Edit tour

Windows Analysis Report
https://steanmrcommunity.com/1052917516

Overview

General Information

Sample URL:https://steanmrcommunity.com/1052917516
Analysis ID:1637652
Infos:

Detection

Score:60
Range:0 - 100
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
AI detected suspicious URL
Creates files inside the system directory
Deletes files inside the Windows folder
Suricata IDS alerts with low severity for network traffic

Classification

RansomwareSpreadingPhishingBankerTrojan / BotAdwareSpywareExploiterEvaderMinercleansuspiciousmalicious
  • System is w10x64_ra
  • chrome.exe (PID: 6564 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)
    • chrome.exe (PID: 6760 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,14299289915453701054,13863137623499631370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)
  • chrome.exe (PID: 4616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://steanmrcommunity.com/1052917516" MD5: E81F54E6C1129887AEA47E7D092680BF)
  • cleanup
No yara matches
No Sigma rule has matched
TimestampSIDSeverityClasstypeSource IPSource PortDestination IPDestination PortProtocol
2025-03-13T19:26:29.733144+010020283713Unknown Traffic192.168.2.174969613.107.246.60443TCP
2025-03-13T19:26:29.751376+010020283713Unknown Traffic192.168.2.174970013.107.246.60443TCP
2025-03-13T19:26:29.752944+010020283713Unknown Traffic192.168.2.174969913.107.246.60443TCP
2025-03-13T19:26:29.796932+010020283713Unknown Traffic192.168.2.174969813.107.246.60443TCP
2025-03-13T19:26:29.813038+010020283713Unknown Traffic192.168.2.174969713.107.246.60443TCP

Click to jump to signature section

Show All Signature Results

AV Detection

barindex
Source: https://steanmrcommunity.com/1052917516Avira URL Cloud: detection malicious, Label: phishing
Source: https://steanmrcommunity.com/favicon.icoAvira URL Cloud: Label: phishing

Phishing

barindex
Source: https://steanmrcommunity.comJoe Sandbox AI: The URL 'https://steanmrcommunity.com' closely resembles the legitimate 'https://steamcommunity.com', which is associated with the well-known gaming platform Steam. The primary visual character substitution is the replacement of 'm' with 'rn', which can be easily overlooked by users, leading to potential confusion. The domain structure is otherwise identical, maintaining the 'community' aspect, which is a key part of the legitimate URL. There is no indication that 'steanmrcommunity.com' serves a different legitimate purpose unrelated to Steam, increasing the likelihood of it being a typosquatting attempt.
Source: https://steanmrcommunity.com/1052917516HTTP Parser: No favicon
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49697 version: TLS 1.2
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49700 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49698 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49697 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49699 -> 13.107.246.60:443
Source: Network trafficSuricata IDS: 2028371 - Severity 3 - ET JA3 Hash - Possible Malware - Fake Firefox Font Update : 192.168.2.17:49696 -> 13.107.246.60:443
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: unknownTCP traffic detected without corresponding DNS query: 13.107.246.60
Source: global trafficHTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /1052917516 HTTP/1.1Host: steanmrcommunity.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CLf3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: steanmrcommunity.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://steanmrcommunity.com/1052917516Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /1052917516 HTTP/1.1Host: steanmrcommunity.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: steanmrcommunity.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://steanmrcommunity.com/1052917516Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global trafficHTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficHTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.svc.static.microsoft
Source: global trafficDNS traffic detected: DNS query: steanmrcommunity.com
Source: global trafficDNS traffic detected: DNS query: www.google.com
Source: global trafficDNS traffic detected: DNS query: beacons.gcp.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons.gvt2.com
Source: global trafficDNS traffic detected: DNS query: beacons2.gvt2.com
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Thu, 13 Mar 2025 18:26:40 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91fd94b8dda16199-ORD
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Thu, 13 Mar 2025 18:26:44 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91fd94d66efd607c-ORD
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Thu, 13 Mar 2025 18:26:52 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91fd9503ce51c8e4-MIA
Source: global trafficHTTP traffic detected: HTTP/1.1 403 ForbiddenServer: cloudflareDate: Thu, 13 Mar 2025 18:26:56 GMTContent-Type: text/htmlContent-Length: 553Connection: closeCF-RAY: 91fd951f4dedf828-IAD
Source: unknownNetwork traffic detected: HTTP traffic on port 49708 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49743
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49741
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
Source: unknownNetwork traffic detected: HTTP traffic on port 49789 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49800 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49743 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49795 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49734
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49812 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49749 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49806 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
Source: unknownNetwork traffic detected: HTTP traffic on port 49790 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49697 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49748 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49828 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49805 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
Source: unknownNetwork traffic detected: HTTP traffic on port 49709 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49796 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49709
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49708
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49829
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49707
Source: unknownNetwork traffic detected: HTTP traffic on port 49811 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49828
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49706
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49827
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49705
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49826
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49704
Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49825
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49702
Source: unknownNetwork traffic detected: HTTP traffic on port 49771 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49701
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49788
Source: unknownNetwork traffic detected: HTTP traffic on port 49699 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49787
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49786
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49785
Source: unknownNetwork traffic detected: HTTP traffic on port 49813 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
Source: unknownNetwork traffic detected: HTTP traffic on port 49785 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49807 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49701 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49682 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49791 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49775
Source: unknownNetwork traffic detected: HTTP traffic on port 49707 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49774
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49773
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49771
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49770
Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49671 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49802 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49769
Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49768
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49764
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49761
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
Source: unknownNetwork traffic detected: HTTP traffic on port 49702 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49741 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49764 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49770 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49797 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49801 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
Source: unknownNetwork traffic detected: HTTP traffic on port 49698 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
Source: unknownNetwork traffic detected: HTTP traffic on port 49818 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49786 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49829 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49775 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49749
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49748
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
Source: unknownNetwork traffic detected: HTTP traffic on port 49792 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
Source: unknownNetwork traffic detected: HTTP traffic on port 49672 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49769 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49803 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49826 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49699
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49698
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49697
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49696
Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49700 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49798 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49688
Source: unknownNetwork traffic detected: HTTP traffic on port 49706 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49787 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49793 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49688 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49774 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49799
Source: unknownNetwork traffic detected: HTTP traffic on port 49734 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49798
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49797
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49796
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49795
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49794
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49793
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49792
Source: unknownNetwork traffic detected: HTTP traffic on port 49814 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49791
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49790
Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49768 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49825 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49808 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49789
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49700
Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49704 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49818
Source: unknownNetwork traffic detected: HTTP traffic on port 49799 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49810 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49814
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49813
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49812
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49811
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49810
Source: unknownNetwork traffic detected: HTTP traffic on port 49696 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49788 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49794 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49827 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49809
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49808
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49807
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49806
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49805
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49804
Source: unknownNetwork traffic detected: HTTP traffic on port 49773 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49803
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49802
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49801
Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49800
Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49809 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49705 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49761 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49804 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49696 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49700 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49699 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49698 version: TLS 1.2
Source: unknownHTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.17:49697 version: TLS 1.2
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Windows\SystemTemp\scoped_dir6564_980823683
Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile deleted: C:\Windows\SystemTemp\scoped_dir6564_980823683
Source: classification engineClassification label: mal60.win@23/2@31/94
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,14299289915453701054,13863137623499631370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://steanmrcommunity.com/1052917516"
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2036,i,14299289915453701054,13863137623499631370,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2100 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknown
Source: Window RecorderWindow detected: More than 3 window changes detected
ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
Gather Victim Identity InformationAcquire InfrastructureValid AccountsWindows Management Instrumentation1
Browser Extensions
1
Process Injection
1
Masquerading
OS Credential DumpingSystem Service DiscoveryRemote ServicesData from Local System1
Encrypted Channel
Exfiltration Over Other Network MediumAbuse Accessibility Features
CredentialsDomainsDefault AccountsScheduled Task/JobBoot or Logon Initialization ScriptsBoot or Logon Initialization Scripts1
Process Injection
LSASS MemoryApplication Window DiscoveryRemote Desktop ProtocolData from Removable Media3
Non-Application Layer Protocol
Exfiltration Over BluetoothNetwork Denial of Service
Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)Logon Script (Windows)1
File Deletion
Security Account ManagerQuery RegistrySMB/Windows Admin SharesData from Network Shared Drive4
Application Layer Protocol
Automated ExfiltrationData Encrypted for Impact
Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin HookBinary PaddingNTDSSystem Network Configuration DiscoveryDistributed Component Object ModelInput Capture3
Ingress Tool Transfer
Traffic DuplicationData Destruction

This section contains all screenshots as thumbnails, including those not shown in the slideshow.


windows-stand
SourceDetectionScannerLabelLink
https://steanmrcommunity.com/1052917516100%Avira URL Cloudphishing
No Antivirus matches
No Antivirus matches
No Antivirus matches
SourceDetectionScannerLabelLink
https://otelrules.svc.static.microsoft/rules/rule702050v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701701v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703650v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701401v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703150v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701950v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700701v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700601v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703951v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701400v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703651v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702850v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702051v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700000v2s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704051v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700551v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700850v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701951v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700451v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702101v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700101v1s19.xml0%Avira URL Cloudsafe
https://steanmrcommunity.com/favicon.ico100%Avira URL Cloudphishing
https://otelrules.svc.static.microsoft/rules/rule702701v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704000v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703251v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701850v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701900v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703550v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700951v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703200v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703250v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702601v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702001v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700650v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703301v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700651v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700251v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701551v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700300v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule700250v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702401v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule702400v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704101v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule120119v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704151v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703751v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule701300v1s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xml0%Avira URL Cloudsafe
https://otelrules.svc.static.microsoft/rules/rule703700v0s19.xml0%Avira URL Cloudsafe
NameIPActiveMaliciousAntivirus DetectionReputation
beacons-handoff.gcp.gvt2.com
142.250.186.131
truefalse
    high
    steanmrcommunity.com
    188.114.97.3
    truetrue
      unknown
      www.google.com
      142.250.185.132
      truefalse
        high
        beacons2.gvt2.com
        142.250.192.3
        truefalse
          high
          beacons.gvt2.com
          142.250.186.35
          truefalse
            high
            beacons6.gvt2.com
            216.58.206.67
            truefalse
              high
              beacons.gcp.gvt2.com
              unknown
              unknownfalse
                high
                NameMaliciousAntivirus DetectionReputation
                https://otelrules.svc.static.microsoft/rules/rule704001v0s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule703151v1s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule704151v0s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule702050v1s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule702001v1s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule704200v0s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule704050v0s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule700451v1s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule703200v1s19.xmlfalse
                • Avira URL Cloud: safe
                unknown
                https://otelrules.svc.static.microsoft/rules/rule702451v1s19.xmlfalse
                  high
                  https://otelrules.svc.static.microsoft/rules/rule703301v0s19.xmlfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://otelrules.svc.static.microsoft/rules/rule703650v0s19.xmlfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://otelrules.svc.static.microsoft/rules/rule700001v2s19.xmlfalse
                  • Avira URL Cloud: safe
                  unknown
                  https://otelrules.svc.static.microsoft/rules/rule703050v3s19.xmlfalse
                    high
                    https://otelrules.svc.static.microsoft/rules/rule701751v1s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule700650v1s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule703751v0s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule703950v0s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule701301v1s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule702601v1s19.xmlfalse
                    • Avira URL Cloud: safe
                    unknown
                    https://otelrules.svc.static.microsoft/rules/rule701650v1s19.xmlfalse
                      high
                      https://otelrules.svc.static.microsoft/rules/rule700950v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule701950v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule700301v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule701550v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule120119v0s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule700100v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule700550v1s19.xmlfalse
                      • Avira URL Cloud: safe
                      unknown
                      https://otelrules.svc.static.microsoft/rules/rule703201v1s19.xmlfalse
                        high
                        https://otelrules.svc.static.microsoft/rules/rule701100v1s19.xmlfalse
                          high
                          https://otelrules.svc.static.microsoft/rules/rule701901v1s19.xmlfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://otelrules.svc.static.microsoft/rules/rule703951v0s19.xmlfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://otelrules.svc.static.microsoft/rules/rule703250v1s19.xmlfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://otelrules.svc.static.microsoft/rules/rule700651v1s19.xmlfalse
                          • Avira URL Cloud: safe
                          unknown
                          https://otelrules.svc.static.microsoft/rules/rule701651v1s19.xmlfalse
                            high
                            https://steanmrcommunity.com/1052917516true
                              unknown
                              https://otelrules.svc.static.microsoft/rules/rule704051v0s19.xmlfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://otelrules.svc.static.microsoft/rules/rule700700v1s19.xmlfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://otelrules.svc.static.microsoft/rules/rule702101v1s19.xmlfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://otelrules.svc.static.microsoft/rules/rule702000v1s19.xmlfalse
                              • Avira URL Cloud: safe
                              unknown
                              https://otelrules.svc.static.microsoft/rules/rule702450v1s19.xmlfalse
                                high
                                https://otelrules.svc.static.microsoft/rules/rule700551v1s19.xmlfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://otelrules.svc.static.microsoft/rules/rule703750v0s19.xmlfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://otelrules.svc.static.microsoft/rules/rule703300v0s19.xmlfalse
                                • Avira URL Cloud: safe
                                unknown
                                https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhEfalse
                                  high
                                  https://otelrules.svc.static.microsoft/rules/rule700450v1s19.xmlfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://otelrules.svc.static.microsoft/rules/rule701700v1s19.xmlfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://otelrules.svc.static.microsoft/rules/rule700101v1s19.xmlfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://otelrules.svc.static.microsoft/rules/rule702700v1s19.xmlfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://otelrules.svc.static.microsoft/rules/rule701551v1s19.xmlfalse
                                  • Avira URL Cloud: safe
                                  unknown
                                  https://otelrules.svc.static.microsoft/rules/rule701101v1s19.xmlfalse
                                    high
                                    https://otelrules.svc.static.microsoft/rules/rule700851v1s19.xmlfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://otelrules.svc.static.microsoft/rules/rule702701v1s19.xmlfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://otelrules.svc.static.microsoft/rules/rule701851v1s19.xmlfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://otelrules.svc.static.microsoft/rules/rule702851v1s19.xmlfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://steanmrcommunity.com/favicon.icotrue
                                    • Avira URL Cloud: phishing
                                    unknown
                                    https://otelrules.svc.static.microsoft/rules/rule701701v1s19.xmlfalse
                                    • Avira URL Cloud: safe
                                    unknown
                                    https://otelrules.svc.static.microsoft/rules/rule701750v1s19.xmlfalse
                                      high
                                      https://otelrules.svc.static.microsoft/rules/rule700600v1s19.xmlfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://otelrules.svc.static.microsoft/rules/rule700300v1s19.xmlfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://otelrules.svc.static.microsoft/rules/rule702401v1s19.xmlfalse
                                      • Avira URL Cloud: safe
                                      unknown
                                      https://otelrules.svc.static.microsoft/rules/rule120607v1s19.xmlfalse
                                        high
                                        https://otelrules.svc.static.microsoft/rules/rule701401v1s19.xmlfalse
                                        • Avira URL Cloud: safe
                                        unknown
                                        https://otelrules.svc.static.microsoft/rules/rule702600v1s19.xmlfalse
                                          high
                                          https://otelrules.svc.static.microsoft/rules/rule704000v0s19.xmlfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://otelrules.svc.static.microsoft/rules/rule224900v0s19.xmlfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://otelrules.svc.static.microsoft/rules/rule703251v1s19.xmlfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://otelrules.svc.static.microsoft/rules/rule701900v1s19.xmlfalse
                                          • Avira URL Cloud: safe
                                          unknown
                                          https://otelrules.svc.static.microsoft/rules/rule704100v0s19.xmlfalse
                                            high
                                            https://otelrules.svc.static.microsoft/rules/rule704150v0s19.xmlfalse
                                              high
                                              https://otelrules.svc.static.microsoft/rules/rule700250v1s19.xmlfalse
                                              • Avira URL Cloud: safe
                                              unknown
                                              https://otelrules.svc.static.microsoft/rules/rule704201v0s19.xmlfalse
                                                high
                                                https://otelrules.svc.static.microsoft/rules/rule700701v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule702100v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule703150v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule703550v0s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule703651v0s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule701850v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule700601v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule701400v1s19.xmlfalse
                                                • Avira URL Cloud: safe
                                                unknown
                                                https://otelrules.svc.static.microsoft/rules/rule120128v0s19.xmlfalse
                                                  high
                                                  https://otelrules.svc.static.microsoft/rules/rule120603v8s19.xmlfalse
                                                    high
                                                    https://otelrules.svc.static.microsoft/rules/rule702850v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule702400v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule702051v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule700000v2s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule704101v0s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule700251v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule703551v0s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule703700v0s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule700850v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule703051v3s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule701300v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule701951v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    https://otelrules.svc.static.microsoft/rules/rule700951v1s19.xmlfalse
                                                    • Avira URL Cloud: safe
                                                    unknown
                                                    • No. of IPs < 25%
                                                    • 25% < No. of IPs < 50%
                                                    • 50% < No. of IPs < 75%
                                                    • 75% < No. of IPs
                                                    IPDomainCountryFlagASNASN NameMalicious
                                                    142.250.186.67
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.250.186.78
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    1.1.1.1
                                                    unknownAustralia
                                                    13335CLOUDFLARENETUSfalse
                                                    188.114.97.3
                                                    steanmrcommunity.comEuropean Union
                                                    13335CLOUDFLARENETUStrue
                                                    74.125.133.84
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    172.217.16.206
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.250.186.163
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    216.58.206.78
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    172.217.18.3
                                                    unknownUnited States
                                                    15169GOOGLEUSfalse
                                                    142.250.185.132
                                                    www.google.comUnited States
                                                    15169GOOGLEUSfalse
                                                    IP
                                                    192.168.2.17
                                                    Joe Sandbox version:42.0.0 Malachite
                                                    Analysis ID:1637652
                                                    Start date and time:2025-03-13 19:26:05 +01:00
                                                    Joe Sandbox product:CloudBasic
                                                    Overall analysis duration:
                                                    Hypervisor based Inspection enabled:false
                                                    Report type:full
                                                    Cookbook file name:defaultwindowsinteractivecookbook.jbs
                                                    Sample URL:https://steanmrcommunity.com/1052917516
                                                    Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                    Number of analysed new started processes analysed:14
                                                    Number of new started drivers analysed:0
                                                    Number of existing processes analysed:0
                                                    Number of existing drivers analysed:0
                                                    Number of injected processes analysed:0
                                                    Technologies:
                                                    • EGA enabled
                                                    Analysis Mode:stream
                                                    Analysis stop reason:Timeout
                                                    Detection:MAL
                                                    Classification:mal60.win@23/2@31/94
                                                    • Exclude process from analysis (whitelisted): svchost.exe
                                                    • Excluded IPs from analysis (whitelisted): 172.217.16.206, 172.217.18.3, 216.58.206.78, 74.125.133.84, 142.250.185.174, 142.250.185.78, 142.250.186.110, 172.217.18.14
                                                    • Excluded domains from analysis (whitelisted): clients2.google.com, accounts.google.com, redirector.gvt1.com, clientservices.googleapis.com, clients.l.google.com
                                                    • Not all processes where analyzed, report is missing behavior information
                                                    • Report size getting too big, too many NtOpenFile calls found.
                                                    • VT rate limit hit for: https://steanmrcommunity.com/1052917516
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:HTML document, ASCII text, with CRLF line terminators
                                                    Category:downloaded
                                                    Size (bytes):553
                                                    Entropy (8bit):4.662821081936326
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:0127426BF3BA07FF7211399DDF5186C4
                                                    SHA1:221D89F3261F545AC58848EBA300E0134C76FF9A
                                                    SHA-256:982B986BB578E137F062099427A8CAEC3C501C84A9E4B22369EBD2BADEC42FE7
                                                    SHA-512:6CEA4AB7D43A518A316120BF7AE340583E989A21FC3E142DDD71742D53A7AE6CFA276F232ACD6B6794444B28AA9A666C40171EE44341A7B9A3CA8453B61A371A
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://steanmrcommunity.com/1052917516
                                                    Preview:<html>..<head><title>403 Forbidden</title></head>..<body>..<center><h1>403 Forbidden</h1></center>..<hr><center>cloudflare</center>..</body>..</html>.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->.. a padding to disable MSIE and Chrome friendly error page -->..
                                                    Process:C:\Program Files\Google\Chrome\Application\chrome.exe
                                                    File Type:ASCII text, with very long lines (3365)
                                                    Category:downloaded
                                                    Size (bytes):3370
                                                    Entropy (8bit):5.840438294382865
                                                    Encrypted:false
                                                    SSDEEP:
                                                    MD5:8754FD4F5593527F39DFDED6A52786CE
                                                    SHA1:C55E0D4195214E1E00970C4DD971A38B931FD462
                                                    SHA-256:92F212F8B8513D2EA17646876C3CBF0DF081A99F210EFC1D3C0B8E8C037BE701
                                                    SHA-512:A54862D137AC9A5447AA89CBD2BA2BAD60FE589352A27695288E767E02BA779125919B55A2E4CC67AAB1557918B8033FC9B5973A3881666F04BB200306EF1918
                                                    Malicious:false
                                                    Reputation:unknown
                                                    URL:https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyA2KlwBX3mkFo30om9LUFYQhpqLoa_BNhE
                                                    Preview:)]}'.["",["danielle haim relationships","palworld crossplay update","data breach settlement","weather storms and tornadoes","ncaa wrestling championships brackets","stranger things season 5 release date","jamie dimon","xbox handheld console"],["","","","","","","",""],[],{"google:clientdata":{"bpc":false,"tlw":false},"google:groupsinfo":"ChoIkk4SFQoRVHJlbmRpbmcgc2VhcmNoZXMoCg\u003d\u003d","google:suggestdetail":[{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"zl":10002},{"google:entityinfo":"CgkvbS8wM2NydHISFUNFTyBvZiBKUE1vcmdhbiBDaGFzZTLHDWRhdGE6aW1hZ2UvanBlZztiYXNlNjQsLzlqLzRBQVFTa1pKUmdBQkFRQUFBUUFCQUFELzJ3Q0VBQWtHQndnSEJna0lCd2dLQ2drTERSWVBEUXdNRFJzVUZSQVdJQjBpSWlBZEh4OGtLRFFzSkNZeEp4OGZMVDB0TVRVM09qbzZJeXMvUkQ4NFF6UTVPamNCQ2dvS0RRd05HZzhQR2pjbEh5VTNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTnpjM056YzNOemMzTi8vQUFCRUlBRUFBUUFNQklnQUNFUUVERVFIL3hBQWFBQUFEQVFFQkFRQUFBQUFBQUFBQUFBQUZCZ2NFQWdNSS84UUFPQkFBQWdFREFnTUZCQVlMQUFBQUFBQUFBUUlEQUFR
                                                    No static file info