Windows Analysis Report
https://tronlkam8s2.z13.web.core.windows.net

Overview

General Information

Sample URL: https://tronlkam8s2.z13.web.core.windows.net
Analysis ID: 1541413
Infos:

Detection

TechSupportScam
Score: 68
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

AI detected phishing page
Antivirus / Scanner detection for submitted sample
Yara detected TechSupportScam
Phishing site detected (based on logo match)
Detected clear text password fields (password is not hidden)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML title does not match URL
Javascript checks online IP of machine

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: https://tronlkam8s2.z13.web.core.windows.net SlashNext: detection malicious, Label: Scareware type: Phishing & Social Engineering

Phishing
barindex
AI detected phishing page
Source: https://tronlkam8s2.z13.web.core.windows.net/ LLM: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'tronlkam8s2.z13.web.core.windows.net' does not match the legitimate domain for Microsoft., The URL uses a subdomain structure under 'web.core.windows.net', which is a domain associated with Microsoft Azure services., The presence of 'windows.net' could be misleading, as it is a legitimate Microsoft domain, but the subdomain 'tronlkam8s2.z13' is unusual and not directly associated with Microsoft services., The use of a cloud service domain can be legitimate, but it is also a common tactic for phishing sites to use trusted domains to appear legitimate., The input fields 'User name' and 'Password' are typical targets for phishing attacks, especially when combined with a suspicious URL. DOM: 0.0.pages.csv
Source: https://tronlkam8s2.z13.web.core.windows.net/ LLM: Score: 7 Reasons: The brand 'Windows' is well-known and typically associated with Microsoft., The URL 'tronlkam8s2.z13.web.core.windows.net' uses a subdomain of 'web.core.windows.net', which is a legitimate domain used by Microsoft Azure for hosting services., The presence of 'windows.net' in the URL could be legitimate as it is a Microsoft domain, but the subdomain 'tronlkam8s2.z13' is unusual and not directly associated with any known Windows services., The URL structure with random characters in the subdomain is suspicious and not typical for official Windows login pages., The input fields 'User name' and 'Password' are common targets for phishing attempts. DOM: 0.2.pages.csv
Source: https://tronlkam8s2.z13.web.core.windows.net/ LLM: Score: 7 Reasons: The brand 'Microsoft' is well-known and typically associated with the domain 'microsoft.com'., The URL 'tronlkam8s2.z13.web.core.windows.net' does not match the legitimate domain for Microsoft., The URL uses a subdomain structure under 'web.core.windows.net', which is a domain associated with Microsoft Azure services., While 'web.core.windows.net' is a legitimate Microsoft Azure domain, the subdomain 'tronlkam8s2.z13' is not directly associated with Microsoft and could be used by any Azure customer., The presence of input fields for 'User name' and 'Password' on a non-Microsoft domain increases the risk of phishing. DOM: 0.3.pages.csv
Yara detected TechSupportScam
Source: Yara match File source: 0.2.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
Source: Yara match File source: 0.4.pages.csv, type: HTML
Source: Yara match File source: 0.3.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_191, type: DROPPED
Phishing site detected (based on logo match)
Source: https://tronlkam8s2.z13.web.core.windows.net/ Matcher: Template: microsoft matched
Source: https://tronlkam8s2.z13.web.core.windows.net/ Matcher: Template: microsoft matched
Source: https://tronlkam8s2.z13.web.core.windows.net/ Matcher: Template: microsoft matched
Source: https://tronlkam8s2.z13.web.core.windows.net/ Matcher: Template: microsoft matched
Source: https://tronlkam8s2.z13.web.core.windows.net/ Matcher: Template: microsoft matched
Detected clear text password fields (password is not hidden)
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: <input type="text"... for password input
HTML body contains low number of good links
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: Number of links: 0
HTML title does not match URL
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: Title: System Security does not match URL
Javascript checks online IP of machine
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: var t = new xmlhttprequest; t.onreadystatechange = function() { if (4 == this.readystate && 200 == this.status) { var a = json.parse(this.responsetext); ipadd = a.ip; city = a.city; country = a.country; isp = a.connection.isp; var b = new date; currtime = a.timezone.current_time; document.getelementbyid("ip_add").textcontent = "address ip: " + ipadd + " " + b.tolocalestring("en-us", currtime); document.getelementbyid("city").textcontent = "location: " + city + ", " + country; document.getelementbyid("isp").textcontent = "isp: " + isp } }; t.open("get", "https://ipwho.is/?lang=en", !0); t.send();
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="author".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="author".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="author".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="author".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="author".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="copyright".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="copyright".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="copyright".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="copyright".. found
Source: https://tronlkam8s2.z13.web.core.windows.net/ HTTP Parser: No <meta name="copyright".. found
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:59190 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:59199 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:59336 version: TLS 1.2
Detected non-DNS traffic on DNS port
Source: global traffic TCP traffic: 192.168.2.4:59161 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: global traffic HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://tronlkam8s2.z13.web.core.windows.netSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://tronlkam8s2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /?lang=en HTTP/1.1Host: ipwho.isConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /get/script.js?referrer=https://tronlkam8s2.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://tronlkam8s2.z13.web.core.windows.net/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /get/script.js?referrer=https://tronlkam8s2.z13.web.core.windows.net/ HTTP/1.1Host: userstatics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=swoVVagpdBmrNgf&MD=Vl2Rkrng HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=swoVVagpdBmrNgf&MD=Vl2Rkrng HTTP/1.1Connection: Keep-AliveAccept: */*User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: data-href="https://www.facebook.com/pngpix" equals www.facebook.com (Facebook)
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: href="https://www.facebook.com/pngpix" target="_blank"><i equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: ipwho.is
Source: global traffic DNS traffic detected: DNS query: userstatics.com
Source: chromecache_172.2.dr String found in binary or memory: http://fontawesome.io
Source: chromecache_172.2.dr String found in binary or memory: http://fontawesome.io/license
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://ogp.me/ns#
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://wordpress.org/plugins/wp-super-minify
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://www.pngpix.com/wp-content/plugins/no-right-click-images-plugin/no-right-click-images.js
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://www.pngpix.com/wp-content/plugins/no-right-click-images-plugin/not.gif
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://www.pngpix.com/wp-content/themes/pngpix/images/bg.jpg)
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://www.pngpix.com/wp-content/uploads/2016/06/favicon.png
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: http://www.pngpix.com/wp-content/uploads/2016/06/logo.png
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://api.w.org/
Source: chromecache_155.2.dr String found in binary or memory: https://ezgif.com/optimize
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.google.com/license/googlerestricted
Source: chromecache_191.2.dr String found in binary or memory: https://fonts.googleapis.com/css2?family=Google
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Awp5MKg.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Bwp5MKg.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Kwp5MKg.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Nwp5MKg.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UaGrENHsxJlGDuGo1OIlL3Owp4.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt3CwZ-Pw.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt8CwZ-Pw.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94Yt9CwZ-Pw.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtwCwZ-Pw.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesans/v16/4UabrENHsxJlGDuGo1OIlLU94YtzCwY.woff2)format(
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmZjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmdjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmhjtg.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmtjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oLlVnmxjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmZjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmdjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmhjtg.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmtjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUp9-KzpRiLCAt4Unrc-xIKmCU5oPFTnmxjtiu7.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qE52i1dC.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qER2i1dC.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEV2i1dC.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEl2i1dC.woff2)
Source: chromecache_147.2.dr String found in binary or memory: https://fonts.gstatic.com/s/googlesanstext/v22/5aUu9-KzpRiLCAt4Unrc-xIKmCU5qEp2iw.woff2)
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fABc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBBc4.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fBxc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCBc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCRc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fChc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmEU9fCxc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfABc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBBc4.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfBxc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCBc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCRc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfChc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOlCnqEu92Fr1MmWUlfCxc4EsA.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4WxKOzY.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu4mxK.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu5mxKOzY.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu72xKOzY.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7GxKOzY.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7WxKOzY.woff2)format(
Source: chromecache_208.2.dr String found in binary or memory: https://fonts.gstatic.com/s/roboto/v18/KFOmCnqEu92Fr1Mu7mxKOzY.woff2)format(
Source: chromecache_177.2.dr, chromecache_141.2.dr, chromecache_167.2.dr String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_177.2.dr, chromecache_141.2.dr, chromecache_167.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
Source: chromecache_177.2.dr, chromecache_141.2.dr String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: chromecache_191.2.dr String found in binary or memory: https://ipwho.is/?lang=en
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://twitter.com/pngpixcom
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pinterest.com/pngpixcom/
Source: chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/comments/feed
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/download/
Source: chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/feed
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/plugins/anthemes-shortcodes/includes/css/anthemes-shortcodes.css?v
Source: chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/plugins/facebook-page-promoter-lightbox/includes/featherlight/feat
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/plugins/facebook-page-promoter-lightbox/includes/launch/launch.min
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/plugins/wp-pagenavi/pagenavi-css.css?ver=2.70
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/css/colors/default.css?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/css/font-awesome-4.5.0/css/font-awesome.min.css?ver=
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/css/responsive.css?ver=1.0
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/images/menu/arrow-down.png
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/images/menu/arrow-right.png
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/js/custom.js?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/js/html5.js
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/js/jquery.main.js?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/owl-carousel/owl.carousel.css?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/owl-carousel/owl.carousel.min.js?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-content/themes/pngpix/style.css?ver=1.0
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-includes/js/jquery/jquery-migrate.min.js?ver=1.4.1
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-includes/js/jquery/jquery.js?ver=1.12.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-includes/js/wp-embed.min.js?ver=4.9.4
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-includes/wlwmanifest.xml
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/wp-json/
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/xmlrpc.php
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com/xmlrpc.php?rsd
Source: chromecache_144.2.dr, chromecache_175.2.dr String found in binary or memory: https://www.pngpix.com?ga_action=googleanalytics_get_script
Source: unknown Network traffic detected: HTTP traffic on port 59351 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59322 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59294 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59288 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59309
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59308
Source: unknown Network traffic detected: HTTP traffic on port 59316 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59305
Source: unknown Network traffic detected: HTTP traffic on port 59207 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59242 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59306
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59312
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59314
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59313
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59310
Source: unknown Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49812 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59260 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59201 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59316
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59318
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59317
Source: unknown Network traffic detected: HTTP traffic on port 59356 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59202
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59201
Source: unknown Network traffic detected: HTTP traffic on port 59253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59322
Source: unknown Network traffic detected: HTTP traffic on port 59362 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59204
Source: unknown Network traffic detected: HTTP traffic on port 59196 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59325
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59203
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59324
Source: unknown Network traffic detected: HTTP traffic on port 59299 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59310 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59200
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59321
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59320
Source: unknown Network traffic detected: HTTP traffic on port 59236 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59219 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59328 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59345 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59209
Source: unknown Network traffic detected: HTTP traffic on port 59248 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59282 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59206
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59326
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59208
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59329
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59207
Source: unknown Network traffic detected: HTTP traffic on port 59225 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59328
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59213
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59334
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59212
Source: unknown Network traffic detected: HTTP traffic on port 59254 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59333
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59336
Source: unknown Network traffic detected: HTTP traffic on port 59197 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59214
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59330
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59211
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59332
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59210
Source: unknown Network traffic detected: HTTP traffic on port 59212 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59344 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59231 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59350 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59287 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59293 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59333 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59338
Source: unknown Network traffic detected: HTTP traffic on port 59220 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59216
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59337
Source: unknown Network traffic detected: HTTP traffic on port 59206 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59219
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59218
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59224
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59345
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59223
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59344
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59226
Source: unknown Network traffic detected: HTTP traffic on port 59276 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59225
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59220
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59341
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59340
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59222
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59221
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59342
Source: unknown Network traffic detected: HTTP traffic on port 59259 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59305 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59326 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59290 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59303 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59355 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59261 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59200 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59332 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59195 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59361 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59197
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59199
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59194
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59193
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59196
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59195
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59190
Source: unknown Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59237 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown Network traffic detected: HTTP traffic on port 59321 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59295 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59226 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59338 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59314 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59211 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59320 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49769
Source: unknown Network traffic detected: HTTP traffic on port 59232 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 59244 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59221 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59277 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59216 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59250 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59348 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown Network traffic detected: HTTP traffic on port 59266 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59283 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59249 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59354 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59301
Source: unknown Network traffic detected: HTTP traffic on port 59337 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59255 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59303
Source: unknown Network traffic detected: HTTP traffic on port 59360 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59302
Source: unknown Network traffic detected: HTTP traffic on port 59190 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59272 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59238 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59309 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59227 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59359 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49769 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59279
Source: unknown Network traffic detected: HTTP traffic on port 59204 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59313 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59336 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59256 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59275
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59274
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59277
Source: unknown Network traffic detected: HTTP traffic on port 59279 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59276
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59270
Source: unknown Network traffic detected: HTTP traffic on port 59199 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59210 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59273
Source: unknown Network traffic detected: HTTP traffic on port 59342 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59272
Source: unknown Network traffic detected: HTTP traffic on port 59233 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59239 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59291 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59325 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59268 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59285 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59222 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59280 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59286
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59285
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59288
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59287
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59282
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59281
Source: unknown Network traffic detected: HTTP traffic on port 59274 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59283
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59280
Source: unknown Network traffic detected: HTTP traffic on port 59267 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59324 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59330 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59353 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59209 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59297
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59299
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59298
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59293
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59292
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59295
Source: unknown Network traffic detected: HTTP traffic on port 59273 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59294
Source: unknown Network traffic detected: HTTP traffic on port 59308 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59291
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59290
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown Network traffic detected: HTTP traffic on port 59302 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 59358 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59245 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59262 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59194 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59203 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59364 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59269 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59223 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59349
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59227
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59229
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59235
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59356
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59355
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59237
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59358
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59236
Source: unknown Network traffic detected: HTTP traffic on port 59281 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59231
Source: unknown Network traffic detected: HTTP traffic on port 59275 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59230
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59351
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59233
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59354
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59232
Source: unknown Network traffic detected: HTTP traffic on port 59298 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59353
Source: unknown Network traffic detected: HTTP traffic on port 59306 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59350
Source: unknown Network traffic detected: HTTP traffic on port 59214 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59346 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49812
Source: unknown Network traffic detected: HTTP traffic on port 59252 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59329 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59264 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59317 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59239
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59238
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59359
Source: unknown Network traffic detected: HTTP traffic on port 59208 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59229 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59245
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59248
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59242
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59363
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59241
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59362
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59244
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59243
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59364
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59361
Source: unknown Network traffic detected: HTTP traffic on port 59257 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59341 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59360
Source: unknown Network traffic detected: HTTP traffic on port 59270 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59292 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59286 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59301 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59318 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59202 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59263 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59334 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59249
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59257
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59256
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59259
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59253
Source: unknown Network traffic detected: HTTP traffic on port 59340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59252
Source: unknown Network traffic detected: HTTP traffic on port 59193 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59255
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59254
Source: unknown Network traffic detected: HTTP traffic on port 59235 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59250
Source: unknown Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59218 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59363 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59224 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 59241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59268
Source: unknown Network traffic detected: HTTP traffic on port 59230 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59267
Source: unknown Network traffic detected: HTTP traffic on port 59312 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59269
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59264
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59263
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59266
Source: unknown Network traffic detected: HTTP traffic on port 59297 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59260
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59262
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 59261
Source: unknown Network traffic detected: HTTP traffic on port 59213 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49755 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49769 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:49799 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:59190 version: TLS 1.2
Source: unknown HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.4:59199 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.4:59336 version: TLS 1.2

Spam, unwanted Advertisements and Ransom Demands
barindex
Yara detected TechSupportScam
Source: Yara match File source: 0.2.pages.csv, type: HTML
Source: Yara match File source: 0.1.pages.csv, type: HTML
Source: Yara match File source: 0.4.pages.csv, type: HTML
Source: Yara match File source: 0.3.pages.csv, type: HTML
Source: Yara match File source: 0.0.pages.csv, type: HTML
Source: Yara match File source: dropped/chromecache_191, type: DROPPED
Source: classification engine Classification label: mal68.phis.win@23/127@10/5
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2252,i,8569824383269648916,5444035388297310183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tronlkam8s2.z13.web.core.windows.net"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 --field-trial-handle=2252,i,8569824383269648916,5444035388297310183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2292 --field-trial-handle=2252,i,8569824383269648916,5444035388297310183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5544 --field-trial-handle=2252,i,8569824383269648916,5444035388297310183,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Window Recorder Window detected: More than 3 window changes detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1541413 URL: https://tronlkam8s2.z13.web... Startdate: 24/10/2024 Architecture: WINDOWS Score: 68 26 Antivirus / Scanner detection for submitted sample 2->26 28 AI detected phishing page 2->28 30 Yara detected TechSupportScam 2->30 32 Phishing site detected (based on logo match) 2->32 6 chrome.exe 1 2->6         started        9 chrome.exe 2->9         started        process3 dnsIp4 16 192.168.2.4, 138, 443, 49237 unknown unknown 6->16 18 239.255.255.250 unknown Reserved 6->18 11 chrome.exe 6->11         started        14 chrome.exe 6->14         started        process5 dnsIp6 20 ipwho.is 195.201.57.90, 443, 49766, 49778 HETZNER-ASDE Germany 11->20 22 www.google.com 142.250.186.68, 443, 49746, 59272 GOOGLEUS United States 11->22 24 userstatics.com 188.114.96.3, 443, 49784, 49791 CLOUDFLARENETUS European Union 11->24
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs

Contacted Public IPs

IP Domain Country Flag ASN ASN Name Malicious
142.250.186.68
 www.google.com United States
15169 GOOGLEUS false
239.255.255.250
 unknown Reserved
unknown unknown false
188.114.96.3
 userstatics.com European Union
13335 CLOUDFLARENETUS false
195.201.57.90
 ipwho.is Germany
24940 HETZNER-ASDE false

Private

IP
192.168.2.4

Contacted Domains

Name IP Active
ipwho.is 195.201.57.90 true
userstatics.com 188.114.96.3 true
www.google.com 142.250.186.68 true
s-part-0032.t-0009.t-msedge.net 13.107.246.60 true

Contacted URLs

Name Malicious Antivirus Detection Reputation
https://ipwho.is/?lang=en false
    		unknown