Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49740 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.4:49741 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49742 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.109.210.53:443 -> 192.168.2.4:49775 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49776 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49954 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 13.107.246.45:443 -> 192.168.2.4:49966 version: TLS 1.2 |
Source: unknown |
HTTPS traffic detected: 20.42.65.91:443 -> 192.168.2.4:50047 version: TLS 1.2 |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
HTTP traffic: Redirect from: u48186210.ct.sendgrid.net to https://cdn.discordapp.com/attachments/1309071256703991839/1309114652906491935/mandatory_notice_for_all_december_leave_and_vacation_application.xls.z?ex=67406787&is=673f1607&hm=7cc1154f0d5655485232483d18f50467f8f6693e8153e451db4924feef63cd2f& |
Source: C:\Program Files\Google\Chrome\Application\chrome.exe |
HTTP traffic: Redirect from: u48186210.ct.sendgrid.net to https://cdn.discordapp.com/attachments/1309071256703991839/1309114652906491935/mandatory_notice_for_all_december_leave_and_vacation_application.xls.z?ex=67406787&is=673f1607&hm=7cc1154f0d5655485232483d18f50467f8f6693e8153e451db4924feef63cd2f& |
Source: global traffic |
HTTP traffic detected: POST /OneCollector/1.0/ HTTP/1.1Accept: */*APIKey: cd836626611c4caaa8fc5b2e728ee81d-3b6d6c45-6377-4bf5-9792-dbf8e1881088-7521AuthMsaDeviceTicket: t=GwAWAbuEBAAU2qcZHJoKGNizGOeyqM4OaIoSZ0MOZgAAEJanOM/f8BEauEo6GRqguxLgAJt0LBh1uWaBD08sPTthnLouxyOeqq8UXC40zxYtXUeuLL3jc98oc4sgTt8Qg5RgpVyPUGOqQCdIMU+jHj5jPNgpCOYLzgjk7/68jQbYqRpL5buJGDaKHJUU4Qzi5sjC1iwUwrkBZLfklCNSWdGai+iykzR0ELnFD4lJb88vZch+TXuihcRzjbZvJG6mFONQPa3ignNQpsSbQgkMM4xuASI/kaIM+YTU5dBQE1SH8k0CwZj5Yc3H1S94NyGSn+DeuALqccEE8gt3uchW9hnkYs9tmlAQt7GBc9BBk/kSpz+oHgE=&p=Client-Id: NO_AUTHContent-Encoding: deflateContent-Type: application/bond-compact-binaryExpect: 100-continueSDK-Version: EVT-Windows-C++-No-3.4.15.1Upload-Time: 1732196128596Host: self.events.data.microsoft.comContent-Length: 7975Connection: Keep-AliveCache-Control: no-cache |
Source: Network traffic |
Suricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.4:50047 -> 20.42.65.91:443 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 173.222.162.32 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 184.28.90.27 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 167.89.123.122 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: unknown |
TCP traffic detected without corresponding DNS query: 13.107.246.45 |
Source: global traffic |
HTTP traffic detected: GET /s/NlWWCnZJJxhp2O85HZsWHJcGBn?domain=u48186210.ct.sendgrid.net. HTTP/1.1Host: url.za.m.mimecastprotect.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9 |
Source: global traffic |
HTTP traffic detected: GET /r/keBKmKiRq1I0Zk2U4KZpD5aQ6rTrbf-Wg1oUVEmTTAsCj6QrGEz1Q3z0cT42ysWxbtZp_fMSemE3iU1mAbqfv1X9ih6IdKznYWoKMGjykStz7zCE5PL9glZrUqW7Pia-ZD4rG5IogI6xIqvL4wczRSBCArgkaehmZAJISOUqwATt_d5LUrKLoswR9B4fDIefWiPNNBVQpviinUQ-xAmWR-P0u7nGflUy2LpZY5CFaHdj0GNgOC7bZ_UNsKbvO0sxs875doxOxVNbzED3XqklLZYQdkHDCGbbVaRDw_4bXOhVrpG_9mzevXKFvEICy23pANsU5CY6Y0F1AvzwcezUwNcaB7nF75KjkcLQ41CA7Np3Hz0Tw_1Tv6VmdxbRW1oiL3ynHdtEhmPb_2u6OaC4uOkxGFw7b5Qu7MqlBDcBqjtjSdGOG59m-mnQtXIlkfpYa3p8I35m8qcys5X_tgIAeEI7zUTYDrP8-4QJqx3K7f9EBGysA_QarXV68HKDvnu0YsuWFWE7tIrKWkMUhWGvLGAuAV5Hd-p1WifGzGN1xA9FuudhMZp7HWO1t9G3qM1T0QzCYkNZUtPNRFX2mYmzjY8R5m6gfeI4SnaUbyf1Sk2u7XdpJSotcK_BFacxcsvZb32Hs4ei2IHw1WGnsSrBe9ihQwlQVpajBsr7r1p2dMnxokKJ3hIlAzMh3Nj_5LU-hqLoJ1p-bI4k3xO7x_35YjTiOEXv6Cas_2E8mDeDwm06WSvUHHQ2F7o--apGsXup7wKZ_5xo9QwayTDgkAaXU0KKM5K-BulUodMalFNZfDiKD_ulycPhFyRcB-emjZOLbEGYFo2oId1t970d6q0l0C022mPssQxOt_xTkMBdXGM0yk_SgV23_AQMT1CLzT1Yq_8hup6yBjFoQ21BKKhkYToC8JxX6863LB9H_73IfQKSIdIq7_iROGzAxSUx2k0Gfhz3NY_HVoxbuQnJCRyarKiaUJ12B2-xknpVAOvUxVfAMdJUzD1F3pP9bdT0Gjoj5kMKHRI8EfSKr5Vk6Tk1TgwUO0jaJEkzxcWRjIO4TmrcgJdceCb-3ei8V6yl0-AlgJkdA5_cXve9oNDRQgvb-1s5hTxb8wEJMCIjn7hfiBCB5mJX5rXcQGI5wOTL6dygk8hNsjY-b2OmR07VJP4f5eCriCPsKakntmC__2tr-Q2TPtDgO_zjdU-AxZ5dopRbYI4FXpHYJpF14dCDexdh2N5wAkaYBEpi0p0KCHS5PLs_tfz5N_qKJ6oWx6Y3JYwT_kIK0i5AKmYLL1IxqL84gL1rqNdKtcMO6s7mDuCW7nFpWEqBpuJPyHb2SmWMTIi_CkcOiaDa3pNiHOsRf-v5vpVMg_Bbl_EzDWawCkA6chRiHQuxf5yOL9PBQRqUikBuScmKLIrMVwoFWmZwlT4gwMo2eP5uAiCgJZrWK9XA9D4pZUiNESLeLJRc1BOfjf7805OKv-39LwZpje2LKle2rVatszrbGSpgSqrDG31-hvJymK1OqgTaYEDtCzUDcdGBJOs6TEDjibmyYNK2iUk_LyhGQJhTPjpPwlY8cMjoCSSXsnx4xW80dFQPFSPGgS1vJxPadGKG_8WSsgybbRlrIiId2vdWrhUS0SEicmOTc4q4vVYbr3EqDWKBCFEHIziEkgeVldglTyARH7Kjo8XL7TD1I2KOVAyXnFQv7N4qqaFKnC8dt2n9SgFcSvFAll73AOMuTMI8n9sjlJ8By1JXxIZEpi6Bo86kDq3-I9SJhJZ-p032XY2ywisf6Lu-3N0TIjLP0t_9mumV2JUWpU3g3JyGzdMePnSNKOXDsCCuX4iK9ilujnb4NrA0_dJODQj78_8FOSZ7hlbS5ZUftIlRDwJozgMyUpB4N-ONT4fNaHSViOZOYAxfkuPrVWgv5KVFSjfROYczZyXKqdFrSlrtbFOjM9NGDr7sWARof68apHeCpeogkeoAe9PCYMwRaUIXtX4Mmv7PxYtfo-2D4snUe_V77yKhQbfI0grgmLIlW_jYJ7XIwIH9mgedBvVMStoW-zJhMni7DYplk5HnzOUuwh9PezjdlLvVwTjsa_uS7PPXbKABdEi6FdGv81SyiIciwzv_tzVn8h05GTQFtQGrTf7ZzaEKhohgbClNiVM06nDsoP9wbiwngNAqxBrQNlyhJbL3ZdQF5IIu4YpgccjKY10AwdYfJkNrkpRmQ8dkVcF5ofQiozH736wh3VtZ5LX4xVhIXV1bKFMYeMHP84apD4o8NCHWUXAW1gdjoomoemUHb2ihN_44s2c_FOajr5SVMtM-T4-aP5-n4Frl1nD3KjMyJfjWwOOiekjoU9u5xigp2iIRkrdO7DmjHdWQSP1CXs3O9Fi7omOwP2VUcUHMgd0To0rfwc9UV5dUmyeIDKO_0J26lASCCjuXDtsM1KXoR8xT9yBo2Kr |