Windows Analysis Report
http://simxtrackredirecttszz.pages.dev/

Overview

General Information

Sample URL: http://simxtrackredirecttszz.pages.dev/
Analysis ID: 1446908
Infos:

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected suspicious javascript
Detected non-DNS traffic on DNS port
Detected suspicious crossdomain redirect
Stores files to the Windows start menu directory

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: http://simxtrackredirecttszz.pages.dev/ Avira URL Cloud: detection malicious, Label: phishing
Source: http://simxtrackredirecttszz.pages.dev/ SlashNext: detection malicious, Label: Fraudulent Website type: Phishing & Social Engineering
Antivirus detection for URL or domain
Source: https://secretsafedomain.com/smclick?a=81528&c=342883&o=135901&oc=216576&co=112356&mt=16&svi=EwBjNDF Avira URL Cloud: Label: malware
Source: https://secretsafedomain.com/s?a=81528&sm=235&s=8&sso=1&spt=1716504721184&co=112356&mt=16&rc=71_1969 Avira URL Cloud: Label: malware
Source: https://secretsafedomain.com/service-worker.js Avira URL Cloud: Label: malware
Source: https://simxtrackredirecttszz.pages.dev/img/profile-1.jpg Avira URL Cloud: Label: phishing
Source: https://secretsafedomain.com/s?a=81528&sm=235&s=8&sbp=1&spt=1716504721184&co=112356&mt=16&rc=71_1969 Avira URL Cloud: Label: malware
Source: https://simxtrackredirecttszz.pages.dev/style.css Avira URL Cloud: Label: phishing

Phishing
barindex
AI detected suspicious javascript
Source: https://secretsafedomain.com/s?a=81528&sm=235&co=112356&mt=16&s1=EVOS_TAZZ&s2=576747 LLM: Score: 8 Reasons: The code contains an XMLHttpRequest that fetches and executes code from an external source using eval(). This is a high-risk operation as it can lead to the execution of malicious code. The use of eval() is generally considered dangerous and should be avoided. DOM: 2.4.pages.csv
Source: http://ww12.ngelit.com/?usid=18&utid=25970526717 LLM: Score: 7 Reasons: The code contains an attempt to redirect the top-level window to the current location, which is a common technique used in phishing attacks to prevent users from navigating away from the malicious page. Additionally, the code includes functionality to track user interactions and send data to a server, which could be used for malicious purposes beyond simple tracking or advertisement. DOM: 3.6.pages.csv
Source: http://ww12.ngelit.com/?usid=18&utid=25970526717 HTTP Parser: No favicon
Source: http://ww12.ngelit.com/?usid=18&utid=25970526717 HTTP Parser: No favicon
Source: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000002%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww12.ngelit.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NjRmYzg5YzYxZWZhfHx8MTcxNjUwNDczMi40NDMzfGY1MjczYTQ0ZmJkZTRlZDViZTNjMmNiMzczZGVjN2E2NmEwODRlYWZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkZGExZTc1ZjBjNTczNTBkMmQ3ZjI4YzA5ZDllYzQ2OWM3MGRiMWIwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2733393318609526&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=8561716504734778&num=0&output=afd_ads&domain_name=ww12.ngelit.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1716504734780&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&nfp=1&jsv=635538657&rurl=http%3A%2F%2Fww12.ngelit.com%2F%3Fusid%3D18%26utid%3D25970526717 HTTP Parser: No favicon
Source: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000002%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww12.ngelit.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NjRmYzg5YzYxZWZhfHx8MTcxNjUwNDczMi40NDMzfGY1MjczYTQ0ZmJkZTRlZDViZTNjMmNiMzczZGVjN2E2NmEwODRlYWZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkZGExZTc1ZjBjNTczNTBkMmQ3ZjI4YzA5ZDllYzQ2OWM3MGRiMWIwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2733393318609526&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=8561716504734778&num=0&output=afd_ads&domain_name=ww12.ngelit.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1716504734780&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&nfp=1&jsv=635538657&rurl=http%3A%2F%2Fww12.ngelit.com%2F%3Fusid%3D18%26utid%3D25970526717 HTTP Parser: No favicon
Source: https://www.adsensecustomsearchads.com/afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000002%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww12.ngelit.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NjRmYzg5YzYxZWZhfHx8MTcxNjUwNDczMi40NDMzfGY1MjczYTQ0ZmJkZTRlZDViZTNjMmNiMzczZGVjN2E2NmEwODRlYWZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkZGExZTc1ZjBjNTczNTBkMmQ3ZjI4YzA5ZDllYzQ2OWM3MGRiMWIwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2733393318609526&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=8561716504734778&num=0&output=afd_ads&domain_name=ww12.ngelit.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1716504734780&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&nfp=1&jsv=635538657&rurl=http%3A%2F%2Fww12.ngelit.com%2F%3Fusid%3D18%26utid%3D25970526717 HTTP Parser: No favicon
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49728 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.5:49755 -> 1.1.1.1:53
Detected suspicious crossdomain redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe HTTP traffic: Redirect from: simxtrack.com to https://secretsafedomain.com/s?a=81528&sm=235&co=112356&mt=16&s1=evos_tazz&s2=576747
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 23.211.8.90
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style.css HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/bootstrap.min.css?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /css/telegram.css?227 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/tgwallpaper.min.js?3 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://telegram.org/css/telegram.css?227Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://simxtrackredirecttszz.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /img/tgme/pattern.svg?1 HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /img/favicon.ico HTTP/1.1Host: telegram.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /link-1 HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /style.css HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://simxtrackredirecttszz.pages.dev/link-1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "90f6d7cd3044dadc6d9b9f251b985245"
Source: global traffic HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://simxtrackredirecttszz.pages.dev/link-1Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "398570c34aafa08182d3cd0963670b22"
Source: global traffic HTTP traffic detected: GET /img/profile-1.jpg HTTP/1.1Host: simxtrackredirecttszz.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9If-None-Match: "398570c34aafa08182d3cd0963670b22"
Source: global traffic HTTP traffic detected: GET /tracking202/redirect/rtr.php?t202id=5236&c1=EVOS_TAZZ&t202kw=EVOS_TAZZ HTTP/1.1Host: simxtrack.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s?a=81528&sm=235&co=112356&mt=16&s1=EVOS_TAZZ&s2=576747 HTTP/1.1Host: secretsafedomain.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /user-segments/?pid=TH HTTP/1.1Host: statisticresearch.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secretsafedomain.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /color?x=1&forScheme=aHR0cHM6Ly9zZWNyZXRzYWZlZG9tYWluLmNvbS9zP2E9ODE1Mjgmc209MjM1JmNvPTExMjM1NiZtdD0xNiZzMT1FVk9TX1RBWlomczI9NTc2NzQ3 HTTP/1.1Host: cloudflrcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://secretsafedomain.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secretsafedomain.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v1/retargeting/set/3f949dfe-3372-4caa-baf0-047f88323cfa?pageviewe={pageviewe}&lead={lead} HTTP/1.1Host: tsyndicate.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://secretsafedomain.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /service-worker.js HTTP/1.1Host: secretsafedomain.comConnection: keep-aliveCache-Control: max-age=0Accept: */*Service-Worker: scriptSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: serviceworkerReferer: https://secretsafedomain.com/s?a=81528&sm=235&co=112356&mt=16&s1=EVOS_TAZZ&s2=576747User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: v_rule_freq_v2_1_001=gdXLFugAbf4IueEdLRjw0thA7hUlhtzwKDvv5kumE971xuqr9DMZSKeN5JMVNn+i; gdm_uid_v2_1_001=U/r8lLUPAWcxDaviLTpwFaKcPwxoewHxyP3PvdEcoZBqGwiXr2tBu5efBif1Hpu0; v_rule_freq_v1_1_001=gdXLFugAbf4IueEdLRjw0thA7hUlhtzwKDvv5kumE971xuqr9DMZSKeN5JMVNn+i; v_seg_freq_v1_1_001=w+sV2Dl79C1RO54AAC2G/oufeiLDs7TJHVltH+BRr3s=; gdm_visit_freq_v2_1_001=oXa+SKDZFOD0jqa0rxAdlM/pSb3k2TlE1cALdU3RA5w=; v_seg_freq_v2_1_001=w+sV2Dl79C1RO54AAC2G/oufeiLDs7TJHVltH+BRr3s=; gdm_visit_freq_v1_1_001=oXa+SKDZFOD0jqa0rxAdlM/pSb3k2TlE1cALdU3RA5w=; gdm_suid_v2_1_001=HPfHs3OFxkaNOwO68jCjbQ==; gdm_uid_v1_1_001=U/r8lLUPAWcxDaviLTpwFaKcPwxoewHxyP3PvdEcoZBqGwiXr2tBu5efBif1Hpu0; gdm_suid_v1_1_001=HPfHs3OFxkaNOwO68jCjbQ==
Source: global traffic HTTP traffic detected: GET /js/mp.min.js HTTP/1.1Host: static.trafficjunky.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://secretsafedomain.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v1/retargeting/set/3f949dfe-3372-4caa-baf0-047f88323cfa?pageviewe={pageviewe}&lead={lead} HTTP/1.1Host: tsyndicate.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: ts_rt_3f949dfe-3372-4caa-baf0-047f88323cfa=ANmUCUOmR4kbQgQSPEjEBJwwZ8rYSVPmThmDCB9GnFixDMOA
Source: global traffic HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-179148962-2&cid=343168255.1716504726&jid=1258097187&gjid=971496842&_gid=1698602312.1716504726&_u=YEBAAEAAAAAAACAAI~&z=1890898182 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /adsense/domains/caf.js?abp=1&adsdeli=true HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /afs/ads?adtest=off&psid=7840396037&pcsa=false&channel=000002%2Cbucket011&client=dp-teaminternet09_3ph&r=m&hl=en&rpbu=http%3A%2F%2Fww12.ngelit.com%2F%3Fts%3DfENsZWFuUGVwcGVybWludEJsYWNrfHw1Y2U4NHxidWNrZXQwMTF8fHx8fHw2NjRmYzg5YzYxZWZhfHx8MTcxNjUwNDczMi40NDMzfGY1MjczYTQ0ZmJkZTRlZDViZTNjMmNiMzczZGVjN2E2NmEwODRlYWZ8fHx8fDF8fDB8MHx8fHwxfHx8fHwwfDB8fHx8fHx8fHx8MHwwfHwwfHx8MHwwfFcxMD18fDF8VzEwPXxkZGExZTc1ZjBjNTczNTBkMmQ3ZjI4YzA5ZDllYzQ2OWM3MGRiMWIwfDB8ZHAtdGVhbWludGVybmV0MDlfM3BofDB8MHx8&max_radlink_len=40&type=3&uiopt=true&swp=as-drid-2733393318609526&oe=UTF-8&ie=UTF-8&fexp=21404%2C17300003%2C17301431%2C17301433%2C17301436&client_gdprApplies=0&format=r3%7Cs&nocache=8561716504734778&num=0&output=afd_ads&domain_name=ww12.ngelit.com&v=3&bsl=8&pac=0&u_his=1&u_tz=-240&dt=1716504734780&u_w=1280&u_h=1024&biw=1280&bih=907&psw=1280&psh=754&frm=0&uio=--&cont=tc&drt=0&jsid=caf&nfp=1&jsv=635538657&rurl=http%3A%2F%2Fww12.ngelit.com%2F%3Fusid%3D18%26utid%3D25970526717 HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /adsense/domains/caf.js?pac=0 HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.adsensecustomsearchads.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.adsensecustomsearchads.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.adsensecustomsearchads.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=35mgsdqnx1tq&aqid=oMhPZvCxD6uijuwPiPui6Qk&psid=7840396037&pbt=bs&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=635538657&csala=7%7C0%7C1139%7C1372%7C276&lle=0&ifv=1&hpt=1&wbd=false HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=vhf3wk3421c2&aqid=oMhPZvCxD6uijuwPiPui6Qk&psid=7840396037&pbt=bv&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=635538657&csala=7%7C0%7C1139%7C1372%7C276&lle=0&ifv=1&hpt=1&wbd=false HTTP/1.1Host: www.adsensecustomsearchads.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff HTTP/1.1Host: afs.googleusercontent.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET / HTTP/1.1Host: fauzi3.ngelit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /?usid=18&utid=25970526717 HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/enhance.js?pcId=12&domain=ngelit.com HTTP/1.1Host: parking.parklogic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /track.php?domain=ngelit.com&toggle=browserjs&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww12.ngelit.com/?usid=18&utid=25970526717Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/scribe.php?pcId=12&domain=ngelit.com&pId=449&usid=18&utid=25970526717&query=null&domainJs=ww12.ngelit.com&path=/&ss=true&lp=1 HTTP/1.1Host: parking.parklogic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Origin: http://ww12.ngelit.comReferer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ls.php?t=664fc89c&token=dda1e75f0c57350d2d7f28c09d9ec469c70db1b0 HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww12.ngelit.com/?usid=18&utid=25970526717Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww12.ngelit.com/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /track.php?domain=ngelit.com&toggle=browserjs&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /page/scribe.php?pcId=12&domain=ngelit.com&pId=449&usid=18&utid=25970526717&query=null&domainJs=ww12.ngelit.com&path=/&ss=true&lp=1 HTTP/1.1Host: parking.parklogic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /themes/cleanPeppermintBlack_657d9013/img/arrows.png HTTP/1.1Host: d38psrni17bvxu.cloudfront.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /track.php?domain=ngelit.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww12.ngelit.com/?usid=18&utid=25970526717Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=92b55ae556c71643:T=1716504736:RT=1716504736:S=ALNI_MbC761s07K7Y91R73mkAvtsJB0EBA
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://ww12.ngelit.com/?usid=18&utid=25970526717Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=92b55ae556c71643:T=1716504736:RT=1716504736:S=ALNI_MbC761s07K7Y91R73mkAvtsJB0EBA
Source: global traffic HTTP traffic detected: GET /track.php?domain=ngelit.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=92b55ae556c71643:T=1716504736:RT=1716504736:S=ALNI_MbC761s07K7Y91R73mkAvtsJB0EBA
Source: global traffic HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: ww12.ngelit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __gsas=ID=92b55ae556c71643:T=1716504736:RT=1716504736:S=ALNI_MbC761s07K7Y91R73mkAvtsJB0EBA
Source: chromecache_117.2.dr String found in binary or memory: Math.round(p);u["gtm.videoCurrentTime"]=Math.round(q);u["gtm.videoElapsedTime"]=Math.round(f);u["gtm.videoPercent"]=r;u["gtm.videoVisible"]=t;return u},bk:function(){e=Db()},pd:function(){d()}}};var ic=ma(["data-gtm-yt-inspected-"]),GC=["www.youtube.com","www.youtube-nocookie.com"],HC,IC=!1; equals www.youtube.com (Youtube)
Source: chromecache_117.2.dr String found in binary or memory: e||f||g.length||h.length))return;var n={Wg:d,Ug:e,Vg:f,Lh:g,Mh:h,xe:m,Ab:b},p=G.YT,q=function(){OC(n)};if(p)return p.ready&&p.ready(q),b;var r=G.onYouTubeIframeAPIReady;G.onYouTubeIframeAPIReady=function(){r&&r();q()};I(function(){for(var t=H.getElementsByTagName("script"),v=t.length,u=0;u<v;u++){var w=t[u].getAttribute("src");if(RC(w,"iframe_api")||RC(w,"player_api"))return b}for(var y=H.getElementsByTagName("iframe"),x=y.length,B=0;B<x;B++)if(!IC&&PC(y[B],n.xe))return yc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_114.2.dr, chromecache_119.2.dr String found in binary or memory: return b}EC.K="internal.enableAutoEventOnTimer";var ic=ma(["data-gtm-yt-inspected-"]),GC=["www.youtube.com","www.youtube-nocookie.com"],HC,IC=!1; equals www.youtube.com (Youtube)
Source: global traffic DNS traffic detected: DNS query: simxtrackredirecttszz.pages.dev
Source: global traffic DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic DNS traffic detected: DNS query: telegram.org
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: simxtrack.com
Source: global traffic DNS traffic detected: DNS query: secretsafedomain.com
Source: global traffic DNS traffic detected: DNS query: cdn.jmp-assets.com
Source: global traffic DNS traffic detected: DNS query: statisticresearch.com
Source: global traffic DNS traffic detected: DNS query: cdn.smrt-content.com
Source: global traffic DNS traffic detected: DNS query: cloudflrcdn.com
Source: global traffic DNS traffic detected: DNS query: static.trafficjunky.com
Source: global traffic DNS traffic detected: DNS query: tsyndicate.com
Source: global traffic DNS traffic detected: DNS query: cdn.jmpcdn.com
Source: global traffic DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: fauzi3.ngelit.com
Source: global traffic DNS traffic detected: DNS query: ww12.ngelit.com
Source: global traffic DNS traffic detected: DNS query: parking.parklogic.com
Source: global traffic DNS traffic detected: DNS query: d38psrni17bvxu.cloudfront.net
Source: global traffic DNS traffic detected: DNS query: www.adsensecustomsearchads.com
Source: global traffic DNS traffic detected: DNS query: afs.googleusercontent.com
Source: unknown HTTP traffic detected: POST /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-179148962-2&cid=343168255.1716504726&jid=1258097187&gjid=971496842&_gid=1698602312.1716504726&_u=YEBAAEAAAAAAACAAI~&z=1890898182 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveContent-Length: 0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plainAccept: */*Origin: https://secretsafedomain.comX-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlqHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://secretsafedomain.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: http://fauzi3.ngelit.com
Source: chromecache_142.2.dr String found in binary or memory: http://getbootstrap.com)
Source: chromecache_142.2.dr String found in binary or memory: http://getbootstrap.com/customize/?id=92d2ac1b31978642b6b6)
Source: chromecache_124.2.dr String found in binary or memory: http://parking.parklogic.com/page/scribe.php?pcId=12&domain=ngelit.com&pId=449&usid=$
Source: chromecache_117.2.dr String found in binary or memory: https://adservice.google.com/pagead/regclk
Source: chromecache_117.2.dr String found in binary or memory: https://adservice.googlesyndication.com/pagead/regclk
Source: chromecache_112.2.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_114.2.dr, chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/assets/1373/other/favicon.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/assets/1387/js/backoffer.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/assets/1714/js/jquery.min.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/assets/2246/css/age-styles-new.css
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/assets/2843/css/main.css
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/devassets/3198/js/multilang_main_gender.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/prod/push-lang-config.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmp-assets.com/prod/push-subscriber.js
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/1.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/2.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/3.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/4.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/5.ico
Source: chromecache_151.2.dr String found in binary or memory: https://cdn.jmpcdn.com/assets/3420/images/6.ico
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://cdn.jsdelivr.net/npm/bootstrap-icons
Source: chromecache_116.2.dr String found in binary or memory: https://cdn.smrt-content.com/prod
Source: chromecache_151.2.dr String found in binary or memory: https://cloudflrcdn.com/color?x=1&forScheme=
Source: chromecache_154.2.dr, chromecache_106.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=
Source: chromecache_156.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Montserrat:400
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://fonts.googleapis.com/css?family=Roboto:400
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459W1hyzbi.woff2)
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WRhyzbi.woff2)
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459WZhyzbi.woff2)
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wdhyzbi.woff2)
Source: chromecache_158.2.dr String found in binary or memory: https://fonts.gstatic.com/s/montserrat/v26/JTUSjIg1_i6t8kCHKm459Wlhyw.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu4mxK.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu72xKOzY.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)
Source: chromecache_133.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v30/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)
Source: chromecache_142.2.dr String found in binary or memory: https://gist.github.com/92d2ac1b31978642b6b6
Source: chromecache_142.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_111.2.dr String found in binary or memory: https://osx.telegram.org/updates/site/artboard.png)
Source: chromecache_111.2.dr String found in binary or memory: https://osx.telegram.org/updates/site/artboard_2x.png);
Source: chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_154.2.dr, chromecache_114.2.dr, chromecache_117.2.dr, chromecache_119.2.dr, chromecache_106.2.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_154.2.dr, chromecache_106.2.dr String found in binary or memory: https://partner.googleadservices.com/gampad/cookie.js
Source: chromecache_151.2.dr String found in binary or memory: https://secretsafedomain.com/s?a=81528&sm=235&s=8&sbp=1&spt=1716504721184&co=112356&mt=16&rc=71_1969
Source: chromecache_151.2.dr String found in binary or memory: https://secretsafedomain.com/s?a=81528&sm=235&s=8&sso=1&spt=1716504721184&co=112356&mt=16&rc=71_1969
Source: chromecache_151.2.dr String found in binary or memory: https://secretsafedomain.com/smclick?a=81528&c=342883&o=135901&oc=216576&co=112356&mt=16&svi=EwBjNDF
Source: chromecache_110.2.dr String found in binary or memory: https://simxtrack.com/tracking202/redirect/rtr.php?t202id=5236&c1=EVOS_TAZZ&t202kw=EVOS_TAZZ
Source: chromecache_116.2.dr String found in binary or memory: https://statisticresearch.com/match?p=PS&adxguid=
Source: chromecache_151.2.dr String found in binary or memory: https://statisticresearch.com/user-segments/?pid=TH
Source: chromecache_117.2.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_112.2.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_154.2.dr, chromecache_106.2.dr String found in binary or memory: https://syndicatedsearch.goog
Source: chromecache_112.2.dr String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_114.2.dr, chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://td.doubleclick.net
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/css/bootstrap.min.css?3
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/css/telegram.css?227
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/img/apple-touch-icon.png
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/img/favicon-16x16.png
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/img/favicon-32x32.png
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/img/favicon.ico
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/img/website_icon.svg?4
Source: chromecache_123.2.dr, chromecache_110.2.dr String found in binary or memory: https://telegram.org/js/tgwallpaper.min.js?3
Source: chromecache_116.2.dr, chromecache_160.2.dr String found in binary or memory: https://theseoffersforyou.com
Source: chromecache_114.2.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_112.2.dr String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_112.2.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_112.2.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://www.google.com
Source: chromecache_112.2.dr String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_114.2.dr, chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://www.googleadservices.com
Source: chromecache_154.2.dr, chromecache_106.2.dr String found in binary or memory: https://www.googleadservices.com/pagead/conversion/16521530460/?gad_source=1&adview_type=3
Source: chromecache_114.2.dr, chromecache_117.2.dr, chromecache_119.2.dr String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_112.2.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_151.2.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_151.2.dr String found in binary or memory: https://www.googletagmanager.com/ns.html?id=GTM-TR8VQRX
Source: chromecache_151.2.dr, chromecache_160.2.dr String found in binary or memory: https://www.gstatic.com/firebasejs/5.0.2/firebase-app.js
Source: chromecache_151.2.dr, chromecache_160.2.dr String found in binary or memory: https://www.gstatic.com/firebasejs/5.0.2/firebase-messaging.js
Source: chromecache_117.2.dr String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_117.2.dr String found in binary or memory: https://www.youtube.com/iframe_api
Source: unknown Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49800 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49737
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49800
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49797 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49796
Source: unknown Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49796 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 49737 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49724 version: TLS 1.2
Source: unknown HTTPS traffic detected: 23.211.8.90:443 -> 192.168.2.5:49728 version: TLS 1.2
Source: classification engine Classification label: mal60.phis.win@23/115@66/26
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2028,i,8292762305425428644,7564485751747783064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://simxtrackredirecttszz.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2108 --field-trial-handle=2028,i,8292762305425428644,7564485751747783064,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Stores files to the Windows start menu directory
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1446908 URL: http://simxtrackredirecttsz... Startdate: 24/05/2024 Architecture: WINDOWS Score: 60 26 Antivirus detection for URL or domain 2->26 28 Antivirus / Scanner detection for submitted sample 2->28 30 AI detected suspicious javascript 2->30 6 chrome.exe 9 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 14 192.168.2.5, 443, 49396, 49703 unknown unknown 6->14 16 192.168.2.6 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        process5 dnsIp6 20 telegram.org 149.154.167.99, 443, 49713, 49714 TELEGRAMRU United Kingdom 11->20 22 simxtrack.com 103.247.11.107, 443, 49745, 49746 RUMAHWEB-AS-IDRumahwebIndonesiaCVID Indonesia 11->22 24 30 other IPs or domains 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
67.225.218.50
 parking.parklogic.com United States
32244 LIQUIDWEBUS false
142.250.185.78
 www3.l.google.com United States
15169 GOOGLEUS false
172.66.46.238
 unknown United States
13335 CLOUDFLARENETUS false
149.154.167.99
 telegram.org United Kingdom
62041 TELEGRAMRU false
216.58.206.36
 unknown United States
15169 GOOGLEUS false
74.125.206.154
 stats.g.doubleclick.net United States
15169 GOOGLEUS false
45.141.157.146
 cdpxy.cdtechbox.link Germany
209696 NILSATBG false
103.247.11.107
 simxtrack.com Indonesia
58487 RUMAHWEB-AS-IDRumahwebIndonesiaCVID false
142.250.186.110
 unknown United States
15169 GOOGLEUS false
13.248.148.254
 726512.parkingcrew.net United States
16509 AMAZON-02US false
172.66.45.18
 simxtrackredirecttszz.pages.dev United States
13335 CLOUDFLARENETUS false
18.245.173.78
 unknown United States
16509 AMAZON-02US false
18.239.102.57
 d38psrni17bvxu.cloudfront.net United States
16509 AMAZON-02US false
172.217.18.4
 www.google.com United States
15169 GOOGLEUS false
168.119.1.208
 tsyndicate.com Germany
24940 HETZNER-ASDE false
136.243.43.25
 unknown Germany
24940 HETZNER-ASDE false
172.217.18.1
 googlehosted.l.googleusercontent.com United States
15169 GOOGLEUS false
142.250.185.193
 unknown United States
15169 GOOGLEUS false
64.233.166.156
 unknown United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
35.153.14.190
 statisticresearch.com United States
14618 AMAZON-AESUS false
66.254.122.19
 static.trafficjunky.com.sds.rncdn7.com United States
29789 REFLECTEDUS false
34.207.50.203
 cloudflrcdn.com United States
14618 AMAZON-AESUS false
69.16.230.42
 fauzi3.ngelit.com United States
32244 LIQUIDWEBUS false

Private

IP
192.168.2.6
192.168.2.5

Contacted Domains

Name IP Active
726512.parkingcrew.net 13.248.148.254 true
telegram.org 149.154.167.99 true
parking.parklogic.com 67.225.218.50 true
simxtrack.com 103.247.11.107 true
cdpxy.cdtechbox.link 45.141.157.146 true
fp2e7a.wpc.phicdn.net 192.229.221.95 true
stats.g.doubleclick.net 74.125.206.154 true
cloudflrcdn.com 34.207.50.203 true
www3.l.google.com 142.250.185.78 true
simxtrackredirecttszz.pages.dev 172.66.45.18 true
www.google.com 172.217.18.4 true
fauzi3.ngelit.com 69.16.230.42 true
tsyndicate.com 168.119.1.208 true
statisticresearch.com 35.153.14.190 true
googlehosted.l.googleusercontent.com 172.217.18.1 true
static.trafficjunky.com.sds.rncdn7.com 66.254.122.19 true
d38psrni17bvxu.cloudfront.net 18.239.102.57 true
static.trafficjunky.com unknown unknown
cdn.jmp-assets.com unknown unknown
ww12.ngelit.com unknown unknown
cdn.jsdelivr.net unknown unknown
afs.googleusercontent.com unknown unknown
www.adsensecustomsearchads.com unknown unknown
secretsafedomain.com unknown unknown
cdn.jmpcdn.com unknown unknown
cdn.smrt-content.com unknown unknown

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://www.google.com/adsense/domains/caf.js?abp=1&adsdeli=true false
  • Avira URL Cloud: safe
 unknown
https://telegram.org/img/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://telegram.org/css/bootstrap.min.css?3 false
  • Avira URL Cloud: safe
 unknown
http://ww12.ngelit.com/favicon.ico false
  • Avira URL Cloud: safe
 unknown
https://www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=vhf3wk3421c2&aqid=oMhPZvCxD6uijuwPiPui6Qk&psid=7840396037&pbt=bv&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=635538657&csala=7%7C0%7C1139%7C1372%7C276&lle=0&ifv=1&hpt=1&wbd=false false
  • Avira URL Cloud: safe
 unknown
https://simxtrackredirecttszz.pages.dev/link-1 false
    		unknown
    https://telegram.org/css/telegram.css?227 false
    • Avira URL Cloud: safe
    		 unknown
    https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/chevron.svg?c=%23ffffff false
    • Avira URL Cloud: safe
    		 unknown
    http://ww12.ngelit.com/ls.php?t=664fc89c&token=dda1e75f0c57350d2d7f28c09d9ec469c70db1b0 false
    • Avira URL Cloud: safe
    		 unknown
    http://d38psrni17bvxu.cloudfront.net/themes/cleanPeppermintBlack_657d9013/img/arrows.png false
    • URL Reputation: safe
    		 unknown
    https://telegram.org/img/tgme/pattern.svg?1 false
    • Avira URL Cloud: safe
    		 unknown
    https://stats.g.doubleclick.net/j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-179148962-2&cid=343168255.1716504726&jid=1258097187&gjid=971496842&_gid=1698602312.1716504726&_u=YEBAAEAAAAAAACAAI~&z=1890898182 false
    • Avira URL Cloud: safe
    		 unknown
    https://cloudflrcdn.com/color?x=1&forScheme=aHR0cHM6Ly9zZWNyZXRzYWZlZG9tYWluLmNvbS9zP2E9ODE1Mjgmc209MjM1JmNvPTExMjM1NiZtdD0xNiZzMT1FVk9TX1RBWlomczI9NTc2NzQ3 false
    • Avira URL Cloud: safe
    		 unknown
    http://fauzi3.ngelit.com/ false
    • Avira URL Cloud: safe
    		 unknown
    https://telegram.org/js/tgwallpaper.min.js?3 false
    • Avira URL Cloud: safe
    		 unknown
    https://statisticresearch.com/user-segments/?pid=TH false
    • Avira URL Cloud: safe
    		 unknown
    http://ww12.ngelit.com/track.php?domain=ngelit.com&caf=1&toggle=answercheck&answer=yes&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D false
    • Avira URL Cloud: safe
    		 unknown
    https://static.trafficjunky.com/js/mp.min.js false
    • Avira URL Cloud: safe
    		 unknown
    https://secretsafedomain.com/s?a=81528&sm=235&co=112356&mt=16&s1=EVOS_TAZZ&s2=576747 true
      		unknown
      http://ww12.ngelit.com/track.php?domain=ngelit.com&toggle=browserjs&uid=MTcxNjUwNDczMi40MDEzOmJhMzRiY2Q0YTY5Y2I1ODg1Yzg4ZTJiZDg0NmRlYTc5YTUzZWMxMGEwMmY0MmU2ZjEzNGJiMTgyZTgzYzY5Zjk6NjY0ZmM4OWM2MWY5Mw%3D%3D false
      • Avira URL Cloud: safe
      		 unknown
      http://parking.parklogic.com/page/enhance.js?pcId=12&domain=ngelit.com false
      • Avira URL Cloud: safe
      		 unknown
      https://www.adsensecustomsearchads.com/adsense/domains/caf.js?pac=0 false
      • Avira URL Cloud: safe
      		 unknown
      https://simxtrackredirecttszz.pages.dev/img/profile-1.jpg false
      • Avira URL Cloud: phishing
      		 unknown
      https://www.adsensecustomsearchads.com/afs/gen_204?client=dp-teaminternet09_3ph&output=uds_ads_only&zx=35mgsdqnx1tq&aqid=oMhPZvCxD6uijuwPiPui6Qk&psid=7840396037&pbt=bs&adbx=375&adby=93&adbh=496&adbw=530&adbah=160%2C160%2C160&adbn=master-1&eawp=partner-dp-teaminternet09_3ph&errv=635538657&csala=7%7C0%7C1139%7C1372%7C276&lle=0&ifv=1&hpt=1&wbd=false false
      • Avira URL Cloud: safe
      		 unknown
      https://simxtrackredirecttszz.pages.dev/ false
        		unknown
        https://secretsafedomain.com/service-worker.js false
        • Avira URL Cloud: malware
        		 unknown
        https://simxtrack.com/tracking202/redirect/rtr.php?t202id=5236&c1=EVOS_TAZZ&t202kw=EVOS_TAZZ false
        • Avira URL Cloud: safe
        		 unknown
        https://afs.googleusercontent.com/ad_icons/standard/publisher_icon_image/search.svg?c=%23ffffff false
        • Avira URL Cloud: safe
        		 unknown
        https://tsyndicate.com/api/v1/retargeting/set/3f949dfe-3372-4caa-baf0-047f88323cfa?pageviewe={pageviewe}&lead={lead} false
        • Avira URL Cloud: safe
        		 unknown
        http://ww12.ngelit.com/?usid=18&utid=25970526717 true
          		unknown
          http://parking.parklogic.com/page/scribe.php?pcId=12&domain=ngelit.com&pId=449&usid=18&utid=25970526717&query=null&domainJs=ww12.ngelit.com&path=/&ss=true&lp=1 false
          • Avira URL Cloud: safe
          		 unknown
          https://simxtrackredirecttszz.pages.dev/style.css false
          • Avira URL Cloud: phishing
          		 unknown