Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://usdtmen.com

Overview

General Information

Sample URL:https://usdtmen.com
Analysis ID:756095
Infos:

Detection

Score:0
Range:0 - 100
Whitelisted:false
Confidence:80%

Signatures

No HTML title found

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 3188 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://usdtmen.com/ MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
    • chrome.exe (PID: 6160 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,5818765958052219750,8192306715576805166,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 7BC7B4AEDC055BB02BCB52710132E9E1)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Snort Signatures

No Snort rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

There are no malicious signatures, click here to show all signatures.

Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: HTML title missing
Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: HTML title missing
Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: No <meta name="author".. found
Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: No <meta name="author".. found
Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: No <meta name="copyright".. found
Source: https://usdtmen.com/index/passport/login.htmlHTTP Parser: No <meta name="copyright".. found
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: unknownHTTPS traffic detected: 154.211.96.136:443 -> 192.168.2.3:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.211.96.136:443 -> 192.168.2.3:49888 version: TLS 1.2
Source: unknownDNS traffic detected: queries for: clients2.google.com
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 49695 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49898 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 49849 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49695
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49694
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49909 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49823 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49849
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49834 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49839
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49838
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49834
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49839 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 49694 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49910 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49824
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49823
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49871 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49899
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49898
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49923
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 49838 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49824 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49910
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49923 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49871
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49899 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49909
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /index/passport/logout.html HTTP/1.1Host: usdtmen.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usdtmen.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /index/passport/logout.html HTTP/1.1Host: usdtmen.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=u&oit=1&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=us&oit=1&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usd&oit=1&cp=3&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdt&oit=1&cp=4&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtm&oit=1&cp=5&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3E&oit=4&cp=8&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3EC&oit=4&cp=9&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3ECO&oit=4&cp=10&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3ECOM&oit=4&cp=11&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3ECO&oit=4&cp=10&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3EC&oit=4&cp=9&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3E&oit=4&cp=8&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme%3C&oit=4&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmeN&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=U&oit=1&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=US&oit=1&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USD&oit=1&cp=3&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDT&oit=1&cp=4&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTM&oit=1&cp=5&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTME&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTMEN&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=wwusdtmen.com&oit=3&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=wusdtmen.com&oit=3&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen.com&oit=3&cp=0&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCI+9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usdtmen.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /index/passport/logout.html HTTP/1.1Host: usdtmen.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /index/passport/login.html HTTP/1.1Host: usdtmen.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/weui.css HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/bootstrap.min.css HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/iconfont.css HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/common.css HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/zepto.min.js HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/jquery.min.js HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/weui.min.js HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /layer3.1/layer.js HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/common.js HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /layer3.1/theme/default/layer.css?v=3.1.1 HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?1User-Agent: Mozilla/5.0 (Linux; Android 9.0; SAMSUNG SM-F900U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Mobile Safari/537.36sec-ch-ua-platform: "Android"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/logo.cba20b1b.png HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/username_icon.png HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/password_icon.png HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/bg1.6c9f941a.png HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?1User-Agent: Mozilla/5.0 (Linux; Android 9.0; SAMSUNG SM-F900U Build/PPR1.180610.011) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Mobile Safari/537.36sec-ch-ua-platform: "Android"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/en-us.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/es-es.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/pt-pt.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/fr.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/es-es.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/ar-ae.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/ko.jpg HTTP/1.1Host: usdtmen.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://usdtmen.com/index/passport/login.htmlAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/en-us.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/pt-pt.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/fr.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/ar-ae.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/bootstrap.min.css.map HTTP/1.1Host: usdtmen.comConnection: keep-alivePragma: no-cacheCache-Control: no-cacheSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: GET /image/ko.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/logo.cba20b1b.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/username_icon.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET /image/password_icon.png HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: usdtmen.com
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: usdtmen.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: think_var=en-us; PHPSESSID=vg2hurq6g2m72it0ujr3nddhg4
Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginxDate: Tue, 29 Nov 2022 15:34:09 GMTContent-Type: text/html; charset=utf-8Transfer-Encoding: chunkedConnection: closeVary: Accept-Encoding
Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E
Source: unknownHTTPS traffic detected: 154.211.96.136:443 -> 192.168.2.3:49889 version: TLS 1.2
Source: unknownHTTPS traffic detected: 154.211.96.136:443 -> 192.168.2.3:49888 version: TLS 1.2
Source: classification engineClassification label: clean0.win@46/0@26/12
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://usdtmen.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,5818765958052219750,8192306715576805166,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,5818765958052219750,8192306715576805166,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

Mitre Att&ck Matrix

Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
Valid AccountsWindows Management InstrumentationPath Interception1
Process Injection		2
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
Encrypted Channel		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
Non-Application Layer Protocol		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
Application Layer Protocol		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
Ingress Tool Transfer		SIM Card SwapCarrier Billing Fraud

Behavior Graph

Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
https://usdtmen.com1%VirustotalBrowse
https://usdtmen.com0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
https://beacons.gcp.gvt2.com/domainreliability/upload0%URL Reputationsafe
https://beacons.gvt2.com/domainreliability/upload0%URL Reputationsafe
https://usdtmen.com/index/passport/logout.html0%Avira URL Cloudsafe
https://usdtmen.com/image/weui.min.js0%Avira URL Cloudsafe
https://usdtmen.com/image/bg1.6c9f941a.png0%Avira URL Cloudsafe
https://usdtmen.com/image/fr.jpg0%Avira URL Cloudsafe
https://usdtmen.com/layer3.1/layer.js0%Avira URL Cloudsafe
https://usdtmen.com/image/common.css0%Avira URL Cloudsafe
https://usdtmen.com/layer3.1/theme/default/layer.css?v=3.1.10%Avira URL Cloudsafe
https://beacons2.gvt2.com/domainreliability/upload-nel0%Avira URL Cloudsafe
https://usdtmen.com/index/passport/logout.html3%VirustotalBrowse
https://usdtmen.com/image/zepto.min.js0%Avira URL Cloudsafe
https://e2c27.gcp.gvt2.com/nel/0%Avira URL Cloudsafe
https://usdtmen.com/image/weui.css0%Avira URL Cloudsafe
https://usdtmen.com/0%Avira URL Cloudsafe
https://usdtmen.com/image/iconfont.css0%Avira URL Cloudsafe
https://usdtmen.com/image/jquery.min.js0%Avira URL Cloudsafe
https://usdtmen.com/image/es-es.jpg0%Avira URL Cloudsafe
https://usdtmen.com/image/password_icon.png0%Avira URL Cloudsafe
https://usdtmen.com/image/bootstrap.min.css0%Avira URL Cloudsafe
https://usdtmen.com/image/common.js0%Avira URL Cloudsafe
https://usdtmen.com/image/ko.jpg0%Avira URL Cloudsafe
https://usdtmen.com/image/username_icon.png0%Avira URL Cloudsafe
https://usdtmen.com/image/bootstrap.min.css.map0%Avira URL Cloudsafe
https://usdtmen.com/image/logo.cba20b1b.png0%Avira URL Cloudsafe
https://usdtmen.com/image/ar-ae.jpg0%Avira URL Cloudsafe
http://usdtmen.com/0%Avira URL Cloudsafe
https://usdtmen.com/image/pt-pt.jpg0%Avira URL Cloudsafe
https://usdtmen.com/image/en-us.jpg0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
accounts.google.com
142.250.186.109
truefalse
    		high
    beacons-handoff.gcp.gvt2.com
    		142.251.143.67
    		truefalse
      		unknown
      usdtmen.com
      		154.211.96.136
      		truefalse
        		unknown
        e2c27.gcp.gvt2.com
        		35.227.159.135
        		truefalse
          		unknown
          www.google.com
          		142.250.186.100
          		truefalse
            		high
            beacons2.gvt2.com
            		172.217.13.227
            		truefalse
              		unknown
              clients.l.google.com
              		142.250.185.206
              		truefalse
                		high
                beacons.gvt2.com
                		216.58.212.163
                		truefalse
                  		unknown
                  clients2.google.com
                  		unknown
                  		unknownfalse
                    		high
                    www.usdtmen.com
                    		unknown
                    		unknownfalse
                      		unknown
                      beacons.gcp.gvt2.com
                      		unknown
                      		unknownfalse
                        		unknown

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTME&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                          		high
                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usd&oit=1&cp=3&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                            		high
                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=wwusdtmen.com&oit=3&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                              		high
                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDT&oit=1&cp=4&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                		high
                                https://usdtmen.com/layer3.1/layer.jsfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://beacons.gcp.gvt2.com/domainreliability/uploadfalse
                                • URL Reputation: safe
                                		unknown
                                https://usdtmen.com/image/fr.jpgfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://usdtmen.com/image/bg1.6c9f941a.pngfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTMEN&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                  		high
                                  https://usdtmen.com/index/passport/logout.htmlfalse
                                  • 3%, Virustotal, Browse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3ECO&oit=4&cp=10&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                    		high
                                    https://usdtmen.com/image/weui.min.jsfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen.com&oit=3&cp=0&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                      		high
                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3E&oit=4&cp=8&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                        		high
                                        https://usdtmen.com/layer3.1/theme/default/layer.css?v=3.1.1false
                                        • Avira URL Cloud: safe
                                        		unknown
                                        https://usdtmen.com/index/passport/login.htmlfalse
                                          		unknown
                                          https://usdtmen.com/image/common.cssfalse
                                          • Avira URL Cloud: safe
                                          		unknown
                                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=U&oit=1&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                            		high
                                            https://beacons2.gvt2.com/domainreliability/upload-nelfalse
                                            • Avira URL Cloud: safe
                                            		unknown
                                            https://usdtmen.com/index/passport/login.htmlfalse
                                              		unknown
                                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtm&oit=1&cp=5&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                		high
                                                https://usdtmen.com/image/zepto.min.jsfalse
                                                • Avira URL Cloud: safe
                                                		unknown
                                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3ECOM&oit=4&cp=11&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                  		high
                                                  https://e2c27.gcp.gvt2.com/nel/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://usdtmen.com/image/weui.cssfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://usdtmen.com/false
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://usdtmen.com/image/iconfont.cssfalse
                                                  • Avira URL Cloud: safe
                                                  		unknown
                                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdt&oit=1&cp=4&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                    		high
                                                    https://usdtmen.com/image/jquery.min.jsfalse
                                                    • Avira URL Cloud: safe
                                                    		unknown
                                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                      		high
                                                      https://usdtmen.com/image/es-es.jpgfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://usdtmen.com/image/password_icon.pngfalse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=u&oit=1&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                        		high
                                                        https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                                          		high
                                                          https://usdtmen.com/image/bootstrap.min.cssfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://beacons.gvt2.com/domainreliability/uploadfalse
                                                          • URL Reputation: safe
                                                          		unknown
                                                          https://usdtmen.com/image/common.jsfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://usdtmen.com/image/ko.jpgfalse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmen%3EC&oit=4&cp=9&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                            		high
                                                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USD&oit=1&cp=3&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                              		high
                                                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                		high
                                                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=us&oit=1&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                  		high
                                                                  https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme&oit=1&cp=6&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                    		high
                                                                    https://usdtmen.com/image/username_icon.pngfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://usdtmen.com/image/bootstrap.min.css.mapfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://usdtmen.com/image/logo.cba20b1b.pngfalse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtmeN&oit=1&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                      		high
                                                                      https://usdtmen.com/image/ar-ae.jpgfalse
                                                                      • Avira URL Cloud: safe
                                                                      		unknown
                                                                      https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=US&oit=1&cp=2&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                        		high
                                                                        https://usdtmen.com/image/pt-pt.jpgfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://usdtmen.com/image/en-us.jpgfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                                                          		high
                                                                          https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=USDTM&oit=1&cp=5&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                            		high
                                                                            https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=wusdtmen.com&oit=3&cp=1&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                              		high
                                                                              http://usdtmen.com/false
                                                                              • Avira URL Cloud: safe
                                                                              		unknown
                                                                              https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=usdtme%3C&oit=4&cp=7&gs_rn=42&psi=qRYiebaDLQ80oWIb&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgwfalse
                                                                                		high

                                                                                World Map of Contacted IPs

                                                                                • No. of IPs < 25%
                                                                                • 25% < No. of IPs < 50%
                                                                                • 50% < No. of IPs < 75%
                                                                                • 75% < No. of IPs

                                                                                Public IPs

                                                                                IPDomainCountryFlagASNASN NameMalicious
                                                                                142.250.185.206
                                                                                		clients.l.google.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                154.211.96.136
                                                                                		usdtmen.comSeychelles
                                                                                		134705ITACE-AS-APItaceInternationalLimitedHKfalse
                                                                                142.250.185.132
                                                                                		unknownUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                142.250.186.109
                                                                                		accounts.google.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                239.255.255.250
                                                                                		unknownReserved
                                                                                		unknownunknownfalse
                                                                                35.227.159.135
                                                                                		e2c27.gcp.gvt2.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                172.217.13.227
                                                                                		beacons2.gvt2.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                142.251.143.67
                                                                                		beacons-handoff.gcp.gvt2.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                216.58.212.163
                                                                                		beacons.gvt2.comUnited States
                                                                                		15169GOOGLEUSfalse
                                                                                172.217.18.100
                                                                                		unknownUnited States
                                                                                		15169GOOGLEUSfalse

                                                                                Private

                                                                                IP
                                                                                192.168.2.1
                                                                                127.0.0.1

                                                                                General Information

                                                                                Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                Analysis ID:756095
                                                                                Start date and time:2022-11-29 16:31:55 +01:00
                                                                                Joe Sandbox Product:CloudBasic
                                                                                Overall analysis duration:0h 4m 6s
                                                                                Hypervisor based Inspection enabled:false
                                                                                Report type:light
                                                                                Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                                                Sample URL:https://usdtmen.com
                                                                                Analysis system description:Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
                                                                                Number of analysed new started processes analysed:11
                                                                                Number of new started drivers analysed:0
                                                                                Number of existing processes analysed:0
                                                                                Number of existing drivers analysed:0
                                                                                Number of injected processes analysed:0
                                                                                Technologies:
                                                                                • HCA enabled
                                                                                • EGA enabled
                                                                                • HDC enabled
                                                                                • AMSI enabled
                                                                                Analysis Mode:default
                                                                                Analysis stop reason:Timeout
                                                                                Detection:CLEAN
                                                                                Classification:clean0.win@46/0@26/12
                                                                                EGA Information:Failed
                                                                                HDC Information:Failed
                                                                                HCA Information:
                                                                                • Successful, ratio: 100%
                                                                                • Number of executed functions: 0
                                                                                • Number of non-executed functions: 0

                                                                                Warnings

                                                                                • Exclude process from analysis (whitelisted): SIHClient.exe, SgrmBroker.exe, usocoreworker.exe, svchost.exe, WindowsInternal.ComposableShell.Experiences.TextInput.InputApp.exe
                                                                                • TCP Packets have been reduced to 100
                                                                                • Excluded IPs from analysis (whitelisted): 216.58.212.131, 34.104.35.123, 142.250.185.78, 142.250.185.227, 142.250.186.74, 142.250.181.234, 172.217.18.106, 142.250.186.138, 142.250.184.202, 172.217.23.106, 142.250.185.170, 142.250.186.106, 142.250.185.234, 172.217.16.202, 142.250.185.202, 172.217.18.10, 142.250.186.42, 142.250.186.170, 142.250.74.202, 216.58.212.138
                                                                                • Excluded domains from analysis (whitelisted): www.bing.com, client.wns.windows.com, fs.microsoft.com, edgedl.me.gvt1.com, content-autofill.googleapis.com, login.live.com, slscr.update.microsoft.com, encrypted-tbn0.gstatic.com, update.googleapis.com, ctldl.windowsupdate.com, clientservices.googleapis.com
                                                                                • Not all processes where analyzed, report is missing behavior information
                                                                                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                                                                Simulations

                                                                                Behavior and APIs

                                                                                No simulations

                                                                                Joe Sandbox View / Context

                                                                                IPs

                                                                                No context

                                                                                Domains

                                                                                No context

                                                                                ASNs

                                                                                No context

                                                                                JA3 Fingerprints

                                                                                No context

                                                                                Dropped Files

                                                                                No context

                                                                                Created / dropped Files

                                                                                No created / dropped files found

                                                                                Static File Info

                                                                                No static file info

                                                                                Network Behavior

                                                                                Network Port Distribution

                                                                                TCP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 29, 2022 16:32:24.708003044 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.708069086 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.708170891 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.709017038 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:24.709076881 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:24.709172010 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:24.710900068 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.710937023 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.711082935 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:24.711122036 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:24.807111025 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.807537079 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.807569027 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.808891058 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.809051991 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.811466932 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:24.812520027 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:24.812593937 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:24.812896013 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:24.812937021 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:24.814241886 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:24.814347982 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:24.864588976 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.864680052 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:24.864778042 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.868828058 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.868891954 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:24.869621038 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.869697094 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:24.869796991 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.870282888 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:24.870317936 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.112036943 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.112126112 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.112443924 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.112585068 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:25.112657070 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.112723112 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.112760067 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.112907887 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.113239050 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:25.113274097 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.141805887 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.142009974 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:25.142059088 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.142101049 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.142169952 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:25.153376102 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.155416965 CET49694443192.168.2.3142.250.185.206
                                                                                Nov 29, 2022 16:32:25.155456066 CET44349694142.250.185.206192.168.2.3
                                                                                Nov 29, 2022 16:32:25.162925005 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.163044930 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.163091898 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.163386106 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.163472891 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.164813995 CET49695443192.168.2.3142.250.186.109
                                                                                Nov 29, 2022 16:32:25.164843082 CET44349695142.250.186.109192.168.2.3
                                                                                Nov 29, 2022 16:32:25.611713886 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.612323999 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:25.612380981 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.613661051 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.613925934 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:25.625515938 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:25.625571966 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.625761032 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:25.625778913 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.625838041 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.666445017 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:25.666507959 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:25.766500950 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.333307028 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.333479881 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.333652973 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.334096909 CET49696443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.334134102 CET44349696154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.625600100 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.637968063 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.638020992 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.640913963 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.641068935 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.651804924 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.651832104 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.652049065 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.652206898 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:26.652234077 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:26.767512083 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.743208885 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:27.743351936 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:27.743583918 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.799185038 CET49697443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.799241066 CET44349697154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:27.803515911 CET49699443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.803599119 CET44349699154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:27.803699017 CET49699443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.804119110 CET49699443192.168.2.3154.211.96.136
                                                                                Nov 29, 2022 16:32:27.804153919 CET44349699154.211.96.136192.168.2.3
                                                                                Nov 29, 2022 16:32:28.408863068 CET49703443192.168.2.3142.250.185.132
                                                                                Nov 29, 2022 16:32:28.408904076 CET44349703142.250.185.132192.168.2.3
                                                                                Nov 29, 2022 16:32:28.408998013 CET49703443192.168.2.3142.250.185.132
                                                                                Nov 29, 2022 16:32:28.409378052 CET49703443192.168.2.3142.250.185.132

                                                                                UDP Packets

                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                Nov 29, 2022 16:32:24.675823927 CET6258653192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:32:24.676929951 CET6420853192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:32:24.677033901 CET4940553192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:32:24.694432974 CET53625861.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:32:24.695607901 CET53494051.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:32:24.850765944 CET53642081.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:32:28.347985029 CET5896853192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:32:28.365712881 CET53589681.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:32:28.383533955 CET6075253192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:32:28.401398897 CET53607521.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:07.758765936 CET4975353192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:08.083023071 CET53497531.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:08.126359940 CET5374453192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:08.147835970 CET53537441.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:09.346384048 CET5495753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:09.405230045 CET53549571.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:11.070312023 CET6267753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:11.638418913 CET53626771.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:14.836524010 CET6250753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:14.893490076 CET53625071.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:19.956929922 CET5751753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:20.132723093 CET53575171.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:23.238204956 CET6404053192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:23.407876968 CET53640401.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:23.476464033 CET5524153192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:23.646177053 CET53552411.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:24.804167032 CET5238753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:24.834027052 CET53523871.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:28.402385950 CET5180753192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:28.420521021 CET53518071.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:28.424760103 CET6031053192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:28.442527056 CET53603101.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:29.899596930 CET5764653192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:29.962117910 CET53576461.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:33.938812017 CET5488053192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:34.335639954 CET53548801.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:36.911083937 CET6230453192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:37.082370996 CET53623041.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:50.214030027 CET6111553192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:50.270365000 CET53611151.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:55.175709009 CET4924353192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:55.193550110 CET53492431.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:55.353043079 CET5942453192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:55.353043079 CET6376953192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:55.372543097 CET53594241.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:55.372581959 CET53637691.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:33:56.519668102 CET6385853192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:33:56.537300110 CET53638581.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:34:00.010442972 CET6040853192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:34:00.185385942 CET53604081.1.1.1192.168.2.3
                                                                                Nov 29, 2022 16:34:03.454722881 CET5040153192.168.2.31.1.1.1
                                                                                Nov 29, 2022 16:34:03.479424953 CET53504011.1.1.1192.168.2.3

                                                                                DNS Queries

                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                Nov 29, 2022 16:32:24.675823927 CET192.168.2.31.1.1.10x1946Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:24.676929951 CET192.168.2.31.1.1.10x308eStandard query (0)usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:24.677033901 CET192.168.2.31.1.1.10x1a2eStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:28.347985029 CET192.168.2.31.1.1.10xd789Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:28.383533955 CET192.168.2.31.1.1.10x9f1Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:07.758765936 CET192.168.2.31.1.1.10x3fc2Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:08.126359940 CET192.168.2.31.1.1.10xce86Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:09.346384048 CET192.168.2.31.1.1.10x6284Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:11.070312023 CET192.168.2.31.1.1.10xda2dStandard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:14.836524010 CET192.168.2.31.1.1.10x3a39Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:19.956929922 CET192.168.2.31.1.1.10xf446Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:23.238204956 CET192.168.2.31.1.1.10x2445Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:23.476464033 CET192.168.2.31.1.1.10xd13Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:24.804167032 CET192.168.2.31.1.1.10x6d02Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:28.402385950 CET192.168.2.31.1.1.10xab35Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:28.424760103 CET192.168.2.31.1.1.10xc80aStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:29.899596930 CET192.168.2.31.1.1.10x2ce1Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:33.938812017 CET192.168.2.31.1.1.10x380dStandard query (0)usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:36.911083937 CET192.168.2.31.1.1.10xae51Standard query (0)usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:50.214030027 CET192.168.2.31.1.1.10xce88Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.175709009 CET192.168.2.31.1.1.10x6e2fStandard query (0)beacons.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.353043079 CET192.168.2.31.1.1.10x3170Standard query (0)e2c27.gcp.gvt2.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.353043079 CET192.168.2.31.1.1.10x279bStandard query (0)beacons2.gvt2.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:56.519668102 CET192.168.2.31.1.1.10xb794Standard query (0)beacons.gvt2.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:34:00.010442972 CET192.168.2.31.1.1.10xc869Standard query (0)www.usdtmen.comA (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:34:03.454722881 CET192.168.2.31.1.1.10x81d6Standard query (0)usdtmen.comA (IP address)IN (0x0001)false

                                                                                DNS Answers

                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                Nov 29, 2022 16:32:24.694432974 CET1.1.1.1192.168.2.30x1946No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:24.694432974 CET1.1.1.1192.168.2.30x1946No error (0)clients.l.google.com142.250.185.206A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:24.695607901 CET1.1.1.1192.168.2.30x1a2eNo error (0)accounts.google.com142.250.186.109A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:24.850765944 CET1.1.1.1192.168.2.30x308eNo error (0)usdtmen.com154.211.96.136A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:28.365712881 CET1.1.1.1192.168.2.30xd789No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:32:28.401398897 CET1.1.1.1192.168.2.30x9f1No error (0)www.google.com142.250.185.132A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:28.420521021 CET1.1.1.1192.168.2.30xab35No error (0)www.google.com142.250.186.100A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:28.442527056 CET1.1.1.1192.168.2.30xc80aNo error (0)www.google.com172.217.18.100A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:34.335639954 CET1.1.1.1192.168.2.30x380dNo error (0)usdtmen.com154.211.96.136A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:37.082370996 CET1.1.1.1192.168.2.30xae51No error (0)usdtmen.com154.211.96.136A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.193550110 CET1.1.1.1192.168.2.30x6e2fNo error (0)beacons.gcp.gvt2.combeacons-handoff.gcp.gvt2.comCNAME (Canonical name)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.193550110 CET1.1.1.1192.168.2.30x6e2fNo error (0)beacons-handoff.gcp.gvt2.com142.251.143.67A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.372543097 CET1.1.1.1192.168.2.30x3170No error (0)e2c27.gcp.gvt2.com35.227.159.135A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:55.372581959 CET1.1.1.1192.168.2.30x279bNo error (0)beacons2.gvt2.com172.217.13.227A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:33:56.537300110 CET1.1.1.1192.168.2.30xb794No error (0)beacons.gvt2.com216.58.212.163A (IP address)IN (0x0001)false
                                                                                Nov 29, 2022 16:34:03.479424953 CET1.1.1.1192.168.2.30x81d6No error (0)usdtmen.com154.211.96.136A (IP address)IN (0x0001)false

                                                                                HTTP Request Dependency Graph

                                                                                • accounts.google.com
                                                                                • clients2.google.com
                                                                                • usdtmen.com
                                                                                • www.google.com
                                                                                • https:
                                                                                • beacons.gcp.gvt2.com
                                                                                • e2c27.gcp.gvt2.com
                                                                                • beacons2.gvt2.com
                                                                                • beacons.gvt2.com

                                                                                Statistics

                                                                                Behavior

                                                                                Click to jump to process

                                                                                System Behavior

                                                                                General

                                                                                Target ID:0
                                                                                Start time:16:32:21
                                                                                Start date:29/11/2022
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://usdtmen.com/
                                                                                Imagebase:0x7ff6566b0000
                                                                                File size:2852640 bytes
                                                                                MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low

                                                                                General

                                                                                Target ID:1
                                                                                Start time:16:32:22
                                                                                Start date:29/11/2022
                                                                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                Wow64 process (32bit):false
                                                                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2040 --field-trial-handle=1768,i,5818765958052219750,8192306715576805166,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                                                                Imagebase:0x7ff6566b0000
                                                                                File size:2852640 bytes
                                                                                MD5 hash:7BC7B4AEDC055BB02BCB52710132E9E1
                                                                                Has elevated privileges:true
                                                                                Has administrator privileges:true
                                                                                Programmed in:C, C++ or other language
                                                                                Reputation:low

                                                                                Disassembly

                                                                                No disassembly