Windows Analysis Report
http://demettei.com

Overview

General Information

Sample URL:	http://demettei.com
Analysis ID:	1543998
Infos:

Detection

Score:	48
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Detected non-DNS traffic on DNS port

HTML page contains hidden javascript code

Classification

Signatures

Phishing

AI detected phishing page

Source: http://demettei.com/

LLM: Score: 9 Reasons: The brand 'Namecheap' is a known domain registrar and hosting company., The URL 'demettei.com' does not match the legitimate domain 'namecheap.com'., The URL 'demettei.com' does not contain any recognizable association with the brand 'Namecheap'., The request for email address verification and domain contact details is a common phishing tactic to gather sensitive information., The domain 'demettei.com' is suspicious as it does not relate to the known brand and could be used to impersonate or mislead users. DOM: 1.1.pages.csv

HTML page contains hidden javascript code

Source: http://demettei.com/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 301.46 229.3"><defs><style>.a{fill:#f2f2f2;}.b{fill:#fff;}.c{fill:#ffd45b;}.d{fill:#76c6c0;}.e{fill:#c5c9c8;}.f{fill:#005572;}.f,.g{fill-rule:evenodd;}.g{fill:#72c4be;}.h{fill:#32a6a9;}.i{fill:#3cc2d9;}...

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63080 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:63076 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: demettei.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: demettei.com
Source: global traffic	DNS traffic detected: DNS query: static.nc-img.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.namecheap.com

Source: chromecache_121.2.dr, chromecache_128.2.dr	String found in binary or memory: http://g.co/ng/security#xss)
Source: chromecache_128.2.dr	String found in binary or memory: http://g.co/ng/security#xss).
Source: chromecache_132.2.dr, chromecache_121.2.dr, chromecache_128.2.dr, chromecache_141.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_121.2.dr, chromecache_128.2.dr	String found in binary or memory: https://angular.io/
Source: chromecache_141.2.dr	String found in binary or memory: https://angular.io/license
Source: chromecache_126.2.dr, chromecache_139.2.dr	String found in binary or memory: https://www.namecheap.com/
Source: chromecache_126.2.dr, chromecache_139.2.dr	String found in binary or memory: https://www.namecheap.com/support/live-chat/general.aspx?loc

Source: unknown	Network traffic detected: HTTP traffic on port 63107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63130
Source: unknown	Network traffic detected: HTTP traffic on port 63165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63129
Source: unknown	Network traffic detected: HTTP traffic on port 63194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63125
Source: unknown	Network traffic detected: HTTP traffic on port 63171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63127
Source: unknown	Network traffic detected: HTTP traffic on port 63097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63140
Source: unknown	Network traffic detected: HTTP traffic on port 63177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63141
Source: unknown	Network traffic detected: HTTP traffic on port 63125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63137
Source: unknown	Network traffic detected: HTTP traffic on port 63153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63136
Source: unknown	Network traffic detected: HTTP traffic on port 63136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63138
Source: unknown	Network traffic detected: HTTP traffic on port 63130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63153
Source: unknown	Network traffic detected: HTTP traffic on port 63092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63152
Source: unknown	Network traffic detected: HTTP traffic on port 63147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63147
Source: unknown	Network traffic detected: HTTP traffic on port 63118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63160
Source: unknown	Network traffic detected: HTTP traffic on port 63158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63163
Source: unknown	Network traffic detected: HTTP traffic on port 63102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63158
Source: unknown	Network traffic detected: HTTP traffic on port 63172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63200
Source: unknown	Network traffic detected: HTTP traffic on port 63190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63109
Source: unknown	Network traffic detected: HTTP traffic on port 63200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63102
Source: unknown	Network traffic detected: HTTP traffic on port 63173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63105
Source: unknown	Network traffic detected: HTTP traffic on port 63106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63120
Source: unknown	Network traffic detected: HTTP traffic on port 63091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63111
Source: unknown	Network traffic detected: HTTP traffic on port 63080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 63117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63116
Source: unknown	Network traffic detected: HTTP traffic on port 63134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63091
Source: unknown	Network traffic detected: HTTP traffic on port 63180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63093
Source: unknown	Network traffic detected: HTTP traffic on port 63094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63097
Source: unknown	Network traffic detected: HTTP traffic on port 63122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63090
Source: unknown	Network traffic detected: HTTP traffic on port 63145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63088
Source: unknown	Network traffic detected: HTTP traffic on port 63116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63099
Source: unknown	Network traffic detected: HTTP traffic on port 63111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63174
Source: unknown	Network traffic detected: HTTP traffic on port 63149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63166
Source: unknown	Network traffic detected: HTTP traffic on port 63198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63167
Source: unknown	Network traffic detected: HTTP traffic on port 63175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63180
Source: unknown	Network traffic detected: HTTP traffic on port 63181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63186
Source: unknown	Network traffic detected: HTTP traffic on port 63093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63185
Source: unknown	Network traffic detected: HTTP traffic on port 63089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63178
Source: unknown	Network traffic detected: HTTP traffic on port 63115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63190
Source: unknown	Network traffic detected: HTTP traffic on port 63182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63196
Source: unknown	Network traffic detected: HTTP traffic on port 63199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63188
Source: unknown	Network traffic detected: HTTP traffic on port 63114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63189
Source: unknown	Network traffic detected: HTTP traffic on port 63154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63080
Source: unknown	Network traffic detected: HTTP traffic on port 63131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63083
Source: unknown	Network traffic detected: HTTP traffic on port 63099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63086
Source: unknown	Network traffic detected: HTTP traffic on port 63187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63198
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63176 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63080 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@21/40@12/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2028,i,15076331900883378116,17662837165647517080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://demettei.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2028,i,15076331900883378116,17662837165647517080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
239.255.255.250	unknown	Reserved	unknown	unknown	false
198.54.117.242	demettei.com	United States	22612	NAMECHEAP-NETUS	true
172.217.16.196	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.210.172	true
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true
demettei.com	198.54.117.242	true
s-part-0017.t-0009.fb-t-msedge.net	13.107.253.45	true
www.google.com	172.217.16.196	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
www.namecheap.com	unknown	unknown
static.nc-img.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://demettei.com/	true		unknown

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 121	Unicode text, UTF-8 text, with very long lines (28860)	0B789B1DA2AE8DAAFB7DBE161F39B121	0F6E5D831CCE369B5AB370C48C0CB94C59068D5C	1230AD30EA6BBCC22F8E08D8A496C66AAC8266DB7A4B72B2C465E0EC89C2C658
Chrome Cache Entry: 122	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	168AA475EC312D6C7A976BA66EF4E982	32C327AE4CA72AAE61CF5FE5929A8950503F28D5	CBBDA36462BD705A3377CC1A607DB2382C033161E16C56A8AADFE93F292874E0
Chrome Cache Entry: 123	MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel	25BBCC12F8B02E6442D1BD713DEFB81B	CACE8A1C9B2D39718A2965F068982BBF5509C2B9	8625166490607FD513AEF4A7B29927F616B8537D2602CB6B4AA00935CD5639F6
Chrome Cache Entry: 124	PNG image data, 1440 x 225, 8-bit/color RGBA, interlaced	369B97593FA5F939CFC8FD458C458737	1BA24E9DCCAD4820D7036D40849F3A3661882B6B	F9B75086BD476ABD93292B689DFF7EEF57D037834E7D0926107421492E22FA2C
Chrome Cache Entry: 125	gzip compressed data, from Unix, original size modulo 2^32 44434	EA7E76AE2F046C72F536CA05FE6093CD	8CBD6911B507595E530D0AAC835E138B2D970BC6	87784922EB4B32B67F4D8C5D5AB862CB6A97CC21DC776F5426DFE80ED055C0A4
Chrome Cache Entry: 126	Unicode text, UTF-8 text, with very long lines (64880), with no line terminators	A0A0453DC621B1F8D016F838F8C5BFAE	843CEFD6F474940A2790EDC2B5F02A1374A9AD05	7593448EC6C3349C827AAAEB7FD5A8AFBD90B96BE204331C6EB85A31888E9DF8
Chrome Cache Entry: 127	Web Open Font Format (Version 2), TrueType, length 20920, version 1.0	5D9883D92E2EAA724E4E6BEB0EF6728A	3E36376942825AAAA32279175FDB34A4B7BC9435	9C0749DC1DEB3275E1846A462C0DCB83DF2B5FEC30112EACDF5530FA51E3160F
Chrome Cache Entry: 128	Unicode text, UTF-8 text, with very long lines (28860)	0B789B1DA2AE8DAAFB7DBE161F39B121	0F6E5D831CCE369B5AB370C48C0CB94C59068D5C	1230AD30EA6BBCC22F8E08D8A496C66AAC8266DB7A4B72B2C465E0EC89C2C658
Chrome Cache Entry: 129	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	168AA475EC312D6C7A976BA66EF4E982	32C327AE4CA72AAE61CF5FE5929A8950503F28D5	CBBDA36462BD705A3377CC1A607DB2382C033161E16C56A8AADFE93F292874E0
Chrome Cache Entry: 130	MS Windows icon resource - 2 icons, 32x32, 32 bits/pixel, 16x16, 32 bits/pixel	25BBCC12F8B02E6442D1BD713DEFB81B	CACE8A1C9B2D39718A2965F068982BBF5509C2B9	8625166490607FD513AEF4A7B29927F616B8537D2602CB6B4AA00935CD5639F6
Chrome Cache Entry: 131	ASCII text, with very long lines (65536), with no line terminators	6EB4134F13E2F1D3B205B790D90ACBC5	DB4420C5EE3E21902BB620CF6897E46A31B6B630	9436E0161212285124586ACE8780B12FE73D8145F7D3D7B73EF2F352F0E934E4
Chrome Cache Entry: 132	Unicode text, UTF-8 text, with very long lines (36846)	BBB0A7562A948CA06BCEBB419B7B31FA	C2BF2B3B01D60231D96D422FB1E93EB9871A1F78	9C0BD44B3D16140158EB5F52B28E48CBDFDB7215B06DFEEB2CD07078361E1016
Chrome Cache Entry: 133	Web Open Font Format (Version 2), TrueType, length 20848, version 1.0	96DD56EBB50AA0150F6630360D8D69CF	8ADA6284514DB2F56A084733EED649B9C7D41F1F	93467F75842330C3502FC0268A7A62151F3744221CA7FFA6DC5057DAC4A64CEE
Chrome Cache Entry: 134	Web Open Font Format, TrueType, length 35241, version 0.0	79D75C0208E298DCE66A21F77DE03EF7	14541A65F08834B16ACA7D79EB78300A65F1EDA2	6A382A283C77B7E93E7BB5B0B1902242082A4800DAC20DA3334D641093B33005
Chrome Cache Entry: 135	Web Open Font Format (Version 2), TrueType, length 26180, version 1.0	C1D44D108721DDDBCC98281FE137CDA6	D98C5F9985A4DF573BF8E406E84152A5AC94B186	7BE1913E58996BC81CB052E9914CB492D0ACF125434ED1DDF0144D8A93189DFF
Chrome Cache Entry: 136	PNG image data, 219 x 43, 8-bit colormap, non-interlaced	4072D8D7BFCA34BE693EB0E573C3B7FE	6B2D4C85693DAA99C1AB6B1D6134F10EC6C13A88	9B69072496FA454B46C2E91EA0BCFEEEDC8A47B268A07863C9EEE88082AA6937
Chrome Cache Entry: 137	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	9C3B83FD37AB617BBE55D0FDC0222FA9	880E8419E745EA307CFD7B813B4C53590A893373	7307FF8FCE6BE70DBD3C6EC226910961F863B26F4ABCE662A7F757821E7B9B1F
Chrome Cache Entry: 138	Web Open Font Format (Version 2), TrueType, length 18128, version 1.0	B125DC012841FA8A23B98C37499CA5E8	2EA271A80F6A93B9888A34797DB75CEE3E627673	177C4F2826CBC2CC24A9D8018E6C9848ED73178A76FD3AABE99B44EE9458514C
Chrome Cache Entry: 139	Unicode text, UTF-8 text, with very long lines (64880), with no line terminators	A0A0453DC621B1F8D016F838F8C5BFAE	843CEFD6F474940A2790EDC2B5F02A1374A9AD05	7593448EC6C3349C827AAAEB7FD5A8AFBD90B96BE204331C6EB85A31888E9DF8
Chrome Cache Entry: 140	PNG image data, 1440 x 225, 8-bit/color RGBA, interlaced	369B97593FA5F939CFC8FD458C458737	1BA24E9DCCAD4820D7036D40849F3A3661882B6B	F9B75086BD476ABD93292B689DFF7EEF57D037834E7D0926107421492E22FA2C
Chrome Cache Entry: 141	Unicode text, UTF-8 text, with very long lines (36846)	BBB0A7562A948CA06BCEBB419B7B31FA	C2BF2B3B01D60231D96D422FB1E93EB9871A1F78	9C0BD44B3D16140158EB5F52B28E48CBDFDB7215B06DFEEB2CD07078361E1016
Chrome Cache Entry: 142	ASCII text, with very long lines (31921), with no line terminators	AB29BFD164428D10F32BC34DF1CAD4ED	2429F345B1AF2501E68724A011BE327B63108EDB	1C4E83808BF28A02416BFB12EE9FAB3C5C55E075376A472D64FCFDBBFAB01A51
Chrome Cache Entry: 143	PNG image data, 80 x 80, 8-bit/color RGBA, non-interlaced	9C3B83FD37AB617BBE55D0FDC0222FA9	880E8419E745EA307CFD7B813B4C53590A893373	7307FF8FCE6BE70DBD3C6EC226910961F863B26F4ABCE662A7F757821E7B9B1F
Chrome Cache Entry: 144	PNG image data, 219 x 43, 8-bit colormap, non-interlaced	4072D8D7BFCA34BE693EB0E573C3B7FE	6B2D4C85693DAA99C1AB6B1D6134F10EC6C13A88	9B69072496FA454B46C2E91EA0BCFEEEDC8A47B268A07863C9EEE88082AA6937

Phishing

AI detected phishing page

Source: http://demettei.com/

HTML page contains hidden javascript code

Source: http://demettei.com/

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63080 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.4:63076 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.57.40
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: demettei.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: demettei.com
Source: global traffic	DNS traffic detected: DNS query: static.nc-img.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: www.namecheap.com

Source: chromecache_121.2.dr, chromecache_128.2.dr	String found in binary or memory: http://g.co/ng/security#xss)
Source: chromecache_128.2.dr	String found in binary or memory: http://g.co/ng/security#xss).
Source: chromecache_132.2.dr, chromecache_121.2.dr, chromecache_128.2.dr, chromecache_141.2.dr	String found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
Source: chromecache_121.2.dr, chromecache_128.2.dr	String found in binary or memory: https://angular.io/
Source: chromecache_141.2.dr	String found in binary or memory: https://angular.io/license
Source: chromecache_126.2.dr, chromecache_139.2.dr	String found in binary or memory: https://www.namecheap.com/
Source: chromecache_126.2.dr, chromecache_139.2.dr	String found in binary or memory: https://www.namecheap.com/support/live-chat/general.aspx?loc

Source: unknown	Network traffic detected: HTTP traffic on port 63107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63131
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63130
Source: unknown	Network traffic detected: HTTP traffic on port 63165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63129
Source: unknown	Network traffic detected: HTTP traffic on port 63194 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63121
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63125
Source: unknown	Network traffic detected: HTTP traffic on port 63171 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63127
Source: unknown	Network traffic detected: HTTP traffic on port 63097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63140
Source: unknown	Network traffic detected: HTTP traffic on port 63177 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63142
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63141
Source: unknown	Network traffic detected: HTTP traffic on port 63125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63188 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63137
Source: unknown	Network traffic detected: HTTP traffic on port 63153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63136
Source: unknown	Network traffic detected: HTTP traffic on port 63136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63139
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63138
Source: unknown	Network traffic detected: HTTP traffic on port 63130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63151
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63150
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63153
Source: unknown	Network traffic detected: HTTP traffic on port 63092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63152
Source: unknown	Network traffic detected: HTTP traffic on port 63147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63189 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63146
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63145
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63148
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63147
Source: unknown	Network traffic detected: HTTP traffic on port 63118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63149
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63160
Source: unknown	Network traffic detected: HTTP traffic on port 63158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63183 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63162
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63161
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63163
Source: unknown	Network traffic detected: HTTP traffic on port 63102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63155
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63157
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63156
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63158
Source: unknown	Network traffic detected: HTTP traffic on port 63172 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63178 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63184 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63201
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63200
Source: unknown	Network traffic detected: HTTP traffic on port 63190 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63195 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63109
Source: unknown	Network traffic detected: HTTP traffic on port 63200 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63196 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63102
Source: unknown	Network traffic detected: HTTP traffic on port 63173 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63103
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63105
Source: unknown	Network traffic detected: HTTP traffic on port 63106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63179 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63120
Source: unknown	Network traffic detected: HTTP traffic on port 63091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63111
Source: unknown	Network traffic detected: HTTP traffic on port 63080 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63110
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 63117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63116
Source: unknown	Network traffic detected: HTTP traffic on port 63134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63151 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63091
Source: unknown	Network traffic detected: HTTP traffic on port 63180 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63093
Source: unknown	Network traffic detected: HTTP traffic on port 63094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63097
Source: unknown	Network traffic detected: HTTP traffic on port 63122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63090
Source: unknown	Network traffic detected: HTTP traffic on port 63145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63088
Source: unknown	Network traffic detected: HTTP traffic on port 63116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63139 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63185 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63191 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63174 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63099
Source: unknown	Network traffic detected: HTTP traffic on port 63111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63186 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63163 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63192 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63169 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63197 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63201 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63171
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63170
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63173
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63172
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63175
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63174
Source: unknown	Network traffic detected: HTTP traffic on port 63149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63166
Source: unknown	Network traffic detected: HTTP traffic on port 63198 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63167
Source: unknown	Network traffic detected: HTTP traffic on port 63175 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63169
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63180
Source: unknown	Network traffic detected: HTTP traffic on port 63181 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63182
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63181
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63184
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63183
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63186
Source: unknown	Network traffic detected: HTTP traffic on port 63093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63185
Source: unknown	Network traffic detected: HTTP traffic on port 63089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63177
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63176
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63179
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63178
Source: unknown	Network traffic detected: HTTP traffic on port 63115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63170 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63191
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63190
Source: unknown	Network traffic detected: HTTP traffic on port 63182 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63193
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63192
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63195
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63194
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63197
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63196
Source: unknown	Network traffic detected: HTTP traffic on port 63199 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63188
Source: unknown	Network traffic detected: HTTP traffic on port 63114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63187
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63189
Source: unknown	Network traffic detected: HTTP traffic on port 63154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63081
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63080
Source: unknown	Network traffic detected: HTTP traffic on port 63131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63083
Source: unknown	Network traffic detected: HTTP traffic on port 63099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63087
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63086
Source: unknown	Network traffic detected: HTTP traffic on port 63187 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63193 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63199
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 63198
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 63176 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49745 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 13.107.253.45:443 -> 192.168.2.4:63080 version: TLS 1.2

Source: classification engine

Classification label: mal48.phis.win@21/40@12/4

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2028,i,15076331900883378116,17662837165647517080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://demettei.com"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2352 --field-trial-handle=2028,i,15076331900883378116,17662837165647517080,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1543998
Product:	CloudBasic
Start time:	17:39:23
Start date:	28.10.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://demettei.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://demettei.com

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://demettei.com