messages.json	ASCII text, with very long lines	1F4BC8A5EFD59D61127ABEECD4B6CAE3	8647B4D2D643AE4F784ABDDC50D87A39AD02971A	E1950CBBF056F068EA56160DDB318F3E6232BFBBE096D221C7CA6FCAACE2A8B9
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\pt_PT\messages.json	ASCII text, with very long lines	D80ECE7E4B3741CD9CD29B89D006B864	8F0D587B78E36861ED00524ABF886FA20E14CAE4	C8FF9ACAEA1D3B6F8483339CB40F66BC563CCA8DD87F2337F813C492B20F451B
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\ro\messages.json	ASCII text, with very long lines	D63E66B94A4EA2085D80E76209582FB1	4ECAC3EB64DD6253310A0776E6D42257FC290D77	91A5AAD210C3E0241106E8821B3897EDEFEC9D85033C94DB2324FF3A5FDE5AC7
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\ru\messages.json	ASCII text, with very long lines	22F9E62ABAD82C2190A839851245A495	E7F79BD875918F0D0799DB5F45FAC6297FB66AF7	9FC1167626C97BCBFDAFF23C6033A44252F89A501AF1DF41C43CB3A994FEB09F
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\sk\messages.json	ASCII text, with very long lines	4BBAA10FD00AADBBA3EF6E805E8E1A62	1991901BD6A20C4A7977F09DF30C0CFF0524C504	906C4F7FDDE15DE4C841E7910BBF14D9175E894BCB244B56E8447A5ADFA5B7AB
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\sl\messages.json	ASCII text, with very long lines	F45DE58765A37FD095319D7DEB0F2FB6	B585A485C9BC1982EDF7AE0B9AC73A8E91D41CB5	8366774AA582035BC7D949F4E28FAEC371C305D01404DF56FFF5A78B4F6ECDB7
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\sr\messages.json	ASCII text, with very long lines	92C1FAC62EB7F92EC3794D4A141BEF32	2AFA41BF51BF9A1089B0B92A9D2DC74299B79813	9DF154C93B02695AF1CC39F085D9D178EC6AF131A62C2AFC65F125F8F9A5B7AC
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\sv\messages.json	ASCII text, with very long lines	6E1BE9CEE29818E54E3D1C7D483DD6F7	B9DD926B60E225C5BE8A1DBB7EF3ACE422A204A9	E348583D8C53F4A5DEC4551DA93785C17108466E427E06F84708AA383EA0E326
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\th\messages.json	ASCII text, with very long lines	283D5177FB2FC7082967988E2683EC7C	DEDE43967F3CEF9D9325F140872A63BFCE2AA8C5	E8D5820BDE31B66A7641068FDEDD1A5F20C1A783460B98887A670F38422099CF
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\tr\messages.json	ASCII text, with very long lines	1BF2AA4BB904B406C9C2B7DF769BB540	8D29C4B7A79AB0657747CA194D1934292A46D2A8	0F2E8285BA3E2BDBA6B16435FB941B07159AACFAC80196AD5941B79AB52B712A
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\uk\messages.json	ASCII text, with very long lines	FD1C9890679036E1AD914218753B1E8E	58160F7A0FC94110A2876223E406A517C8E2660B	39D19CC3387FFCE13A8F11DAD72E2FCBB7CD1A4367EC699AD7C40D6F52ECE717
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\vi\messages.json	ASCII text, with very long lines	7D52E9357AB847B4CC8DBC8CC4DA93F5	AF877F3992D8056C8F08462BD575595BF79FE5B0	313F71F3FFDCEFC76FC746FF2029FBF8FBE38BD83DCF952FC3DDCD8AA96D5CFB
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\zh_CN\messages.json	ASCII text, with very long lines	393680A09DEE0CB9046A62BDC0750B74	54E7F8215061A4AB241B87AE4E81C8F860EB2C2B	D5FB52C2897FD5C294784DB63C933AC77C609D10AC91431CCB295D87452CBEE6
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_locales\zh_TW\messages.json	ASCII text, with very long lines	CD30D132A7213FC1B7E03C6D0A49CCF7	1141DED39023B821FE9BB4682E0D1EB5469DAF76	5717F13D10E63255947F750C79CBB6BD04A6D97A08261E8D5764AF5EB0561A28
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\_metadata\verified_contents.json	ASCII text, with very long lines, with no line terminators	0834821960CB5C6E9D477AEF649CB2E4	7D25F027D7CEE9E94E9CBDEE1F9220C8D20A1588	52A24FA2FB3BCB18D9D8571AE385C4A830FF98CE4C18384D40A84EA7F6BA7F69
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\craw_background.js	ASCII text, with very long lines	6EEBED29E6A6301E92A9B8B347807F5F	65DFB69B650560551110B33DCBA50B25E5B876DE	04CD9494B0ED83924DAD12202630B20D053D9E2819C8E826A386C814CC0A1697
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\craw_window.js	ASCII text, with very long lines	1709B6F00A136241185161AA3DF46A06	33DA7D262FFED1A5C2D85B7390E9DBC830CBE494	5721A4B3F8E09C869A629EFFD350B51C9D46F0AC136717D4DB6265C0EE6F9AC8
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\css\craw_window.css	ASCII text	67BF9AABE17541852F9DDFF8245096CD	A4AC74DD258E8E0689034FAA1B15A5C7C56DC3BB	10DFBD2D98950B79EE12F6B8E3885AABE31543048DE56AD4FC0A5E34D0D9D4EC
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\html\craw_window.html	HTML document, ASCII text	34A839BC40DEBC746BBD181D9EF9310C	8B4EAA74D31EED5B0BABA3CA5460201F6B10DA46	BB8742615E4CD996AE5D0200E443AE6A6F0B473255F03AFFDB8FB4660DE4554D
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\flapper.gif	GIF image data, version 89a, 30 x 30	398ABB308EEBC355DA70BCE907B22E29	CFFB77B8A1724B8F81D98C6D6AD0071D10162252	2B73533F47A99FFEA9CC405FFAFA9C4C53623F62487AEBFBA415945120B22040
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\icon_128.png	PNG image data, 128 x 128, 8-bit/color RGBA, non-interlaced	4DBC9F9E6F5A08D299BAC9E54DF07694	BB38F5DE34B1E0BE1109220BA55271087A4D9EA5	91C2718DD23B4356D71F88F6146868369033291086DF327534546DFA459BEB0E
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\icon_16.png	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced	FB9C46EA81AD3E456D90D58697C12C06	5FC450F7D73CCFAC8F0D818CB3392BA4D91B69DE	016CA659BA080E194FBFC0929602B16506ED60AA6019FAA51410C4FD93B583E8
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\topbar_floating_button.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	8803665A6328D23CC1014A7B0E9BE295	9DA6EE729D5A6E9F30658B8EC954710F107A641F	D5F9234DC36E7FFA85F35B2359A4F82276F8395EFA76E4553507EA990B27FC6C
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\topbar_floating_button_close.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	0599DFD9107C7647F27E69331B0A7D75	3198C0A5F34DB67F91A0035DBC297354CBC95525	131817CD9311C03DF22D769DD2AD7FA2E6E9558863A89F7E5E1657424031A937
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\topbar_floating_button_hover.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	7CB6B9DC1A30F63B8BD976924B75AD96	0C40B0C496D2F2B5F2021C117EC8610AC03AB469	721B7AAA9A42A54A349881615A12E3A26983ACA48E173FD2F66E66AA0D725735
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\topbar_floating_button_maximize.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	232CE72808B60CBE0F4FA788A76523DF	721A9C98C835D2CD734153BBE07833C6637ECD68	AFA4EA944CBDEC8543242E627EF46D5BFD3766DCAC664E7E50CDEEF2B352740C
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\images\topbar_floating_button_pressed.png	PNG image data, 32 x 32, 8-bit/color RGBA, non-interlaced	E0862317407F2D54C85E12945799413B	FA557F8F761A04C41C9A4BA81994E43C6C275DBB	5C10CE0589EB115600F77381130B70AE0B7B3752614D86D4C89E857658AA222B
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\CRX_INSTALL\manifest.json	ASCII text, with CRLF line terminators	01334FB9D092AF2AA46C4185E405C627	47AD3C0E82362FFE5B881DF8D71D6F79AB7F5796	F52714812D68C577A445169D11E84DF6751C2D6886BC429643072BB5D61C6C27
C:\Users\user\AppData\Local\Temp\scoped_dir4928_353708498\fd91426c-4b6e-40fb-9573-6d7e95672421.tmp	Google Chrome extension, version 3	541F52E24FE1EF9F8E12377A6CCAE0C0	189898BB2DCAE7D5A6057BC2D98B8B450AFAEBB6	81E3A4D43A73699E1B7781723F56B8717175C536685C5450122B30789464AD82

AV Detection

Antivirus detection for URL or domain

Source: https://oboe-apple-ak4h.squarespace.com/

SlashNext: Label: Credential Stealing type: Phishing & Social Engineering

HTML body contains low number of good links

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: Number of links: 0
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: Number of links: 0

No HTML title found

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: HTML title missing
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: HTML title missing

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="author".. found
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="author".. found

Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="copyright".. found
Source: https://oboe-apple-ak4h.squarespace.com/	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.168.66:443 -> 192.168.2.4:49826 version: TLS 1.2

Source: unknown

DNS traffic detected: queries for: linkprotect.cudasvc.com

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822

Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 8.248.119.254
Source: unknown	TCP traffic detected without corresponding DNS query: 93.184.220.29
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.159.19
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.31.4

Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=310091&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094326Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=b13df5d5b2eb4ab7a176dc1e6a064042&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-310091&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&rver=2&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: l7LuH5lPQEGBp9Dp.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=314559&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220308T094326Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=8817c09b9c1045ab8b8ed3444b0536c4&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1417890&metered=false&nettype=ethernet&npid=sc-314559&oemName=VMware%2C%20Inc.&oemid=VMware%2C%20Inc.&ossku=Professional&smBiosDm=VMware7%2C1&tl=2&tsu=1417890&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6Cache-Control: no-cacheMS-CV: l7LuH5lPQEGBp9Dp.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=85.0.4183.121&lang=en-GB&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1&x=id%3Dpkedcjkdefgpdelpbcmbmeomcjbeemfm%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmieda,pkedcjkdefgpdelpbcmbmeomcjbeemfmX-Goog-Update-Updater: chromecrx-85.0.4183.121Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1 HTTP/1.1Host: linkprotect.cudasvc.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /dHJHbyeW HTTP/1.1Host: lnkd.inConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: oboe-apple-ak4h.squarespace.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /@sqs/polyfiller/1.2.2/modern.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/common-f187567915dc2115ff027-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/style-loader-runtime-3b32196fd63237cb77125-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/dialog-1e8b04c974609e8e985b2-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/styles-compressed/system-page-94b0f3e81d61dd89e26a8-min.en-US.css HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: text/css,/;q=0.1Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/extract-css-runtime-df0bcb3fb161c9761a2a8-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/extract-css-moment-js-vendor-0c99b8bf7f3dd5358b2f5-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/cldr-resource-pack-51def4af8f210f9d1e4fa-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/moment-js-vendor-ac5d1bbd5d874f86c9e4f-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-vendors-stable-21627972afe15f645442b-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-vendors-c272c2ec8813c3bee50d8-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/common-0e08083b5772fd73dc017-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/dialog-6e1c1029ac29409594c81-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/scripts-compressed/system-page-a3ef43d7fe9ded32fe3e9-min.en-US.js HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveOrigin: https://oboe-apple-ak4h.squarespace.comUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /universal/images-v6/damask/logomark-dark.png?20181218 HTTP/1.1Host: assets.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://assets.squarespace.com/universal/styles-compressed/system-page-94b0f3e81d61dd89e26a8-min.en-US.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: oboe-apple-ak4h.squarespace.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept: image/avif,image/webp,image/apng,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://oboe-apple-ak4h.squarespace.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8Cookie: crumb=BTB1pMMt9MxUNzg4NzQ1YjQ2MjBkZWUxMDU1NDUzZTUyMzZjOGY1
Source: global traffic	HTTP traffic detected: GET /universal/images-v6/damask/logomark-dark.png?20181218 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: assets.squarespace.com
Source: global traffic	HTTP traffic detected: GET /crx/blobs/Acy1k0bLIjHsvnKaKN_oRpVaYYvFs25d7GKYF1WXrT6yizCMksBO0c_ggE0B6tx6HPRHe6q1GOEe3_NcIbSiGG8kXeLMUY0sAKVvC6R89zvKM13s5VqoAMZSmuUgjQL5vlygJuArQghXXE_qTL7NlQ/extension_8520_615_0_5.crx HTTP/1.1Host: clients2.googleusercontent.comConnection: keep-aliveSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/85.0.4183.121 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en-US;q=0.9,en;q=0.8
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=280815&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220420T130048Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=2c7bb86e4abe4881b74130092bf3f279&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1480008&metered=false&nettype=ethernet&npid=sc-280815&oemName=kwhwso%2C%20Inc.&oemid=kwhwso%2C%20Inc.&ossku=Professional&smBiosDm=kwhwso7%2C1&tl=2&tsu=1480008&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAATNMIiw4t4oKS+jkCFzCoXCF0MpNFLB/6J/OGT25j+T3+3TT/wMDcInK1rTXZnlI6v1+nLTCK2D+sbvqm8gPXDVwYPcXCiG1M2DEnEmOkLkXYZOlsDnx0D+8nuI3LfOH5Nc8k82L6oofJigAsKl9n0RCRsctAIYIGvZSp9BcGsoCNea6QGIuU/r/SRaVXW9h+9g03gOhDyyWx/nrBG66J5BErICmknYW/0ZDRWdbW06fMmLc9J4Wr+TIfEIUOO84xSz4Kch67Rha55IM/OriILKfrHBCjPe/n9UyFKHwDxxKuP7qoCT7BMGHGl874qPx39wuGd4MhMTIuXJ5cUh7zmoDZgAACOcUSBqIBXEZsAGTkxMAh4cVT5CALiMLHmXUITJ4xtkGki9+ukKnmN8CbMI5uBRGQ9iip/JvJo2Q/e0VlrfHR+mOVFwTGbFeOIV3NeX8R69pri5HtH44hOXLRbX1BSTm4ItSkJXypM3hXmK/FP8Qxc1zveK5GbjxteYQuB1dbHTPyzWxXNjMHeKl8zxRwSzk5YktkVkHpEdEdXhpkYd1E8ujeMIUdbp6A/EHgBrw+AZ5ZpvReWBIsSc3SCV/bvMLU0nGt8Z3T5tQUJy/K2KEKXp6IX6nYFnkMC0f/QeK+n47cZ53yShTo7qg0sM1gQgcUVJlVTDU/q0BxzQPTlxnQ/m3GQL9TIKqpOdBXa1XGQ7Bo1ILZ10ywDLUtuNnr7qlG3S8Oybd61vacFERJbONFkXcLp5QpZZxyzSj0drFRI0ZoC+dONzzvsfLrZyayOFoOa0TVGptKzb7Uq1/YZofmETHGOI6frEBnEt3d91gB7n7EHM3J13IRc1SGGWPp08DT0rbCAesro/8QJERH25xT1PFjWKf/xnmaEeqLoZofDrB3xhae82EJLubQpAEftDjI1Gc80KGzk4ea4bYAQ==&p=Cache-Control: no-cacheMS-CV: aIa1bOxXK0Sn0M0y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /v3/Delivery/Placement?pubid=da63df93-3dbc-42ae-a505-b34988683ac7&pid=338389&adm=2&w=1&h=1&wpx=1&hpx=1&fmt=json&cltp=app&dim=le&rafb=0&nct=1&pm=1&cfmt=text,image,poly&sft=jpeg,png,gif&topt=1&poptin=0&localid=w:D9BC7EDF-91E8-C8ED-3ED4-3B144B30C00C&ctry=US&time=20220420T130048Z&lc=en-US&pl=en-US&idtp=mid&uid=a9223225-82ba-4622-a95e-dcecd6738abd&aid=00000000-0000-0000-0000-000000000000&ua=WindowsShellClient%2F9.0.40929.0%20%28Windows%29&asid=4dbadd3dc2b249afbc0220d1b9ee33e8&ctmode=MultiSession&arch=x64&cdm=1&cdmver=10.0.17134.1&devfam=Windows.Desktop&devform=Unknown&devosver=10.0.17134.1&disphorzres=1280&dispsize=17.1&dispvertres=1024&isu=0&lo=1480008&metered=false&nettype=ethernet&npid=sc-338389&oemName=kwhwso%2C%20Inc.&oemid=kwhwso%2C%20Inc.&ossku=Professional&smBiosDm=kwhwso7%2C1&tl=2&tsu=1480008&waasBldFlt=1&waasCfgExp=1&waasCfgSet=1&waasRetail=1&waasRing= HTTP/1.1Accept-Encoding: gzip, deflateX-SDK-CACHE: chs=0&imp=0&chf=0&ds=50583&fs=32089&sc=6X-SDK-HW-TOKEN: t=EwDgAppeBAAUlAKXDAofTQM+n+MaRVFKzH/ehWgAAZJNSsZjrT4GTaOMjMqo2flpK3YFvHCresYqTD3r6KixLMkc7+PoWx2068Ty7+7hg3XShLN3bYZ9JpuhHuqxqs9frO6jfdkT5YbUoTqOhPT0pVEdURDUvFipcbDtS7S1og/19orjWktpckXBS5wmexVIbvtzk7Ud4+i+9dDeVcyAE0+mOzbVFtLuM6ZuTcZYC28W2uvezn3jeTbf0SdvT3BcvSfVt/8XdnHGrWaACN7in4HWvWgAlILEfeCNlkAXEAGr8YKKleu95vmrfjV67eRNrb8sQfH2wGTksBel7g1+cRoKFv7DNt1O6Vvp1Wd6cZ/4gjaS9Eyo5gchxKt7I1YDZgAACGNHzlslPlYdsAEQHVs8wodWFDOtlvRHc5SUrs7+Wthtzw4+Eg3BEbvbZ9Uk4geWV5s+FdZVupS/SeeucpBN2pLVfbDq6P4ZGvDC8bO3rnqAhjs0aRBCOifpm36sXsFXK3FqdGYVfqBu3cDh+Hs7SI+01b2EVpTM69BpcCeyvKKFEfXXfyhHnzE+mTWKSjDzW2lXFZ1XNqxACAXOb7sTOcOiBFRs2TPIZ4Uge0VL1orV75u+FgLLERH8t2anQV8mo2cg5sVT9Op11EWm0p+fjV15S05Ujz+4BNtZfJVgCggRZ8T1SvUy+qUWsVuqFDWiXMhIpYqMalJH8xwpAncyc8LFCNFBXa1w9IRfl+bsH/T4zu5JoVhT7qfS0AZoKw0TKFGo8rkxYeRc3TXNSnY6Ze1RFyUvaSUSCyi5H8gi0DcPQd/77bCjGnPs++CvAhauyjbtsjXuzdBgnki9SxB1jx9XbHKe0BHBJp/y/1/ZRzSHTMbmKh8oYXKYFeeQS0xkTWbUrdwnCyW0yJL2XgbefXRkgjeky8opdH02x8hYlvm0Nn6qcIukK1snBHxwc3Y8RthZJj1asj/4CuvYAQ==&p=Cache-Control: no-cacheMS-CV: aIa1bOxXK0Sn0M0y.0User-Agent: WindowsShellClient/9.0.40929.0 (Windows)X-SDK-HWF: tch0,m301,m751,mA01,mT01Host: arc.msn.comConnection: Keep-Alive
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Thu, 20 Apr 2017 16:10:39 GMTUser-Agent: Microsoft BITS/7.8Host: fs.microsoft.com

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundAge: 1Content-Length: 3374Content-Type: text/html;charset=utf-8Date: Wed, 20 Apr 2022 13:00:19 GMTExpires: Thu, 01 Jan 1970 00:00:00 GMTServer: SquarespaceSet-Cookie: crumb=BTB1pMMt9MxUNzg4NzQ1YjQ2MjBkZWUxMDU1NDUzZTUyMzZjOGY1;Path=/Strict-Transport-Security: max-age=43200X-Content-Type-Options: nosniffX-Contextid: LC8IJqa5/vilYNSVgX-Frame-Options: SAMEORIGINConnection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenCache-Control: max-age=300, s-maxage=300Content-Type: text/html;charset=utf-8Date: Wed, 20 Apr 2022 13:00:24 GMTServer: SquarespaceStrict-Transport-Security: max-age=43200X-Content-Type-Options: nosniffX-Contextid: 8Bsgqwfl/xDSMxdNXConnection: closeTransfer-Encoding: chunked

Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://accounts.google.com
Source: craw_window.js.0.dr	String found in binary or memory: https://accounts.google.com/MergeSession
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://apis.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://clients2.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://clients2.google.com/service/update2/crx
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://clients2.googleusercontent.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr, d74a6b8d-23cd-4801-8e8a-1ac19d5d834a.tmp.1.dr	String found in binary or memory: https://dns.google
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://fonts.googleapis.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://fonts.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://github.com/google/closure-library/wiki/goog.module:-an-ES6-module-like-alternative-to-goog.p
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://ogs.google.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://payments.google.com/payments/v4/js/integrator.js
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://play.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://r5---sn-h0jeln7l.gvt1.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://redirector.gvt1.com
Source: craw_window.js.0.dr, manifest.json.0.dr	String found in binary or memory: https://sandbox.google.com/payments/v4/js/integrator.js
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://ssl.gstatic.com
Source: craw_window.js.0.dr, craw_background.js.0.dr	String found in binary or memory: https://www-googleapis-staging.sandbox.google.com
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.google.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.google.com/
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/accounts/OAuthLogin?issueuberauth=1
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/cleardot.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/dot2.gif
Source: craw_window.js.0.dr	String found in binary or memory: https://www.google.com/images/x2.gif
Source: craw_background.js.0.dr	String found in binary or memory: https://www.google.com/intl/en-US/chrome/blank.html
Source: craw_window.js.0.dr, craw_background.js.0.dr, 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.googleapis.com
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/chromewebstore.readonly
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierra
Source: manifest.json.0.dr	String found in binary or memory: https://www.googleapis.com/auth/sierrasandbox
Source: 1ce5cd36-c3a8-431b-9a4e-70cb1064c2aa.tmp.1.dr	String found in binary or memory: https://www.gstatic.com

Source: unknown

Source: unknown	HTTPS traffic detected: 151.101.0.237:443 -> 192.168.2.4:49793 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49820 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.19:443 -> 192.168.2.4:49822 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49823 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.82.210.154:443 -> 192.168.2.4:49824 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.213.168.66:443 -> 192.168.2.4:49826 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Temp\fd91426c-4b6e-40fb-9573-6d7e95672421.tmp

Jump to behavior

Source: classification engine

Classification label: mal48.win@23/82@8/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --enable-automation "https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,10851749055932200213,7518070639550175363,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --field-trial-handle=1624,10851749055932200213,7518070639550175363,131072 --lang=en-GB --service-sandbox-type=network --enable-audio-service-sandbox --mojo-platform-channel-handle=1964 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Local\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-626003DE-1340.pma

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	612087
Product:	CloudBasic
Start time:	14:59:01
Start date:	20.04.2022
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 85, IE 11, Adobe Reader DC 19, Java 8 Update 211
Architecture:	WINDOWS

Windows Analysis Report
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://linkprotect.cudasvc.com/url?a=https%3a%2f%2flnkd.in%2fdHJHbyeW&c=E,1,YM2-l7Mpe5NcyKKuZBBP7ai_JDrMchgC87abS_xn5hdH3Y1tbCqrd6w3LtRJwRmsOcodlEBKKXf-M77j2J2ixUYBLcNTKXnasDyDJqGqtuMf-GKj0D4GAQ8dLMs,&typo=1