Windows Analysis Report
https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss

Overview

General Information

Sample URL: https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtsle
Analysis ID: 1445850
Infos:

Detection

HtmlDropper, HTMLPhisher
Score: 88
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Yara detected Html Dropper
Yara detected HtmlPhish10
AI detected suspicious javascript
Phishing site detected (based on logo match)
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
HTML body contains low number of good links
HTML page contains hidden URLs or javascript code
HTML title does not match URL
Invalid 'sign-in options' or 'sign-up' link found

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss Avira URL Cloud: detection malicious, Label: phishing
Antivirus detection for URL or domain
Source: https://gth.miconlinestickbu.store/boot/617b5a702a34daddd03071650f95cbe6664e0aa35f139 Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=887db9822f538c41 Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/jq/617b5a702a34daddd03071650f95cbe6664e0aa35f135 Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/ASSETS/img/sig-op.svg Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/1 Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/cdn-cgi/challenge-platform/h/b/flow/ov1/364841505:1716387000:8tvraBwrX2ERNb1OqE2uDzGzv0lTgOfSzC-a3cgAOkk/887db9822f538c41/18215035ea345db Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/favicon.ico Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/js/617b5a702a34daddd03071650f95cbe6664e0aa35f13a Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/ASSETS/img/m_.svg Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/o/617b5a702a34daddd03071650f95cbe6664e0aa557579 Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/APP-617b5a702a34daddd03071650f95cbe6664e0aa557459/617b5a702a34daddd03071650f95cbe6664e0aa55745b Avira URL Cloud: Label: phishing
Source: https://gth.miconlinestickbu.store/x/617b5a702a34daddd03071650f95cbe6664e0aa557460 Avira URL Cloud: Label: phishing

Phishing
barindex
AI detected phishing page
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 LLM: Score: 9 brands: Microsoft Reasons: The URL 'https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760' is highly suspicious as it does not match the legitimate domain name associated with Microsoft, which is typically 'microsoft.com' or 'live.com'. The presence of a login form on a suspicious domain is a common phishing tactic. The URL and the use of social engineering techniques (mimicking a legitimate Microsoft login page) strongly indicate that this is a phishing site. DOM: 3.9.pages.csv
Yara detected HtmlPhish10
Source: Yara match File source: 3.9.pages.csv, type: HTML
Source: Yara match File source: 4.10.pages.csv, type: HTML
AI detected suspicious javascript
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 LLM: Score: 9 Reasons: The provided JavaScript code exhibits several characteristics commonly associated with malicious behavior: 1) It uses obfuscation techniques, making it difficult to understand the code's true purpose. 2) It includes functions that dynamically execute code, which can be used to inject and run arbitrary scripts. 3) It manipulates the DOM in ways that could be used to alter webpage content or steal user information. These factors collectively indicate a high risk of the code being malicious. DOM: 3.9.pages.csv
Phishing site detected (based on logo match)
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 Matcher: Template: microsoft matched
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760# Matcher: Template: microsoft matched
HTML body contains low number of good links
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: Number of links: 0
HTML page contains hidden URLs or javascript code
Source: https://gth.miconlinestickbu.store/ HTTP Parser: Base64 decoded: https://gth.miconlinestickbu.store/
HTML title does not match URL
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: Title: 1f8baaf15ca8c77c903b374fbfc9f021664e0aa26f736 does not match URL
Invalid 'sign-in options' or 'sign-up' link found
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: Invalid link: get a new Microsoft account
Source: https://gth.miconlinestickbu.store/ HTTP Parser: No favicon
Source: https://gth.miconlinestickbu.store/ HTTP Parser: No favicon
Source: https://gth.miconlinestickbu.store/ HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP Parser: No favicon
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: No favicon
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: No <meta name="author".. found
Source: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49749 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:49765 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: vakspecialisten.store to https://gth.miconlinestickbu.store
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: vakspecialisten.store to https://gth.miconlinestickbu.store
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 2.19.244.127
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown TCP traffic detected without corresponding DNS query: 93.184.221.240
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /noki/x-cp-Ruytfvb6hnx.php HTTP/1.1Host: vakspecialisten.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://url12.mailanyone.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://url12.mailanyone.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /noki/x-cp-Ruytfvb6hnx.php HTTP/1.1Host: vakspecialisten.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://url12.mailanyone.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://url12.mailanyone.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=887db9822f538c41 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gth.miconlinestickbu.store/?__cf_chl_rt_tk=H7Kss6sfscBU7.EIkr.rv_soEijdzH_mBbfnGlV9NZE-1716390538-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /turnstile/v0/b/695da7821231/api.js?onload=gayxv3&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://gth.miconlinestickbu.storesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/364841505:1716387000:8tvraBwrX2ERNb1OqE2uDzGzv0lTgOfSzC-a3cgAOkk/887db9822f538c41/18215035ea345db HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=887db996294478e1 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1564193166:1716387281:lZ0loq2aY3ZcNtXwgsQeLDV2LUjFlVl_FzsscFgqUA0/887db996294478e1/e2c69a9cf6a5b67 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/887db996294478e1/1716390545214/yhIQ4Kim04yJILu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/887db996294478e1/1716390545214/yhIQ4Kim04yJILu HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/887db996294478e1/1716390545215/fdcd7d549205ee077dcead15de05e39851605c03eb2db3a456277fbb95e594a1/I2uC-N-gD_nQrj8 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normalAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1564193166:1716387281:lZ0loq2aY3ZcNtXwgsQeLDV2LUjFlVl_FzsscFgqUA0/887db996294478e1/e2c69a9cf6a5b67 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1564193166:1716387281:lZ0loq2aY3ZcNtXwgsQeLDV2LUjFlVl_FzsscFgqUA0/887db996294478e1/e2c69a9cf6a5b67 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/?__cf_chl_tk=H7Kss6sfscBU7.EIkr.rv_soEijdzH_mBbfnGlV9NZE-1716390538-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/364841505:1716387000:8tvraBwrX2ERNb1OqE2uDzGzv0lTgOfSzC-a3cgAOkk/887db9822f538c41/18215035ea345db HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Referer: https://gth.miconlinestickbu.store/?__cf_chl_tk=H7Kss6sfscBU7.EIkr.rv_soEijdzH_mBbfnGlV9NZE-1716390538-0.0.1.1-1578Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /jq/617b5a702a34daddd03071650f95cbe6664e0aa35f135 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /boot/617b5a702a34daddd03071650f95cbe6664e0aa35f139 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /js/617b5a702a34daddd03071650f95cbe6664e0aa35f13a HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /APP-617b5a702a34daddd03071650f95cbe6664e0aa557459/617b5a702a34daddd03071650f95cbe6664e0aa55745b HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /o/617b5a702a34daddd03071650f95cbe6664e0aa557579 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /1 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /x/617b5a702a34daddd03071650f95cbe6664e0aa557460 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=1T3jP4zcM.nm3vaN62KsCJ1oWLjYSmxnj8rkYXhkm0E-1716390538-1.0.1.1-Iw.lyUt5.YczPJHNyKtmQ9_Nf35oRLReP.QZn35uRlB2DnMwMJhjioFbak4ZzU7c51agIePjafNSrdiqZFqUDg; PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /o/617b5a702a34daddd03071650f95cbe6664e0aa557579 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /ASSETS/img/m_.svg HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /ASSETS/img/sig-op.svg HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic HTTP traffic detected: GET /x/617b5a702a34daddd03071650f95cbe6664e0aa557460 HTTP/1.1Host: gth.miconlinestickbu.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=40526b412e3f7a3670e1fffe72385dfd
Source: global traffic DNS traffic detected: DNS query: url12.mailanyone.net
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: vakspecialisten.store
Source: global traffic DNS traffic detected: DNS query: gth.miconlinestickbu.store
Source: global traffic DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic DNS traffic detected: DNS query: challenges.cloudflare.com
Source: unknown HTTP traffic detected: POST /report/v4?s=qVRIKX92qaRfJ6gaBUntmAPdh1Gwu3PvCRc3bNwsPhnTsilQ5DZU4Um%2B7FhcPbmw5rS%2FuybWvO1YxIIbCiiaJDTmsIr9eqHJy%2FRBl67sy9FO5QyJv%2Bk9%2FbuWnA4%2BsCQk4oY9veVPX4QDP0cfbw%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 424Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:08:57 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16383Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:08:58 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16511Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:00 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16517Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:01 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: RWt2qZVk0h6ezYHtIt98iw==$reBoh9UpakQ4wt1GrQD76Q==Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=7XhwEhYTxMvsDY35X5QZTkQWLMJ9FuNau1Y3uvFo1auFMFx8%2BMI10Yy5zjtoritLWg1E8O1YOgGjjGOrORADfPAfryZSVp8KYP%2F1PxSn5x0%2FHYuKlD04MGzWqGVUkYUjQrHA5bECZKc0Hb1Rzg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 887db9963f7a7c88-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:05 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16517Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:06 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: FkcWwgb7Dmw4e4VjAaLhkw==$gBZq9TbKZoi7EXeoZfxJLA==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 887db9b30ca1c33c-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:10 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: upV0u8LWBx9GG+Y4JnyFXw==$Nr7rovYGjbl54dOQs4y8Uw==Server: cloudflareCF-RAY: 887db9cb895e1931-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:21 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 4N/RKs4bS7wOS1lhihDNLA==$IeKueMfJ5cyZ0qJNrMlr1w==Server: cloudflareCF-RAY: 887dba11bc3e1784-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:22 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16602Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: 5ihPIvxpIY502NWrVRFIkQ==$3sUoyaqXS5Vl1MxQFh8mEQ==cache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=o2iigghEMeYTGuaF1BuccKlUpSQ9xH6cMjb9kHi7hIKWnr75opPpVg8iu%2FyCryREZKnbQIb%2BjLO2jAMBHWemSQeiALv%2FsmU9OaZVk6C5H6ComXEA4DAkZccKeLU8UixCh8pd3rlv6LcUknM1aw%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 887dba154bc443bf-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 22 May 2024 15:09:25 GMTContent-Type: text/html; charset=iso-8859-1Transfer-Encoding: chunkedConnection: closeCache-Control: max-age=14400CF-Cache-Status: MISSReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=p5vo4OVo4zWhkyQClFNRSBqmDHkroGg4kkZ8WvPgkQryvEPB%2B%2BiRaxcXE6pP94ovxajWINn1bZHUvGnC6IT0uGywUf0arU7%2Fqf4nFyPWHax5x0Igm2fMHrFGLbX0EcIEiZb9L19mbCAQ%2FhbOmg%3D%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 887dba289bc842b0-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:26 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16151Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16527Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16294Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:27 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16310Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 22 May 2024 15:09:28 GMTContent-Type: text/html; charset=UTF-8Content-Length: 16506Connection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: chromecache_80.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_80.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_80.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49820 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49806 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49823 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49819 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49822 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49823
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49822
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49821
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49820
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49819
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49818
Source: unknown Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49809
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49806
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49809 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49818 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown HTTPS traffic detected: 2.19.244.127:443 -> 192.168.2.4:49749 version: TLS 1.2
Source: classification engine Classification label: mal88.phis.troj.win@21/58@24/8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2124,i,15610489227219973770,6492909471332572734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2252 --field-trial-handle=2124,i,15610489227219973770,6492909471332572734,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected

Data Obfuscation
barindex
Yara detected Html Dropper
Source: Yara match File source: 3.9.pages.csv, type: HTML
Source: Yara match File source: 4.10.pages.csv, type: HTML
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1445850 URL: https://url12.mailanyone.ne... Startdate: 22/05/2024 Architecture: WINDOWS Score: 88 24 Antivirus detection for URL or domain 2->24 26 Antivirus / Scanner detection for submitted sample 2->26 28 AI detected phishing page 2->28 30 4 other signatures 2->30 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.4, 138, 443, 49672 unknown unknown 6->14 16 239.255.255.250 unknown Reserved 6->16 11 chrome.exe 6->11         started        process5 dnsIp6 18 gth.miconlinestickbu.store 104.21.21.44, 443, 49770, 49773 CLOUDFLARENETUS United States 11->18 20 www.google.com 142.250.185.132, 443, 49742, 49819 GOOGLEUS United States 11->20 22 5 other IPs or domains 11->22
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
104.21.21.44
 gth.miconlinestickbu.store United States
13335 CLOUDFLARENETUS true
172.67.146.167
 vakspecialisten.store United States
13335 CLOUDFLARENETUS false
142.250.185.132
 www.google.com United States
15169 GOOGLEUS false
104.17.3.184
 challenges.cloudflare.com United States
13335 CLOUDFLARENETUS false
239.255.255.250
 unknown Reserved
unknown unknown false
35.190.80.1
 a.nel.cloudflare.com United States
15169 GOOGLEUS false
104.17.2.184
 unknown United States
13335 CLOUDFLARENETUS false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
a.nel.cloudflare.com 35.190.80.1 true
challenges.cloudflare.com 104.17.3.184 true
www.google.com 142.250.185.132 true
vakspecialisten.store 172.67.146.167 true
gth.miconlinestickbu.store 104.21.21.44 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
windowsupdatebg.s.llnwi.net 87.248.205.0 true
url12.mailanyone.net unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760# true
    		unknown
    https://gth.miconlinestickbu.store/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=887db9822f538c41 false
    • Avira URL Cloud: phishing
    		 unknown
    https://gth.miconlinestickbu.store/cdn-cgi/challenge-platform/h/b/flow/ov1/364841505:1716387000:8tvraBwrX2ERNb1OqE2uDzGzv0lTgOfSzC-a3cgAOkk/887db9822f538c41/18215035ea345db false
    • Avira URL Cloud: phishing
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=887db996294478e1 false
    • Avira URL Cloud: safe
    		 unknown
    https://gth.miconlinestickbu.store/boot/617b5a702a34daddd03071650f95cbe6664e0aa35f139 false
    • Avira URL Cloud: phishing
    		 unknown
    https://gth.miconlinestickbu.store/1 false
    • Avira URL Cloud: phishing
    		 unknown
    https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1564193166:1716387281:lZ0loq2aY3ZcNtXwgsQeLDV2LUjFlVl_FzsscFgqUA0/887db996294478e1/e2c69a9cf6a5b67 false
    • Avira URL Cloud: safe
    		 unknown
    https://vakspecialisten.store/noki/x-cp-Ruytfvb6hnx.php false
    • Avira URL Cloud: safe
    		 unknown
    https://gth.miconlinestickbu.store/jq/617b5a702a34daddd03071650f95cbe6664e0aa35f135 false
    • Avira URL Cloud: phishing
    		 unknown
    https://gth.miconlinestickbu.store/ true
      		unknown
      https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/887db996294478e1/1716390545215/fdcd7d549205ee077dcead15de05e39851605c03eb2db3a456277fbb95e594a1/I2uC-N-gD_nQrj8 false
      • Avira URL Cloud: safe
      		 unknown
      https://gth.miconlinestickbu.store/ASSETS/img/sig-op.svg false
      • Avira URL Cloud: phishing
      		 unknown
      https://gth.miconlinestickbu.store/6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f75fLOG6fc27ea7f3db2fd9787a0f6b674d5bc4664e0aa26f760 true
        		unknown
        https://gth.miconlinestickbu.store/js/617b5a702a34daddd03071650f95cbe6664e0aa35f13a false
        • Avira URL Cloud: phishing
        		 unknown
        https://gth.miconlinestickbu.store/favicon.ico false
        • Avira URL Cloud: phishing
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=qVRIKX92qaRfJ6gaBUntmAPdh1Gwu3PvCRc3bNwsPhnTsilQ5DZU4Um%2B7FhcPbmw5rS%2FuybWvO1YxIIbCiiaJDTmsIr9eqHJy%2FRBl67sy9FO5QyJv%2Bk9%2FbuWnA4%2BsCQk4oY9veVPX4QDP0cfbw%3D%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=CrtbplJ7Ts50Ffwf6vozefv3cO5hcbSp1dY35h%2B1vnVp8C%2BTOBbW0Hu3WR10kmnw3cxMfskrN3XrfVP91I%2FAsF97vlawby2SsmBs8QbOgeKWURONYgE%2BZDfEhjfU5xxw4ZAg0%2FV9VVJipSh0rg%3D%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/887db996294478e1/1716390545214/yhIQ4Kim04yJILu false
        • Avira URL Cloud: safe
        		 unknown
        https://gth.miconlinestickbu.store/ASSETS/img/m_.svg false
        • Avira URL Cloud: phishing
        		 unknown
        https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://gth.miconlinestickbu.store/o/617b5a702a34daddd03071650f95cbe6664e0aa557579 false
        • Avira URL Cloud: phishing
        		 unknown
        https://a.nel.cloudflare.com/report/v4?s=0IwYs16BqjdC9UTsglWvKBt1Ntc568lsx9VkFcXyxBxndNRCRQhgf9nhelPmj764DdU0LaKE2Vk0WDve7hL6KRFFs9X9xEmplyk1PBZNDyDoxKbI5hNUkpBA%2BhKbk2LZQH9kJA6jtQtpNY1gyg%3D%3D false
        • Avira URL Cloud: safe
        		 unknown
        https://url12.mailanyone.net/scanner?m=1s9N28-0000qa-3G&d=4%7Cmail%2F90%2F1716288000%2F1s9N28-0000qa-3G%7Cin12d%7C57e1b682%7C11949542%7C14589158%7C664C7BD820EF00EA9CDA64C5861AF4A9&o=%2Fphta%3A%2Fvtslekssiaipcr.te%2Ftoenscino-x-pk%2F6tRunvbhyfphp.x&s=qPX4ToIpiLV6GTYf9V69nGT5pss true
          		unknown
          https://gth.miconlinestickbu.store/x/617b5a702a34daddd03071650f95cbe6664e0aa557460 false
          • Avira URL Cloud: phishing
          		 unknown
          https://gth.miconlinestickbu.store/APP-617b5a702a34daddd03071650f95cbe6664e0aa557459/617b5a702a34daddd03071650f95cbe6664e0aa55745b false
          • Avira URL Cloud: phishing
          		 unknown
          https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/9c7p6/0x4AAAAAAADnPIDROrmt1Wwj/light/normal false
            		unknown