Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
Benefits_Enrollment.html

Overview

General Information

Sample Name:Benefits_Enrollment.html
Analysis ID:756263
MD5:8c560f59b895539eb3a2980f29820e06
SHA1:c507b4ef991f85f812aee3cf0f1e8577b95a87aa
SHA256:06ae041e84c1854931b6c57c503d225213df51e3105f32a5be617cdcf47ca085
Infos:

Detection

HTMLPhisher
Score:56
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Yara detected HtmlPhish45
Antivirus detection for URL or domain
JA3 SSL client fingerprint seen in connection with other malware
IP address seen in connection with other malware

Classification

  • System is w10x64
  • chrome.exe (PID: 6096 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
    • chrome.exe (PID: 1108 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • chrome.exe (PID: 5560 cmdline: C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Benefits_Enrollment.html MD5: 0FEC2748F363150DC54C1CAFFB1A9408)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
Benefits_Enrollment.htmlJoeSecurity_HtmlPhish_45Yara detected HtmlPhish_45Joe Security
    No Sigma rule has matched
    No Snort rule has matched

    Click to jump to signature section

    Show All Signature Results

    AV Detection

    barindex
    Source: https://uautoma.ru/Mben.schemelin@nahan.comSlashNext: Label: Credential Stealing type: Phishing & Social Engineering

    Phishing

    barindex
    Source: Yara matchFile source: Benefits_Enrollment.html, type: SAMPLE
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49889 version: TLS 1.2
    Source: Joe Sandbox ViewJA3 fingerprint: 37f463bf4616ecd445d4a1937da06e19
    Source: Joe Sandbox ViewIP Address: 239.255.255.250 239.255.255.250
    Source: Joe Sandbox ViewIP Address: 104.18.6.185 104.18.6.185
    Source: unknownDNS traffic detected: queries for: accounts.google.com
    Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
    Source: unknownNetwork traffic detected: HTTP traffic on port 49817 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49861
    Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49766 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49881 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
    Source: unknownNetwork traffic detected: HTTP traffic on port 49820 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
    Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49861 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
    Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
    Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
    Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49712 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
    Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49713
    Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49712
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
    Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
    Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
    Source: unknownNetwork traffic detected: HTTP traffic on port 49822 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
    Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
    Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49895 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
    Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49822
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
    Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49820
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
    Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
    Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
    Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49817
    Source: unknownNetwork traffic detected: HTTP traffic on port 49713 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49815
    Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
    Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49895
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
    Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
    Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49766
    Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
    Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
    Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49881
    Source: unknownNetwork traffic detected: HTTP traffic on port 49815 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
    Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
    Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
    Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49903
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
    Source: unknownNetwork traffic detected: HTTP traffic on port 49903 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
    Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
    Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
    Source: global trafficHTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Mben.schemelin@nahan.com HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e795a1d3692b4 HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=8shDsbHs7EB13ZBvQJcmWoV9oavjaUocnUixPR3MNCs-1669757736-0-gaNycGzNCREAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e795a1d3692b4 HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=8shDsbHs7EB13ZBvQJcmWoV9oavjaUocnUixPR3MNCs-1669757736-0-gaNycGzNCREAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1Host: cloudflare.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/771e795a1d3692b4/1669757736595/343672dd002d60bd0e9fa1e5b275b5e8ef012af8b92acf0dea45ec7a8eb553c7/hVZ0BH2B5ltgWGD HTTP/1.1Host: uautoma.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/img/771e795a1d3692b4/1669757736596/OZL3TI39NY5wB7q HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /turnstile/v0/b/75e640aa/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e795a1d3692b4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ru
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=771e796ada855c4a HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/img/771e796ada855c4a/1669757739842/FIXXpglHgNNfCbE HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e795a1d3692b4 HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ruIf-Modified-Since: Tue, 22 Nov 2022 13:34:50 GMTIf-None-Match: "637ccffa-2a"
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/771e796ada855c4a/1669757739848/d9d281cd19bf700dc4e234b53132eace35ec1050a467f3ea662702e1a69c8353/D-mEMl9WG6IfjRl HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /Mben.schemelin@nahan.com HTTP/1.1Host: uautoma.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7c6e4d51911f HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=PdedYvcZ84iVpoKD6ptNAbdK3enbFA6n7zLC0bmp0Yk-1669757862-0-gaNycGzNCVEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7c6e4d51911f HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=PdedYvcZ84iVpoKD6ptNAbdK3enbFA6n7zLC0bmp0Yk-1669757862-0-gaNycGzNCVEAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1Host: cloudflare.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"4a87133d7cfb9f9797187d43ffdd5417"If-Modified-Since: Fri, 25 Nov 2022 11:46:32 GMT
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/771e7c6e4d51911f/1669757862974/70247423eb395800f3fae9f37c7147c4912aad00284924982dc1807fc83bdf8e/3y3x3vmhgQ_JMCm HTTP/1.1Host: uautoma.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/img/771e7c6e4d51911f/1669757862975/5PUEoteqNmU1jmL HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=1
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7c6e4d51911f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ru
    Source: global trafficHTTP traffic detected: GET /en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /SearchModal-4aee96a9b82d51fa9b43.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /webpack-runtime-8d017320bad83ed25445.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /framework-a161050e12a4e036ba91.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /app-b15953e3a9290a5c865d.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /commons-7a405212b282de3f8e6f.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /beacon.js HTTP/1.1Host: performance.radar.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /477b5881e6fd0511140e8d1ab76cd4b18f2b57cc-a414ea97f9fde3e44f84.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /e532706568e8ff1f32b502b7400b14b5c10921de-d5d1b3520dddc051ad57.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993 HTTP/1.1Host: static.cloudflareinsights.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
    Source: global trafficHTTP traffic detected: GET /fa38dc31768929847926938dae7ffac89a920b0f-d2e59ef8271ac6deda6c.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /7fec36a243acbd7d0118980321a9bd361182b506-48744ded875fc3ff0481.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/en-gb/products/turnstile/page-data.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/1048862057.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/1869562119.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/2333086113.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/333361657.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/3934964512.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/sq/d/809133105.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /page-data/app-data.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://www.cloudflare.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /vendor/onetrust/scripttemplates/otSDKStub.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5
    Source: global trafficHTTP traffic detected: GET /static/778263f53a53630a857a9290654bdb6f/turnstile_gif.gif HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /static/2ae2c5ed1f4d228cdc4119fa0103332c/leader-crown-600x509-32457a3.png HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /static/cfe3596a8bbbc41b827c27e457c97607/face-sad.png HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /static/d576ec18890ea6aff6e201cef239bbe0/performance-acceleration-rocket-blue-192x192-4798970.png HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /static/88d8a61effe6ece596ff34fc796fa7b9/end_of_road.png HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /vendor/onetrust/scripttemplates/6.19.0/otBannerSdk.js HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/4505fd23-3c09-44db-82b2-07a7d776e9a7/en.json HTTP/1.1Host: www.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=.xuZAnMhQlVulnuC5dyKrRUKTHe.w4YVLbmXS3l96oQ-1669757867-0-AXBuBNTOWRGgAzLPwjSQQKRXdGqSoHHlU0PzULwx3E7Si6wGbnQpxlBAQFmZ0DzusZzIzbDdCVX4G2mYvRCn5Tr77Dv48kYc/qDEJo9U/L/5; utm_campaign=widget; utm_source=turnstile
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7c6e4d51911f HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ruIf-Modified-Since: Tue, 22 Nov 2022 13:34:50 GMTIf-None-Match: "637ccffa-2a"
    Source: global trafficHTTP traffic detected: GET /Mben.schemelin@nahan.com HTTP/1.1Host: uautoma.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7d7448439b5b HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=RFyU9ak8cfPmgFLRVk2Oyouy7hyMg84APyHlx9Xql6I-1669757904-0-gaNycGzNCX0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7d7448439b5b HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.com?__cf_chl_rt_tk=RFyU9ak8cfPmgFLRVk2Oyouy7hyMg84APyHlx9Xql6I-1669757904-0-gaNycGzNCX0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: GET /1/api.js?endpoint=https%3A%2F%2Fcloudflare.hcaptcha.com&assethost=https%3A%2F%2Fcf-assets.hcaptcha.com&imghost=https%3A%2F%2Fcf-imgs.hcaptcha.com&render=explicit&recaptchacompat=off&onload=_cf_chl_hload HTTP/1.1Host: cloudflare.hcaptcha.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: W/"4a87133d7cfb9f9797187d43ffdd5417"If-Modified-Since: Fri, 25 Nov 2022 11:46:32 GMT
    Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/img/771e7d7448439b5b/1669757905040/NuAbKl_h7IDvaYC HTTP/1.1Host: uautoma.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7d7448439b5b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ru
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7d7448439b5b HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ruIf-Modified-Since: Tue, 22 Nov 2022 13:34:50 GMTIf-None-Match: "637ccffa-2a"
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/img/771e7d7448439b5b/1669757905040/NuAbKl_h7IDvaYC HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: uautoma.ru
    Source: global trafficHTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/771e7d7448439b5b/1669757905046/0d1b005176a628bb1c079be2a21a91d963cfdc470148237cd7f07ea4924f9228/jeOSeKe7TdZdtlo HTTP/1.1Host: uautoma.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://uautoma.ru/Mben.schemelin@nahan.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_chl_rc_m=2
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:35:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=7k%2BRPGIQdY9nDW%2BL7P1rZtG6be6ki5eWhkXbxwm0fUcts2Ao1BMpdlgnDxCa7AFcoXUv9m4sqzcMmYglJI4TWty4LD7g33UL%2Bwl97uTTMFZrdGHPo5Oye5D5cs8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e795a1d3692b4-FRA
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:35:36 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SM42IBi3ynGeCnLpErQvy6hgeonJSiV9KO%2F2Wdo1xpH7lRWuqhE8UBJSgWYx5S%2Bvr27w34gyWT541kVpO16NPmLzVDCDxZEJ1kP%2B4uNlDs0fTYD8ZV5dRPnrLmk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e795f69659125-FRA
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:37:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=oHvuk4UiSYXd4DP8JAqAYlobLVUysjsVtXYAbm4Z9Rmz6nmEgERGm29Aw9QF%2BgoaeSkfw3kLgMzGf0kaBkFthd44e22nQ4LdkUm3B8yQ9pITrRypPHAD0rPCjqE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e7c6e4d51911f-FRA
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:37:44 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=cBsXN0cO1MpG2EBy4WP7dCxAZxSH8sZBuwjpFb6G%2Feb0w73wz6IWVmgpt9u918zH5sJ3Ar3KEKZfyBrctIrrhaeZIFES6SUvHGLefACUbj8BA61u6BPz1w7D1yI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e7c7aba7a699f-FRA
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:38:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=OkgIKRQ6DBobWc%2FlnD2h2%2F6MNiDvm%2BDAn2cz1aRawsvI6UqRpJW58s9S4r7LU%2FZlCZTZCz5EWvK4i1W2TV%2BDZ599rjlW%2BCGx9Kq%2B4qdZe8OFYPqBrHAAoJfMcYc%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e7d7448439b5b-FRA
    Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Tue, 29 Nov 2022 21:38:24 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCF-Chl-Bypass: 1Referrer-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTX-Frame-Options: SAMEORIGINReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=f7Il62h2FvQNAZMeSlqZHIzJgDYIaEGIPgCY%2BJCbSQ9f13qGFsN7M8TmELe2VJehUM4OBeUfYCWeLlKuJ4bNkYgiRdqrTKeA9MWGNz20ioscqAQSQIb9TGVSu1s%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 771e7d79d81c901c-FRA
    Source: unknownHTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+904; AEC=AakniGO7HqlHWlnoY-P22_SwwnNSfVGxlF1NgK5nuj5WLe313NyJi16g7z4; SOCS=CAISHAgCEhJnd3NfMjAyMjA4MDgtMF9SQzEaAmVuIAEaBgiAvOuXBg; NID=511=nUT82hOv6CVwMNqDg-sTtCMJJ6SQ1v_cCpfCpf5nt8EolEbal01GWFyjG01tqWQgh9ciRU880J6nLd2gdbhAJs44PsHAZaVQAFIbrqe2FmFgjrAAK7W9Z8u5LDvwsuZRng98jP6E23SJ4fsPIs326YmnuCwa92dRRCcB6MNeI_o
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49725 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49740 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49779 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49886 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49888 version: TLS 1.2
    Source: unknownHTTPS traffic detected: 104.26.9.213:443 -> 192.168.2.3:49889 version: TLS 1.2
    Source: classification engineClassification label: mal56.phis.winHTML@33/0@21/14
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Benefits_Enrollment.html
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Source: Window RecorderWindow detected: More than 3 window changes detected
    Source: C:\Program Files\Google\Chrome\Application\chrome.exeDirectory created: C:\Program Files\Google\GoogleUpdaterJump to behavior
    Initial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionExfiltrationCommand and ControlNetwork EffectsRemote Service EffectsImpact
    Valid AccountsWindows Management InstrumentationPath Interception1
    Process Injection
    2
    Masquerading
    OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local SystemExfiltration Over Other Network Medium1
    Encrypted Channel
    Eavesdrop on Insecure Network CommunicationRemotely Track Device Without AuthorizationModify System Partition
    Default AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
    Process Injection
    LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable MediaExfiltration Over Bluetooth4
    Non-Application Layer Protocol
    Exploit SS7 to Redirect Phone Calls/SMSRemotely Wipe Data Without AuthorizationDevice Lockout
    Domain AccountsAt (Linux)Logon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared DriveAutomated Exfiltration5
    Application Layer Protocol
    Exploit SS7 to Track Device LocationObtain Device Cloud BackupsDelete Device Data
    Local AccountsAt (Windows)Logon Script (Mac)Logon Script (Mac)Binary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput CaptureScheduled Transfer3
    Ingress Tool Transfer
    SIM Card SwapCarrier Billing Fraud
    Hide Legend

    Legend:

    • Process
    • Signature
    • Created File
    • DNS/IP Info
    • Is Dropped
    • Is Windows Process
    • Number of created Registry Values
    • Number of created Files
    • Visual Basic
    • Delphi
    • Java
    • .Net C# or VB.NET
    • C, C++ or other language
    • Is malicious
    • Internet

    This section contains all screenshots as thumbnails, including those not shown in the slideshow.


    windows-stand
    SourceDetectionScannerLabelLink
    Benefits_Enrollment.html0%VirustotalBrowse
    No Antivirus matches
    No Antivirus matches
    SourceDetectionScannerLabelLink
    static.cloudflareinsights.com0%VirustotalBrowse
    cloudflare.hcaptcha.com0%VirustotalBrowse
    uautoma.ru0%VirustotalBrowse
    SourceDetectionScannerLabelLink
    https://uautoma.ru/Mben.schemelin@nahan.com100%SlashNextCredential Stealing type: Phishing & Social Engineering
    https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe946216663173699930%URL Reputationsafe
    https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7d7448439b5b0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e795a1d3692b4/1669757736595/343672dd002d60bd0e9fa1e5b275b5e8ef012af8b92acf0dea45ec7a8eb553c7/hVZ0BH2B5ltgWGD0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7c6e4d51911f0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.994404801133862:1669755989:MemLYrpZye2mqMLveLSTPLRCk7EVoD0BUcrxskVkOtA/771e7c6e4d51911f/091c82a6258ce380%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e7c6e4d51911f/1669757862974/70247423eb395800f3fae9f37c7147c4912aad00284924982dc1807fc83bdf8e/3y3x3vmhgQ_JMCm0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e7c6e4d51911f/1669757862975/5PUEoteqNmU1jmL0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e795a1d3692b40%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.705902905040351:1669756015:vQaXmyX1wpfDzTI9WPuXxvJoc8UBb15CK257PceYhVM/771e795a1d3692b4/928eb0f653909ba0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e795a1d3692b4/1669757736596/OZL3TI39NY5wB7q0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7d7448439b5b0%Avira URL Cloudsafe
    https://uautoma.ru/favicon.ico0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e7d7448439b5b/1669757905040/NuAbKl_h7IDvaYC0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e795a1d3692b40%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7c6e4d51911f0%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.2620993779071406:1669755953:pUhc1vCUq8y53h37w6ZXAOB1Ew_Tkig7o-RFAmha-mc/771e7d7448439b5b/f9395eee42b86790%Avira URL Cloudsafe
    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e7d7448439b5b/1669757905046/0d1b005176a628bb1c079be2a21a91d963cfdc470148237cd7f07ea4924f9228/jeOSeKe7TdZdtlo0%Avira URL Cloudsafe
    NameIPActiveMaliciousAntivirus DetectionReputation
    a.nel.cloudflare.com
    35.190.80.1
    truefalse
      high
      static.cloudflareinsights.com
      104.16.57.101
      truefalseunknown
      accounts.google.com
      172.217.168.45
      truefalse
        high
        www.cloudflare.com
        104.16.123.96
        truefalse
          high
          performance.radar.cloudflare.com
          104.18.31.78
          truefalse
            high
            challenges.cloudflare.com
            104.18.6.185
            truefalse
              high
              uautoma.ru
              104.26.9.213
              truefalseunknown
              www.google.com
              172.217.168.36
              truefalse
                high
                clients.l.google.com
                142.250.203.110
                truefalse
                  high
                  cloudflare.hcaptcha.com
                  104.18.18.132
                  truefalseunknown
                  clients2.google.com
                  unknown
                  unknownfalse
                    high
                    NameMaliciousAntivirus DetectionReputation
                    https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/4505fd23-3c09-44db-82b2-07a7d776e9a7/en.jsonfalse
                      high
                      https://www.cloudflare.com/static/778263f53a53630a857a9290654bdb6f/turnstile_gif.giffalse
                        high
                        https://www.cloudflare.com/e532706568e8ff1f32b502b7400b14b5c10921de-d5d1b3520dddc051ad57.jsfalse
                          high
                          https://www.cloudflare.com/cdn-cgi/rum?false
                            high
                            https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7d7448439b5bfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e7c6e4d51911f/1669757862974/70247423eb395800f3fae9f37c7147c4912aad00284924982dc1807fc83bdf8e/3y3x3vmhgQ_JMCmfalse
                            • Avira URL Cloud: safe
                            unknown
                            https://performance.radar.cloudflare.com/beacon.jsfalse
                              high
                              https://www.cloudflare.com/page-data/en-gb/products/turnstile/page-data.jsonfalse
                                high
                                https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.994404801133862:1669755989:MemLYrpZye2mqMLveLSTPLRCk7EVoD0BUcrxskVkOtA/771e7c6e4d51911f/091c82a6258ce38false
                                • Avira URL Cloud: safe
                                unknown
                                https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e795a1d3692b4/1669757736595/343672dd002d60bd0e9fa1e5b275b5e8ef012af8b92acf0dea45ec7a8eb553c7/hVZ0BH2B5ltgWGDfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.cloudflare.com/vendor/onetrust/scripttemplates/otSDKStub.jsfalse
                                  high
                                  https://www.cloudflare.com/commons-7a405212b282de3f8e6f.jsfalse
                                    high
                                    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7c6e4d51911ffalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://www.cloudflare.com/7fec36a243acbd7d0118980321a9bd361182b506-48744ded875fc3ff0481.jsfalse
                                      high
                                      https://a.nel.cloudflare.com/report/v3?s=7k%2BRPGIQdY9nDW%2BL7P1rZtG6be6ki5eWhkXbxwm0fUcts2Ao1BMpdlgnDxCa7AFcoXUv9m4sqzcMmYglJI4TWty4LD7g33UL%2Bwl97uTTMFZrdGHPo5Oye5D5cs8%3Dfalse
                                        high
                                        https://www.cloudflare.com/webpack-runtime-8d017320bad83ed25445.jsfalse
                                          high
                                          https://www.cloudflare.com/page-data/sq/d/809133105.jsonfalse
                                            high
                                            https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e7c6e4d51911f/1669757862975/5PUEoteqNmU1jmLfalse
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e795a1d3692b4false
                                            • Avira URL Cloud: safe
                                            unknown
                                            https://www.cloudflare.com/page-data/sq/d/3934964512.jsonfalse
                                              high
                                              https://www.cloudflare.com/vendor/onetrust/scripttemplates/6.19.0/otBannerSdk.jsfalse
                                                high
                                                https://www.cloudflare.com/SearchModal-4aee96a9b82d51fa9b43.jsfalse
                                                  high
                                                  https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetfalse
                                                    high
                                                    https://www.cloudflare.com/static/88d8a61effe6ece596ff34fc796fa7b9/end_of_road.pngfalse
                                                      high
                                                      https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widgetfalse
                                                        high
                                                        https://www.cloudflare.com/page-data/sq/d/1048862057.jsonfalse
                                                          high
                                                          https://www.cloudflare.com/static/d576ec18890ea6aff6e201cef239bbe0/performance-acceleration-rocket-blue-192x192-4798970.pngfalse
                                                            high
                                                            https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.705902905040351:1669756015:vQaXmyX1wpfDzTI9WPuXxvJoc8UBb15CK257PceYhVM/771e795a1d3692b4/928eb0f653909bafalse
                                                            • Avira URL Cloud: safe
                                                            unknown
                                                            https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/0.9574335767493278:1669755941:w7aEcvrA04kSJsTBw1nLi-GxnjmJi5VaRoygrzeARLw/771e796ada855c4a/3842682ef6b0ecafalse
                                                              high
                                                              https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e795a1d3692b4/1669757736596/OZL3TI39NY5wB7qfalse
                                                              • Avira URL Cloud: safe
                                                              unknown
                                                              https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/771e796ada855c4a/1669757739848/d9d281cd19bf700dc4e234b53132eace35ec1050a467f3ea662702e1a69c8353/D-mEMl9WG6IfjRlfalse
                                                                high
                                                                https://uautoma.ru/Mben.schemelin@nahan.comtrue
                                                                • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                                                unknown
                                                                https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normalfalse
                                                                  high
                                                                  https://uautoma.ru/favicon.icofalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e7d7448439b5bfalse
                                                                  • Avira URL Cloud: safe
                                                                  unknown
                                                                  https://a.nel.cloudflare.com/report/v3?s=fwbs24xIlrFRd55Ow%2FoPqY2GbYBMiShVJVrmvH5d%2B208gqiBkAzR%2FQgwcrEhqJp4ZLx1rjgVLkAtXBwNfZ8QU3hUksinLhaRFrXS42Mom5Lc6IxqjWV2pEkkhsU%3Dfalse
                                                                    high
                                                                    https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardfalse
                                                                      high
                                                                      https://www.cloudflare.com/static/cfe3596a8bbbc41b827c27e457c97607/face-sad.pngfalse
                                                                        high
                                                                        https://www.cloudflare.com/framework-a161050e12a4e036ba91.jsfalse
                                                                          high
                                                                          https://www.cloudflare.com/page-data/sq/d/333361657.jsonfalse
                                                                            high
                                                                            https://www.cloudflare.com/vendor/onetrust/consent/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231/e34df59b-4a48-4bf9-b2b5-7a4bb09cd231.jsonfalse
                                                                              high
                                                                              https://uautoma.ru/Mben.schemelin@nahan.comtrue
                                                                              • SlashNext: Credential Stealing type: Phishing & Social Engineering
                                                                              unknown
                                                                              https://uautoma.ru/cdn-cgi/challenge-platform/h/b/img/771e7d7448439b5b/1669757905040/NuAbKl_h7IDvaYCfalse
                                                                              • Avira URL Cloud: safe
                                                                              unknown
                                                                              https://www.cloudflare.com/page-data/sq/d/1869562119.jsonfalse
                                                                                high
                                                                                https://www.cloudflare.com/app-b15953e3a9290a5c865d.jsfalse
                                                                                  high
                                                                                  https://uautoma.ru/cdn-cgi/challenge-platform/h/b/orchestrate/managed/v1?ray=771e795a1d3692b4false
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://uautoma.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=771e7c6e4d51911ffalse
                                                                                  • Avira URL Cloud: safe
                                                                                  unknown
                                                                                  https://static.cloudflareinsights.com/beacon.min.js/vaafb692b2aea4879b33c060e79fe94621666317369993false
                                                                                  • URL Reputation: safe
                                                                                  unknown
                                                                                  https://www.cloudflare.com/page-data/sq/d/2333086113.jsonfalse
                                                                                    high
                                                                                    https://uautoma.ru/cdn-cgi/challenge-platform/h/b/flow/ov1/0.2620993779071406:1669755953:pUhc1vCUq8y53h37w6ZXAOB1Ew_Tkig7o-RFAmha-mc/771e7d7448439b5b/f9395eee42b8679false
                                                                                    • Avira URL Cloud: safe
                                                                                    unknown
                                                                                    https://www.cloudflare.com/477b5881e6fd0511140e8d1ab76cd4b18f2b57cc-a414ea97f9fde3e44f84.jsfalse
                                                                                      high
                                                                                      https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1false
                                                                                        high
                                                                                        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=771e796ada855c4afalse
                                                                                          high
                                                                                          https://www.cloudflare.com/static/2ae2c5ed1f4d228cdc4119fa0103332c/leader-crown-600x509-32457a3.pngfalse
                                                                                            high
                                                                                            https://www.cloudflare.com/page-data/app-data.jsonfalse
                                                                                              high
                                                                                              https://www.cloudflare.com/favicon.icofalse
                                                                                                high
                                                                                                https://uautoma.ru/cdn-cgi/challenge-platform/h/b/pat/771e7d7448439b5b/1669757905046/0d1b005176a628bb1c079be2a21a91d963cfdc470148237cd7f07ea4924f9228/jeOSeKe7TdZdtlofalse
                                                                                                • Avira URL Cloud: safe
                                                                                                unknown
                                                                                                https://www.cloudflare.com/fa38dc31768929847926938dae7ffac89a920b0f-d2e59ef8271ac6deda6c.jsfalse
                                                                                                  high
                                                                                                  https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/c631y/0x4AAAAAAAAjq6WYeRDKmebM/light/normalfalse
                                                                                                    high
                                                                                                    https://a.nel.cloudflare.com/report/v3?s=QdUD0fF0m9d9wqXawNNC4oBEyo%2FZy71WEkGZCqW9QrezwPixFUsOJkrflfWkAAv891uojsifgO8enKBVaikt5xaUls%2FVzpkRKYS4gnCLpNitZuIg0yoL6mYJWGo%3Dfalse
                                                                                                      high
                                                                                                      • No. of IPs < 25%
                                                                                                      • 25% < No. of IPs < 50%
                                                                                                      • 50% < No. of IPs < 75%
                                                                                                      • 75% < No. of IPs
                                                                                                      IPDomainCountryFlagASNASN NameMalicious
                                                                                                      142.250.203.110
                                                                                                      clients.l.google.comUnited States
                                                                                                      15169GOOGLEUSfalse
                                                                                                      172.217.168.45
                                                                                                      accounts.google.comUnited States
                                                                                                      15169GOOGLEUSfalse
                                                                                                      172.67.72.167
                                                                                                      unknownUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      104.26.9.213
                                                                                                      uautoma.ruUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      172.217.168.36
                                                                                                      www.google.comUnited States
                                                                                                      15169GOOGLEUSfalse
                                                                                                      239.255.255.250
                                                                                                      unknownReserved
                                                                                                      unknownunknownfalse
                                                                                                      104.18.6.185
                                                                                                      challenges.cloudflare.comUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      104.18.31.78
                                                                                                      performance.radar.cloudflare.comUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      104.16.57.101
                                                                                                      static.cloudflareinsights.comUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      35.190.80.1
                                                                                                      a.nel.cloudflare.comUnited States
                                                                                                      15169GOOGLEUSfalse
                                                                                                      104.18.18.132
                                                                                                      cloudflare.hcaptcha.comUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      104.16.123.96
                                                                                                      www.cloudflare.comUnited States
                                                                                                      13335CLOUDFLARENETUSfalse
                                                                                                      IP
                                                                                                      192.168.2.1
                                                                                                      127.0.0.1
                                                                                                      Joe Sandbox Version:36.0.0 Rainbow Opal
                                                                                                      Analysis ID:756263
                                                                                                      Start date and time:2022-11-29 22:34:40 +01:00
                                                                                                      Joe Sandbox Product:CloudBasic
                                                                                                      Overall analysis duration:0h 6m 47s
                                                                                                      Hypervisor based Inspection enabled:false
                                                                                                      Report type:light
                                                                                                      Sample file name:Benefits_Enrollment.html
                                                                                                      Cookbook file name:defaultwindowshtmlcookbook.jbs
                                                                                                      Analysis system description:Windows 10 64 bit v1803 with Office Professional Plus 2016, Chrome 104, IE 11, Adobe Reader DC 19, Java 8 Update 211
                                                                                                      Number of analysed new started processes analysed:17
                                                                                                      Number of new started drivers analysed:0
                                                                                                      Number of existing processes analysed:0
                                                                                                      Number of existing drivers analysed:0
                                                                                                      Number of injected processes analysed:0
                                                                                                      Technologies:
                                                                                                      • HCA enabled
                                                                                                      • EGA enabled
                                                                                                      • HDC enabled
                                                                                                      • AMSI enabled
                                                                                                      Analysis Mode:default
                                                                                                      Analysis stop reason:Timeout
                                                                                                      Detection:MAL
                                                                                                      Classification:mal56.phis.winHTML@33/0@21/14
                                                                                                      EGA Information:Failed
                                                                                                      HDC Information:Failed
                                                                                                      HCA Information:
                                                                                                      • Successful, ratio: 100%
                                                                                                      • Number of executed functions: 0
                                                                                                      • Number of non-executed functions: 0
                                                                                                      Cookbook Comments:
                                                                                                      • Found application associated with file extension: .html
                                                                                                      • Browse: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget
                                                                                                      • Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                      • TCP Packets have been reduced to 100
                                                                                                      • Excluded IPs from analysis (whitelisted): 172.217.168.67, 34.104.35.123
                                                                                                      • Excluded domains from analysis (whitelisted): fs.microsoft.com, edgedl.me.gvt1.com, update.googleapis.com, clientservices.googleapis.com
                                                                                                      • Not all processes where analyzed, report is missing behavior information
                                                                                                      • Report size getting too big, too many NtWriteVirtualMemory calls found.
                                                                                                      No simulations
                                                                                                      No context
                                                                                                      No context
                                                                                                      No context
                                                                                                      No context
                                                                                                      No context
                                                                                                      No created / dropped files found
                                                                                                      File type:HTML document, ASCII text, with very long lines (1257)
                                                                                                      Entropy (8bit):4.331477503343578
                                                                                                      TrID:
                                                                                                      • HyperText Markup Language (6006/1) 100.00%
                                                                                                      File name:Benefits_Enrollment.html
                                                                                                      File size:2039
                                                                                                      MD5:8c560f59b895539eb3a2980f29820e06
                                                                                                      SHA1:c507b4ef991f85f812aee3cf0f1e8577b95a87aa
                                                                                                      SHA256:06ae041e84c1854931b6c57c503d225213df51e3105f32a5be617cdcf47ca085
                                                                                                      SHA512:1486237b1ad05df20f6636354c8460c17bb389e2236576d5847c0ed2c792e5a57eb6021dbf353a5823a5e35b67cb11f8f27895a5630c9c285fd6b4e76270859f
                                                                                                      SSDEEP:48:fPV4nswCnR8jPt6msUGn3gPsarkec/kAP+W11Fe1I/k9O+/0yarS:f4swPsxMskke8kQ+WPFeGkw+8yOS
                                                                                                      TLSH:61413EE87E56F8EA10978556380659BA18ABD201E10CE48C74C92E98F1EDEF24FDC1C5
                                                                                                      File Content Preview:<html> <script> let arrayBuffer = [0xa0,0x8e,0xd0,0x60,0xc4,0xae,0xee,0x56,0x86,0xd4,0xf0,0xee,0xa0,0xd6,0xd0,0xd8,0xc4,0x8e,0xf0,0xec,0x92,0x86,0x9a,0xd4,0xac,0xaa,0x6a,0x84,0xa8,0xaa,0xaa,0xd4,0x92,0xf2,0xee,0x70,0x98,0x66,0x82,0x56,0x86,0xd4,0xf0,0xf4,
                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Nov 29, 2022 22:35:33.771707058 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:33.771833897 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.771955013 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:33.772721052 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:33.772753000 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.879422903 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.880666971 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:33.880682945 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.882910967 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.883016109 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:33.901034117 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:33.901129007 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.901226044 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:33.901582003 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:33.901617050 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.971839905 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:34.018800020 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:34.094944000 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:34.094999075 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:34.096827030 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:34.096949100 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:34.099025965 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:34.099111080 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.000040054 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:35.000098944 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.000467062 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.001080990 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:35.001120090 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.001431942 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.001513004 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.001884937 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.059972048 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.060034990 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.078670979 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.078815937 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:35.078902960 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.079077005 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.079147100 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:35.080739021 CET49703443192.168.2.3172.217.168.45
                                                                                                      Nov 29, 2022 22:35:35.080777884 CET44349703172.217.168.45192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.094943047 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.095150948 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.095201969 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.095240116 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.095323086 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.152568102 CET49705443192.168.2.3142.250.203.110
                                                                                                      Nov 29, 2022 22:35:35.152622938 CET44349705142.250.203.110192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.899847031 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.899931908 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.900028944 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.900356054 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.900393963 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.962004900 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.964457035 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.964526892 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.965843916 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.965929985 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.968030930 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.968048096 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.968156099 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.968298912 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:35.968326092 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.047560930 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.047631979 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.047668934 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.047789097 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.047847986 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.047864914 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.048016071 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.048077106 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.048094988 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.048408985 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.048475981 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.059429884 CET49706443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.059459925 CET44349706104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.111036062 CET49708443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.111088991 CET44349708104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.111191988 CET49708443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.111849070 CET49709443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.111922979 CET44349709104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.112008095 CET49709443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.112272978 CET49708443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.112306118 CET44349708104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.112515926 CET49709443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.112560034 CET44349709104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.127013922 CET49710443192.168.2.335.190.80.1
                                                                                                      Nov 29, 2022 22:35:36.127058983 CET4434971035.190.80.1192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.127180099 CET49710443192.168.2.335.190.80.1
                                                                                                      Nov 29, 2022 22:35:36.127513885 CET49710443192.168.2.335.190.80.1
                                                                                                      Nov 29, 2022 22:35:36.127538919 CET4434971035.190.80.1192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.229973078 CET44349708104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.233062029 CET44349709104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.235558987 CET4434971035.190.80.1192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.263732910 CET49708443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.263770103 CET44349708104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.264002085 CET49709443192.168.2.3104.26.9.213
                                                                                                      Nov 29, 2022 22:35:36.264079094 CET44349709104.26.9.213192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.264233112 CET49710443192.168.2.335.190.80.1
                                                                                                      Nov 29, 2022 22:35:36.264363050 CET4434971035.190.80.1192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.265084982 CET44349708104.26.9.213192.168.2.3
                                                                                                      TimestampSource PortDest PortSource IPDest IP
                                                                                                      Nov 29, 2022 22:35:33.622910023 CET5784053192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:33.624650955 CET5799053192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:33.640530109 CET53578408.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:33.650811911 CET53579908.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:35.712559938 CET6062553192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:35.738686085 CET53606258.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.108552933 CET5113953192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:36.125996113 CET53511398.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:36.388606071 CET5295553192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:36.408549070 CET53529558.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:37.268170118 CET5713453192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:37.292407036 CET53571348.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:38.122270107 CET6205053192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:38.146032095 CET53620508.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:38.393516064 CET5963653192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:38.417243004 CET53596368.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:35:42.034729958 CET6076753192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:35:42.059957027 CET53607678.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:36:36.259232044 CET5362353192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:36:36.278609037 CET53536238.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:36:37.338687897 CET6519653192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:36:37.356143951 CET53651968.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:37.414824009 CET6356253192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:37.434482098 CET53635628.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:39.470774889 CET6551153192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:39.540383101 CET53655118.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:42.745630026 CET6459553192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:42.768021107 CET53645958.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:46.918709993 CET5811953192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:46.942476988 CET53581198.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:48.554825068 CET5830153192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:48.578478098 CET53583018.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:49.653559923 CET4987453192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:49.675175905 CET53498748.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:37:58.334305048 CET6412153192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:37:58.355674028 CET53641218.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:38:36.086091042 CET6242453192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:38:36.103620052 CET53624248.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:38:37.484277964 CET5891253192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:38:37.501200914 CET53589128.8.8.8192.168.2.3
                                                                                                      Nov 29, 2022 22:38:42.773654938 CET5211053192.168.2.38.8.8.8
                                                                                                      Nov 29, 2022 22:38:42.799506903 CET53521108.8.8.8192.168.2.3
                                                                                                      TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                      Nov 29, 2022 22:35:33.622910023 CET192.168.2.38.8.8.80x90ecStandard query (0)accounts.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:33.624650955 CET192.168.2.38.8.8.80x693Standard query (0)clients2.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:35.712559938 CET192.168.2.38.8.8.80xe3b9Standard query (0)uautoma.ruA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:36.108552933 CET192.168.2.38.8.8.80x2201Standard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:36.388606071 CET192.168.2.38.8.8.80xc52aStandard query (0)cloudflare.hcaptcha.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:37.268170118 CET192.168.2.38.8.8.80x2503Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.122270107 CET192.168.2.38.8.8.80x86a9Standard query (0)challenges.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.393516064 CET192.168.2.38.8.8.80xabddStandard query (0)uautoma.ruA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:42.034729958 CET192.168.2.38.8.8.80x9f57Standard query (0)challenges.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:36:36.259232044 CET192.168.2.38.8.8.80xfc1cStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:36:37.338687897 CET192.168.2.38.8.8.80x7ee2Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:37.414824009 CET192.168.2.38.8.8.80x4dd6Standard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:39.470774889 CET192.168.2.38.8.8.80x35edStandard query (0)uautoma.ruA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:42.745630026 CET192.168.2.38.8.8.80xf793Standard query (0)cloudflare.hcaptcha.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:46.918709993 CET192.168.2.38.8.8.80xf6adStandard query (0)www.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:48.554825068 CET192.168.2.38.8.8.80xf0b0Standard query (0)performance.radar.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:49.653559923 CET192.168.2.38.8.8.80x99caStandard query (0)static.cloudflareinsights.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:58.334305048 CET192.168.2.38.8.8.80x3e86Standard query (0)www.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:36.086091042 CET192.168.2.38.8.8.80xfedcStandard query (0)a.nel.cloudflare.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:37.484277964 CET192.168.2.38.8.8.80xabfeStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:42.773654938 CET192.168.2.38.8.8.80x90d5Standard query (0)uautoma.ruA (IP address)IN (0x0001)false
                                                                                                      TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                      Nov 29, 2022 22:35:33.640530109 CET8.8.8.8192.168.2.30x90ecNo error (0)accounts.google.com172.217.168.45A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:33.650811911 CET8.8.8.8192.168.2.30x693No error (0)clients2.google.comclients.l.google.comCNAME (Canonical name)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:33.650811911 CET8.8.8.8192.168.2.30x693No error (0)clients.l.google.com142.250.203.110A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:35.738686085 CET8.8.8.8192.168.2.30xe3b9No error (0)uautoma.ru104.26.9.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:35.738686085 CET8.8.8.8192.168.2.30xe3b9No error (0)uautoma.ru104.26.8.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:35.738686085 CET8.8.8.8192.168.2.30xe3b9No error (0)uautoma.ru172.67.72.167A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:36.125996113 CET8.8.8.8192.168.2.30x2201No error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:36.408549070 CET8.8.8.8192.168.2.30xc52aNo error (0)cloudflare.hcaptcha.com104.18.18.132A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:36.408549070 CET8.8.8.8192.168.2.30xc52aNo error (0)cloudflare.hcaptcha.com104.18.19.132A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:37.292407036 CET8.8.8.8192.168.2.30x2503No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.146032095 CET8.8.8.8192.168.2.30x86a9No error (0)challenges.cloudflare.com104.18.6.185A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.146032095 CET8.8.8.8192.168.2.30x86a9No error (0)challenges.cloudflare.com104.18.7.185A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.417243004 CET8.8.8.8192.168.2.30xabddNo error (0)uautoma.ru104.26.9.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.417243004 CET8.8.8.8192.168.2.30xabddNo error (0)uautoma.ru104.26.8.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:38.417243004 CET8.8.8.8192.168.2.30xabddNo error (0)uautoma.ru172.67.72.167A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:42.059957027 CET8.8.8.8192.168.2.30x9f57No error (0)challenges.cloudflare.com104.18.7.185A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:35:42.059957027 CET8.8.8.8192.168.2.30x9f57No error (0)challenges.cloudflare.com104.18.6.185A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:36:36.278609037 CET8.8.8.8192.168.2.30xfc1cNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:36:37.356143951 CET8.8.8.8192.168.2.30x7ee2No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:37.434482098 CET8.8.8.8192.168.2.30x4dd6No error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:39.540383101 CET8.8.8.8192.168.2.30x35edNo error (0)uautoma.ru104.26.9.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:39.540383101 CET8.8.8.8192.168.2.30x35edNo error (0)uautoma.ru172.67.72.167A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:39.540383101 CET8.8.8.8192.168.2.30x35edNo error (0)uautoma.ru104.26.8.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:42.768021107 CET8.8.8.8192.168.2.30xf793No error (0)cloudflare.hcaptcha.com104.18.18.132A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:42.768021107 CET8.8.8.8192.168.2.30xf793No error (0)cloudflare.hcaptcha.com104.18.19.132A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:46.942476988 CET8.8.8.8192.168.2.30xf6adNo error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:46.942476988 CET8.8.8.8192.168.2.30xf6adNo error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:48.578478098 CET8.8.8.8192.168.2.30xf0b0No error (0)performance.radar.cloudflare.com104.18.31.78A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:48.578478098 CET8.8.8.8192.168.2.30xf0b0No error (0)performance.radar.cloudflare.com104.18.30.78A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:49.675175905 CET8.8.8.8192.168.2.30x99caNo error (0)static.cloudflareinsights.com104.16.57.101A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:49.675175905 CET8.8.8.8192.168.2.30x99caNo error (0)static.cloudflareinsights.com104.16.56.101A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:58.355674028 CET8.8.8.8192.168.2.30x3e86No error (0)www.cloudflare.com104.16.124.96A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:37:58.355674028 CET8.8.8.8192.168.2.30x3e86No error (0)www.cloudflare.com104.16.123.96A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:36.103620052 CET8.8.8.8192.168.2.30xfedcNo error (0)a.nel.cloudflare.com35.190.80.1A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:37.501200914 CET8.8.8.8192.168.2.30xabfeNo error (0)www.google.com172.217.168.36A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:42.799506903 CET8.8.8.8192.168.2.30x90d5No error (0)uautoma.ru172.67.72.167A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:42.799506903 CET8.8.8.8192.168.2.30x90d5No error (0)uautoma.ru104.26.9.213A (IP address)IN (0x0001)false
                                                                                                      Nov 29, 2022 22:38:42.799506903 CET8.8.8.8192.168.2.30x90d5No error (0)uautoma.ru104.26.8.213A (IP address)IN (0x0001)false
                                                                                                      • accounts.google.com
                                                                                                      • clients2.google.com
                                                                                                      • uautoma.ru
                                                                                                      • https:
                                                                                                        • challenges.cloudflare.com
                                                                                                        • www.cloudflare.com
                                                                                                        • performance.radar.cloudflare.com
                                                                                                        • static.cloudflareinsights.com
                                                                                                      • a.nel.cloudflare.com
                                                                                                      • cloudflare.hcaptcha.com

                                                                                                      Click to jump to process

                                                                                                      Target ID:0
                                                                                                      Start time:22:35:30
                                                                                                      Start date:29/11/2022
                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
                                                                                                      Imagebase:0x7ff614650000
                                                                                                      File size:2851656 bytes
                                                                                                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Target ID:1
                                                                                                      Start time:22:35:31
                                                                                                      Start date:29/11/2022
                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1932 --field-trial-handle=1724,i,9528676649791437270,18405537584758287388,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
                                                                                                      Imagebase:0x7ff614650000
                                                                                                      File size:2851656 bytes
                                                                                                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      Target ID:2
                                                                                                      Start time:22:35:32
                                                                                                      Start date:29/11/2022
                                                                                                      Path:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                                                                      Wow64 process (32bit):false
                                                                                                      Commandline:C:\Program Files\Google\Chrome\Application\chrome.exe" "C:\Users\user\Desktop\Benefits_Enrollment.html
                                                                                                      Imagebase:0x7ff614650000
                                                                                                      File size:2851656 bytes
                                                                                                      MD5 hash:0FEC2748F363150DC54C1CAFFB1A9408
                                                                                                      Has elevated privileges:true
                                                                                                      Has administrator privileges:true
                                                                                                      Programmed in:C, C++ or other language
                                                                                                      Reputation:high

                                                                                                      No disassembly