Windows Analysis Report
https://271439.cobirosite.com/

Overview

General Information

Sample URL:	https://271439.cobirosite.com/
Analysis ID:	831016
Infos:

Detection

HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Antivirus detection for URL or domain

Phishing site detected (based on image similarity)

HTML body contains low number of good links

No HTML title found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://271439.cobirosite.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/js/ctgkdx59njcppdwfbkcqjnwr5	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/sig-op.svg	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/styles/challenges.css	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/m_.svg	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/boot/9bcpwwjj5dtf5qkgnrpcncxdk	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ic/gcnpf5wpd5dqjkncwjkc9xtrb	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/pat/7ab1d8eda99635df/1679356121974/e3b01c142e344330299c3d42ab192c2a0131b3d3e5fa078de4b6d2287145661e/Y8_NIB-7-_rheOk	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/992221000:1679354830:2yQqRvlGN7S4gfDfO01nS-L4AqaibDzQpA12k-PJAhQ/7ab1d8eda99635df/8493bbc48a0427b	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/jq/pktqpn5dbrxjwg5cfdkcw9cnj	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/APP-U5GPIZ/n5dwqncfktpw5cgpxkdrbjj9c	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/pica.js	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1679342400	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7ab1d8eda99635df	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/x/p5cpkkdqgdr9jxbw5ncwfcjnt	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/cv/result/7ab1d92a6fac9153	Avira URL Cloud: Label: phishing

Phishing

Phishing site detected (based on favicon image match)

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 13659.4.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_158.8.dr	Jump to dropped file
Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_162.8.dr	Jump to dropped file
Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_179.8.dr	Jump to dropped file
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b	Matcher: Found strong image similarity, brand: Microsoft image: 13659.img.0.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

HTML body contains low number of good links

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: Number of links: 0

No HTML title found

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: HTML title missing

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: No <meta name="author".. found

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown

DNS traffic detected: queries for: 271439.cobirosite.com

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8306b64e-ea98-4158-8eee-204f0d79f12a.css HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8306b64e-ea98-4158-8eee-204f0d79f12a.js HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/reset.css HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 271439.cobirosite.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.2037328295.1679356116; _ga_8BJ6XM5Y1V=GS1.1.1679356115.1.0.1679356115.0.0.0If-Modified-Since: Mon, 20 Mar 2023 21:54:44 GMT
Source: global traffic	HTTP traffic detected: GET /assets/css/reset.css HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px HTTP/1.1Host: media.cobiro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.2037328295.1679356116; _ga_8BJ6XM5Y1V=GS1.1.1679356115.1.1.1679356116.0.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/challenges.css HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_rt_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_rt_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://hh0mtbdj9f64031a8f7f879.sigadi.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/db880165/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://hh0mtbdj9f64031a8f7f879.sigadi.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/7ab1d8eda99635df/1679356121974/e3b01c142e344330299c3d42ab192c2a0131b3d3e5fa078de4b6d2287145661e/Y8_NIB-7-_rheOk HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7ab1d8feaeca691b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/7ab1d8feaeca691b/1679356125505/6415a47ceedad2f748ae19a20389c1e9e14e5b3caf157a609d3d00a4894680e9/s5Kp__OWAS8SxWr HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8feaeca691b/1679356125509/jG-YDUWHZmJhn8N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8feaeca691b/1679356125509/jG-YDUWHZmJhn8N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ID-6418f0e2af19b HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /APP-U5GPIZ/n5dwqncfktpw5cgpxkdrbjj9c HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /jq/pktqpn5dbrxjwg5cfdkcw9cnj HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /boot/9bcpwwjj5dtf5qkgnrpcncxdk HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /js/ctgkdx59njcppdwfbkcqjnwr5 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /o/rd5txpkwccgnfj9nkbdwcqp5j HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /x/p5cpkkdqgdr9jxbw5ncwfcjnt HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1679342400 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ic/gcnpf5wpd5dqjkncwjkc9xtrb HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /o/rd5txpkwccgnfj9nkbdwcqp5j HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /x/p5cpkkdqgdr9jxbw5ncwfcjnt HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m; __cf_bm=RP1vq8OwUemQUk_5B0t21J1A_gkEsPe0jpiTKuoVmyI-1679356133-0-AckBX5wrcFSOaJjFrzldsTvy+1hw9DQ8MMXZnUrY7rMNRdlzouW/T32PS2FN9Cd6YuJwMiIef5PfwepK6ETZq1CseowuMozECdufeqcKgDfR4mAIes6MSwM79vAZ2Q7fXg==
Source: global traffic	HTTP traffic detected: GET /ic/gcnpf5wpd5dqjkncwjkc9xtrb HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m; __cf_bm=RP1vq8OwUemQUk_5B0t21J1A_gkEsPe0jpiTKuoVmyI-1679356133-0-AckBX5wrcFSOaJjFrzldsTvy+1hw9DQ8MMXZnUrY7rMNRdlzouW/T32PS2FN9Cd6YuJwMiIef5PfwepK6ETZq1CseowuMozECdufeqcKgDfR4mAIes6MSwM79vAZ2Q7fXg==
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIm9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_167.8.dr	String found in binary or memory: b,"vert.pix");break;case "PERCENT":Ay(d.verticalThresholds,b,"vert.pct")}zv("sdl","init",!1)?zv("sdl","pending",!1)\|\|J(function(){return By()}):(xv("sdl","init",!0),xv("sdl","pending",!0),J(function(){By();if(Cy()){var e=Dy();qc(z,"scroll",e);qc(z,"resize",e)}else xv("sdl","init",!1)}));return b}Hy.M="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Iy=["www.youtube.com","www.youtube-nocookie.com"],Jy,Ky=!1; equals www.youtube.com (Youtube)
Source: chromecache_167.8.dr	String found in binary or memory: l=!!a.get("fixMissingApi");if(!(d\|\|e\|\|f\|\|g.length\|\|h.length))return;var n={Ff:d,Df:e,Ef:f,lg:g,mg:h,gd:l,Wa:b},p=z.YT,q=function(){Qy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var u=I.getElementsByTagName("script"),t=u.length,v=0;v<t;v++){var w=u[v].getAttribute("src");if(Ty(w,"iframe_api")\|\|Ty(w,"player_api"))return b}for(var y=I.getElementsByTagName("iframe"),x=y.length,A=0;A<x;A++)if(!Ky&&Ry(y[A],n.gd))return mc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 23:48:38 GMTContent-Type: text/htmlContent-Length: 4525Connection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW9%2Bxr3YkF8n%2BjbNQUdf8%2FimakRns%2FFsV18RkoMkMrXnKWpZBgXqqKzvkJ8WTbhK7t6McaTSaGJ%2BRJbi1WgQt%2Fr%2Bp%2Bk8HkVvn1oCaXxWXJ1Lremha4PFqmYZdWBxvgZqKrmmsKh2Jwk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8d97fa22c19-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9akr2oNGRo1v8kiTSa5wW4fI5sMH2RLVZmT6Z9aGDnjhsebhpW%2BKHNeLYlFjkpJFeQoX6SrgH6s1enXnaHX2TEIR1VOI9jconEqjAEkd2rpFAQ3iK2reQ37eoPGal0H2VB71BUSbTD5Vc5SRF3g2nBgxgw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8eda99635df-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyzjMT1ryPblymlK4u%2Fi8iVj9609u2wkfQUXBS7T5eTNS20LZXDY4b%2BEQYdmY7kA%2FJmC4VLjN9oo%2BgTvODXDUcoV4SUtN6%2BbK3p29kwURB56lP4H0tsgRSn8EvP%2FDSqDjPtzkyidIq6McUE5l9Nk8kSKAJI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8ef78b8994b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR1oKe1o0yj6X0xw4kVTTWGe2E9npAZopqm5XV9oYQEt8Bsosw58g9bQNvEadOh2dFTcNt%2BI%2Fy2XZA%2FHUEJY0d4L6lnIHRDqdRxm1kOl4ks1PSfTO19DQo5NyMVjz8BTYLfvmhLfl9GDym16A8crBQ1D1VE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8f4a9573a76-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyR1AlqcYxw7uyzksQg5UtG7iJb4f4emxLLsLlSLRiMWbBfYV%2Bu2B8vPYnqxIuXMB9ny9G7R%2B85AUSsdbI70blquNabdjwuHt%2FDcybIbrImOK9qgZM9X8hnsVJv%2F4uXU%2FeC0yITJVeEFWx60wskaTI9hOP8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d925adc9bc04-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Source: chromecache_167.8.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/domains
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/google-search/
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/website
Source: chromecache_177.8.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins&display=swap
Source: chromecache_177.8.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_181.8.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_181.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_181.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_167.8.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_160.8.dr	String found in binary or memory: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/assets/css/reset.css
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/favicon.ico
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-advertising.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-build.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-domain.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/logo-cobiro.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/under-construction-background.jpeg
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1080px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=200px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=2560px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=400px
Source: chromecache_167.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_167.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_167.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_167.8.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/privacypolicy/
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/website-terms/
Source: chromecache_167.8.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: chromecache_160.8.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8BJ6XM5Y1V
Source: chromecache_167.8.dr	String found in binary or memory: https://www.merchant-center-analytics.goog/mc/collect
Source: chromecache_167.8.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown

HTTP traffic detected: POST /ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard HTTP/1.1Host: accounts.google.comConnection: keep-aliveContent-Length: 1Origin: https://www.google.comContent-Type: application/x-www-form-urlencodedSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CONSENT=PENDING+620; __Secure-ENID=6.SE=cJKCBuSaL1dV3R8z2Y2al7-m2m5bGA74lqbYYkqC3uy-NtZ1f6n_bCBr25tlnnjvdmLpGQ81ZKzP3Te5vVjpSQjYWCwvlOMApK7tmZNWcORu0p4wniPJGQfTslQNnpQWhG9qkwkEgy49-6UG3UQ1eiUyFolJZWLeUM1p4KvjM9E

Source: classification engine

Classification label: mal76.phis.win@28/39@14/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://271439.cobirosite.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1784,i,8265395457072351684,11967616966742476966,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1784,i,8265395457072351684,11967616966742476966,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\Feedback

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.45	accounts.google.com	United States	15169	GOOGLEUS	false
172.217.18.14	clients.l.google.com	United States	15169	GOOGLEUS	false
52.109.13.64	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.18.4	unknown	United States	15169	GOOGLEUS	false
172.67.152.102	hh0mtbdj9f64031a8f7f879.sigadi.ru	United States	13335	CLOUDFLARENETUS	false
104.21.54.42	prod-router.cobiro.workers.dev	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
104.18.6.185	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
52.222.214.9	media.cobiro.com	United States	16509	AMAZON-02US	false
192.229.221.95	unknown	United States	15133	EDGECASTUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
172.217.16.196	unknown	United States	15169	GOOGLEUS	false
52.109.76.141	unknown	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false

Private

IP
192.168.2.1
127.0.0.1

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
accounts.google.com	142.250.186.45	true
challenges.cloudflare.com	104.18.6.185	true
media.cobiro.com	52.222.214.9	true
www.google.com	142.250.186.100	true
hh0mtbdj9f64031a8f7f879.sigadi.ru	172.67.152.102	true
prod-router.cobiro.workers.dev	104.21.54.42	true
clients.l.google.com	172.217.18.14	true
clients2.google.com	unknown	unknown
271439.cobirosite.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/js/ctgkdx59njcppdwfbkcqjnwr5	true	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7ab1d8feaeca691b	false		high
https://271439.cobirosite.com/8306b64e-ea98-4158-8eee-204f0d79f12a.js	true	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/flow/ov1/1356602515:1679355110:EtCCJZINfDNVZaxY6meWZesT5skXLn1hf7eOmkFkgK0/7ab1d8feaeca691b/d1489ea3a7fd4ad	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/sig-op.svg	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/styles/challenges.css	false	Avira URL Cloud: phishing	unknown
https://271439.cobirosite.com/	true		unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/m_.svg	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/img/7ab1d8feaeca691b/1679356125509/jG-YDUWHZmJhn8N	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/boot/9bcpwwjj5dtf5qkgnrpcncxdk	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ic/gcnpf5wpd5dqjkncwjkc9xtrb	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/pat/7ab1d8eda99635df/1679356121974/e3b01c142e344330299c3d42ab192c2a0131b3d3e5fa078de4b6d2287145661e/Y8_NIB-7-_rheOk	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/992221000:1679354830:2yQqRvlGN7S4gfDfO01nS-L4AqaibDzQpA12k-PJAhQ/7ab1d8eda99635df/8493bbc48a0427b	false	Avira URL Cloud: phishing	unknown
https://271439.cobirosite.com/8306b64e-ea98-4158-8eee-204f0d79f12a.css	true	Avira URL Cloud: safe	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/jq/pktqpn5dbrxjwg5cfdkcw9cnj	false	Avira URL Cloud: phishing	unknown
https://271439.cobirosite.com/	true		unknown
https://media.cobiro.com/assets/css/reset.css	false	Avira URL Cloud: safe	unknown
https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px	false	Avira URL Cloud: safe	unknown
https://accounts.google.com/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/APP-U5GPIZ/n5dwqncfktpw5cgpxkdrbjj9c	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/pica.js	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1679342400	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v3?s=aW9%2Bxr3YkF8n%2BjbNQUdf8%2FimakRns%2FFsV18RkoMkMrXnKWpZBgXqqKzvkJ8WTbhK7t6McaTSaGJ%2BRJbi1WgQt%2Fr%2Bp%2Bk8HkVvn1oCaXxWXJ1Lremha4PFqmYZdWBxvgZqKrmmsKh2Jwk%3D	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/	false		unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b	true		unknown
https://271439.cobirosite.com/favicon.ico	true	Avira URL Cloud: safe	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7ab1d8eda99635df	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/	false		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/pat/7ab1d8feaeca691b/1679356125505/6415a47ceedad2f748ae19a20389c1e9e14e5b3caf157a609d3d00a4894680e9/s5Kp__OWAS8SxWr	false		high
https://clients2.google.com/service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1	false		high
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/x/p5cpkkdqgdr9jxbw5ncwfcjnt	false	Avira URL Cloud: phishing	unknown
https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/cv/result/7ab1d92a6fac9153	false	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Local\Temp\Outlook Logging\OUTLOOK_16_0_13929_20386-20230321T0048140271-3132.etl	data	CEA949B1EEA5087BB5475AE317402C50	7EE7E8C3F09F677F5B4525DBD7818DCAECECE141	3E0CA6B05F2E961FA919E6852D111467334358AD9A072B184A66F3DE81B9CFC1
C:\Users\user\Documents\Outlook Files\Outlook Data File - NoEmail.pst	data	6AB2D7F7B7AC3789041F17FC5BAB1C43	9D41DEE8AD2C64792C7994D80E39887830F7B150	31880E2D015F04686010D2BAA1C3B8B2D9A8DCA18D6EAF572F746362DECC7C1F
Chrome Cache Entry: 151	PNG image data, 82 x 29, 8-bit/color RGB, non-interlaced	6F531C8286B9F7502BDB778E79378485	FF12229BCBBA5858783B4FA0BB9EA4434F1D0EBA	582473B3892C5B5102EC0B6AF0C3A37E899EFFFE7A943E2BE7D172CD2B209893
Chrome Cache Entry: 152	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 153	ASCII text, with no line terminators	011B17B116126E6E0C4A9B0DE9145805	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
Chrome Cache Entry: 154	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 155	RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1352, Scaling: [none]x[none], YUV color, decoders should clamp	6E3506E12ABD6E1CE1A6D3C337895874	322D403AC3918D8EB27956F9B8A4C1287F7F5F1D	236B06DDC087C027811AF0C02DFA9E4B1B39F394FE3AFA3ADF856D9F3EF3635C
Chrome Cache Entry: 156	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 157	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 158	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 159	ASCII text, with very long lines (65536), with no line terminators	32C694BA1FE6259F8FF5D2114A03ADEA	6985EA425245BB8C09BE154228FFC28962AC3F76	CF3773058B75FAB2F9BDC8D3C8E0702EC8519EB1978748D7CF4F2E424E7D7CE8
Chrome Cache Entry: 160	HTML document, ASCII text, with very long lines (937)	D7077DAA69631C01C470238BBA237212	00FC42729E1F19DDE7F1B5FDFD5D6E8E4B423220	3169F85B033A3C6A7D4E5BDF885196F069E87DDBF44E0B973A8D79FB6A7AC39D
Chrome Cache Entry: 161	PNG image data, 94 x 9, 8-bit/color RGB, non-interlaced	5FABAAEA2EAA3BAD41F4F182F98AB393	E9962D67931BCBCFB97F8220A08266E3AED12290	A675CAC7B6350FDD18ACF3397AF8A5DB06211C94C33372ED0617D9EB114F99EE
Chrome Cache Entry: 162	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 163	ASCII text, with very long lines (26607), with no line terminators	7FF79B3ADEE04D9CFE61B41167404658	4D0C74A0E3B213D53E27D9C85D69A3BB90DA2560	FA497F82AF028468F99648ED8FF94250098F0C396621A28F072391BEB7986AEF
Chrome Cache Entry: 164	ASCII text, with very long lines (5946), with no line terminators	8660A1F80CCACAC6B8C5AA02FA61D38E	E0E8A336C8DC0032D8A5944A969B283EA2EB9392	15879673E8C7782477B0850EB66E211C9C0B1C4D33024D136F139D4061DBD67C
Chrome Cache Entry: 165	Unicode text, UTF-8 text, with very long lines (5043)	7E82502F08DB6A9B1DE4F422BCE0DF63	5579D3FDDCAB7BA5F933F71941B0D94F3AFC03FA	8888C8981B01E2C090C601BEDA6E39718491801B22316270308D5AE0DC9954DD
Chrome Cache Entry: 166	ASCII text, with very long lines (65536), with no line terminators	555A67BEDE923291AAB3C5B7BD82D31D	5D831B7B122894F6632FB8FD5F5E47F651866116	D6CFA20EEFD50DBF729B24B18801770F819754CF0383FA5EA0479FD495D852F3
Chrome Cache Entry: 167	ASCII text, with very long lines (21772)	A8724056C3293E81B42BD0FACFFE447E	44F0DBC862061D5976934754AD8D074C6E37CCFD	1D3BF43FB94AD11BF370F53CA5B3EC100B0907A7F3F8869BDAB24DA5C6009AED
Chrome Cache Entry: 168	PNG image data, 94 x 9, 8-bit/color RGB, non-interlaced	5FABAAEA2EAA3BAD41F4F182F98AB393	E9962D67931BCBCFB97F8220A08266E3AED12290	A675CAC7B6350FDD18ACF3397AF8A5DB06211C94C33372ED0617D9EB114F99EE
Chrome Cache Entry: 169	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 170	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 171	HTML document, ASCII text, with very long lines (8524)	B502F6030D06C28E823D79A352084C21	475FD633C07607081EA35DA46D300CEDF9678284	109C3EC130164AEEAF3C96DC6219C553B5B473FD2A90F1329F54F95BCD47C414
Chrome Cache Entry: 172	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 173	GIF image data, version 89a, 1 x 1	D89746888DA2D9510B64A9F031EAECD5	D5FCEB6532643D0D84FFE09C40C481ECDF59E15A	EF1955AE757C8B966C83248350331BD3A30F658CED11F387F8EBF05AB3368629
Chrome Cache Entry: 174	PNG image data, 82 x 29, 8-bit/color RGB, non-interlaced	6F531C8286B9F7502BDB778E79378485	FF12229BCBBA5858783B4FA0BB9EA4434F1D0EBA	582473B3892C5B5102EC0B6AF0C3A37E899EFFFE7A943E2BE7D172CD2B209893
Chrome Cache Entry: 175	ASCII text, with very long lines (65536), with no line terminators	8E6B0F88563F9C33F78BCE65CF287DF7	EF7765CD2A7D64ED27DD7344702597AFF6F8C397	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
Chrome Cache Entry: 176	ASCII text, with very long lines (6858), with no line terminators	B35AAAC41AF9E5EA43B19C039C8B936A	F7DB942205EACC6EE7E22F5A7404173BFD8CE8DC	55D9EA150DF1645DA808562E3C49B8FC57E425F06F097875054BA4D6D74B164F
Chrome Cache Entry: 177	HTML document, ASCII text, with very long lines (4525), with no line terminators	E139496722C479A05927CB13F09012DD	6A6372218B1409DEA6D6D251C950323B732514C1	BA518B42E7CAF92A661A2A5C2F43EB76213D035FE81E2D71DEF910901D561B5E
Chrome Cache Entry: 178	ASCII text, with very long lines (14029)	AB6F5DAD37138714B2B042E5135DA1FA	51C1790132750CCE2EFC080EC9F9BA0ECD8D4B40	D395CC53363E6E22C75F73DE0D4DE7355ED844B65B8F0D149664EC06FACD2D8E
Chrome Cache Entry: 179	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 180	ASCII text, with very long lines (6190), with no line terminators	B55FBBCA0F0AC20A41D9ABA8533ED1C5	3E317D4905C20267F3DD2CB894DB16A2145F195E	EFDB5BCC25EFA09532FBBF93E67A4BD0F74016AD3CFE118A2FBC94296ADF875B
Chrome Cache Entry: 181	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 182	RIFF (little-endian) data, Web/P image, VP8 encoding, 1920x1352, Scaling: [none]x[none], YUV color, decoders should clamp	6E3506E12ABD6E1CE1A6D3C337895874	322D403AC3918D8EB27956F9B8A4C1287F7F5F1D	236B06DDC087C027811AF0C02DFA9E4B1B39F394FE3AFA3ADF856D9F3EF3635C
Chrome Cache Entry: 183	ASCII text	DDB48E14B854B528BC174EC06CED89AB	32022E7E6DB48DA83D43F9E0456FA23389EC9CB0	FCB3949B9639187928D9AF79730A0755E05778341142DEE6EA54FBED87E65966
Chrome Cache Entry: 184	ASCII text	4BD3238F3844358A3E9C202DDEF7CC1A	51505FA1A92D4A1BCE1E869FEA6803587D478B60	7B0E7C53260CE3A3BEC83AF632EDABD28626A12AE9E45B70EA7A0AAB636D5ECB
Chrome Cache Entry: 185	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 186	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 187	ASCII text, with very long lines (492)	E6AA6F76723A2C85E52B30C7C1E306DA	4F124AA5ADEDA11C92736DFCB6F57F94832FFF2B	32568EE7707A3676AC5FA6EE3C6488BB97657929011262E13A53971B6A34FF70

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://271439.cobirosite.com/

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/js/ctgkdx59njcppdwfbkcqjnwr5	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/sig-op.svg	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/styles/challenges.css	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ASSETS/img/m_.svg	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/boot/9bcpwwjj5dtf5qkgnrpcncxdk	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ic/gcnpf5wpd5dqjkncwjkc9xtrb	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/pat/7ab1d8eda99635df/1679356121974/e3b01c142e344330299c3d42ab192c2a0131b3d3e5fa078de4b6d2287145661e/Y8_NIB-7-_rheOk	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/flow/ov1/992221000:1679354830:2yQqRvlGN7S4gfDfO01nS-L4AqaibDzQpA12k-PJAhQ/7ab1d8eda99635df/8493bbc48a0427b	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/jq/pktqpn5dbrxjwg5cfdkcw9cnj	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/APP-U5GPIZ/n5dwqncfktpw5cgpxkdrbjj9c	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/pica.js	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1679342400	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7ab1d8eda99635df	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/x/p5cpkkdqgdr9jxbw5ncwfcjnt	Avira URL Cloud: Label: phishing
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/cdn-cgi/challenge-platform/h/g/cv/result/7ab1d92a6fac9153	Avira URL Cloud: Label: phishing

Phishing

Phishing site detected (based on favicon image match)

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 13659.4.pages.csv, type: HTML

Phishing site detected (based on image similarity)

Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_158.8.dr	Jump to dropped file
Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_162.8.dr	Jump to dropped file
Source: https://sigadi.ru	Matcher: Found strong image similarity, brand: Microsoft cache file: chromecache_179.8.dr	Jump to dropped file
Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b	Matcher: Found strong image similarity, brand: Microsoft image: 13659.img.0.gfk.csv EE5C8D9FB6248C938FD0DC19370E90BD

HTML body contains low number of good links

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: Number of links: 0

No HTML title found

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: HTML title missing

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: No <meta name="author".. found

Source: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19b

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: unknown

DNS traffic detected: queries for: 271439.cobirosite.com

Source: unknown	Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49893 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49895 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49853 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49827
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49825
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49824
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49894 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49817
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49816
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 49816 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49895
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49894
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49893
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49824 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.76.141
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.13.64
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.221.95
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /service/update2/crx?os=win&arch=x64&os_arch=x86_64&nacl_arch=x86-64&prod=chromecrx&prodchannel=&prodversion=104.0.5112.102&lang=en-US&acceptformat=crx3&x=id%3Dnmmhkkegccagdldgiimedpiccmgmieda%26v%3D0.0.0.0%26installedby%3Dother%26uc%26ping%3Dr%253D-1%2526e%253D1 HTTP/1.1Host: clients2.google.comConnection: keep-aliveX-Goog-Update-Interactivity: fgX-Goog-Update-AppId: nmmhkkegccagdldgiimedpiccmgmiedaX-Goog-Update-Updater: chromecrx-104.0.5112.102Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8306b64e-ea98-4158-8eee-204f0d79f12a.css HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /8306b64e-ea98-4158-8eee-204f0d79f12a.js HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /assets/css/reset.css HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 271439.cobirosite.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.2037328295.1679356116; _ga_8BJ6XM5Y1V=GS1.1.1679356115.1.0.1679356115.0.0.0If-Modified-Since: Mon, 20 Mar 2023 21:54:44 GMT
Source: global traffic	HTTP traffic detected: GET /assets/css/reset.css HTTP/1.1Host: media.cobiro.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px HTTP/1.1Host: media.cobiro.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 271439.cobirosite.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: _ga=GA1.1.2037328295.1679356116; _ga_8BJ6XM5Y1V=GS1.1.1679356115.1.1.1679356116.0.0.0
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://271439.cobirosite.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/styles/challenges.css HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/managed/v1?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_rt_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_rt_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://hh0mtbdj9f64031a8f7f879.sigadi.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/images/trace/managed/js/transparent.gif?ray=7ab1d8eda99635df HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/g/db880165/api.js?onload=_cf_chl_turnstile_l&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"Origin: https://hh0mtbdj9f64031a8f7f879.sigadi.rusec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8eda99635df/1679356121973/E7Dtgm4DKXspiM9 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/7ab1d8eda99635df/1679356121974/e3b01c142e344330299c3d42ab192c2a0131b3d3e5fa078de4b6d2287145661e/Y8_NIB-7-_rheOk HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/orchestrate/chl_api/v1?ray=7ab1d8feaeca691b HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/pat/7ab1d8feaeca691b/1679356125505/6415a47ceedad2f748ae19a20389c1e9e14e5b3caf157a609d3d00a4894680e9/s5Kp__OWAS8SxWr HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8feaeca691b/1679356125509/jG-YDUWHZmJhn8N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/g/turnstile/if/ov2/av0/350hd/0x4AAAAAAAAjq6WYeRDKmebM/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/img/7ab1d8feaeca691b/1679356125509/jG-YDUWHZmJhn8N HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ID-6418f0e2af19b HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.9Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/?__cf_chl_tk=BrX7fWiOYDoCGkgNdUz4Vf_T8voeDZARgwRYx5S93jc-1679356121-0-gaNycGzNCvsAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /APP-U5GPIZ/n5dwqncfktpw5cgpxkdrbjj9c HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /jq/pktqpn5dbrxjwg5cfdkcw9cnj HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /boot/9bcpwwjj5dtf5qkgnrpcncxdk HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /js/ctgkdx59njcppdwfbkcqjnwr5 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /o/rd5txpkwccgnfj9nkbdwcqp5j HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /x/p5cpkkdqgdr9jxbw5ncwfcjnt HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/alpha/invisible.js?ts=1679342400 HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/g/scripts/pica.js HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ic/gcnpf5wpd5dqjkncwjkc9xtrb HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-alivesec-ch-ua: "Chromium";v="104", " Not A;Brand";v="99", "Google Chrome";v="104"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/ID-6418f0e2af19bAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /o/rd5txpkwccgnfj9nkbdwcqp5j HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m
Source: global traffic	HTTP traffic detected: GET /x/p5cpkkdqgdr9jxbw5ncwfcjnt HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m; __cf_bm=RP1vq8OwUemQUk_5B0t21J1A_gkEsPe0jpiTKuoVmyI-1679356133-0-AckBX5wrcFSOaJjFrzldsTvy+1hw9DQ8MMXZnUrY7rMNRdlzouW/T32PS2FN9Cd6YuJwMiIef5PfwepK6ETZq1CseowuMozECdufeqcKgDfR4mAIes6MSwM79vAZ2Q7fXg==
Source: global traffic	HTTP traffic detected: GET /ic/gcnpf5wpd5dqjkncwjkc9xtrb HTTP/1.1Host: hh0mtbdj9f64031a8f7f879.sigadi.ruConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=9O.Ygud77x1IZvPOE9nET_rsijYNgu1R9dT17F143VA-1679356130-0-250; PHPSESSID=n06h53p87pr1ea2vb90eno0i0m; __cf_bm=RP1vq8OwUemQUk_5B0t21J1A_gkEsPe0jpiTKuoVmyI-1679356133-0-AckBX5wrcFSOaJjFrzldsTvy+1hw9DQ8MMXZnUrY7rMNRdlzouW/T32PS2FN9Cd6YuJwMiIef5PfwepK6ETZq1CseowuMozECdufeqcKgDfR4mAIes6MSwM79vAZ2Q7fXg==
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLC1yQEIkrbJAQiitskBCMS2yQEIqZ3KAQiqj8sBCJahywEIi6vMAQj7u8wBCIm9zAEI6sDMAQidycwBCOPLzAEImNHMAQiZ0swBSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/104.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_167.8.dr	String found in binary or memory: b,"vert.pix");break;case "PERCENT":Ay(d.verticalThresholds,b,"vert.pct")}zv("sdl","init",!1)?zv("sdl","pending",!1)\|\|J(function(){return By()}):(xv("sdl","init",!0),xv("sdl","pending",!0),J(function(){By();if(Cy()){var e=Dy();qc(z,"scroll",e);qc(z,"resize",e)}else xv("sdl","init",!1)}));return b}Hy.M="internal.enableAutoEventOnScroll";var cc=fa(["data-gtm-yt-inspected-"]),Iy=["www.youtube.com","www.youtube-nocookie.com"],Jy,Ky=!1; equals www.youtube.com (Youtube)
Source: chromecache_167.8.dr	String found in binary or memory: l=!!a.get("fixMissingApi");if(!(d\|\|e\|\|f\|\|g.length\|\|h.length))return;var n={Ff:d,Df:e,Ef:f,lg:g,mg:h,gd:l,Wa:b},p=z.YT,q=function(){Qy(n)};if(p)return p.ready&&p.ready(q),b;var r=z.onYouTubeIframeAPIReady;z.onYouTubeIframeAPIReady=function(){r&&r();q()};J(function(){for(var u=I.getElementsByTagName("script"),t=u.length,v=0;v<t;v++){var w=u[v].getAttribute("src");if(Ty(w,"iframe_api")\|\|Ty(w,"player_api"))return b}for(var y=I.getElementsByTagName("iframe"),x=y.length,A=0;A<x;A++)if(!Ky&&Ry(y[A],n.gd))return mc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)

Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Mon, 20 Mar 2023 23:48:38 GMTContent-Type: text/htmlContent-Length: 4525Connection: closeReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=aW9%2Bxr3YkF8n%2BjbNQUdf8%2FimakRns%2FFsV18RkoMkMrXnKWpZBgXqqKzvkJ8WTbhK7t6McaTSaGJ%2BRJbi1WgQt%2Fr%2Bp%2Bk8HkVvn1oCaXxWXJ1Lremha4PFqmYZdWBxvgZqKrmmsKh2Jwk%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8d97fa22c19-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=X9akr2oNGRo1v8kiTSa5wW4fI5sMH2RLVZmT6Z9aGDnjhsebhpW%2BKHNeLYlFjkpJFeQoX6SrgH6s1enXnaHX2TEIR1VOI9jconEqjAEkd2rpFAQ3iK2reQ37eoPGal0H2VB71BUSbTD5Vc5SRF3g2nBgxgw%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8eda99635df-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=yyzjMT1ryPblymlK4u%2Fi8iVj9609u2wkfQUXBS7T5eTNS20LZXDY4b%2BEQYdmY7kA%2FJmC4VLjN9oo%2BgTvODXDUcoV4SUtN6%2BbK3p29kwURB56lP4H0tsgRSn8EvP%2FDSqDjPtzkyidIq6McUE5l9Nk8kSKAJI%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8ef78b8994b-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:42 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=WR1oKe1o0yj6X0xw4kVTTWGe2E9npAZopqm5XV9oYQEt8Bsosw58g9bQNvEadOh2dFTcNt%2BI%2Fy2XZA%2FHUEJY0d4L6lnIHRDqdRxm1kOl4ks1PSfTO19DQo5NyMVjz8BTYLfvmhLfl9GDym16A8crBQ1D1VE%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d8f4a9573a76-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Mon, 20 Mar 2023 23:48:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeCross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originPermissions-Policy: accelerometer=(),autoplay=(),camera=(),clipboard-read=(),clipboard-write=(),fullscreen=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Frame-Options: SAMEORIGINCache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Expires: Thu, 01 Jan 1970 00:00:01 GMTReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v3?s=SyR1AlqcYxw7uyzksQg5UtG7iJb4f4emxLLsLlSLRiMWbBfYV%2Bu2B8vPYnqxIuXMB9ny9G7R%2B85AUSsdbI70blquNabdjwuHt%2FDcybIbrImOK9qgZM9X8hnsVJv%2F4uXU%2FeC0yITJVeEFWx60wskaTI9hOP8%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 7ab1d925adc9bc04-FRAalt-svc: h3=":443"; ma=86400, h3-29=":443"; ma=86400

Source: chromecache_167.8.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/domains
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/google-search/
Source: chromecache_177.8.dr	String found in binary or memory: https://cobiro.com/website
Source: chromecache_177.8.dr	String found in binary or memory: https://fonts.googleapis.com/css2?family=Poppins&display=swap
Source: chromecache_177.8.dr	String found in binary or memory: https://fonts.gstatic.com
Source: chromecache_181.8.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_181.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_181.8.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_167.8.dr	String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_160.8.dr	String found in binary or memory: https://hh0mtbdj9f64031a8f7f879.sigadi.ru/
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/assets/css/reset.css
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/favicon.ico
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-advertising.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-build.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/icon-domain.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/logo-cobiro.svg
Source: chromecache_177.8.dr	String found in binary or memory: https://media.cobiro.com/error-page/under-construction-background.jpeg
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1080px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=1920px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=200px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=2560px
Source: chromecache_160.8.dr	String found in binary or memory: https://media.cobiro.com/images/a5be6e77-9b87-48de-9e9f-f705ebb37c11.webp?width=400px
Source: chromecache_167.8.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_167.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_167.8.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect?v=2&
Source: chromecache_167.8.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/en-gb/products/turnstile/?utm_source=turnstile&utm_campaign=widget
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/privacypolicy/
Source: chromecache_171.8.dr	String found in binary or memory: https://www.cloudflare.com/website-terms/
Source: chromecache_167.8.dr	String found in binary or memory: https://www.googletagmanager.com/a?id=
Source: chromecache_160.8.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=G-8BJ6XM5Y1V
Source: chromecache_167.8.dr	String found in binary or memory: https://www.merchant-center-analytics.goog/mc/collect
Source: chromecache_167.8.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown

Source: classification engine

Classification label: mal76.phis.win@28/39@14/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument https://271439.cobirosite.com/
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1784,i,8265395457072351684,11967616966742476966,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2044 --field-trial-handle=1784,i,8265395457072351684,11967616966742476966,131072 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

Source: C:\Program Files\Microsoft Office\root\Office16\OUTLOOK.EXE

File created: C:\Users\user\AppData\Local\Microsoft\Office\16.0\Feedback

Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\GoogleUpdater

Jump to behavior

ID:	831016
Product:	CloudBasic
Start time:	00:47:56
Start date:	21.03.2023
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 64 bit version 1909 (MS Office 2019, IE 11, Chrome 104, Firefox 88, Adobe Reader DC 21, Java 8 u291, 7-Zip)
Architecture:	WINDOWS

Windows Analysis Report
https://271439.cobirosite.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://271439.cobirosite.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://271439.cobirosite.com/