Windows Analysis Report
https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ

Overview

General Information

Sample URL:	https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ
Analysis ID:	1580520
Infos:

Detection

HTMLPhisher

Score:	56
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Yara detected HtmlPhish54

AI detected suspicious Javascript

Uses dynamic DNS services

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Classification

Signatures

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 0.15.i.script.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.11.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the interaction with untrusted domains further increases the risk. Overall, this script demonstrates a clear intent to engage in malicious activities and should be considered a high-risk threat.
Source: 0.17.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. The use of obfuscated code and the attempt to prevent the script from running in an iframe context further raise suspicions about the script's intent. While the script may have a legitimate purpose, the overall behavior and lack of transparency suggest a medium to high risk level that warrants further investigation.
Source: 3.19..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The script appears to be attempting to automatically fill in login credentials and submit a login form, which is a common phishing technique. While the script may have a legitimate purpose, the lack of transparency and the use of obfuscated code raise significant security concerns.

HTML body contains low number of good links

Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29

HTTP Parser: Base64 decoded: <svg width='16' height='16' viewBox='0 0 16 16' fill='none' xmlns='http://www.w3.org/2000/svg'><path d='M10.1328 0.296875C10.9974 0.53125 11.7891 0.898438 12.5078 1.39844C13.2266 1.89323 13.8438 2.48177 14.3594 3.16406C14.8802 3.84115 15.2839 4.59375 15.5...

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon

Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found

Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found

Networking

Uses dynamic DNS services

Source: unknown	DNS query: name: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ajax/libs/react/17.0.2/umd/react.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-is/17.0.2/umd/react-is.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/styled-components/5.3.11/styled-components.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react/17.0.2/umd/react.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-is/17.0.2/umd/react-is.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/styled-components/5.3.11/styled-components.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/4506104688082944/envelope/?sentry_key=20169667e5c7bfec02249a8341e145fa&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 HTTP/1.1Host: o4505883345354752.ingest.sentry.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/public/setup/issuu_web?user_id=5932e7dc-5014-446b-8909-bfa725841c50&app_version=0 HTTP/1.1Host: spidersense.bendingspoons.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Origin: https://issuu.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/public/setup/issuu_web?user_id=5932e7dc-5014-446b-8909-bfa725841c50&app_version=0 HTTP/1.1Host: spidersense.bendingspoons.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29 HTTP/1.1Host: assets-eur.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29/visits HTTP/1.1Host: public-eur.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hJEchGjd HTTP/1.1Host: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29 HTTP/1.1Host: public-eur.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; fpc=AhZw6wgefU5EjPVIkl7TY3A; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe4rBdDu3QHLdW6yNeJI5LVPiJ0tNgB7pqxbW6BbDWk8T4ccOxwecZ4sYLrneDePpy33L9HL_mZPxYc-iiY1ghlJx7MsEHw-C8NTDJuRS3Nhwmvt3vK19idGqossesOetsct7vSWuLkhs4N2at-juuviXUEFgj1dGy1x8gpSHefjUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda/0b62916e90a58b06d55d641ab5a9498315d5f8c709ae45fba0e8f54e3b669413.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda/0b62916e90a58b06d55d641ab5a9498315d5f8c709ae45fba0e8f54e3b669413.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA

Source: chromecache_105.2.dr, chromecache_119.2.dr

String found in binary or memory: return b}VD.F="internal.enableAutoEventOnTimer";var Vb=wa(["data-gtm-yt-inspected-"]),XD=["www.youtube.com","www.youtube-nocookie.com"],YD,ZD=!1; equals www.youtube.com (Youtube)

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: issuu.com
Source: global traffic	DNS traffic detected: DNS query: static.isu.pub
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: o4505883345354752.ingest.sentry.io
Source: global traffic	DNS traffic detected: DNS query: reader3.isu.pub
Source: global traffic	DNS traffic detected: DNS query: consent.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: pingback.issuu.com
Source: global traffic	DNS traffic detected: DNS query: api.issuu.com
Source: global traffic	DNS traffic detected: DNS query: assets.isu.pub
Source: global traffic	DNS traffic detected: DNS query: layers.isu.pub
Source: global traffic	DNS traffic detected: DNS query: image.isu.pub
Source: global traffic	DNS traffic detected: DNS query: spidersense.bendingspoons.com
Source: global traffic	DNS traffic detected: DNS query: assets-eur.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: public-eur.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org

Source: unknown

HTTP traffic detected: POST /api/4506104688082944/envelope/?sentry_key=20169667e5c7bfec02249a8341e145fa&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 HTTP/1.1Host: o4505883345354752.ingest.sentry.ioConnection: keep-aliveContent-Length: 481sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://issuu.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 24 Dec 2024 19:56:26 GMTContent-Type: text/htmlContent-Length: 548Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadVia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 24 Dec 2024 19:57:07 GMTContent-Length: 0Connection: closex-ms-trace-id: 7341764c30c37ff762c6cb512922ba62Strict-Transport-Security: max-age=2592000; preload

Source: chromecache_126.2.dr	String found in binary or memory: http://ogp.me/ns#
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_123.2.dr	String found in binary or memory: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/forms/afd683a
Source: chromecache_99.2.dr	String found in binary or memory: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standalonefor
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://assets.nflxext.com/us/email/gem/nflx.png
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react-is/17.0.2/umd/react-is.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react/17.0.2/umd/react.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/styled-components/5.3.11/styled-components.min.js
Source: chromecache_123.2.dr	String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/FormLoader/FormLoader.bundle.js
Source: chromecache_126.2.dr	String found in binary or memory: https://image.isu.pub/241224193034-77c097d7eadd36d5a1226b1a395fdd6b/jpg/page_1.jpg
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_126.2.dr	String found in binary or memory: https://issuu.com/txbct.com/docs/navex_quote_65169.
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.8/west-european/default/amc.min.css
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/hJEchGjd
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_123.2.dr	String found in binary or memory: https://public-eur.mkt.dynamics.com/api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpagefo
Source: chromecache_125.2.dr, chromecache_101.2.dr, chromecache_78.2.dr, chromecache_117.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_78.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_126.2.dr	String found in binary or memory: https://static.isu.pub/fonts/inter/v3_19/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_119.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_126.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: classification engine

Classification label: mal56.phis.troj.win@18/87@66/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2252,i,13392327784317788276,4031343908889293815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2252,i,13392327784317788276,4031343908889293815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
20.117.200.191	o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	true
34.36.49.68	spidersense.bendingspoons.com	United States	2686	ATGS-MMD-ASUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.241.35.151	bigpingback.issuu.com	United States	15169	GOOGLEUS	false
52.146.128.240	prdia888neu0aks.mkt.dynamics.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
172.217.21.36	www.google.com	United States	15169	GOOGLEUS	false
34.120.195.249	o4505883345354752.ingest.sentry.io	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4

Contacted Domains

Name	IP	Active
spidersense.bendingspoons.com	34.36.49.68	true
o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org	20.117.200.191	true
logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org	20.117.200.191	true
s-part-0035.t-0009.t-msedge.net	13.107.246.63	true
bigpingback.issuu.com	35.241.35.151	true
officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org	20.117.200.191	true
issuu.com	151.101.129.55	true
vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org	20.117.200.191	true
o4505883345354752.ingest.sentry.io	34.120.195.249	true
prdia888neu0aks.mkt.dynamics.com	52.146.128.240	true
cdnjs.cloudflare.com	104.17.24.14	true
sni1gl.wpc.omegacdn.net	152.199.21.175	true
www.google.com	172.217.21.36	true
reader3.isu.pub	unknown	unknown
consent.cookiebot.com	unknown	unknown
aadcdn.msftauth.net	unknown	unknown
static.isu.pub	unknown	unknown
layers.isu.pub	unknown	unknown
assets.isu.pub	unknown	unknown
pingback.issuu.com	unknown	unknown
api.issuu.com	unknown	unknown
image.isu.pub	unknown	unknown
public-eur.mkt.dynamics.com	unknown	unknown
assets-eur.mkt.dynamics.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://cdnjs.cloudflare.com/ajax/libs/styled-components/5.3.11/styled-components.min.js	false	high
https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	false	high
https://public-eur.mkt.dynamics.com/api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29/visits	false	high
https://spidersense.bendingspoons.com/v1/public/setup/issuu_web?user_id=5932e7dc-5014-446b-8909-bfa725841c50&app_version=0	false	high
https://cdnjs.cloudflare.com/ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js	false	high
https://o4505883345354752.ingest.sentry.io/api/4506104688082944/envelope/?sentry_key=20169667e5c7bfec02249a8341e145fa&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0	false	high
https://pingback.issuu.com/ping	false	high
https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ	false	high
https://cdnjs.cloudflare.com/ajax/libs/react-is/17.0.2/umd/react-is.production.min.js	false	high
https://public-eur.mkt.dynamics.com/api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	false	high
https://cdnjs.cloudflare.com/ajax/libs/react/17.0.2/umd/react.production.min.js	false	high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	ASCII text, with very long lines (33576)	B1C778624E511C62BA7191803820B309	27586518D16C54905175E9EFCEC9177BEB08C769	DCAB5E5248BC85B37B4EEED9704B51DCD785EA7FC2687D891830061D10D0635D
Chrome Cache Entry: 101	ASCII text, with very long lines (605)	23BFE7E99565EE8F34AFD63C06F4C24B	BF08B8AD1AD73C12A7C9CB211926CE23A861DB07	9DB33292007AB6C38527B39D5663E976A305564E19B2A5A8713EA2B2C00F505D
Chrome Cache Entry: 102	HTML document, ASCII text, with CRLF line terminators	370E16C3B7DBA286CFF055F93B9A94D8	65F3537C3C798F7DA146C55AEF536F7B5D0CB943	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
Chrome Cache Entry: 103	ASCII text, with very long lines (65461)	7D4D297AFFD074DC0FF2265A087C825A	57BEAB2052CDA8E4C0CB0B4793188A92B35602A0	A35547545A381518BD8EF898C0EBC00ADE76AB3C64426142D158638D5AF135E6
Chrome Cache Entry: 104	Web Open Font Format (Version 2), TrueType, length 37780, version 1.0	E1B9F0ECAAEBB12C93064CD3C406F82B	F0E872352FC5AF11960D0EB4FD6ED09E9E98F4AB	39E72C0794C12F2DBB14A0F61CA946B535F795B1478FCF795BD26E5CB52DED34
Chrome Cache Entry: 105	ASCII text, with very long lines (33730)	FAEBCB0E81A10736E9D8D63387F43B53	38BDE04534EA58B4F75060ABED040012E1CD416E	1B5B6253E5075093E8536C4CF25D9C23396CCD7F3F99D0C8C06F2D943CF65D52
Chrome Cache Entry: 106	HTML document, ASCII text, with CRLF line terminators	370E16C3B7DBA286CFF055F93B9A94D8	65F3537C3C798F7DA146C55AEF536F7B5D0CB943	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
Chrome Cache Entry: 107	JSON data	ADD8BEB3FE77F36BD318F05EB5C046A0	C9A0F7E92F52BDB5D7A4B9FAF3E24BF55F36F08F	70A843EB912FEDE312A87A98911B5346D96045809E66D189D01F1FF5EA71961E
Chrome Cache Entry: 108	ASCII text, with very long lines (33576)	B1C778624E511C62BA7191803820B309	27586518D16C54905175E9EFCEC9177BEB08C769	DCAB5E5248BC85B37B4EEED9704B51DCD785EA7FC2687D891830061D10D0635D
Chrome Cache Entry: 109	JSON data	023A988D3445B435226F41A3F4D7D445	FBC48E6564A8C61DCFA673D011E01939E69F948A	7F1BD558EABBFBD6518AC2C952BBB93929B9F4DFDC957C5503A62749E0E28532
Chrome Cache Entry: 110	ASCII text, with very long lines (65461)	7D4D297AFFD074DC0FF2265A087C825A	57BEAB2052CDA8E4C0CB0B4793188A92B35602A0	A35547545A381518BD8EF898C0EBC00ADE76AB3C64426142D158638D5AF135E6
Chrome Cache Entry: 111	RIFF (little-endian) data, Web/P image, VP8 encoding, 371x480, Scaling: [none]x[none], YUV color, decoders should clamp	9F5F16CA20631F0357D50A52B99B2D60	9716675075140C73D41A0F888558BDDD55EF97BA	7736BE7FACB337645F1BAEB0D8AB7641A62C407B6D59C62DBFE1545B7A8F17B9
Chrome Cache Entry: 112	JSON data	ADD8BEB3FE77F36BD318F05EB5C046A0	C9A0F7E92F52BDB5D7A4B9FAF3E24BF55F36F08F	70A843EB912FEDE312A87A98911B5346D96045809E66D189D01F1FF5EA71961E
Chrome Cache Entry: 113	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424	3BA4D76A17ADD0A6C34EE696F28C8541	5E8A4B8334539A7EAB798A7799F6E232016CB263	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
Chrome Cache Entry: 114	ASCII text, with very long lines (519)	48CC972B7C94C276216FFA9B76449BB3	25B6F81010F7255DDB7D15AB34DA98D9E460E1B0	2B9B5850C797BB8B55A0BAFE7A4822CC973ED3730A2E9B138C9F4EB3A36AD1F7
Chrome Cache Entry: 115	JPEG image data, JFIF standard 1.01, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 371x480, components 3	26141A812BDBEF031F80BB4A0ECC9599	59506C2F3C49F3A17B7D9EBCF4C6807E1C162224	E07EC6575379C359000F9E43FF259B1816FE060FDEA7876352D8F363AD5504F1
Chrome Cache Entry: 116	ASCII text, with very long lines (519)	48CC972B7C94C276216FFA9B76449BB3	25B6F81010F7255DDB7D15AB34DA98D9E460E1B0	2B9B5850C797BB8B55A0BAFE7A4822CC973ED3730A2E9B138C9F4EB3A36AD1F7
Chrome Cache Entry: 117	ASCII text, with very long lines (605)	23BFE7E99565EE8F34AFD63C06F4C24B	BF08B8AD1AD73C12A7C9CB211926CE23A861DB07	9DB33292007AB6C38527B39D5663E976A305564E19B2A5A8713EA2B2C00F505D
Chrome Cache Entry: 118	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510	187B9EBA41FDF66B2C8F7EB645D2BC17	B1C034F7F5F754F271D094FB417B9A820C1F712C	CA0FBF8421A0CF4CCDA7310B2AE74CBD92214901EC2D0F273EA3B07F12CF96EA
Chrome Cache Entry: 119	ASCII text, with very long lines (33730)	D33BF0C7F28ACBF3E9A0551EE9FB40DE	A99BE36D55BB09B3C4B5C0B19A561942F0A953BB	6D3F0234838C119C21520883494B6EA138CDA58795FDED92692A3EA1F7666C05
Chrome Cache Entry: 120	JSON data	2D7D30EA1C6F925302D2C3ABED382951	5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1	83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100
Chrome Cache Entry: 121	HTML document, Unicode text, UTF-8 text, with very long lines (1048)	2F4C9C1220626E2B027717467DCA5398	3849A744B5569D6C96DC9CFA9F248B42E0915669	A80541364FA96092FAAB217116909C9C42F87F8891C67EFFB1FFAE96558B65DC
Chrome Cache Entry: 122	gzip compressed data, original size modulo 2^32 155	B8FD3EDB18DBABC46500456060B24FBD	18A74F35E441E8B3514A095AEEE483A1828C8388	7721360AA2770CD84410D063853ACD548C4855493ED8BBE6DADC539219254A80
Chrome Cache Entry: 123	HTML document, ASCII text	D1B27BE66C8CC6E5161743BFDF10AC5B	45992E19A8AB2BBE4343C27EBBFE34BE98E12FF4	E7520AEBF64548D8C08371CB9DC7315E86AC029D0AA3A610231B9C897ADA964B
Chrome Cache Entry: 124	JSON data	0688421B9A7B68EB51E9A8C5F872B0BE	FEC935625A44073463B3E6F5361B5F1A759E337E	623ED237342283A5FA6E337FA5A7013EEA9EA7DFEC76B95068758031804B6500
Chrome Cache Entry: 125	ASCII text, with very long lines (544)	61699B70CF57ABE63FDF5F4007D36EC1	6C05189CC2D08BB2A7609C002F0675C9C670D362	229BBF4D0E7488209564152C6723497F1AC3934136CA1684233D2FA88FA4146F
Chrome Cache Entry: 126	HTML document, Unicode text, UTF-8 text, with very long lines (3317)	0B525B4BF83174F15AB26EE4F8FCBB0D	78DA3B2ACD703C330AB27D0917A0163BE20E8FFB	971C4B6AFED91001C8DDEF98CCCD56E11F55B20A89EA33C5AC006888869E4459
Chrome Cache Entry: 127	JSON data	023A988D3445B435226F41A3F4D7D445	FBC48E6564A8C61DCFA673D011E01939E69F948A	7F1BD558EABBFBD6518AC2C952BBB93929B9F4DFDC957C5503A62749E0E28532
Chrome Cache Entry: 128	JSON data	2D7D30EA1C6F925302D2C3ABED382951	5BA6BBC5670C4AF1125CF9AC0AA1CA2811E744D1	83C09BA9A8DAEDB136F90B17A294CAA90AD471A016E430DF6E229ACB5A81E100
Chrome Cache Entry: 129	gzip compressed data, was "page_1.bin", last modified: Tue Dec 24 19:30:36 2024, max compression, original size modulo 2^32 189219	7D31381EEDAC964C99F8BEB273DF1102	84676C9F489DBA92A4953FD58E8B0522260EC0C4	B2D340A330E792D6C25213E04D1CF5B3AC9934F98FCB5CBDD15C0D04DA68905B
Chrome Cache Entry: 130	ASCII text, with very long lines (65458)	575F23E96B4C82690D1DC3D898BA7216	CFE22F373146BD921A62B340FF65DA7ECA12E62C	26260593B014F2EACEA941A254052AF765C66FF8804CAE1EEFAB88CA5B1C20D8
Chrome Cache Entry: 76	SVG Scalable Vector Graphics image	9269C84A186A84428C416DF1FF8749D9	6AFA63E72B3BDEAE49BE6917775D6C6EB29392C5	14041F90346192138580F3AD85782E0254F8EFA1C66265C850606576C913CD82
Chrome Cache Entry: 77	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 78	ASCII text, with very long lines (544)	61699B70CF57ABE63FDF5F4007D36EC1	6C05189CC2D08BB2A7609C002F0675C9C670D362	229BBF4D0E7488209564152C6723497F1AC3934136CA1684233D2FA88FA4146F
Chrome Cache Entry: 79	JSON data	EA7A6390DF1040B71CDAF797C4F0B852	CD3C92B079C68831C69F866FEDC7FD331F17CDC9	4D7B064B8753B3B52F440A84F97A76C6FAA3F7813A8AFD2A81F1C353D19EE413
Chrome Cache Entry: 80	gzip compressed data, original size modulo 2^32 155	B8FD3EDB18DBABC46500456060B24FBD	18A74F35E441E8B3514A095AEEE483A1828C8388	7721360AA2770CD84410D063853ACD548C4855493ED8BBE6DADC539219254A80
Chrome Cache Entry: 81	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 450755	AC9A6ED508328361A4C9530325A94076	ADC81FAE51EB66A220539EEEDECEB96CFF390BBB	BA93F4A83BB77D32AF9AFB9B014BFD13FD497E3D8F15AF016C782ABD1D34037B
Chrome Cache Entry: 82	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 32x32, 32 bits/pixel	B6B44F066DD28661C0110ABBEE41AF69	5320B3EC3ABF15DE39E6B47AC72F46D43196D204	03A41EBA82CF8E0DF3890D0F247EF9AC72A28FCFC264E1F104DDA587C2AA26B6
Chrome Cache Entry: 83	gzip compressed data, was "page_1.bin", last modified: Tue Dec 24 19:30:36 2024, max compression, original size modulo 2^32 189219	7D31381EEDAC964C99F8BEB273DF1102	84676C9F489DBA92A4953FD58E8B0522260EC0C4	B2D340A330E792D6C25213E04D1CF5B3AC9934F98FCB5CBDD15C0D04DA68905B
Chrome Cache Entry: 84	HTML document, ASCII text, with CRLF line terminators	4B074B0B59693FA9F94FB71B175FB187	0004D4F82B546013424B2E0DE084395071EEF98B	25FB23868EBF48348F9E438E00CB9B9D9B3A054F32482A781C762CC4F9CC6393
Chrome Cache Entry: 85	ASCII text, with no line terminators	39A19D0882684989864FA50BCED6A2D1	5CED55DAC2E0427E9DC605CEC1FEDAB0949EB15E	8FBEDED073249C3611742297EE96A976A95EE113F33B9A422A5D3A7A2DEB63E5
Chrome Cache Entry: 86	HTML document, ASCII text, with CRLF line terminators	370E16C3B7DBA286CFF055F93B9A94D8	65F3537C3C798F7DA146C55AEF536F7B5D0CB943	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
Chrome Cache Entry: 87	ASCII text, with very long lines (65458)	575F23E96B4C82690D1DC3D898BA7216	CFE22F373146BD921A62B340FF65DA7ECA12E62C	26260593B014F2EACEA941A254052AF765C66FF8804CAE1EEFAB88CA5B1C20D8
Chrome Cache Entry: 88	ASCII text, with very long lines (7724)	C7F5C4D01DB58FF50E7D784A0DCE6C9E	EE414C6F7761173E100FD8C64D63F69CA8458F84	3D2442EB50043575EB36E3AF67EBCC2AD828748D4D08DD67667730D1B0A6EE40
Chrome Cache Entry: 89	SVG Scalable Vector Graphics image	9269C84A186A84428C416DF1FF8749D9	6AFA63E72B3BDEAE49BE6917775D6C6EB29392C5	14041F90346192138580F3AD85782E0254F8EFA1C66265C850606576C913CD82
Chrome Cache Entry: 90	JSON data	A91B2DF397EF08D44837A896113BABDD	258DF218FFE5EF81F3CF1642DD72D84DB8D56A02	77BD6455B48099B7ADF4B592882169278E879BD6B4FADF02139157772004F9F8
Chrome Cache Entry: 91	HTML document, ASCII text, with CRLF line terminators	370E16C3B7DBA286CFF055F93B9A94D8	65F3537C3C798F7DA146C55AEF536F7B5D0CB943	D465172175D35D493FB1633E237700022BD849FA123164790B168B8318ACB090
Chrome Cache Entry: 92	JSON data	2B6C0554E99617BB01F827F99EFB7FB6	0B44226424B0AA4DC8757DDDBF4B0EF74A96B016	E7238F7AFFD826165B207E8539CF774DCAFBD805EC4E1E024FEED1468D843182
Chrome Cache Entry: 93	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 57510	187B9EBA41FDF66B2C8F7EB645D2BC17	B1C034F7F5F754F271D094FB417B9A820C1F712C	CA0FBF8421A0CF4CCDA7310B2AE74CBD92214901EC2D0F273EA3B07F12CF96EA
Chrome Cache Entry: 94	PNG image data, 216 x 46, 8-bit/color RGBA, non-interlaced	9F14C20150A003D7CE4DE57C298F0FBA	DAA53CF17CC45878A1B153F3C3BF47DC9669D78F	112FEC798B78AA02E102A724B5CB1990C0F909BC1D8B7B1FA256EAB41BBC0960
Chrome Cache Entry: 95	MS Windows icon resource - 3 icons, 32x32, 32 bits/pixel, 32x32, 32 bits/pixel	B6B44F066DD28661C0110ABBEE41AF69	5320B3EC3ABF15DE39E6B47AC72F46D43196D204	03A41EBA82CF8E0DF3890D0F247EF9AC72A28FCFC264E1F104DDA587C2AA26B6
Chrome Cache Entry: 96	Unicode text, UTF-8 text, with very long lines (64241)	501A61540F1AD706F32DC3B22FFA92C3	6E8283877B215FEF5232F42C2AA6CDFDC0B7A8D6	F5E98E2373C741C7A3D6F1C3A4B114E3F0F022C41E24EE6BA022DE985EAC773B
Chrome Cache Entry: 97	JSON data	2B6C0554E99617BB01F827F99EFB7FB6	0B44226424B0AA4DC8757DDDBF4B0EF74A96B016	E7238F7AFFD826165B207E8539CF774DCAFBD805EC4E1E024FEED1468D843182
Chrome Cache Entry: 98	HTML document, Unicode text, UTF-8 text, with very long lines (1048)	2F4C9C1220626E2B027717467DCA5398	3849A744B5569D6C96DC9CFA9F248B42E0915669	A80541364FA96092FAAB217116909C9C42F87F8891C67EFFB1FFAE96558B65DC
Chrome Cache Entry: 99	JSON data	589F90BD8B26F3BE7B5192E42070B9F0	5B7D7CF1445E1E7DF68037A2D77AB587A0979790	27C64CE43D5D910760A931D48D29E38625BC1C074C4E87063514130F78034E7D

Phishing

Yara detected HtmlPhish54

Source: Yara match	File source: 0.15.i.script.csv, type: HTML
Source: Yara match	File source: 3.5.pages.csv, type: HTML
Source: Yara match	File source: 3.4.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.11.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to suspicious domains. The use of obfuscated URLs and the interaction with untrusted domains further increases the risk. Overall, this script demonstrates a clear intent to engage in malicious activities and should be considered a high-risk threat.
Source: 0.17.id.script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script demonstrates several high-risk behaviors, including redirecting the user to an unknown domain and potentially collecting sensitive information (session ID) without transparency. The use of obfuscated code and the attempt to prevent the script from running in an iframe context further raise suspicions about the script's intent. While the script may have a legitimate purpose, the overall behavior and lack of transparency suggest a medium to high risk level that warrants further investigation.
Source: 3.19..script.csv	Joe Sandbox AI: Detected suspicious JavaScript with source url: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.d... This script demonstrates several high-risk behaviors, including dynamic code execution, data exfiltration, and redirects to potentially malicious domains. The script appears to be attempting to automatically fill in login credentials and submit a login form, which is a common phishing technique. While the script may have a legitimate purpose, the lack of transparency and the use of obfuscated code raise significant security concerns.

HTML body contains low number of good links

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29

HTML title does not match URL

HTTP Parser: Title: Sign in to your account does not match URL

Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon
Source: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29	HTTP Parser: No favicon

Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found
Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="author".. found

Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found
Source: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0	HTTP Parser: No <meta name="copyright".. found

Networking

Uses dynamic DNS services

Source: unknown	DNS query: name: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: unknown	DNS query: name: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown	TCP traffic detected without corresponding DNS query: 23.54.80.57
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	TCP traffic detected without corresponding DNS query: 217.20.58.98
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /ajax/libs/react/17.0.2/umd/react.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-is/17.0.2/umd/react-is.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/styled-components/5.3.11/styled-components.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react/17.0.2/umd/react.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-is/17.0.2/umd/react-is.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/styled-components/5.3.11/styled-components.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/4506104688082944/envelope/?sentry_key=20169667e5c7bfec02249a8341e145fa&sentry_version=7&sentry_client=sentry.javascript.browser%2F7.108.0 HTTP/1.1Host: o4505883345354752.ingest.sentry.ioConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/public/setup/issuu_web?user_id=5932e7dc-5014-446b-8909-bfa725841c50&app_version=0 HTTP/1.1Host: spidersense.bendingspoons.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: application/jsonAccept: /Origin: https://issuu.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /v1/public/setup/issuu_web?user_id=5932e7dc-5014-446b-8909-bfa725841c50&app_version=0 HTTP/1.1Host: spidersense.bendingspoons.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standaloneforms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29 HTTP/1.1Host: assets-eur.mkt.dynamics.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentReferer: https://issuu.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29/visits HTTP/1.1Host: public-eur.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /hJEchGjd HTTP/1.1Host: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpageforms/forms/afd683a8-7bbc-ef11-b8e9-000d3a43cf29 HTTP/1.1Host: public-eur.mkt.dynamics.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /login HTTP/1.1Host: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0 HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; fpc=AhZw6wgefU5EjPVIkl7TY3A; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe4rBdDu3QHLdW6yNeJI5LVPiJ0tNgB7pqxbW6BbDWk8T4ccOxwecZ4sYLrneDePpy33L9HL_mZPxYc-iiY1ghlJx7MsEHw-C8NTDJuRS3Nhwmvt3vK19idGqossesOetsct7vSWuLkhs4N2at-juuviXUEFgj1dGy1x8gpSHefjUgAA; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda/0b62916e90a58b06d55d641ab5a9498315d5f8c709ae45fba0e8f54e3b669413.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/common/oauth2/v2.0/authorize?client_id=4765445b-32c6-49b0-83e6-1d93765276ca&redirect_uri=https%3A%2F%2Fwww.office.com%2Flandingv2&response_type=code%20id_token&scope=openid%20profile%20https%3A%2F%2Fwww.office.com%2Fv2%2FOfficeHome.All&response_mode=form_post&nonce=638706670443158735.NjEyOTY2YWEtYmM4NC00MmY4LWJlYzAtZmI2Njc1MDdiYTM4YmNiY2Q5MDgtYzcxZC00MDQxLWJhYzQtMzgxMWIzZmZjNjUz&ui_locales=en-US&mkt=en-US&client-request-id=4dfcef0d-412d-42f2-af6e-84f873e236e5&state=SYvXn_A8fmitoKoJgOEE6nv6Xn6nhj0UgKrwhoLBAC6KMgmo96NvkInoYIttEw4eBbyLTuFXXAFVez0c7AO6XWEMUKzJd7dgbntRCNoa2bsNNjTJDnEbXQ9OPfemsMdo_2evV4tuDbJWTQngJvNAAfQuo4T_2WlCcOtuWjhcx0F-oKx53Bkh49JmU59ZcdIzQsGNqOW1XCsMk4J_hQdrqPaT8Fex2dLaiK2aZOQikwYH82LTuL3tQroxvodJyi8os2Tw7OOSe-JsaI3T7quX_w&x-client-SKU=ID_NET8_0&x-client-ver=7.5.1.0Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /Me.htm?v=3 HTTP/1.1Host: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Purpose: prefetchSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyReferer: https://o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA
Source: global traffic	HTTP traffic detected: GET /s/82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda/0b62916e90a58b06d55d641ab5a9498315d5f8c709ae45fba0e8f54e3b669413.js HTTP/1.1Host: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: fec4-fe6b=82e8cc673220c3f4fcabf71ef3d323242272c5ea4eddb1d6aedd6258f9cc4cda; x-ms-gateway-slice=estsfd; stsservicecookie=estsfd; buid=1.AUgAMe_N-B6jSkuT5F9XHpElWltEZUfGMrBJg-Ydk3ZSdsoBAABIAA.AQABGgEAAADW6jl31mB3T7ugrWTT8pFePPCWBfcKD7-r-M-d269POSkTa98E2ELdhIeb6ruie_7cVzsAGE4eSEw9Le9KVNMBnfgTuxqUvIGoX42QTuRH4m-yOstjit5DYVmjeuWjfvMgAA; esctx=PAQABBwEAAADW6jl31mB3T7ugrWTT8pFe59SDF3lzt7wrQUxlo0kNVHWurdtqCciXpW35FLLHD-t5qoOJIU5QkFumK2WH5vJnntBt6i6ubcTkg7AfJlwA4E1evfLwed6kIph70dS5phMYRxMqZSYJ6UY_pAx0SnGM0OxtsdCUb2Rd6dbPKmJR44OJ5_g92NFfY2bVDU9fXN0gAA; esctx-wEYa8ewq0Cc=AQABCQEAAADW6jl31mB3T7ugrWTT8pFeEhhlp5n_ZWsWfWaNUXZOvPLmhN43HXdkkO80UcyU6uRIX2PlsNjGWebNfhSs7NYGEfG148JAlhjS7AEcqzfG4PGYm8RkRNVixo7c7O6ig5Fqq5g4P_FnPabj-8mBdP4STdTZ1q6CRdSRpJG_3B_Z9yAA; fpc=AhZw6wgefU5EjPVIkl7TY3C8Ae7AAQAAACYJ_d4OAAAA

Source: chromecache_105.2.dr, chromecache_119.2.dr

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: issuu.com
Source: global traffic	DNS traffic detected: DNS query: static.isu.pub
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: o4505883345354752.ingest.sentry.io
Source: global traffic	DNS traffic detected: DNS query: reader3.isu.pub
Source: global traffic	DNS traffic detected: DNS query: consent.cookiebot.com
Source: global traffic	DNS traffic detected: DNS query: pingback.issuu.com
Source: global traffic	DNS traffic detected: DNS query: api.issuu.com
Source: global traffic	DNS traffic detected: DNS query: assets.isu.pub
Source: global traffic	DNS traffic detected: DNS query: layers.isu.pub
Source: global traffic	DNS traffic detected: DNS query: image.isu.pub
Source: global traffic	DNS traffic detected: DNS query: spidersense.bendingspoons.com
Source: global traffic	DNS traffic detected: DNS query: assets-eur.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: public-eur.mkt.dynamics.com
Source: global traffic	DNS traffic detected: DNS query: officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: o365.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: vezzjxkd.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: logedkdyvah.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 24 Dec 2024 19:56:26 GMTContent-Type: text/htmlContent-Length: 548Strict-Transport-Security: max-age=31536000; includeSubDomains; preloadVia: 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenServer: nginxDate: Tue, 24 Dec 2024 19:57:07 GMTContent-Length: 0Connection: closex-ms-trace-id: 7341764c30c37ff762c6cb512922ba62Strict-Transport-Security: max-age=2592000; preload

Source: chromecache_126.2.dr	String found in binary or memory: http://ogp.me/ns#
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://aadcdn.msauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://aadcdn.msftauth.net/shared/1.0/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_123.2.dr	String found in binary or memory: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/forms/afd683a
Source: chromecache_99.2.dr	String found in binary or memory: https://assets-eur.mkt.dynamics.com/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/digitalassets/standalonefor
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://assets.nflxext.com/us/email/gem/nflx.png
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react-dom/17.0.2/umd/react-dom.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react-is/17.0.2/umd/react-is.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/react/17.0.2/umd/react.production.min.js
Source: chromecache_126.2.dr	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/styled-components/5.3.11/styled-components.min.js
Source: chromecache_123.2.dr	String found in binary or memory: https://cxppusa1formui01cdnsa01-endpoint.azureedge.net/eur/FormLoader/FormLoader.bundle.js
Source: chromecache_126.2.dr	String found in binary or memory: https://image.isu.pub/241224193034-77c097d7eadd36d5a1226b1a395fdd6b/jpg/page_1.jpg
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://img-prod-cms-rt-microsoft-com.akamaized.net/cms/api/am/imageFileData/RE1Mu3b?ver=5c31
Source: chromecache_126.2.dr	String found in binary or memory: https://issuu.com/txbct.com/docs/navex_quote_65169.
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://mwf-service.akamaized.net/mwf/css/bundle/1.57.8/west-european/default/amc.min.css
Source: chromecache_98.2.dr, chromecache_121.2.dr	String found in binary or memory: https://officnxdbenbwamg.ceccdyrsvhhymfdwnfwghhbpxprqsbyjsyt.duckdns.org/hJEchGjd
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_123.2.dr	String found in binary or memory: https://public-eur.mkt.dynamics.com/api/v1.0/orgs/2e20bdf4-acb6-ef11-8a66-000d3a3a0951/landingpagefo
Source: chromecache_125.2.dr, chromecache_101.2.dr, chromecache_78.2.dr, chromecache_117.2.dr	String found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
Source: chromecache_78.2.dr	String found in binary or memory: https://reactjs.org/link/react-polyfills
Source: chromecache_126.2.dr	String found in binary or memory: https://static.isu.pub/fonts/inter/v3_19/UcC73FwrK3iLTeHuS_fvQtMwCp50KnMa1ZL7W0Q5nw.woff2
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_105.2.dr, chromecache_119.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_119.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_126.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=

Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49878 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49826 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown	Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49866 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49858 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49847
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49846
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49845
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49844
Source: unknown	Network traffic detected: HTTP traffic on port 49844 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49828 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49805 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49831
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49829
Source: unknown	Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49828
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49826
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49807 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49810 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49845 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49815
Source: unknown	Network traffic detected: HTTP traffic on port 49791 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49811
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49899
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49810
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49892
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 49767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49807
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49805
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49804
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49801
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49889
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 49783 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49815 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49801 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49908 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49878
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49872
Source: unknown	Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49804 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49829 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49846 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49866

Source: classification engine

Classification label: mal56.phis.troj.win@18/87@66/9

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2252,i,13392327784317788276,4031343908889293815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2404 --field-trial-handle=2252,i,13392327784317788276,4031343908889293815,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

ID:	1580520
Product:	CloudBasic
Start time:	20:55:14
Start date:	24.12.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://issuu.com/txbct.com/docs/navex_quote_65169.?fr=xKAE9_zU1NQ