Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

Overview

General Information

Sample URL:	https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com
Analysis ID:	1437723
Infos:

Detection

HtmlDropper, HTMLPhisher

Score:	76
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Yara detected Html Dropper

Yara detected HtmlPhish10

Multimodal LLM detected phishing page

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

HTML body contains low number of good links

HTML page contains hidden URLs or javascript code

HTML title does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Uses insecure TLS / SSL version for HTTPS connection

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Multimodal LLM detected phishing page

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153' is highly suspicious due to its complex and non-standard structure, which does not resemble Microsoft's legitimate domain. The image mimics a Microsoft login page, which is a common tactic in phishing to deceive users into providing sensitive information. The domain name does not match Microsoft's official domain, indicating a high likelihood of phishing.

Phishing site detected (based on image similarity)

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153	Matcher: Template: microsoft matched
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153#	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://xdocusigniusmmxx.smumsmd.ws/

HTTP Parser: Base64 decoded: https://xdocusigniusmmxx.smumsmd.ws/

HTML title does not match URL

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Title: 9acf646143953d89964fd759edbe72f5663a78022f12c does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153	HTTP Parser: No favicon

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: No <meta name="author".. found

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49718 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com HTTP/1.1 Host: url.us.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/7859ocG_n1us91ZBzUxyTAKirQKmGTyoGrJXHcVpSVamRO2ayBGcq6J8Zt9oREVkVR1ReK7Mk7_IC6Q7bXs4Ik97IywtBE7c8NTD7h_7fUD_ofWr24-D9rP0cCZRCgHD3Q-_nlXOK7rXDdT4MRAecBZLIQZE_ExW7UXxBo6jz8pHYMVtBIJiOqIpPxV6ZJOYVo-gV9MOXmqlg0X4OjTzaCw2hlhhdOYqHnp404xRF-hjRcSULBemtDGwKb9JFvDSlIQpRU1MZrf6zegv8s7RCngsJ8bpl0EeHgILiXjYll46oX9n_nNS7l_F9IKhIKJdqCK9aGQKUMb_ciruT-JLMxh-iCblTTfIpK8zTu7OAQBgD8zvnCkWQKV6Spgf6T3dVR4hO_mrPZxTs1--Kcq27OSMTIwLUpG_Z-ok0mlKJlvUXUNeTtalE5sdLLauNev2sUTLGeZriCjyJKFmnnM3SdPTn31H6oYXE-3Isf0ZKpDrECs6f8w28WVqFwvbaZA2Aly-q_DZty2wxCqKUSDe2CmSpua39itg6h2tJAW2qgJuVHiG5aGARR8ghkSZU12Afnk7N4ndKV4WbT8SUPFm8UrYwB21XmiRjqQN0kstQ0RXMH8HNV1ay9_XYPGhZaIWPlY8oMMAQ4lZw1YmF3ecjLBt33z0SbHvR8VvRKKNKThFXNG-OXR4Mm-SNt_VMFGopjsWmyxNRt6xUSNqSZP4oG8pIjWx1bwGawKj3gyMFfE93Zt2K7-9voZUuUqYP0nc8lPidc7tAL5oKrIghpkmqDfkftCXGi5ItzxBWlaXiNHHPe52EFSTkynnrISvRvRZGVN57TBAr_7S433x23XRmIJqziC_VJb39L3d6Uf75Wy-8SeZDPFkg17dNzXWEEtWKDGrcKAV3q1Mo6-VEzZBb5z2_NMsa47WtbJmyqDN-9i000f5MDPwUMdVdz_Oq6Bilo5NC8ynmq0rYNeKhM9IP5Xj2tLc7Z7hvG7QLlob4anfjJba1IZLb925kmCUYgKMVLGi0P1HtnrpaUCmu2zW8m0syM5IS4aAruwTtlMZh2B3e-BLOi5byJOmj3WBu30HXHx5ia2TnDF11pSluhGCooWXJJvRHiptCkZ181tTjOj7MsRLhy3gmb61ZW1svrbRskIxg3vh1eIPQ6wkiveaf-aYrie_ZUyX1i2dOJGtKgx0uir0wQD0cxn01Tgb44_X7f_nDbRDASbHE3_Wo1jNNuyuWxlyNbM0G0Q9DXo-HI1nTZUkCK-4mcABf0wifP2HAHPN97Bo0ju7A1qkiiM0hwQ6z5IMvTrwVFxLzS1uOerqUjJq0ZQEPm9nX8gjhLPg9ecrX8uDiVPkc32mlpKFhGUYsRE86DxeRcI15d3a0lAEuO_UrrSxDvPQpALS52SCTtKq5FR20-ULaANEAlePqTSvL7phlWh0bWDdknZzLI1E6IT739or8G15Sj_Ce019WbPWZdtm_wQefPzhP8ZO6ZG5bBUxPRPGknJ2qt2XNH_ORg8N_XFgYQUIt3aUQvwdMfIQb922Myjt038RAVyMR_XDnMQCbYNJp2-fiPtPIGrRZbLjhnF2vW8Mk4BjVSgT_rQ2DLUZCsIk_Kubb3ViKEHicVWX1Q4Ax5YDkt9GZwGheX9Dt7paArJBdDBGWMz6rzWkrkbV83k2rD3FK1k7YjqgOlRpiGxq3ZrCdjMqHpwbPrCYgY-hgRMQxiB3wwMsTI6ifR5mR-elvhGRXF4Ps8If-yZ_gYnm0sPOagH5zAT42OZ5sxXb1Z-l-QRE7fQdRfYRpbhD4CDRCnSwjknrzTyUXvMqwWEBgOixNx2ILxdyl88pfCT4_4nO-CBONqUxIF4OG8r1J25e4SksO3hcdbPs1zLI-KZyDUCvQXcXDviHby6qkCaKb4Ve0ZSpUm7Zd5vQ3cyPtLrFIQsoCxqPy_uEyn_-M-3tm-YoVglRulFaeQzOh2nsoT_dsoofvy0BCH02lDXW8ZdwAN-5eRtOyFVgwfYXa7IjWsndOayh0yb5AvmmTCX71TYQfUxOT-vHQxRMyvL0mLCZopwuaikf3GA0OGsQhAypN-2IISPk2MhYOarZWXJNXOlgYwB8tyvv_j6CQOglZILzl3lKfMDa7ZJsWTyeKbyMV_ZGX9o_8WfAtXk-JVz8hrEM1kXPdg6_KlGlYx4qmjwt-sSkKEkFYcsr3Z5SgNSWXycTMMpjIKldkW1NGoUkYvITqMhBOSEA2MtiiD4uVQxF9yzL6CRTm-XU6hfZXrQo1M0lJfNAIUpDphYLbJMWcDh8H0AjnWeAfw3Th1ApIC85spjzGFGgEFWFx4U1TPI0uCEHnEVOt9Uez6OWHihWHRIpP1y5OGF0gypV3pVFl2IlyQwzCwJSvFgb3OkNMbgK7qYWoLd6-lUf-SZ-YqBtA-eG4wcgpHnwutbsLYU98kK2NGzVzESDUu3QmmLctwywNUyKAktr8phOf6i2HaJRFq8n-cAeEybURfWz74rqKkf9VHndIVpm4_ialzIGcS5Rk7UM4pz_NKtC5zYo-rnGjBP0MrzECr12tik9zd1tGUGzG3dWjMYtSQ HTTP/1.1 Host: url.us.m.mimecastprotect.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: na
Source: global traffic	HTTP traffic detected: GET /v2/url?u=https-3A__t.nypost.com_1_e_r-3Faqet-3Dclk-26r-3D7-26ca-3D35203357-26v0-3Dnoreply-2540pnc.com-26uu-3D65ea915e31188d84ac041994-26ru-3D-2568-2574-2574-2570s-253a-252f-252fqubedigital.co.za-252fcgi&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=yi6Elrg1UikbG_FjMcutUaSmsm_T9npse25g8uldqNs&m=89Vxuk-xPoQaQ3peXHSv5sMxJxKdeoAFHWoG7mwKzskgLMdO_yOybbhTg7hSJFnR&s=kdoLdwMkfyWPoRbtWIuExKGBdA77RBMhN5mUFspeTfM&e= HTTP/1.1 Host: urldefense.proofpoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/e/r?aqet=clk&r=7&ca=35203357&v0=noreply%40pnc.com&uu=65ea915e31188d84ac041994&ru=%68%74%74%70s%3a%2f%2fqubedigital.co.za%2fcgi HTTP/1.1 Host: t.nypost.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi HTTP/1.1 Host: qubedigital.co.za Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cgi/ HTTP/1.1 Host: qubedigital.co.za Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://qubedigital.co.za/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=88036502e961c3fd HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_rt_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://xdocusigniusmmxx.smumsmd.ws sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=88036511fdd041ed HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/88036511fdd041ed/1715107819613/43dea44781d524fab0c0caf6bddfed41babc94905b20777db55e1a2e96faa7ef/86Q5eGi8X09geae HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /jq/22e5b4c111b0108bba7ee46e2d40390f663a7802b65ca HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /boot/22e5b4c111b0108bba7ee46e2d40390f663a7802b65cf HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /js/22e5b4c111b0108bba7ee46e2d40390f663a7802b65d0 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /APP-22e5b4c111b0108bba7ee46e2d40390f663a78044d157/22e5b4c111b0108bba7ee46e2d40390f663a78044d158 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global traffic	DNS traffic detected: DNS query: t.nypost.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: qubedigital.co.za
Source: global traffic	DNS traffic detected: DNS query: xdocusigniusmmxx.smumsmd.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=4UFqObZ6wOKdxI6J7b0vAENM6N1gI6NO1XZlZVANMJJV84utxYbNeaIiGUO8cTkACYZVy6%2BZBX6oIjkxeR87jfNuJJC510BpUQg9HUV2L3Hc%2Fi8eft2yol0hchW4D%2FHDJjxufE9yiScNB0eCu4Q%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 424 Content-Type: application/reports+json User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16654 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: h25ToL0JF5S4ORyB4Tg52JwPiQd7XTz5qxjTHW/3UkyXVW9MmGnIrhDKOalOJtKxhEfUv6mMH4A2vagOiFugCERI8mndEy9ZmXObT+nWqpZeNDG2dnG7CJbd/Jt544krmSIULCQyMdw1gCBBFidE0w==$7j6k7uQaAVMRpWmIxNmZJQ== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16831 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: +wAOXa9MvwXtYgqN8SqjosjbPSE23Pj3bXVB9WXh4o/5s8/HG0En+XiiAQOe7z40r75EU2X9XBBDVSH6zb2RGzs2sVctEMUzHsN3phYKJWdcEo4l2tuT0PkNj4YUzQsmugZcCSkrD04m1y/L4NZfGA==$d1XngNvez87KLFWwe9L3Iw== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16810 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: /g3eHXe2YVudpuq8MKnvQ9DpU2DzTmeL1sz6RTBkjArOTnzxU3g5QA5M3Ihcl8W2h7rzEcZ4eoSqceCdqLtfzNFSggGl2D1e3KqpwBqN4MR/QPajtux6Ppq85a+DYHrRTpPRQpVsrMizYucgX/ZAkw==$djvoweBuusQ57a9SM9Wa0w== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16917 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: UHkOP/SHHaz+U2Ovt7hVwmIcR4cfS0aYAZmLYoVZ0JevHfuRfHvSKc25Yj/uCGoht/wm2QPD3qOO13/UOpkEkP1ITUVcjlgQXXd61iZwmB7OquJZeAXOO0DndcXBt/Q2U2yZ7MyQhi7h/pAwCWvPAA==$H8dMNil8WaGcUfIygvYNSA== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found Date: Tue, 07 May 2024 18:50:44 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFqUPfCGHPQkMK9pTYQOawt1xkcZocJ%2BR0T2y6QExZWjrm%2BshC7QomQBYT%2FQe42r7OlSMmH3bwTPCz%2FeGSOg%2Fkx5D%2BJP1rzmqkJVq4S%2BMkudzgBRugCJ3GfA8xcd9p7ZYCi83vwUiWduMixrzd4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 880365ba1dac4338-EWR alt-svc: h3=":443"; ma=86400

Source: chromecache_59.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_59.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_59.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_58.2.dr	String found in binary or memory: https://xdocusigniusmmxx.smumsmd.ws

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749

Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49718 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.troj.win@22/36@24/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1688,i,15979487103102753842,16946115535192250729,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1688,i,15979487103102753842,16946115535192250729,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.80.100	www.google.com	United States	15169	GOOGLEUS	false
207.211.31.113	url.us.m.mimecastprotect.com	United States	14135	NAVISITE-EAST-2US	false
196.41.127.164	qubedigital.co.za	South Africa	36874	CybersmartZA	false
172.67.152.82	xdocusigniusmmxx.smumsmd.ws	United States	13335	CLOUDFLARENETUS	true
104.17.3.184	unknown	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.6.56.188	urldefense.com	United States	14618	AMAZON-AESUS	false
18.164.96.98	t2.nypost.com	United States	3	MIT-GATEWAYSUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
104.17.2.184	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.17
192.168.2.7

Contacted Domains

Name	IP	Active
t2.nypost.com	18.164.96.98	true
qubedigital.co.za	196.41.127.164	true
bg.microsoft.map.fastly.net	199.232.210.172	true
a.nel.cloudflare.com	35.190.80.1	true
url.us.m.mimecastprotect.com	207.211.31.113	true
urldefense.com	52.6.56.188	true
xdocusigniusmmxx.smumsmd.ws	172.67.152.82	true
challenges.cloudflare.com	104.17.2.184	true
www.google.com	142.250.80.100	true
fp2e7a.wpc.phicdn.net	192.229.211.108	true
t.nypost.com	unknown	unknown
urldefense.proofpoint.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://xdocusigniusmmxx.smumsmd.ws/	true		unknown
https://xdocusigniusmmxx.smumsmd.ws/favicon.ico	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/js/22e5b4c111b0108bba7ee46e2d40390f663a7802b65d0	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907	false		high
https://xdocusigniusmmxx.smumsmd.ws/boot/22e5b4c111b0108bba7ee46e2d40390f663a7802b65cf	false	Avira URL Cloud: safe	unknown
https://t.nypost.com/1/e/r?aqet=clk&r=7&ca=35203357&v0=noreply%40pnc.com&uu=65ea915e31188d84ac041994&ru=%68%74%74%70s%3a%2f%2fqubedigital.co.za%2fcgi	false		high
https://qubedigital.co.za/cgi	false		high
https://xdocusigniusmmxx.smumsmd.ws/jq/22e5b4c111b0108bba7ee46e2d40390f663a7802b65ca	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/ASSETS/img/sig-op.svg	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/1	false	Avira URL Cloud: safe	unknown
https://qubedigital.co.za/cgi/	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/88036511fdd041ed/1715107819613/43dea44781d524fab0c0caf6bddfed41babc94905b20777db55e1a2e96faa7ef/86Q5eGi8X09geae	false		high
https://a.nel.cloudflare.com/report/v4?s=YTywhChyeCuLWRV76hdE7urFstSWnKUGm8ZLOkGicO9JUm0HLGHBuFj%2FZxiGO8hYJfvhB50FrK2fqBksl%2FPiOZIlNBinAiAG5fjLg%2FY2rNsW6JtTGpwr5DK%2FdUFmFpypeLAgeBJJICuPwQphFpI%3D	false		high
https://xdocusigniusmmxx.smumsmd.ws/o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e	false	Avira URL Cloud: safe	unknown
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com	true		unknown
https://xdocusigniusmmxx.smumsmd.ws/ASSETS/img/m_.svg	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=88036502e961c3fd	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	false		high
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153#	true		unknown
https://a.nel.cloudflare.com/report/v4?s=4UFqObZ6wOKdxI6J7b0vAENM6N1gI6NO1XZlZVANMJJV84utxYbNeaIiGUO8cTkACYZVy6%2BZBX6oIjkxeR87jfNuJJC510BpUQg9HUV2L3Hc%2Fi8eft2yol0hchW4D%2FHDJjxufE9yiScNB0eCu4Q%3D	false		high
https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153	true		unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false		high
https://a.nel.cloudflare.com/report/v4?s=eXlla%2F4dDt1lYwMOWCDPEgeddxxrMADD4INPXashkyWxIOh%2FvXE9wFLPEfqY5M2XAQ87KMToSPvxi8zvWdjXwg3I3b3%2FvFDj7fRUP57GvFQhXeR53BpooB3dwOAtU3ugwoNl3jM4fRphZxMU0q0%3D	false		high
https://xdocusigniusmmxx.smumsmd.ws/cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105	false	Avira URL Cloud: safe	unknown
https://xdocusigniusmmxx.smumsmd.ws/APP-22e5b4c111b0108bba7ee46e2d40390f663a78044d157/22e5b4c111b0108bba7ee46e2d40390f663a78044d158	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS	false		high
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=88036511fdd041ed	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 54	ASCII text, with very long lines (65536), with no line terminators	8E6B0F88563F9C33F78BCE65CF287DF7	EF7765CD2A7D64ED27DD7344702597AFF6F8C397	A7057BEBFFF43E7281CA31DA00D40BD88C8D02D1576B9C45891DD56A3853269A
Chrome Cache Entry: 55	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 56	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 57	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 58	HTML document, ASCII text, with CRLF line terminators	136FBA12DCF358EF332F68E98C4576D5	8CF0E9E9E623B1D83FEA34B65E9900B6CB4FA9ED	53C96BC99B2DF50142AD15A61821BDC84ED0EFA48F23B772F092A380DCB856C8
Chrome Cache Entry: 59	ASCII text, with very long lines (50758)	67176C242E1BDC20603C878DEE836DF3	27A71B00383D61EF3C489326B3564D698FC1227C	56C12A125B021D21A69E61D7190CEFA168D6C28CE715265CEA1B3B0112D169C4
Chrome Cache Entry: 60	ASCII text, with very long lines (7043), with no line terminators	B6C202188699B897BB727A68EDD24665	FF3B891E06C983DCA277C1D7D874C8EB8084EB96	184A034CB9202937BF012AFF8C81E0747B7CA8F8F9E6115556FDB09D5BAEC419
Chrome Cache Entry: 61	ASCII text, with very long lines (42565)	A5B92920E25651D2058F4982A108347B	CAEEADD68D38FDB681C52006C68880ABC2E8A1A6	49A5ABEDF03EB8AD9A66ECA7C5CCB8E59A440E06958E1E7B71D078F494178DC5
Chrome Cache Entry: 62	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 63	PNG image data, 5 x 56, 8-bit/color RGB, non-interlaced	943068BF6503099A38092BDC3A4D808C	CE08DC5FA6B667925F3528F8315CCBC235D01146	4E6C90BA4D25F87695BC8E8AD8296202E08605499F848F89DC71FCC333533021
Chrome Cache Entry: 64	ASCII text, with no line terminators	011B17B116126E6E0C4A9B0DE9145805	DF63A6EB731FFCE96F79802EFF6D53D00CDA42BC	3418E6E704387A99F1611EB7BB883328A438BA600971E6D692E8BEA60F10B179
Chrome Cache Entry: 65	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 66	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 67	PNG image data, 5 x 56, 8-bit/color RGB, non-interlaced	943068BF6503099A38092BDC3A4D808C	CE08DC5FA6B667925F3528F8315CCBC235D01146	4E6C90BA4D25F87695BC8E8AD8296202E08605499F848F89DC71FCC333533021
Chrome Cache Entry: 68	HTML document, ASCII text	A34AC19F4AFAE63ADC5D2F7BC970C07F	A82190FC530C265AA40A045C21770D967F4767B8	D5A89E26BEAE0BC03AD18A0B0D1D3D75F87C32047879D25DA11970CB5C4662A3
Chrome Cache Entry: 69	SVG Scalable Vector Graphics image	BC3D32A696895F78C19DF6C717586A5D	9191CB156A30A3ED79C44C0A16C95159E8FF689D	0E88B6FCBB8591EDFD28184FA70A04B6DD3AF8A14367C628EDD7CABA32E58C68
Chrome Cache Entry: 70	SVG Scalable Vector Graphics image	EE5C8D9FB6248C938FD0DC19370E90BD	D01A22720918B781338B5BBF9202B241A5F99EE4	04D29248EE3A13A074518C93A18D6EFC491BF1F298F9B87FC989A6AE4B9FAD7A
Chrome Cache Entry: 71	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93
Chrome Cache Entry: 72	ASCII text, with very long lines (32065)	2F6B11A7E914718E0290410E85366FE9	69BB69E25CA7D5EF0935317584E6153F3FD9A88C	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
Chrome Cache Entry: 73	HTML document, ASCII text, with very long lines (4020)	24B1B03D72557D63E49CF5EEC6E02F1D	BC4EEAB34D23F65E5B57D5EF9006FE030472210B	F7155B0F132AF83467FF03BDC9C136BF217582D697A37F125918C5AD25874F20
Chrome Cache Entry: 74	SVG Scalable Vector Graphics image	4E48046CE74F4B89D45037C90576BFAC	4A41B3B51ED787F7B33294202DA72220C7CD2C32	8E6DB1634F1812D42516778FC890010AA57F3E39914FB4803DF2C38ABBF56D93

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

Multimodal LLM detected phishing page

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

Phishing site detected (based on image similarity)

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153	Matcher: Template: microsoft matched
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153#	Matcher: Template: microsoft matched

HTML body contains low number of good links

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Number of links: 0

HTML page contains hidden URLs or javascript code

Source: https://xdocusigniusmmxx.smumsmd.ws/

HTTP Parser: Base64 decoded: https://xdocusigniusmmxx.smumsmd.ws/

HTML title does not match URL

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Title: 9acf646143953d89964fd759edbe72f5663a78022f12c does not match URL

Invalid 'sign-in options' or 'sign-up' link found

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: Invalid link: get a new Microsoft account

Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal	HTTP Parser: No favicon
Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153	HTTP Parser: No favicon

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: No <meta name="author".. found

Source: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153

HTTP Parser: No <meta name="copyright".. found

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0

Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49718 version: TLS 1.2

Uses insecure TLS / SSL version for HTTPS connection

Source: unknown

HTTPS traffic detected: 104.98.116.138:443 -> 192.168.2.7:49749 version: TLS 1.0

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 104.118.8.139
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	TCP traffic detected without corresponding DNS query: 20.50.201.200
Source: unknown	TCP traffic detected without corresponding DNS query: 104.98.116.138
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com HTTP/1.1 Host: url.us.m.mimecastprotect.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/7859ocG_n1us91ZBzUxyTAKirQKmGTyoGrJXHcVpSVamRO2ayBGcq6J8Zt9oREVkVR1ReK7Mk7_IC6Q7bXs4Ik97IywtBE7c8NTD7h_7fUD_ofWr24-D9rP0cCZRCgHD3Q-_nlXOK7rXDdT4MRAecBZLIQZE_ExW7UXxBo6jz8pHYMVtBIJiOqIpPxV6ZJOYVo-gV9MOXmqlg0X4OjTzaCw2hlhhdOYqHnp404xRF-hjRcSULBemtDGwKb9JFvDSlIQpRU1MZrf6zegv8s7RCngsJ8bpl0EeHgILiXjYll46oX9n_nNS7l_F9IKhIKJdqCK9aGQKUMb_ciruT-JLMxh-iCblTTfIpK8zTu7OAQBgD8zvnCkWQKV6Spgf6T3dVR4hO_mrPZxTs1--Kcq27OSMTIwLUpG_Z-ok0mlKJlvUXUNeTtalE5sdLLauNev2sUTLGeZriCjyJKFmnnM3SdPTn31H6oYXE-3Isf0ZKpDrECs6f8w28WVqFwvbaZA2Aly-q_DZty2wxCqKUSDe2CmSpua39itg6h2tJAW2qgJuVHiG5aGARR8ghkSZU12Afnk7N4ndKV4WbT8SUPFm8UrYwB21XmiRjqQN0kstQ0RXMH8HNV1ay9_XYPGhZaIWPlY8oMMAQ4lZw1YmF3ecjLBt33z0SbHvR8VvRKKNKThFXNG-OXR4Mm-SNt_VMFGopjsWmyxNRt6xUSNqSZP4oG8pIjWx1bwGawKj3gyMFfE93Zt2K7-9voZUuUqYP0nc8lPidc7tAL5oKrIghpkmqDfkftCXGi5ItzxBWlaXiNHHPe52EFSTkynnrISvRvRZGVN57TBAr_7S433x23XRmIJqziC_VJb39L3d6Uf75Wy-8SeZDPFkg17dNzXWEEtWKDGrcKAV3q1Mo6-VEzZBb5z2_NMsa47WtbJmyqDN-9i000f5MDPwUMdVdz_Oq6Bilo5NC8ynmq0rYNeKhM9IP5Xj2tLc7Z7hvG7QLlob4anfjJba1IZLb925kmCUYgKMVLGi0P1HtnrpaUCmu2zW8m0syM5IS4aAruwTtlMZh2B3e-BLOi5byJOmj3WBu30HXHx5ia2TnDF11pSluhGCooWXJJvRHiptCkZ181tTjOj7MsRLhy3gmb61ZW1svrbRskIxg3vh1eIPQ6wkiveaf-aYrie_ZUyX1i2dOJGtKgx0uir0wQD0cxn01Tgb44_X7f_nDbRDASbHE3_Wo1jNNuyuWxlyNbM0G0Q9DXo-HI1nTZUkCK-4mcABf0wifP2HAHPN97Bo0ju7A1qkiiM0hwQ6z5IMvTrwVFxLzS1uOerqUjJq0ZQEPm9nX8gjhLPg9ecrX8uDiVPkc32mlpKFhGUYsRE86DxeRcI15d3a0lAEuO_UrrSxDvPQpALS52SCTtKq5FR20-ULaANEAlePqTSvL7phlWh0bWDdknZzLI1E6IT739or8G15Sj_Ce019WbPWZdtm_wQefPzhP8ZO6ZG5bBUxPRPGknJ2qt2XNH_ORg8N_XFgYQUIt3aUQvwdMfIQb922Myjt038RAVyMR_XDnMQCbYNJp2-fiPtPIGrRZbLjhnF2vW8Mk4BjVSgT_rQ2DLUZCsIk_Kubb3ViKEHicVWX1Q4Ax5YDkt9GZwGheX9Dt7paArJBdDBGWMz6rzWkrkbV83k2rD3FK1k7YjqgOlRpiGxq3ZrCdjMqHpwbPrCYgY-hgRMQxiB3wwMsTI6ifR5mR-elvhGRXF4Ps8If-yZ_gYnm0sPOagH5zAT42OZ5sxXb1Z-l-QRE7fQdRfYRpbhD4CDRCnSwjknrzTyUXvMqwWEBgOixNx2ILxdyl88pfCT4_4nO-CBONqUxIF4OG8r1J25e4SksO3hcdbPs1zLI-KZyDUCvQXcXDviHby6qkCaKb4Ve0ZSpUm7Zd5vQ3cyPtLrFIQsoCxqPy_uEyn_-M-3tm-YoVglRulFaeQzOh2nsoT_dsoofvy0BCH02lDXW8ZdwAN-5eRtOyFVgwfYXa7IjWsndOayh0yb5AvmmTCX71TYQfUxOT-vHQxRMyvL0mLCZopwuaikf3GA0OGsQhAypN-2IISPk2MhYOarZWXJNXOlgYwB8tyvv_j6CQOglZILzl3lKfMDa7ZJsWTyeKbyMV_ZGX9o_8WfAtXk-JVz8hrEM1kXPdg6_KlGlYx4qmjwt-sSkKEkFYcsr3Z5SgNSWXycTMMpjIKldkW1NGoUkYvITqMhBOSEA2MtiiD4uVQxF9yzL6CRTm-XU6hfZXrQo1M0lJfNAIUpDphYLbJMWcDh8H0AjnWeAfw3Th1ApIC85spjzGFGgEFWFx4U1TPI0uCEHnEVOt9Uez6OWHihWHRIpP1y5OGF0gypV3pVFl2IlyQwzCwJSvFgb3OkNMbgK7qYWoLd6-lUf-SZ-YqBtA-eG4wcgpHnwutbsLYU98kK2NGzVzESDUu3QmmLctwywNUyKAktr8phOf6i2HaJRFq8n-cAeEybURfWz74rqKkf9VHndIVpm4_ialzIGcS5Rk7UM4pz_NKtC5zYo-rnGjBP0MrzECr12tik9zd1tGUGzG3dWjMYtSQ HTTP/1.1 Host: url.us.m.mimecastprotect.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: na
Source: global traffic	HTTP traffic detected: GET /v2/url?u=https-3A__t.nypost.com_1_e_r-3Faqet-3Dclk-26r-3D7-26ca-3D35203357-26v0-3Dnoreply-2540pnc.com-26uu-3D65ea915e31188d84ac041994-26ru-3D-2568-2574-2574-2570s-253a-252f-252fqubedigital.co.za-252fcgi&d=DwMGaQ&c=euGZstcaTDllvimEN8b7jXrwqOf-v5A_CdpgnVfiiMM&r=yi6Elrg1UikbG_FjMcutUaSmsm_T9npse25g8uldqNs&m=89Vxuk-xPoQaQ3peXHSv5sMxJxKdeoAFHWoG7mwKzskgLMdO_yOybbhTg7hSJFnR&s=kdoLdwMkfyWPoRbtWIuExKGBdA77RBMhN5mUFspeTfM&e= HTTP/1.1 Host: urldefense.proofpoint.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /1/e/r?aqet=clk&r=7&ca=35203357&v0=noreply%40pnc.com&uu=65ea915e31188d84ac041994&ru=%68%74%74%70s%3a%2f%2fqubedigital.co.za%2fcgi HTTP/1.1 Host: t.nypost.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cgi HTTP/1.1 Host: qubedigital.co.za Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cgi/ HTTP/1.1 Host: qubedigital.co.za Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://qubedigital.co.za/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=88036502e961c3fd HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_rt_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/ce7818f50e39/api.js?onload=Ialy2&render=explicit HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Origin: https://xdocusigniusmmxx.smumsmd.ws sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: iframe Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=88036511fdd041ed HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/ Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/88036511fdd041ed/1715107819607/JAB62xafV1duHrS HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/88036511fdd041ed/1715107819613/43dea44781d524fab0c0caf6bddfed41babc94905b20777db55e1a2e96faa7ef/86Q5eGi8X09geae HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive Cache-Control: max-age=0 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/huen0/0x4AAAAAAADnPIDROrmt1Wwj/light/normal Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/143092460:1715106335:6Gw8KaIj7os7kt6oOCLotTvfnJSoi5aQNMJKPJaHyoo/88036511fdd041ed/426cb81ad846907 HTTP/1.1 Host: challenges.cloudflare.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/2098344450:1715106462:QtPl_uLk5TRlAxlUCHH-WVGFp67NUZ0WIw1BXth90DQ/88036502e961c3fd/c40f927b3b54105 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive Cache-Control: max-age=0 Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-arch: "x86" sec-ch-ua-platform: "Windows" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-model: "" sec-ch-ua-bitness: "64" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" Referer: https://xdocusigniusmmxx.smumsmd.ws/?__cf_chl_tk=5jxSlSvy2QtayjSR9B8.UT9.EonzBr_oabuQNhzi62w-1715107814-0.0.1.1-1578 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /jq/22e5b4c111b0108bba7ee46e2d40390f663a7802b65ca HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /boot/22e5b4c111b0108bba7ee46e2d40390f663a7802b65cf HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /js/22e5b4c111b0108bba7ee46e2d40390f663a7802b65d0 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /APP-22e5b4c111b0108bba7ee46e2d40390f663a78044d157/22e5b4c111b0108bba7ee46e2d40390f663a78044d158 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /1 HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-arch: "x86" sec-ch-ua-full-version: "117.0.5938.134" sec-ch-ua-platform-version: "10.0.0" sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.134", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.134" sec-ch-ua-bitness: "64" sec-ch-ua-model: "" sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://xdocusigniusmmxx.smumsmd.ws/44d3ca3eda584b5611e1610a38471977663a78022f152LOG44d3ca3eda584b5611e1610a38471977663a78022f153 Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /o/22e5b4c111b0108bba7ee46e2d40390f663a78044d17e HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d
Source: global traffic	HTTP traffic detected: GET /x/22e5b4c111b0108bba7ee46e2d40390f663a78044d15d HTTP/1.1 Host: xdocusigniusmmxx.smumsmd.ws Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: cf_clearance=ie7FLYJyvT850iWQEuDf9ho09AvHAopNndWLUJtKIgY-1715107814-1.0.1.1-LFMrZPU2AeC.ZriCz2PGB_JyHrNypCaGIhBx5DKK.x1pnsO229FnbkD.njPCqrcOkjhRxfwYOonq5d5oRTXKKQ; PHPSESSID=e4355b37ec7e3d64b9830f3251edc50d

Source: global traffic	DNS traffic detected: DNS query: url.us.m.mimecastprotect.com
Source: global traffic	DNS traffic detected: DNS query: urldefense.proofpoint.com
Source: global traffic	DNS traffic detected: DNS query: t.nypost.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: qubedigital.co.za
Source: global traffic	DNS traffic detected: DNS query: xdocusigniusmmxx.smumsmd.ws
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:14 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16654 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: h25ToL0JF5S4ORyB4Tg52JwPiQd7XTz5qxjTHW/3UkyXVW9MmGnIrhDKOalOJtKxhEfUv6mMH4A2vagOiFugCERI8mndEy9ZmXObT+nWqpZeNDG2dnG7CJbd/Jt544krmSIULCQyMdw1gCBBFidE0w==$7j6k7uQaAVMRpWmIxNmZJQ== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:16 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16831 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: +wAOXa9MvwXtYgqN8SqjosjbPSE23Pj3bXVB9WXh4o/5s8/HG0En+XiiAQOe7z40r75EU2X9XBBDVSH6zb2RGzs2sVctEMUzHsN3phYKJWdcEo4l2tuT0PkNj4YUzQsmugZcCSkrD04m1y/L4NZfGA==$d1XngNvez87KLFWwe9L3Iw== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:19 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16810 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: /g3eHXe2YVudpuq8MKnvQ9DpU2DzTmeL1sz6RTBkjArOTnzxU3g5QA5M3Ihcl8W2h7rzEcZ4eoSqceCdqLtfzNFSggGl2D1e3KqpwBqN4MR/QPajtux6Ppq85a+DYHrRTpPRQpVsrMizYucgX/ZAkw==$djvoweBuusQ57a9SM9Wa0w== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 Forbidden Date: Tue, 07 May 2024 18:50:41 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 16917 Connection: close Accept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UA Cross-Origin-Embedder-Policy: require-corp Cross-Origin-Opener-Policy: same-origin Cross-Origin-Resource-Policy: same-origin Origin-Agent-Cluster: ?1 Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=() Referrer-Policy: same-origin X-Frame-Options: SAMEORIGIN cf-mitigated: challenge cf-chl-out: UHkOP/SHHaz+U2Ovt7hVwmIcR4cfS0aYAZmLYoVZ0JevHfuRfHvSKc25Yj/uCGoht/wm2QPD3qOO13/UOpkEkP1ITUVcjlgQXXd61iZwmB7OquJZeAXOO0DndcXBt/Q2U2yZ7MyQhi7h/pAwCWvPAA==$H8dMNil8WaGcUfIygvYNSA== Cache-Control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Expires: Thu, 01 Jan 1970 00:00:01 GMT
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not Found Date: Tue, 07 May 2024 18:50:44 GMT Content-Type: text/html; charset=iso-8859-1 Transfer-Encoding: chunked Connection: close Cache-Control: max-age=14400 CF-Cache-Status: MISS Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=SFqUPfCGHPQkMK9pTYQOawt1xkcZocJ%2BR0T2y6QExZWjrm%2BshC7QomQBYT%2FQe42r7OlSMmH3bwTPCz%2FeGSOg%2Fkx5D%2BJP1rzmqkJVq4S%2BMkudzgBRugCJ3GfA8xcd9p7ZYCi83vwUiWduMixrzd4%3D"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800} Server: cloudflare CF-RAY: 880365ba1dac4338-EWR alt-svc: h3=":443"; ma=86400

Source: chromecache_59.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_59.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_59.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_58.2.dr	String found in binary or memory: https://xdocusigniusmmxx.smumsmd.ws

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49763 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49721
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49721 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749

Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49717 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.118.8.139:443 -> 192.168.2.7:49718 version: TLS 1.2

Source: classification engine

Classification label: mal76.phis.troj.win@22/36@24/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1688,i,15979487103102753842,16946115535192250729,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=1688,i,15979487103102753842,16946115535192250729,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Automated click: Next

Source: Window Recorder

Window detected: More than 3 window changes detected

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 2.6.pages.csv, type: HTML
Source: Yara match	File source: 3.7.pages.csv, type: HTML

ID:	1437723
Product:	CloudBasic
Start time:	20:49:11
Start date:	07.05.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Data Obfuscation

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://url.us.m.mimecastprotect.com/s/NqNQClYX45S1PxGimFEoZ?domain=urldefense.proofpoint.com