Windows Analysis Report
https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1

Overview

General Information

Sample URL: https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1
Analysis ID: 800697
Infos:

Detection

Score: 0
Range: 0 - 100
Whitelisted: false
Confidence: 80%

Signatures

URL contains potential PII (phishing indication)

Classification

URL contains potential PII (phishing indication)
Source: https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1 Sample URL: PII: jneal@heniff.com&c
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: unknown DNS traffic detected: queries for: clients2.google.com
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 15:13:38 GMTServer: ApacheVary: Accept-EncodingLast-Modified: Sun, 18 Jul 2021 22:53:53 GMTX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originExpires: Tue, 07 Feb 2023 16:53:53 GMTX-Content-Type-Options: nosniffAge: 8917Content-Encoding: gzipCache-Control: public, max-age=21603Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;Content-Length: 3177Keep-Alive: timeout=2, max=358Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 1a db 4e e3 48 f6 19 be a2 c6 33 6a 81 44 70 ee 90 25 44 0a 81 86 6e 7a 18 04 cc ce 74 bf a0 b2 5d 89 0b 1c db 5d 55 0e 9d 5e ad b4 bf b1 bf b7 5f b2 e7 54 d9 8e 93 38 21 d9 41 33 9b 87 b8 ae e7 5e e7 52 76 f7 07 2f 72 d5 34 66 c4 57 e3 a0 b7 db cd 1e 8c 7a bd dd 9d ae e2 2a 60 bd 0f fd 9b 7e 65 4c 43 3a 62 1e b9 63 92 89 09 34 ce a3 31 e5 a1 ec da 66 d1 2e 2c 1f 33 45 89 eb 53 21 99 3a b5 12 35 ac 1c 5b c4 ee 65 33 be 52 71 85 7d 4d f8 e4 d4 1a 44 a1 62 a1 aa 20 72 8b b8 a6 77 6a 29 f6 4d d9 48 c4 49 0e 67 09 4c 48 c7 ec d4 9a 70 f6 12 47 42 15 36 bf 70 4f f9 a7 1e 9b 70 97 55 74 e7 80 f0 90 2b 4e 83 8a 74 69 c0 4e 6b 06 0e 40 0a 78 f8 4c 04 0b 4e 2d a9 a6 01 93 3e 63 00 ca 17 6c 78 6a d9 8f ae 94 Data Ascii: NH3jDp%Dnzt]]U^_T8!A3^Rv/r4fWz*`~eLC:bc41f.,3ES!:5[e3Rq}MDb rwj)MHIgLHpGB6pOpUt+NtiNk@xLN->clxj
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 17:18:14 GMTServer: ApacheVary: Accept-EncodingLast-Modified: Tue, 05 Oct 2021 16:31:06 GMTX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originExpires: Tue, 07 Feb 2023 17:33:56 GMTX-Content-Type-Options: nosniffAge: 2925Content-Encoding: gzipCache-Control: public, max-age=3600Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;Content-Length: 1663Keep-Alive: timeout=2, max=358Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 59 cd 6e e3 36 10 3e 37 4f c1 ea d0 24 a8 6d 3a ee 22 5d 64 6d 15 de 64 0f 01 b6 46 90 75 2f 2d 8a 80 a6 68 99 89 44 2a 24 65 c7 2d 0a f4 35 fa 7a 7d 92 0e 49 fd d9 d1 66 1d 67 8b 9c 2c 92 33 1f e7 8f 33 43 7a f8 6d 24 a9 59 67 0c 2d 4c 9a 84 07 c3 f2 87 91 28 3c f8 66 68 b8 49 58 78 29 0c 53 82 19 34 d6 9a c7 82 45 68 92 a7 33 a6 34 1a e7 66 21 15 37 eb 21 f6 a4 07 c0 94 32 43 10 5d 10 a5 99 19 05 b9 99 77 df 06 08 87 e5 ca c2 98 ac cb ee 73 be 1c 05 e7 12 a0 85 e9 5a 11 02 44 fd 68 14 18 f6 60 b0 15 e5 5d 85 f3 08 46 90 94 8d 82 25 67 ab 4c 2a d3 60 5e f1 c8 2c 46 11 5b 72 ca ba 6e d0 41 5c 70 c3 49 d2 d5 94 24 6c 74 e2 71 00 29 e1 e2 0e 29 96 8c 02 6d d6 09 d3 0b c6 00 6a a1 d8 7c 14 e0 1b aa 35 1e Data Ascii: Yn6>7O$m:"]dmdFu/-hD*$e-5z}Ifg,33Czm$Yg-L(<fhIXx)S4Eh34f!7!2C]wsZDh`]F%gL*`^,F[rnA\pI$ltq))mj|5
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 15:15:07 GMTServer: ApacheX-Content-Type-Options: nosniffVary: Accept-EncodingLast-Modified: Sun, 18 Jul 2021 22:53:53 GMTCache-control: public, max-age=21603X-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originExpires: Tue, 07 Feb 2023 17:15:07 GMTContent-Encoding: gzipContent-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;Age: 7660Content-Length: 2466Keep-Alive: timeout=2, max=358Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 5a db 6e e3 b8 19 be 5e 3f 05 57 5d 0c 12 20 b6 ba 73 55 74 6c 03 69 66 b6 13 2c 36 1b 4c 32 58 a0 37 01 2d d1 16 27 94 a8 21 29 3b de a2 c0 bc 46 81 f6 e5 e6 49 fa fd a4 64 2b b6 e4 d8 2d b0 db dc 58 e2 e1 3f 1f 3e 52 19 8c bf 4d 75 e2 d6 a5 60 99 cb d5 74 30 6e 7e 04 4f a7 83 6f c6 4e 3a 25 a6 6f 75 ce 65 c1 6e 78 2e d8 9d 30 4b 99 08 3b 8e c3 dc 00 ab 72 e1 38 4b 32 6e ac 70 93 a8 72 f3 e1 9f 22 16 4f 9b 99 cc b9 72 28 3e 57 72 39 89 ae 74 e1 44 e1 86 c4 33 62 49 78 9b 44 4e 3c b9 98 78 bf d9 d0 d9 23 53 80 fd 24 5a 4a b1 2a b5 71 ad cd 2b 99 ba 6c 92 0a 92 6b e8 5f 2e 98 2c a4 93 5c 0d 6d c2 95 98 7c 1f e8 80 92 92 c5 23 33 42 4d 22 eb d6 4a d8 4c 08 90 ca 8c 98 4f a2 f8 21 b1 36 7e fd c7 d7 af Data Ascii: Zn^?W] sUtlif,6L2X7-'!);FId+-X?>RMu`t0n~OoN:%ouenx.0K;r8K2npr"Or(>Wr9tD3bIxDN<x#S$ZJ*q+lk_.,\m|#3BM"JLO!6~
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 17:00:37 GMTServer: ApacheVary: Accept-EncodingX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originExpires: Tue, 07 Feb 2023 18:31:23 GMTX-Content-Type-Options: nosniffAge: 3092Content-Encoding: gzipCache-Control: public, max-age=7206Content-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;Content-Length: 96046Keep-Alive: timeout=2, max=358Connection: Keep-AliveContent-Type: text/html; charset=utf-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 ec fd db 72 e3 4a b2 36 08 5e af f5 14 31 fa cd f6 2f 4d 0b 29 12 3c 67 55 c9 8c 22 29 a5 56 ea c0 12 99 b9 aa 76 5b cf 32 08 0c 92 28 81 00 0b 00 25 71 5d f5 dd 5c f5 1b cc 98 cd 98 f5 cd bc 40 5f f5 dd ee 7e 91 7e 92 71 8f 03 08 f0 90 49 91 11 14 25 a1 f6 5e ca 40 00 04 83 9f 7b 78 78 78 f8 e1 af ff b7 9e 6f 47 d3 31 25 c3 68 e4 9e fe fa 57 f9 0f b5 7a a7 bf fe f2 d7 c8 89 5c 7a da 0e fc c8 b7 7d 97 dc d1 81 13 46 81 43 c3 bf 9e f0 5b bf c2 43 23 1a 59 c4 1e 5a 41 48 a3 bf 1d 4c a2 be 51 3d 20 27 a7 f2 ce 30 8a c6 06 fd f7 c4 79 fc db 41 c3 f7 22 ea 45 06 7e e5 01 b1 f9 d5 df 0e 22 fa 1c 9d e0 57 ff 25 7e cf c2 6b 3c 6b 44 ff 76 f0 e8 d0 a7 b1 1f 44 89 0f 3f 39 bd 68 f8 b7 1e 7d 74 6c 6a b0 8b 63 e2 78 4e e4 58 ae 11 da 96 4b ff 96 e7 ef 81 37 b9 8e f7 40 02 ea fe ed 20 8c a6 2e 0d 87 94 c2 ab 86 01 ed ff ed e0 e4 0f 3b 0c 4f cc 9c 69 Data Ascii: rJ6^1/M)<gU")Vv[2(%q]\@_~~qI%^@{xxxoG1%hWz\z}FC[C#YZAHLQ= '0yA"E~"W%~k<kDvD?9h}tljcxNXK7@ .;Oi
Source: global traffic HTTP traffic detected: HTTP/1.1 200 OKDate: Tue, 07 Feb 2023 17:23:27 GMTServer: ApacheLast-Modified: Thu, 12 May 2022 19:06:20 GMTContent-Encoding: gzipX-Content-Type-Options: nosniffVary: Accept-EncodingX-Frame-Options: DENYX-Content-Type-Options: nosniffReferrer-Policy: same-originCache-Control: public, max-age=3600Expires: Tue, 07 Feb 2023 18:23:27 GMTContent-Security-Policy: upgrade-insecure-requests; default-src 'self' https://*.iana.org; script-src 'self' 'unsafe-inline' 'unsafe-eval' https://www.google.com https://cse.google.com https://clients1.google.com; style-src 'self' 'unsafe-inline' https://www.google.com; child-src 'self' https://www.youtube.com https://clients1.google.com https://cse.google.com https://www.google.com/; img-src 'self' https://data.iana.org https://www.iana.org https://www.google.com https://www.googleapis.com https://clients1.google.com https://*.gstatic.com;Content-Length: 3333Keep-Alive: timeout=2, max=358Connection: Keep-AliveContent-Type: text/html; charset=UTF-8Data Raw: 1f 8b 08 00 00 00 00 00 00 03 cd 1a db 6e e3 b8 f5 79 f3 15 ac 5b 14 09 10 5b b1 73 99 24 eb 18 f0 3a 99 d6 8b 59 af 9b 64 ba 40 5f 02 5a a2 6d ce 48 a4 96 a4 9c 71 8b 02 f3 11 7d 29 d0 fe dc 7c 49 cf 21 a9 8b 6d 39 b1 67 81 ed 0e 90 b1 44 1d 9e 1b cf 95 64 f7 77 91 0c cd 32 65 64 6e 92 b8 77 d0 cd 7f 18 8d 7a 07 df 74 0d 37 31 eb 8d b2 64 c2 14 b9 67 5a 66 2a 64 ba 1b b8 f1 03 80 48 98 a1 24 9c 53 a5 99 b9 69 64 66 da bc 6c 90 a0 97 7f 99 1b 93 36 d9 cf 19 5f dc 34 06 52 18 26 4c 13 e9 35 48 e8 de 6e 1a 86 7d 32 01 d2 fd b6 c0 b3 81 46 d0 84 dd 34 16 9c 3d a7 52 99 ca e4 67 1e 99 f9 4d c4 16 3c 64 4d fb 72 4c b8 e0 86 d3 b8 a9 43 1a b3 9b b6 c3 03 98 62 2e 3e 12 c5 e2 9b 86 36 cb 98 e9 39 63 80 6a ae d8 f4 a6 11 3c 85 5a 07 9d 93 4e 27 e0 54 d0 a7 67 36 d1 dc b0 16 Data Ascii: ny[[s$:Yd@_ZmHq})|I!m9gDdw2ednwzt71dgZf*dH$Sidfl6_4R&L5Hn}2F4=RgM<dMrLCb.>69cj<ZN'Tg6
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49886
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: global traffic HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.81Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1 HTTP/1.1Host: server.1ksat.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?https://example.com HTTP/1.1Host: href.liConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: example.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: example.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://example.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /domains/example HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_css/2022/iana_website.css HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_js/jquery.js HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_js/iana.js HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/iana-logo-header.svg HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/SourceCodePro-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Bold.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/bookmark_icon.ico HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2015.1/iana-logo-homepage.svg HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cse.js?cx=010470622406686203020:boq_dnseony HTTP/1.1Host: cse.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEIkqHLAQiBvMwBCIW9zAEIs8HMAQjFwcwBCNbBzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Bold.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3D010470622406686203020:boq_dnseony&q=EgRUETQNGOORip8GIjCfzYmwLuKcy4lAIwbs2Qk2pKJdI6TLau-PLMIWh6D5iMBjkYX4NLuYSVAPF0L8ud0yAXI HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CI22yQEIpbbJAQjBtskBCKmdygEIkqHLAQiBvMwBCIW9zAEIs8HMAQjFwcwBCNbBzAE=Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Bold.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Bold.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2013.1/rir-map.svg HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Regular.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Italic.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2022/fonts/NotoSans-Bold.woff HTTP/1.1Host: www.iana.orgConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: http://www.iana.orgsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://www.iana.org/_css/2022/iana_website.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /domains/reserved HTTP/1.1Host: www.iana.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/bookmark_icon.ico HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.iana.org
Source: global traffic HTTP traffic detected: GET /_img/2022/iana-logo-header.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.iana.org
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: www.iana.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /domains HTTP/1.1Host: www.iana.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /protocols HTTP/1.1Host: www.iana.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /numbers HTTP/1.1Host: www.iana.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /_img/2013.1/rir-map.svg HTTP/1.1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/86.0.4240.183 Safari/537.36Host: www.iana.org
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundAge: 144582Cache-Control: max-age=604800Content-Type: text/html; charset=UTF-8Date: Tue, 07 Feb 2023 17:22:23 GMTExpires: Tue, 14 Feb 2023 17:22:23 GMTLast-Modified: Mon, 06 Feb 2023 01:12:41 GMTServer: ECS (bsa/EB21)Vary: Accept-EncodingX-Cache: 404-HITContent-Length: 1256Connection: close
Source: unknown HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: classification engine Classification label: clean0.win@35/0@21/12
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1708,i,1738826521745381383,15185311736595585432,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe" "https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1724 --field-trial-handle=1708,i,1738826521745381383,15185311736595585432,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Program Files\Google\GoogleUpdater Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Directory created: C:\Program Files\Google\GoogleUpdater Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 800697 URL: https://server.1ksat.com/?u... Startdate: 07/02/2023 Architecture: WINDOWS Score: 0 14 www.iana.org 2->14 16 www.google.com 2->16 18 ianawww.vip.icann.org 2->18 6 chrome.exe 15 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 20 192.168.2.1 unknown unknown 6->20 22 192.168.2.4 unknown unknown 6->22 24 2 other IPs or domains 6->24 11 chrome.exe 6->11         started        process5 dnsIp6 26 ianawww.vip.icann.org 192.0.46.8, 443, 49731, 49732 ICANN-DCUS United States 11->26 28 clients.l.google.com 142.250.180.174, 443, 49711, 49764 GOOGLEUS United States 11->28 30 19 other IPs or domains 11->30
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
192.0.46.8
 ianawww.vip.icann.org United States
16876 ICANN-DCUS false
93.184.216.34
 example.com European Union
15133 EDGECASTUS false
216.58.209.45
 accounts.google.com United States
15169 GOOGLEUS false
192.0.78.26
 href.li United States
2635 AUTOMATTICUS false
239.255.255.250
 unknown Reserved
unknown unknown false
34.214.99.116
 server.1ksat.com United States
16509 AMAZON-02US false
142.250.184.100
 www.google.com United States
15169 GOOGLEUS false
142.250.180.174
 cse.google.com United States
15169 GOOGLEUS false

Private

IP
192.168.2.1
192.168.2.4
192.168.2.5
127.0.0.1

Contacted Domains

Name IP Active
www.arin.net 199.43.0.47 true
www.nro.net 193.0.19.65 true
accounts.google.com 216.58.209.45 true
www.afrinic.net 196.216.2.6 true
ianawww.vip.icann.org 192.0.46.8 true
href.li 192.0.78.26 true
www.vip.icann.org 192.0.47.7 true
www.lacnic.net 200.3.14.184 true
server.1ksat.com 34.214.99.116 true
cse.google.com 142.250.180.174 true
www.google.com 142.250.184.100 true
clients.l.google.com 142.250.180.174 true
example.com 93.184.216.34 true
www.apnic.net unknown unknown
www.ietf.org unknown unknown
clients2.google.com unknown unknown
www.iana.org unknown unknown
pti.icann.org unknown unknown
www.ripe.net unknown unknown
www.icann.org unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.iana.org/_img/2022/fonts/SourceCodePro-Regular.woff false
    		high
    https://www.iana.org/_img/2022/fonts/NotoSans-Italic.woff false
      		high
      https://cse.google.com/cse.js?cx=010470622406686203020:boq_dnseony false
        		high
        https://www.iana.org/_img/2022/iana-logo-header.svg false
          		high
          https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard false
            		high
            http://www.iana.org/domains/reserved false
              		high
              https://www.iana.org/_img/bookmark_icon.ico false
                		high
                https://www.iana.org/_css/2022/iana_website.css false
                  		high
                  http://www.iana.org/_img/bookmark_icon.ico false
                    		high
                    http://www.iana.org/ false
                      		high
                      http://www.iana.org/domains false
                        		high
                        http://www.iana.org/ false
                          		high
                          http://www.iana.org/_img/2013.1/rir-map.svg false
                            		high
                            https://www.iana.org/_img/2022/fonts/NotoSans-Bold.woff false
                              		high
                              https://server.1ksat.com/?ufov&qrc=jneal@heniff.com&c=E,1,b3hl6R7LYWai95TidY7oKofIoKw3DsF4PoHXJGBO0t7029g1ST6sdhPuEwdMkQ_Szrum_7168W7bTNHjC2nzWdEhCHm4HwED1LIkrBAldy8iRpLM7NZotqaK-Q,,&typo=1 false
                                		unknown
                                http://www.iana.org/domains/reserved false
                                  		high
                                  https://example.com/ false
                                    		high
                                    https://href.li/?https://example.com false
                                      		high
                                      https://www.iana.org/_js/iana.js false
                                        		high
                                        http://www.iana.org/protocols false
                                          		high
                                          https://www.iana.org/_img/2022/fonts/NotoSans-Regular.woff false
                                            		high
                                            https://example.com/favicon.ico false
                                              		high
                                              https://www.iana.org/_img/2013.1/rir-map.svg false
                                                		high
                                                http://www.iana.org/protocols false
                                                  		high
                                                  https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.81&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 false
                                                    		high
                                                    https://www.google.com/sorry/index?continue=https://cse.google.com/cse.js%3Fcx%3D010470622406686203020:boq_dnseony&q=EgRUETQNGOORip8GIjCfzYmwLuKcy4lAIwbs2Qk2pKJdI6TLau-PLMIWh6D5iMBjkYX4NLuYSVAPF0L8ud0yAXI false
                                                      		high
                                                      http://www.iana.org/numbers false
                                                        		high
                                                        http://www.iana.org/_img/2022/iana-logo-header.svg false
                                                          		high
                                                          https://www.iana.org/domains/example false
                                                            		high
                                                            https://www.iana.org/_img/2015.1/iana-logo-homepage.svg false
                                                              		high
                                                              http://www.iana.org/numbers false
                                                                		high
                                                                https://www.iana.org/_js/jquery.js false
                                                                  		high
                                                                  https://example.com/ false
                                                                    		high
                                                                    http://www.iana.org/domains false
                                                                      		high