Windows Analysis Report
http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

Overview

General Information

Sample URL:	http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/
Analysis ID:	1502359
Infos:

Detection

HTMLPhisher

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Multi AV Scanner detection for domain / URL

Multi AV Scanner detection for submitted file

Yara detected HtmlPhish10

Found HTTP page in a blob

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Detected non-DNS traffic on DNS port

HTML body contains password input but no form action

HTML page contains hidden javascript code

Invalid 'forgot password' link found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	Avira URL Cloud: Label: phishing
Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: fetchlnk.truesharingzone.site	Virustotal: Detection: 11%			Perma Link
Source: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev	Virustotal: Detection: 10%			Perma Link

Multi AV Scanner detection for submitted file

Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

Virustotal: Detection: 10%

Perma Link

Phishing

AI detected phishing page

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

LLM: Score: 8 Reasons: The domain name 'palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev' does not match the brand name Microsoft, and the.dev top-level domain is not commonly associated with Microsoft. The unusual domain name and lack of brand consistency increase the likelihood of this site being a phishing attempt. DOM: 3.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match

File source: 3.2.pages.csv, type: HTML

Found HTTP page in a blob

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

DOM page: Blob-based

Phishing site detected (based on image similarity)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

Matcher: Template: microsoft matched

HTML body contains password input but no form action

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

HTTP Parser: Base64 decoded: http://localhost/get-links-from-db/get.php

Invalid 'forgot password' link found

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: Invalid link: Forgot password?

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: <input type="password" .../> found

Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	HTTP Parser: No favicon
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	HTTP Parser: No favicon
Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: No <meta name="author".. found

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:50826 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get.php HTTP/1.1Host: fetchlnk.truesharingzone.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ready-page.php HTTP/1.1Host: basicplan.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev
Source: global traffic	DNS traffic detected: DNS query: fetchlnk.truesharingzone.site
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
Source: global traffic	DNS traffic detected: DNS query: theextrenalfiles.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: basicplan.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net

Source: unknown

HTTP traffic detected: POST /get.php HTTP/1.1Host: fetchlnk.truesharingzone.siteConnection: keep-aliveContent-Length: 20sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/html, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 31 Aug 2024 22:56:39 GMTContent-Length: 0Connection: closeAccess-Control-Allow-Origin: *Cache-Control: no-storereferrer-policy: strict-origin-when-cross-originReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=MRYsfjFT2OOgWUhdlzPAPzok5W0YOf3AWOKKLS48obLdcnlCSOJBSDaLDJYChpUJ2H6LBYeeQXPkexMLirbgJ%2FAtvP4a5QtDvElM%2BDIyN6rNanTRwiWmgl%2Bl8jyVVaRP0CYMdKN7t2QH2K3BsRh6%2FBjAhKhsF7iTC%2FElATy8O1tMnlA8sjwkc%2Bws%2FHjDCB9nlfnsW79F"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8bc09d767d8f72b7-EWRalt-svc: h3=":443"; ma=86400

Source: chromecache_133.2.dr, chromecache_176.2.dr, chromecache_167.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Source: chromecache_174.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_142.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_178.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_178.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50828
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50837
Source: unknown	Network traffic detected: HTTP traffic on port 50856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50848
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50841
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@26/79@48/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1996,i,7157607864066825849,6225300324728480668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1996,i,7157607864066825849,6225300324728480668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
162.254.39.141	theextrenalfiles.filesdistributorin.online	United States	13768	COGECO-PEER1CA	false
35.190.10.96	inbound-weighted.protechts.net	United States	15169	GOOGLEUS	false
13.107.246.45	s-part-0017.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.67	s-part-0039.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.246.60	s-part-0032.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
34.107.199.61	stk.hsprotect.net	United States	15169	GOOGLEUS	false
172.66.44.217	6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev	United States	13335	CLOUDFLARENETUS	false
172.66.47.39	unknown	United States	13335	CLOUDFLARENETUS	false
216.58.206.68	www.google.com	United States	15169	GOOGLEUS	false
172.66.47.41	palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	United States	13335	CLOUDFLARENETUS	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
152.199.21.175	sni1gl.wpc.alphacdn.net	United States	15133	EDGECASTUS	false

Private

IP
192.168.2.4
192.168.2.6

Contacted Domains

Name	IP	Active
a.nel.cloudflare.com	35.190.80.1	true
theextrenalfiles.filesdistributorin.online	162.254.39.141	true
palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev	172.66.47.41	true
sni1gl.wpc.alphacdn.net	152.199.21.175	true
6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev	172.66.44.217	true
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true
fetchlnk.truesharingzone.site	162.254.39.141	true
s-part-0039.t-0009.t-msedge.net	13.107.246.67	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
inbound-weighted.protechts.net	35.190.10.96	true
www.google.com	216.58.206.68	true
stk.hsprotect.net	34.107.199.61	true
basicplan.filesdistributorin.online	162.254.39.141	true
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true
signup.live.com	unknown	unknown
collector-pxzc5j78di.hsprotect.net	unknown	unknown
logincdn.msftauth.net	unknown	unknown
client.hsprotect.net	unknown	unknown
msft.hsprotect.net	unknown	unknown
fpt.live.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	false	Avira URL Cloud: phishing	unknown
https://fetchlnk.truesharingzone.site/get.php	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://basicplan.filesdistributorin.online/ready-page.php	false	1%, Virustotal, Browse Avira URL Cloud: safe	unknown
https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	false		unknown
https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://collector-pxzc5j78di.hsprotect.net/api/v2/msft	false	Avira URL Cloud: safe	unknown
blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873	true	Avira URL Cloud: safe	unknown
https://stk.hsprotect.net/ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e	false	Avira URL Cloud: safe	unknown
https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	false		unknown
https://theextrenalfiles.filesdistributorin.online/thegifloader/loading.gif	false	Avira URL Cloud: safe	unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 131	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 132	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 133	ASCII text, with very long lines (17527), with CRLF line terminators	5AF6F84088697D18A619DEE97C894DF8	84BBAD0444C866FC1641FF16CE5EDE8047EC3868	B041B44303AFBC68A71866A5597660E6490AB889729DDB69EC3E7629C4138731
Chrome Cache Entry: 134	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 135	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 136	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
Chrome Cache Entry: 137	ASCII text, with very long lines (65402)	3403221E2A71871CE02AAA367B5C4748	4C831711DDEF2D4676147434C11D6337735EAC03	6099149817D46ECA1784C18660E807F192CB369FCE2FD571A944289FF3194139
Chrome Cache Entry: 138	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900	19AA49E6F345811CEBE895003C8FCFC7	48D93BEDEFFE842A3DFB5D3036D14178D97115F9	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
Chrome Cache Entry: 139	GIF image data, version 89a, 100 x 100	9643BA737D9091D6252BF5812310AF61	4714C1BE53C997289819B17C91E3A4FD0030A42C	3C21E22B282A0A65B6B07871D20856FB062DA3B5E1D481564379249BC2071235
Chrome Cache Entry: 140	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 141	JSON data	5FC018D9E6C56911BBC8DC5DDCD0C768	70979F57A85D527ED8ABCBF02CFF44640C58BDE6	2E6D78A4AE644F3B60AFD3C33E66539FF6C5F6A8ED6ABC40A3AF06AC020EC020
Chrome Cache Entry: 142	HTML document, Unicode text, UTF-8 text, with very long lines (23182), with CRLF line terminators	B9E251A7AA10101923655FAFCF494812	8050644B4A36AC8D22FC8F6C7580446DE4BD5C3A	0939776F86C22E213FF80D9C0E795A766DD8ABE7C4B00B347AB8146C8FEA2DFC
Chrome Cache Entry: 143	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 144	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881	05A20B73D23C52A09386F3222045E62D	0991D7FD9A84F82DD39FBE065C0070D3196F497C	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
Chrome Cache Entry: 145	ASCII text, with no line terminators	F79FFC1767406D43B996B050CEC09ED2	EA4F919251BCDE6EE3CB2E45C0356E1FA3B86661	1E62D5B3EFE0ECE892FF79BD65457FF2DC48A840444AFD53DEEDF2F2869BD685
Chrome Cache Entry: 146	HTML document, ASCII text, with very long lines (13037), with no line terminators	9E280072BF3FF50BD23649BBAD888639	1A8A94F48DEB1E52BD3BED8D1BC157C9CA96D7FA	8A43A76708766C0B7A9AE5F6044E30EB56BF4A9665530E5F2F3335AD30BE96E0
Chrome Cache Entry: 147	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 148	ASCII text, with very long lines (65402)	3403221E2A71871CE02AAA367B5C4748	4C831711DDEF2D4676147434C11D6337735EAC03	6099149817D46ECA1784C18660E807F192CB369FCE2FD571A944289FF3194139
Chrome Cache Entry: 149	ASCII text, with very long lines (65447)	641DD14370106E992D352166F5A07E99	EDA46747C71D38A880BEE44F9A439C3858BB8F99	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
Chrome Cache Entry: 150	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900	19AA49E6F345811CEBE895003C8FCFC7	48D93BEDEFFE842A3DFB5D3036D14178D97115F9	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
Chrome Cache Entry: 151	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 152	ASCII text, with very long lines (65447)	641DD14370106E992D352166F5A07E99	EDA46747C71D38A880BEE44F9A439C3858BB8F99	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
Chrome Cache Entry: 153	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915	FDADF2FE6A40F8745A54088F002AECA2	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
Chrome Cache Entry: 154	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 108310	FFB1F8211D580070470EA800670D93D5	E53659646AEEA3BEF3765BE84F2E9153B5A0EEE2	4577B35C16D4BEECEF87C6934E98D1F3BEDA07F38B7ED1AFF544B2F589E494DD
Chrome Cache Entry: 155	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915	FDADF2FE6A40F8745A54088F002AECA2	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
Chrome Cache Entry: 156	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 157	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900	19AA49E6F345811CEBE895003C8FCFC7	48D93BEDEFFE842A3DFB5D3036D14178D97115F9	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
Chrome Cache Entry: 158	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 901881	05A20B73D23C52A09386F3222045E62D	0991D7FD9A84F82DD39FBE065C0070D3196F497C	BAB90DCF5FE87AB6DDEED7339CC36967BA7188CE3E01CCF7C65D9369056C41A4
Chrome Cache Entry: 159	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 160	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915	FDADF2FE6A40F8745A54088F002AECA2	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
Chrome Cache Entry: 161	ASCII text, with no line terminators	AAAB7A355103063D9EEB4824A3A6B374	E51555F02C32321F3E48F07A0FA5AF46DF835BFC	79BA862622D6FA84AC7E4F98EB95043A255FC2C81711E9400A8AA4D4B1608471
Chrome Cache Entry: 162	ASCII text, with no line terminators	6BCE25B0AF7FE8BBABE2613B17EEC341	9835923943480D04452BF11DC1B3A26B02AC1617	71D6D20A22FCB0EDDB522A955D3D2DC7591B2E79CEFDB18933817FEDC6CAEBF2
Chrome Cache Entry: 163	HTML document, ASCII text, with very long lines (2627), with CRLF line terminators	366EC71CB3C61D49DB77DAB29691FFEF	B9A0F47FC103967DF90C5465F9E8D181B853645A	C06F9C8C1EC10049343A6211473AF85337A151F23CDFE8D120078A4958F0B49E
Chrome Cache Entry: 164	ASCII text, with no line terminators	55A1259939B0D83229714CA0CB6CFFF3	9447F4C96255A7AAED04E5A3FEB37D71EBB7E392	9E0401CEAE077878E0445631952128CC7C07383E3BF414A5927F4E3AE8B435F3
Chrome Cache Entry: 165	JSON data	9E576E34B18E986347909C29AE6A82C6	532C767978DC2B55854B3CA2D2DF5B4DB221C934	88BDF5AF090328963973990DE427779F9C4DF3B8E1F5BADC3D972BAC3087006D
Chrome Cache Entry: 166	GIF image data, version 89a, 100 x 100	9643BA737D9091D6252BF5812310AF61	4714C1BE53C997289819B17C91E3A4FD0030A42C	3C21E22B282A0A65B6B07871D20856FB062DA3B5E1D481564379249BC2071235
Chrome Cache Entry: 167	ASCII text, with very long lines (17527), with CRLF line terminators	5AF6F84088697D18A619DEE97C894DF8	84BBAD0444C866FC1641FF16CE5EDE8047EC3868	B041B44303AFBC68A71866A5597660E6490AB889729DDB69EC3E7629C4138731
Chrome Cache Entry: 168	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864	0E176276362B94279A4492511BFCBD98	389FE6B51F62254BB98939896B8C89EBEFFE2A02	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
Chrome Cache Entry: 169	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651	9F368BC4580FED907775F31C6B26D6CF	E393A40B3E337F43057EEE3DE189F197AB056451	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
Chrome Cache Entry: 170	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 171	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 900	19AA49E6F345811CEBE895003C8FCFC7	48D93BEDEFFE842A3DFB5D3036D14178D97115F9	F61DC276446B263FC29B1A8CE20D8BFD2C028F4603356F795687B942E3B4969F
Chrome Cache Entry: 172	ASCII text, with very long lines (65451)	DC5E7F18C8D36AC1D3D4753A87C98D0A	C8E1C8B386DC5B7A9184C763C88D19A346EB3342	F7F6A5894F1D19DDAD6FA392B2ECE2C5E578CBF7DA4EA805B6885EB6985B6E3D
Chrome Cache Entry: 173	ASCII text, with very long lines (65447)	641DD14370106E992D352166F5A07E99	EDA46747C71D38A880BEE44F9A439C3858BB8F99	A0FE8723DCF55DA64D06B25446D0A8513E52527C45AFCB37073465F9C6F352AF
Chrome Cache Entry: 174	HTML document, ASCII text, with very long lines (918)	5DC258F6742F6D22A4CD80F50926ED70	2925F965C31990E0F883E2E885A3D57056168DCC	3B8D3C93FD78C24F4C175C8515E4A5DF79AEE536AF4CED58BA078EA591569EAC
Chrome Cache Entry: 175	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 37866	E59C3B1EB6862A6333488A00880D79C4	D8FB445F630639C45CCC05AA32A3C5D7FBB10504	5DD6A7B363CEE654DDA1429F225F367716A621E77080485E30A2F4D12DBA5241
Chrome Cache Entry: 176	ASCII text, with very long lines (17527), with CRLF line terminators	5AF6F84088697D18A619DEE97C894DF8	84BBAD0444C866FC1641FF16CE5EDE8047EC3868	B041B44303AFBC68A71866A5597660E6490AB889729DDB69EC3E7629C4138731
Chrome Cache Entry: 177	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 915	FDADF2FE6A40F8745A54088F002AECA2	CE8A4413ABA3B2035EF4C48D46D76EABE4DDA4B0	AA6593B23F2559FE0C239B25F9AD9B2BC79437AE5EE23E412E13D148AB5B6B86
Chrome Cache Entry: 178	HTML document, ASCII text, with very long lines (3450), with CRLF line terminators	CB06E9A552B197D5C0EA600B431A3407	04E167433F2F1038C78F387F8A166BB6542C2008	1F4EDBD2416E15BD82E61BA1A8E5558D44C4E914536B1B07712181BF57934021
Chrome Cache Entry: 179	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 90678	BCD68C8A4F1BB13B272E02FDA0EB5460	57C81EE13D027556D54744C9246226E1E85C211C	25D5832DE46E5170761BA826342655D7C5550451332E4086EC366E79D359BD51
Chrome Cache Entry: 180	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors	12E3DAC858061D088023B2BD48E2FA96	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	Avira URL Cloud: detection malicious, Label: phishing
Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	SlashNext: detection malicious, Label: Credential Stealing type: Phishing & Social Engineering

Antivirus detection for URL or domain

Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	Avira URL Cloud: Label: phishing
Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/favicon.ico	Avira URL Cloud: Label: phishing

Multi AV Scanner detection for domain / URL

Source: fetchlnk.truesharingzone.site	Virustotal: Detection: 11%			Perma Link
Source: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev	Virustotal: Detection: 10%			Perma Link

Multi AV Scanner detection for submitted file

Source: http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

Virustotal: Detection: 10%

Perma Link

Phishing

AI detected phishing page

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

Yara detected HtmlPhish10

Source: Yara match

File source: 3.2.pages.csv, type: HTML

Found HTTP page in a blob

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

DOM page: Blob-based

Phishing site detected (based on image similarity)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

Matcher: Template: microsoft matched

HTML body contains password input but no form action

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: <input type="password" .../> found but no <form action="...

HTML page contains hidden javascript code

Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

HTTP Parser: Base64 decoded: http://localhost/get-links-from-db/get.php

Invalid 'forgot password' link found

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: Invalid link: Forgot password?

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: <input type="password" .../> found

Source: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/	HTTP Parser: No favicon
Source: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6	HTTP Parser: No favicon
Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon
Source: https://signup.live.com/signup?sru=https%3a%2f%2flogin.live.com%2foauth20_authorize.srf%3flc%3d1033%26mkt%3den-US%26client_id%3d51483342-085c-4d86-bf88-cf50c7252078%26opid%3d8CA641CBCCC3D19B%26opidt%3d1725145013%26uaid%3db58882512b7c40d78c42f4d88f1affac%26contextid%3dE209DBFE960421E1%26opignore%3d1&mkt=EN-US&uiflavor=web&lw=1&fl=easi2&client_id=51483342-085c-4d86-bf88-cf50c7252078&uaid=b58882512b7c40d78c42f4d88f1affac&suc=4345a7b9-9a63-4910-a426-35363201d503&lic=1	HTTP Parser: No favicon

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: No <meta name="author".. found

Source: blob:https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/c1df1dbf-abf3-4eae-a6d7-7a44dd944873

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:50826 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6 HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.devConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /get.php HTTP/1.1Host: fetchlnk.truesharingzone.siteConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev/890f5e421912d83086e5dcc2/86b1d9943b8c18420153e7/?qmjxeby3fc=k68onp7&v56l=p8d5-nmez-33k-n0y0c-r34w-5&dceb9z1km7=a2e153ebf3f42e16&i09d=jlz6Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /thegifloader/loading.gif HTTP/1.1Host: theextrenalfiles.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/converged.v2.login.min_wixdbz3ubznoegxpcgkfog2.css HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.devsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ready-page.php HTTP/1.1Host: basicplan.filesdistributorin.onlineConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ests/2.1/content/cdnbundles/ux.converged.login.strings-en.min_yruqtyo0qslo70l4a-_ung2.js HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_grey_2b5d393db04a5e6e1f739cb266e65b4c.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/1.0/content/images/ellipsis_635a63d500a92a0b8497cdc58d0f66b1.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://signup.live.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/js/signup-fabric_en_hjnWUmfm-pOUxYXWMUv1Yw2.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/microsoft_logo_ee5c8d9fb6248c938fd0.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e HTTP/1.1Host: stk.hsprotect.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://msft.hsprotect.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://msft.hsprotect.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/chunks/oneds-analytics-js_8c01a5c09df43fd8d323.js HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ns?c=54ff8770-67ec-11ef-b473-f144fcc16b1e HTTP/1.1Host: stk.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://signup.live.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /images/favicon.ico?v=2 HTTP/1.1Host: acctcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v2/msft HTTP/1.1Host: collector-pxzc5j78di.hsprotect.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: 6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev
Source: global traffic	DNS traffic detected: DNS query: fetchlnk.truesharingzone.site
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: palisades-observatory-3aea66138e00e57e9f-5677ed4549f19c25.pages.dev
Source: global traffic	DNS traffic detected: DNS query: theextrenalfiles.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: basicplan.filesdistributorin.online
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: signup.live.com
Source: global traffic	DNS traffic detected: DNS query: logincdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: fpt.live.com
Source: global traffic	DNS traffic detected: DNS query: msft.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: client.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: stk.hsprotect.net
Source: global traffic	DNS traffic detected: DNS query: collector-pxzc5j78di.hsprotect.net

Source: unknown

Source: global traffic

Source: chromecache_133.2.dr, chromecache_176.2.dr, chromecache_167.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.6.4/jquery.min.js
Source: chromecache_174.2.dr	String found in binary or memory: https://client.hsprotect.net/PXzC5j78di/main.min.js
Source: chromecache_142.2.dr	String found in binary or memory: https://fpt.live.com/
Source: chromecache_178.2.dr	String found in binary or memory: https://login.microsoftonline.com
Source: chromecache_178.2.dr	String found in binary or memory: https://login.windows-ppe.net

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50854
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50856
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50852
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50851
Source: unknown	Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50865
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50832 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50861
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50860
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50852 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50833 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50861 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50848 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50837 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50829
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50828
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50832
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50833
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50837
Source: unknown	Network traffic detected: HTTP traffic on port 50856 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50842 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50839
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 50865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 50851 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50842
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 50828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50844
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50848
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50841
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50839 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49746 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49751 version: TLS 1.2

Source: classification engine

Classification label: mal100.phis.win@26/79@48/15

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1996,i,7157607864066825849,6225300324728480668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2184 --field-trial-handle=1996,i,7157607864066825849,6225300324728480668,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1502359
Product:	CloudBasic
Start time:	00:55:37
Start date:	01.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://6b5b555f2a01cd6960fbc4a3facee2c37f07856d013f850d27993a35f2.pages.dev/