Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
http://divisioninfo.net/

Overview

General Information

Sample URL:http://divisioninfo.net/
Analysis ID:1567747

Detection

Score:48
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected suspicious Javascript
AI detected suspicious URL
HTML page contains hidden javascript code
Stores files to the Windows start menu directory

Classification

Process Tree

  • System is w10x64_ra
  • chrome.exe (PID: 6200 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 6792 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1940,i,16541335879706510285,10154739656841051260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 6500 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://divisioninfo.net/" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup

Yara Signatures

No yara matches

Sigma Signatures

No Sigma rule has matched

Suricata Signatures

No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

barindex
AI detected suspicious Javascript
Source: 0.0.id.script.csvJoe Sandbox AI: Detected suspicious JavaScript with source url: https://divisioninfo.net/...Script exhibits several high-risk behaviors: 1) Forces browser redirect to suspicious domain 'divisioninfo.net' 2) Collects browser fingerprint data for tracking 3) Uses fallback mechanisms to ensure redirect happens 4) Domain name pattern suggests potential malicious intent. While fingerprinting itself is common, the combination with forced redirects to an unusual domain raises significant concerns.
AI detected suspicious URL
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: http://ww25.divisioninfo.net
Source: EmailJoe Sandbox AI: AI detected Brand spoofing attempt in URL: https://www.appurse.com
Source: EmailJoe Sandbox AI: AI detected Typosquatting in URL: https://www.appurse.com
Source: http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8HTTP Parser: Base64 decoded: {"uuid":"a5e42bdf-ebd9-4478-bbcb-b8ea61a77011","page_time":1733255541,"page_url":"http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8","page_method":"GET","page_request":{"subid1":"20241204-0652-19fe-9e65-5ebcfe8d60e8"},"page_headers...
Source: https://divisioninfo.net/HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48HTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48HTTP Parser: No favicon
Source: https://www.appurse.com/com.app.easy.tech.phone_number_lookup.html?gad_source=5&gclid=EAIaIQobChMIyqHgkbCMigMVH2VBAh1bIR7_EAAYASAAEgIPOPD_BwEHTTP Parser: No favicon
Source: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 172.202.163.200
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownTCP traffic detected without corresponding DNS query: 23.218.208.109
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /?fp=-7 HTTP/1.1Host: divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __tad=1733255531.6578883
Source: global trafficHTTP traffic detected: GET /?fp=5705e961739f25e027541c9b53d6b936 HTTP/1.1Host: divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __tad=1733255531.6578883
Source: global trafficHTTP traffic detected: GET /?fp=5705e961739f25e027541c9b53d6b936 HTTP/1.1Host: divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: __tad=1733255531.6578883
Source: global trafficHTTP traffic detected: GET /?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8 HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /bOWqrsInv.js HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011
Source: global trafficHTTP traffic detected: GET /bOWqrsInv.js HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011
Source: global trafficHTTP traffic detected: GET /_fd?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8 HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011
Source: global trafficHTTP traffic detected: GET /_tr HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficHTTP traffic detected: GET /?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48 HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: https://syndicatedsearch.goog/Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficHTTP traffic detected: GET /bGvwojZyr.js HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Referer: http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficHTTP traffic detected: GET /bGvwojZyr.js HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficHTTP traffic detected: GET /_fd?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48 HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficHTTP traffic detected: GET /_tr HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011; __gsas=ID=9fdd5940430baa5d:T=1733255548:RT=1733255548:S=ALNI_MbpxyW3IW2ttVCgp0loFe3gHCFjIA
Source: global trafficDNS traffic detected: DNS query: divisioninfo.net
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: ww25.divisioninfo.net
Source: global trafficDNS traffic detected: DNS query: syndicatedsearch.goog
Source: global trafficDNS traffic detected: DNS query: afs.googleusercontent.com
Source: global trafficDNS traffic detected: DNS query: click-use1.bodis.com
Source: global trafficDNS traffic detected: DNS query: www.appurse.com
Source: global trafficDNS traffic detected: DNS query: myappcdn.com
Source: global trafficDNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: securepubads.g.doubleclick.net
Source: global trafficDNS traffic detected: DNS query: adservice.google.com
Source: global trafficDNS traffic detected: DNS query: www.silvergloria.com
Source: unknownHTTP traffic detected: POST /_fd?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8 HTTP/1.1Host: ww25.divisioninfo.netConnection: keep-aliveContent-Length: 0Accept: application/jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonOrigin: http://ww25.divisioninfo.netReferer: http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: parking_session=a5e42bdf-ebd9-4478-bbcb-b8ea61a77011
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49865
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49864
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49742
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49863
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49862
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49860
Source: unknownNetwork traffic detected: HTTP traffic on port 49926 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49932 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49875 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49852 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49859
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49858
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49857
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 49772 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49855
Source: unknownNetwork traffic detected: HTTP traffic on port 49841 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49853
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49852
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49851
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49850
Source: unknownNetwork traffic detected: HTTP traffic on port 49858 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49893 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49784 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49714 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49848
Source: unknownNetwork traffic detected: HTTP traffic on port 49886 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49846
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49845
Source: unknownNetwork traffic detected: HTTP traffic on port 49869 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49844
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49722
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49843
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49842
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49841
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49840
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49892 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49904 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49837
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49836
Source: unknownNetwork traffic detected: HTTP traffic on port 49921 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49714
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49835
Source: unknownNetwork traffic detected: HTTP traffic on port 49887 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49832
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49831
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49830
Source: unknownNetwork traffic detected: HTTP traffic on port 49864 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49927 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49870 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49853 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49947
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49946
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49784
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49836 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49916 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49845 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49868 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 49885 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49897
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49896
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 49862 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49894
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49772
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49893
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49892
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49891
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49890
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49742 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49897 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49879 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49851 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49830 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49905 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49889
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49888
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49887
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49886
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49885
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 49863 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49884
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49883
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49882
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49928 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49840 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49880
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49857 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49896 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49879
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49878
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49876
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49875
Source: unknownNetwork traffic detected: HTTP traffic on port 49891 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49874
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49873
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49872
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49870
Source: unknownNetwork traffic detected: HTTP traffic on port 49835 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49917 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49874 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49880 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 49846 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49869
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49868
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49867
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49866
Source: unknownNetwork traffic detected: HTTP traffic on port 49890 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49878 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49912 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49889 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49900 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49866 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49837 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49946 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49872 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49855 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49901 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49819 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49844 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49947 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49873 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49930 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49850 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49831 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49913 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49884 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49907 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49867 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49821
Source: unknownNetwork traffic detected: HTTP traffic on port 49865 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49842 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49859 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49894 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49819
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49816
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49936
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 49902 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49932
Source: unknownNetwork traffic detected: HTTP traffic on port 49816 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49931
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49930
Source: unknownNetwork traffic detected: HTTP traffic on port 49925 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49936 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49876 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49928
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49927
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 49848 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49882 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49926
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49925
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49921
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49920
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49678 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49821 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49722 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49908 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49917
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49860 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49883 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49916
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49913
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49912
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49843 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49931 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49832 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49908
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49907
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49905
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49904
Source: unknownNetwork traffic detected: HTTP traffic on port 49920 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49902
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49901
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49900
Source: unknownNetwork traffic detected: HTTP traffic on port 49888 -> 443
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49719 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49722 version: TLS 1.2
Source: unknownHTTPS traffic detected: 23.218.208.109:443 -> 192.168.2.16:49724 version: TLS 1.2
Source: unknownHTTPS traffic detected: 172.202.163.200:443 -> 192.168.2.16:49801 version: TLS 1.2
Source: classification engineClassification label: mal48.win@23/1@54/250
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1940,i,16541335879706510285,10154739656841051260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://divisioninfo.net/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2188 --field-trial-handle=1940,i,16541335879706510285,10154739656841051260,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Mitre Att&ck Matrix

ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation2
Browser Extensions		1
Process Injection		1
Masquerading		OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System2
Encrypted Channel		Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/Job1
Registry Run Keys / Startup Folder		1
Registry Run Keys / Startup Folder		1
Process Injection		LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol		Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)Obfuscated Files or InformationSecurity Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol		Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture1
Ingress Tool Transfer		Traffic DuplicationData Destruction

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

SourceDetectionScannerLabelLink
http://divisioninfo.net/0%Avira URL Cloudsafe

Dropped Files

No Antivirus matches

Unpacked PE Files

No Antivirus matches

Domains

No Antivirus matches

URLs

SourceDetectionScannerLabelLink
http://divisioninfo.net/?fp=5705e961739f25e027541c9b53d6b9360%Avira URL Cloudsafe
http://divisioninfo.net/?fp=-70%Avira URL Cloudsafe
http://ww25.divisioninfo.net/bOWqrsInv.js0%Avira URL Cloudsafe
http://ww25.divisioninfo.net/_fd?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e80%Avira URL Cloudsafe
http://ww25.divisioninfo.net/_fd?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=480%Avira URL Cloudsafe
http://ww25.divisioninfo.net/bGvwojZyr.js0%Avira URL Cloudsafe
http://ww25.divisioninfo.net/_tr0%Avira URL Cloudsafe

Domains and IPs

Contacted Domains

NameIPActiveMaliciousAntivirus DetectionReputation
securepubads.g.doubleclick.net
172.217.19.194
truefalse
    		high
    syndicatedsearch.goog
    		172.217.19.174
    		truefalse
      		high
      adservice.google.com
      		142.250.181.2
      		truefalse
        		high
        www.silvergloria.com
        		104.18.14.167
        		truefalse
          		unknown
          googleads.g.doubleclick.net
          		172.217.19.194
          		truefalse
            		high
            74378.bodis.com
            		199.59.243.227
            		truefalse
              		unknown
              www.google.com
              		172.217.21.36
              		truefalse
                		high
                www.appurse.com
                		104.20.31.121
                		truetrue
                  		unknown
                  divisioninfo.net
                  		103.224.182.251
                  		truefalse
                    		high
                    googlehosted.l.googleusercontent.com
                    		172.217.19.225
                    		truefalse
                      		high
                      myappcdn.com
                      		172.67.19.32
                      		truefalse
                        		unknown
                        click-use1.bodis.com
                        		199.59.243.205
                        		truefalse
                          		high
                          windowsupdatebg.s.llnwi.net
                          		178.79.238.0
                          		truefalse
                            		high
                            afs.googleusercontent.com
                            		unknown
                            		unknownfalse
                              		high
                              ww25.divisioninfo.net
                              		unknown
                              		unknowntrue
                                		unknown

                                Contacted URLs

                                NameMaliciousAntivirus DetectionReputation
                                http://ww25.divisioninfo.net/?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8false
                                  		unknown
                                  http://ww25.divisioninfo.net/bOWqrsInv.jsfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ww25.divisioninfo.net/bGvwojZyr.jsfalse
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://divisioninfo.net/?fp=5705e961739f25e027541c9b53d6b936false
                                  • Avira URL Cloud: safe
                                  		unknown
                                  http://ww25.divisioninfo.net/?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48false
                                    		unknown
                                    http://ww25.divisioninfo.net/_fd?subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8false
                                    • Avira URL Cloud: safe
                                    		unknown
                                    http://ww25.divisioninfo.net/_trfalse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://www.appurse.com/false
                                      		unknown
                                      https://www.appurse.com/com.app.easy.tech.phone_number_lookup.html?gad_source=5&gclid=EAIaIQobChMIyqHgkbCMigMVH2VBAh1bIR7_EAAYASAAEgIPOPD_BwEfalse
                                        		unknown
                                        https://www.appurse.com/com.gotv.nflgamecenter.us.lite.htmlfalse
                                          		unknown
                                          https://divisioninfo.net/true
                                            		unknown
                                            http://divisioninfo.net/?fp=-7false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://ww25.divisioninfo.net/_fd?caf=1&bpt=345&subid1=20241204-0652-19fe-9e65-5ebcfe8d60e8&query=Number+Search&afdToken=ChMI4r2CirCMigMVo_-7CB04CydLEmsBlLqpj9a-PPtTPDAR6N5k12EUcPg35iuceSSiD2bjR0otv4pBfuvvgVpx46tYDdLQCNVXAgAV_vfdYSHyYUpJc0kh8zhJjQyS2pjNHo-jAIs1HLpDJoYix_pnS_QCDtSHg3BUSYiK9fv34Q&pcsa=false&nb=0&nm=25&nx=367&ny=56&is=700x480&clkt=48false
                                            • Avira URL Cloud: safe
                                            		unknown
                                            http://divisioninfo.net/false
                                              		unknown

                                              World Map of Contacted IPs

                                              • No. of IPs < 25%
                                              • 25% < No. of IPs < 50%
                                              • 50% < No. of IPs < 75%
                                              • 75% < No. of IPs

                                              Public IPs

                                              IPDomainCountryFlagASNASN NameMalicious
                                              172.217.19.226
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.17.66
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              104.18.14.167
                                              		www.silvergloria.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              216.58.208.227
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.19.225
                                              		googlehosted.l.googleusercontent.comUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.181.136
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.67.19.32
                                              		myappcdn.comUnited States
                                              		13335CLOUDFLARENETUSfalse
                                              172.217.19.194
                                              		securepubads.g.doubleclick.netUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.21.36
                                              		www.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              104.20.31.121
                                              		www.appurse.comUnited States
                                              		13335CLOUDFLARENETUStrue
                                              142.250.181.66
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              172.217.19.238
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              1.1.1.1
                                              		unknownAustralia
                                              		13335CLOUDFLARENETUSfalse
                                              172.217.17.78
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              103.224.182.251
                                              		divisioninfo.netAustralia
                                              		133618TRELLIAN-AS-APTrellianPtyLimitedAUfalse
                                              172.217.17.35
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              199.59.243.227
                                              		74378.bodis.comUnited States
                                              		395082BODIS-NJUSfalse
                                              199.59.243.205
                                              		click-use1.bodis.comUnited States
                                              		395082BODIS-NJUSfalse
                                              172.217.19.174
                                              		syndicatedsearch.googUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.181.100
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              74.125.205.84
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse
                                              239.255.255.250
                                              		unknownReserved
                                              		unknownunknownfalse
                                              142.250.181.2
                                              		adservice.google.comUnited States
                                              		15169GOOGLEUSfalse
                                              142.250.181.78
                                              		unknownUnited States
                                              		15169GOOGLEUSfalse

                                              Private

                                              IP
                                              192.168.2.17
                                              192.168.2.16
                                              192.168.2.18

                                              General Information

                                              Joe Sandbox version:41.0.0 Charoite
                                              Analysis ID:1567747
                                              Start date and time:2024-12-03 20:51:34 +01:00
                                              Joe Sandbox product:CloudBasic
                                              Overall analysis duration:
                                              Hypervisor based Inspection enabled:false
                                              Report type:full
                                              Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                              Sample URL:http://divisioninfo.net/
                                              Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                              Number of analysed new started processes analysed:13
                                              Number of new started drivers analysed:0
                                              Number of existing processes analysed:0
                                              Number of existing drivers analysed:0
                                              Number of injected processes analysed:0
                                              Technologies:
                                              • EGA enabled
                                              Analysis Mode:stream
                                              Analysis stop reason:Timeout
                                              Detection:MAL
                                              Classification:mal48.win@23/1@54/250

                                              Warnings

                                              • Exclude process from analysis (whitelisted): svchost.exe
                                              • Excluded IPs from analysis (whitelisted): 20.190.177.19, 20.190.147.8, 20.190.177.83, 20.190.177.84, 20.190.147.3, 20.190.147.12, 20.190.177.20, 20.190.177.147, 216.58.208.227, 74.125.205.84, 172.217.19.238
                                              • Excluded domains from analysis (whitelisted): prdv4a.aadg.msidentity.com, clients2.google.com, accounts.google.com, login.live.com, www.tm.v4.a.prd.aadg.akadns.net, clientservices.googleapis.com, clients.l.google.com, login.msa.msidentity.com, www.tm.lg.prod.aadmsa.trafficmanager.net
                                              • Not all processes where analyzed, report is missing behavior information
                                              • Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                              • VT rate limit hit for: http://divisioninfo.net/

                                              Created / dropped Files

                                              C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

                                              Download File
                                              Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                              File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Dec 3 18:52:09 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide
                                              Category:dropped
                                              Size (bytes):2673
                                              Entropy (8bit):3.9922505869515543
                                              Encrypted:false
                                              SSDEEP:
                                              MD5:C944C7DEFAE749DB2E5623998EEF5952
                                              SHA1:E47EBD5F4507255AC98D3C7D2915E10B0ADC0E1C
                                              SHA-256:82C9F0800F964285D3E673943CC5D6146047028C6C530D4B6717490292EBEA44
                                              SHA-512:7C11AC5C309921C60FDB002008906F1A548151C8D3237361F9093DC49FE1A8116DA260D0AE0711E6518C8CE35C09530BE68550098B4F5DF850D611EC990C8784
                                              Malicious:false
                                              Reputation:unknown
                                              Preview:L..................F.@.. ...$+.,.....C..E..N.Yr.... w......................1....P.O. .:i.....+00.../C:\.....................1.....FW.J..PROGRA~1..t......O.I.Yw.....B...............J.........P.r.o.g.r.a.m. .F.i.l.e.s...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.7.8.1.....T.1.....CW.V..Google..>......CW.V.Y......L.....................p+j.G.o.o.g.l.e.....T.1.....CW.V..Chrome..>......CW.V.Y......M......................8..C.h.r.o.m.e.....`.1.....CW.V..APPLIC~1..H......CW.V.Y............................."&.A.p.p.l.i.c.a.t.i.o.n.....n.2. w..;W.+ .CHROME~1.EXE..R......CW.V.Y.............................H..c.h.r.o.m.e._.p.r.o.x.y...e.x.e.......j...............-.......i....................C:\Program Files\Google\Chrome\Application\chrome_proxy.exe..S.....\.....\.....\.....\.....\.....\.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.\.c.h.r.o.m.e._.p.r.o.x.y...e.x.e.*.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s.\.G.o.o.g.l.e.\.C.h.r.o.m.e.\.A.p.p.l.i.c.a.t.i.o.n.F

                                              Static File Info

                                              No static file info