Windows Analysis Report
http://leembal.com.mx

Overview

General Information

Sample URL:	http://leembal.com.mx
Analysis ID:	1500770
Infos:

Detection

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Invalid T&C link found

Stores files to the Windows start menu directory

Suspicious form URL found

Classification

Signatures

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://leembal.com.mx

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/jsd/r/8ba6f23a4da941ec	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/&%20.ico	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/&%20.png	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?	Avira URL Cloud: Label: phishing
Source: http://leembal.com.mx/	Avira URL Cloud: Label: malware
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/2&%20.css	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/1&%20.css	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://mauriecward.com/www/default/Up/	LLM: Score: 9 Reasons: The domain name'mauriceward.com' does not match the brand name 'Xfinity', which is a well-known internet service provider. The domain name appears to be misspelled or unrelated to the brand. DOM: 0.6.pages.csv
Source: https://mauriecward.com/www/default/Up/	LLM: Score: 10 Reasons: The domain name'mauriecward.com' does not match the brand name Xfinity, and the domain name appears to be misspelled or unrelated to the brand. The use of a dark background with a bright header and the prominent display of the login form are also suspicious. Additionally, the screenshot shows a login page for Xfinity, but the domain name is not affiliated with Xfinity, which is a clear indication of a phishing attempt. DOM: 0.5.pages.csv

Found iframes

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Iframe src: ./#

HTML body contains low number of good links

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Base64 decoded: <svg xmlns="http://www.w3.org/2000/svg" width="32" height="32" fill="none" viewBox="0 0 26 26"><path fill="#d9d9d9" d="M13 0a13 13 0 1 0 0 26 13 13 0 0 0 0-26m0 24a11 11 0 1 1 0-22 11 11 0 0 1 0 22"/><path fill="#d9d9d9" d="m10.955 16.055-3.95-4.125-1.445...

HTML title does not match URL

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Title: Sign in to Xfinity does not match URL

Invalid T&C link found

Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Terms of Service
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Privacy Policy
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Terms of Service
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Privacy Policy

Suspicious form URL found

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Form action: ./&&/uploader.php

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: <input type="password" .../> found

Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: No <meta name="author".. found

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55090 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:50737 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:55080 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:49188 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mauriecward.com/www/default/Up/?__cf_chl_rt_tk=vFEhQov70G.VWpWG0ESnpZxTYlu1nleSzLsk9eGtP18-1724875819-0.0.1.1-4628Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mauriecward.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2 HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ba6f1bfcec71998&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ba6f1bfcec71998&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8ba6f1bfcec71998/1724875825540/9311eb0bc0155a76f04217e998005740fa0a2cb9b619ecc0dad5e5b38d922c5d/Ixeew78qpFXTq8J HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8ba6f1bfcec71998/1724875825542/l9vs9uugz06o8HP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8ba6f1bfcec71998/1724875825542/l9vs9uugz06o8HP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2 HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/?__cf_chl_tk=vFEhQov70G.VWpWG0ESnpZxTYlu1nleSzLsk9eGtP18-1724875819-0.0.1.1-4628Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8ba6f23a4da941ec HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/1&%20.css HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/2&%20.css HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.png HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.png HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.ico HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: leembal.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: leembal.com.mx
Source: global traffic	DNS traffic detected: DNS query: mauriecward.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sdx.xfinity.com

Source: unknown

HTTP traffic detected: POST /report/v4?s=DLroKrrSJMX%2B0hKNCOBIFt7U%2BrHuCJmSaYRmjd02rk6E0d6yurnnbHoIsGuq%2BifUfHng6ludCRKjSin41JhBpMCEWyvR0A%2BM78U1pISADARevzoZaiyyAnx9bo40v3GOnnE%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 404Content-Type: application/reports+jsonUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: yvc4aeSl+wXTj6sr31scjeAQ6YjWWw8Bt/Q=$BMePj1MAqH72fzsvReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJNoFUNPpxkjDSz%2F9CoH6DD1yQtWBi2YzB%2BsPaIBj63gMLvx26zgbtbF2IOqcGgrEvg7EfOP%2F91%2FIBwqtNMHOVfvTc1uShILOCknzgCbD%2FJPfdHNmcw4oEsNFb9VEnSGI88%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ba6f1bfccd932fc-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:26 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: XGSKY7gHkk/h+xzDq/6TCJli0SRBRCIB5bg=$EhJPL2+AFCVYgzFCcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ba6f1db8a95426b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:30 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: G+tzPxMpLo7ee2XmmgVsmzlpG54ckhRPyOA=$M8CbdUxqtBPtZzfHServer: cloudflareCF-RAY: 8ba6f1f26a738cd4-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:40 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: jz+3/JfpgEdQaf0MLyrwQMEhLSS7snAiKCw=$hCmOTOsd1Wtg8I/ocache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ba6f2357de05589-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:41 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 5SQEUUkIrwQbi0Wy17czE+6EqTazILvcBzA=$K0Pn1wo3MB55Db3fReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoQ58tLfP6qQ9K3ucq6yHOE2hn8RvJ5IFDdkUBhi5RlRXlf%2FUBMfrI34hCg1r73Ea8u96%2BXRr1AyhuhKkNsHkXJ5%2FLZmvwS%2FSY%2FTvCEiQNG5ypuGUezEmECS49tar3IP%2FCg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ba6f23a4cd08cb7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge

Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff2

Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55105
Source: unknown	Network traffic detected: HTTP traffic on port 55083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 50744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55087
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55081
Source: unknown	Network traffic detected: HTTP traffic on port 55105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown	Network traffic detected: HTTP traffic on port 55088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 50747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 55085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55091
Source: unknown	Network traffic detected: HTTP traffic on port 50756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 55091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 55099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 50753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 55096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 50760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50757 -> 443

Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55090 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@25/42@20/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,3562335403308370151,11216506624506212134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://leembal.com.mx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,3562335403308370151,11216506624506212134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.18.94.41	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.195.235	mauriecward.com	United States	13335	CLOUDFLARENETUS	true
104.18.95.41	challenges.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false
157.230.60.69	leembal.com.mx	United States	14061	DIGITALOCEAN-ASNUS	false
172.217.18.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.5

Contacted Domains

Name	IP	Active
bg.microsoft.map.fastly.net	199.232.214.172	true
a.nel.cloudflare.com	35.190.80.1	true
challenges.cloudflare.com	104.18.95.41	true
www.google.com	172.217.18.100	true
leembal.com.mx	157.230.60.69	true
mauriecward.com	172.67.195.235	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
sdx.xfinity.com	unknown	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://mauriecward.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2	false	Avira URL Cloud: phishing	unknown
https://mauriecward.com/cdn-cgi/challenge-platform/h/b/jsd/r/8ba6f23a4da941ec	false	Avira URL Cloud: phishing	unknown
https://mauriecward.com/www/default/Up/&/&%20.ico	true	Avira URL Cloud: phishing	unknown
https://mauriecward.com/www/default/Up/	true		unknown
https://mauriecward.com/www/default/Up/&/&%20.png	true	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=QlW6%2B985NZG03td0RW8i0b7yn0WlepwIKt9hTEz446g5azxVaxARNdb2F1XjGp8HM%2BsKRbcp6lMxkrKxLNZdlsdls%2FC0m327hJwivcmdlxIsdVXEfQ4BH1kJA4v1tB14res%3D	false	Avira URL Cloud: safe	unknown
https://mauriecward.com/favicon.ico	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=qpoVLXljDZYDqBRkc1%2FRSIN7ouyOcZlizw6Cm7Fpax6KbsxWmy2U1FnT8Fv4bsFfBlFz%2Fbi%2Bdpucv%2B%2BHs2TwLXgLYjzVH7SF9e857ilr%2FYWufKvixCwblwEUGrXaMg3FgA0%3D	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/pat/8ba6f1bfcec71998/1724875825540/9311eb0bc0155a76f04217e998005740fa0a2cb9b619ecc0dad5e5b38d922c5d/Ixeew78qpFXTq8J	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ba6f1bfcec71998&lang=auto	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D	false	Avira URL Cloud: safe	unknown
https://mauriecward.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?	false	Avira URL Cloud: phishing	unknown
https://a.nel.cloudflare.com/report/v4?s=DLroKrrSJMX%2B0hKNCOBIFt7U%2BrHuCJmSaYRmjd02rk6E0d6yurnnbHoIsGuq%2BifUfHng6ludCRKjSin41JhBpMCEWyvR0A%2BM78U1pISADARevzoZaiyyAnx9bo40v3GOnnE%3D	false	Avira URL Cloud: safe	unknown
http://leembal.com.mx/	true	Avira URL Cloud: malware	unknown
https://mauriecward.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be	false	Avira URL Cloud: phishing	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21	false	Avira URL Cloud: safe	unknown
https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/i/8ba6f1bfcec71998/1724875825542/l9vs9uugz06o8HP	false	Avira URL Cloud: safe	unknown
https://mauriecward.com/www/default/Up/&/2&%20.css	true	Avira URL Cloud: phishing	unknown
https://mauriecward.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	false	Avira URL Cloud: phishing	unknown
https://mauriecward.com/www/default/Up/&/1&%20.css	true	Avira URL Cloud: phishing	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:10:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1F0F01A2D603B597BFFFA4DCBF0DFA05	FA10EABF0AA5C186F0DE9C31CB49F647BE01EC6B	63880BFB0A89283D9FA53D1D64F6434C78564B3F83397063BEE58544121A2A37
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:10:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	0F4E7DA2A9B2FF7D242E8C927C9B9EF7	031CAA8F739A76BD18BD9355B0BD5D92F645518B	B9C2314086D6680935CE9C3661BEC96DD5BD986B7BA17707F0AB43B9D48D1E61
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Oct 4 12:54:07 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	916277CB8CCBABCCCB512B7E0AE050D1	26793FD5910887317AE97DFB917E0732D264E049	DC58D1F899ECC4069A63C6DF2B76F4766C67BE050B76ECA5872AF6CAEDF94DEB
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:10:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5696D052D0374D3AAA3A86560004570D	E48BFCC0F1CC7ED9FE8E3E1A08AED36107D31D41	FB833A27C03085F3246051CAEDB1E6B97E69FCEF60B501F400977EFBBEF43FC9
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:10:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	F67D96FCAB8BE67B972D47B0E617EA7A	DBA243D1992E3369FEE023BAEF32F075FB4347FF	646D348B17D6FC726CD76716FDB51DCC37B31811FC2A3CA07E5EE8A74FF2237F
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Wed Aug 28 19:10:15 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	98CB84EEF8E23E5D1215C20F54698ABE	CB5F388E38140FA8A1A513AD5BBFF547D164D59A	85797DB5BBDD85E035BE72168DCEA74FE025FD130003C3CA4926E3918443394A
Chrome Cache Entry: 134	Web Open Font Format (Version 2), TrueType, length 26768, version 0.0	E3E79CD377B28C1E7FFEA64B194136CF	E67FB661F5D630ECC811E93D526065A680BF58D7	138C0EAD0FBCD09DD455DF9870920E8725B367FBF02AC0CEF0C62874000AB176
Chrome Cache Entry: 135	ASCII text, with very long lines (3564), with CRLF line terminators	2D967BD09A9E1A3BDC2217BFB26CFC26	FFDF10281F48EA48C069525C261B6C08617D84B0	72BEBBA96388F12A067097F39DFEDEE6B8E570D35EEDFF137DA4A99258DAF3EC
Chrome Cache Entry: 136	ASCII text, with very long lines (7811), with no line terminators	FD55ACC47706D26C60D698E1387E6B84	E200230B9E8D43C7E093D14C4FC234FBB2BD8BE8	BDBF7E77A4C63D59E87569CEFA5F73BA7F2FC04A76DF1723A66F6FEC165DB21D
Chrome Cache Entry: 137	ASCII text, with very long lines (7946), with no line terminators	4030F1B44EBF3A79737CDEDCB5D6E934	7AF0C1F9BEA724E5A394EF6661D8BC00C1E61295	99827BADDF33191077E9F8EBB0F824F14AC450A2828715BB678254BCCC6A9F27
Chrome Cache Entry: 138	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 139	PNG image data, 42 x 97, 8-bit/color RGB, non-interlaced	9E2BBD80E5CEF00AB9BB6C842B278E15	BF16A94987C776F8CF995F52D16F4DD954E9DA85	F3EAC0EBE760F07FA083F0B779E39A2D8BD276F2CDFB304B54CFA9E0DC1C67C1
Chrome Cache Entry: 140	ASCII text, with no line terminators	44A16C874C32F45DD913FE7C1D225271	0DE909A2A0060316D00518D97C80BF8E9C8A535C	5658DDA1375A081B7AE4CD9B9B115000EAF8735A41683EB48E07240A19887A86
Chrome Cache Entry: 141	HTML document, ASCII text, with very long lines (599)	926EF68B235D9FC7CCF53C6AD66EFF95	3404AFE624DAFA3DFB0ACC7B9DE34074C327AE1C	BC6503E8EF01AF81656E2FE6999E3310D91C9065CB45F3CBCF89C5CBBD461693
Chrome Cache Entry: 142	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 143	Web Open Font Format (Version 2), TrueType, length 27420, version 0.0	F05D3EBE80809D82AB14D62A79DA544E	BF08410286FBADD57335DC63DBDD8169CD4E6D1E	FC6CD95261064C28600405C9C8DD51813ABF8367E85B6E00F0F3031A8338988A
Chrome Cache Entry: 144	PNG image data, 727 x 383, 8-bit/color RGBA, non-interlaced	6F24826F1B29F767C2618E9555E87B64	27B2F091E82D60DFC32A10635C12A8814A7649D0	DE29BA0F5C0F48F9E1470E94DBF1DB5C9F9D0AC12B752F8D750F29FEA7E1D6AA
Chrome Cache Entry: 145	Web Open Font Format (Version 2), TrueType, length 27152, version 0.0	13709EAC065721BA8CD0E2D1B6FA8026	2FA86F3C0FBC94711D6C0ED32E3E03ADD756BA18	2A031939885BB7EFBA89D423C9EE7C0FE2BAB465F18DB63F40A9AE2BD7BC0228
Chrome Cache Entry: 146	HTML document, ASCII text, with very long lines (17585)	0CC43B130C19B691126DE1CB4FEAA379	4E30CE89EB42AE034E0F34B34B03CC579AF27C09	679A576B70A74EAA4700EDD2B4F44EE7A94A7AB8E12E360255D8168992001F49
Chrome Cache Entry: 147	HTML document, ASCII text, with CRLF line terminators	88AD6A44338AF68C00110DEF59A4F010	64F34DF1E6CE58614D97A42727DA2C08AF654D99	5E94071E13BA3174BEAFFD4977E1D542A6D1825E33D2267311E20FD0961CD126
Chrome Cache Entry: 148	PNG image data, 2 x 2, 8-bit/color RGB, non-interlaced	9246CCA8FC3C00F50035F28E9F6B7F7D	3AA538440F70873B574F40CD793060F53EC17A5D	C07D7D29E3C20FA6CA4C5D20663688D52BAD13E129AD82CE06B80EB187D9DC84
Chrome Cache Entry: 149	HTML document, ASCII text, with very long lines (5953)	D1CDA0B55753078913FF71F20FDF5521	3A0F877DE211209031D857B51BAD8FAF85FB0D50	9B41D9F6B4B7CA06174C739F9B738ED58E8E1C19FF143638B54F6F61DF1059AC
Chrome Cache Entry: 150	MS Windows icon resource - 3 icons, 48x48, 8 bits/pixel, 32x32, 8 bits/pixel	C73967463A039770293765B8F2760E9A	7178128B00EA42CD7415727B8A38ADBF8E39CA78	B81CA95427455E8704ED486C9B37346DC71D2F01E5353BBFC37614CDD067B23A
Chrome Cache Entry: 151	ASCII text, with very long lines (45034)	C4D5335B2B69C6998EE34F5F7B3E246F	AF0AE01ECCEE153877976D5C7D6500AA9C380B60	7EDA47B0C02C44BDAA43A5B14857F1257DDBD620B0397C32AA3AE8BAF769AB55
Chrome Cache Entry: 152	ASCII text, with no line terminators	81D689D0963A6B80C8426EC670290CFB	CD804E5DFF577BF14FB9416101E30C86C8326E5D	53CD56274D17BA1BBE50F6A62A85C027327A17103DB576B34C26508DA5C01B47
Chrome Cache Entry: 153	PNG image data, 42 x 97, 8-bit/color RGB, non-interlaced	9E2BBD80E5CEF00AB9BB6C842B278E15	BF16A94987C776F8CF995F52D16F4DD954E9DA85	F3EAC0EBE760F07FA083F0B779E39A2D8BD276F2CDFB304B54CFA9E0DC1C67C1

AV Detection

Antivirus / Scanner detection for submitted sample

Source: http://leembal.com.mx

Avira URL Cloud: detection malicious, Label: malware

Antivirus detection for URL or domain

Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/jsd/r/8ba6f23a4da941ec	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/&%20.ico	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/&%20.png	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/favicon.ico	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js?	Avira URL Cloud: Label: phishing
Source: http://leembal.com.mx/	Avira URL Cloud: Label: malware
Source: https://mauriecward.com/cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/2&%20.css	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/cdn-cgi/challenge-platform/scripts/jsd/main.js	Avira URL Cloud: Label: phishing
Source: https://mauriecward.com/www/default/Up/&/1&%20.css	Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: https://mauriecward.com/www/default/Up/	LLM: Score: 9 Reasons: The domain name'mauriceward.com' does not match the brand name 'Xfinity', which is a well-known internet service provider. The domain name appears to be misspelled or unrelated to the brand. DOM: 0.6.pages.csv
Source: https://mauriecward.com/www/default/Up/	LLM: Score: 10 Reasons: The domain name'mauriecward.com' does not match the brand name Xfinity, and the domain name appears to be misspelled or unrelated to the brand. The use of a dark background with a bright header and the prominent display of the login form are also suspicious. Additionally, the screenshot shows a login page for Xfinity, but the domain name is not affiliated with Xfinity, which is a clear indication of a phishing attempt. DOM: 0.5.pages.csv

Found iframes

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Iframe src: ./#

HTML body contains low number of good links

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Number of links: 0

HTML page contains hidden javascript code

Source: https://mauriecward.com/www/default/Up/

HTML title does not match URL

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Title: Sign in to Xfinity does not match URL

Invalid T&C link found

Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Terms of Service
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Privacy Policy
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Terms of Service
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: Invalid link: Privacy Policy

Suspicious form URL found

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: Form action: ./&&/uploader.php

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: <input type="password" .../> found

Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon
Source: https://mauriecward.com/www/default/Up/	HTTP Parser: No favicon

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: No <meta name="author".. found

Source: https://mauriecward.com/www/default/Up/

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55090 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.5:50737 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:55080 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.5:49188 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 88.221.168.226
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://mauriecward.com/www/default/Up/?__cf_chl_rt_tk=vFEhQov70G.VWpWG0ESnpZxTYlu1nleSzLsk9eGtP18-1724875819-0.0.1.1-4628Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://mauriecward.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_page/v1?ray=8ba6f1af4dc143be HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2 HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/ HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /turnstile/v0/b/6790c32b9fc9/api.js?onload=FWtH0&render=explicit HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ba6f1bfcec71998&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/cmg/1/wh0E0SXYnx6pTBdJW%2Fl926I%2BPRUplRdtQz3K9lHXs%2Fs%3D HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/orchestrate/chl_api/v1?ray=8ba6f1bfcec71998&lang=auto HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/pat/8ba6f1bfcec71998/1724875825540/9311eb0bc0155a76f04217e998005740fa0a2cb9b619ecc0dad5e5b38d922c5d/Ixeew78qpFXTq8J HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8ba6f1bfcec71998/1724875825542/l9vs9uugz06o8HP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://challenges.cloudflare.com/cdn-cgi/challenge-platform/h/b/turnstile/if/ov2/av0/rcv0/0/u5hbj/0x4AAAAAAAAjq6WYeRDKmebM/light/fbE/normal/auto/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/i/8ba6f1bfcec71998/1724875825542/l9vs9uugz06o8HP HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/566262406:1724873165:AvKmhjuLPH5yjU2uSpW9NOZ3evLMfqMsEZL9ogMYXTU/8ba6f1bfcec71998/7cf04b258075d21 HTTP/1.1Host: challenges.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/flow/ov1/1167734408:1724873164:yE7N7dQXqOe0ALFIGgtX2Y7smI3NA-XL-b1EayvFezY/8ba6f1af4dc143be/2b18e3cee4a86e2 HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/?__cf_chl_tk=vFEhQov70G.VWpWG0ESnpZxTYlu1nleSzLsk9eGtP18-1724875819-0.0.1.1-4628Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/scripts/jsd/main.js HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/scripts/jsd/6790c32b9fc9/main.js? HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: cf_clearance=dmC2F25NBxBlpGyGlHXyYCwfOq01CEGL_LFHFJNb8O0-1724875819-1.2.1.1-sL5jGPTaAHykwYHg6axgT1OipNc3GaDnWGF3OWeGLqdFIXobMR1B_sFO8cN8L.0M6bVFrpOMqPX2UkI0p61a8Wt6VWmhf6p6F1zctH1IJBZoLrlxCymnpeymrnik.Ab.fAhBXEAvRvI4unz.DUa0Vrm.Cl5KFOR3WLKCBuV_g7BlR2PJMA7xzhn_uQRxZpgLluf_hKX7eIU2W3C7yQZD9hw3IxRzmtFS5f19dCCRYw8BuHRsHS26jVfXw4V_uTZFLZY1i_8HQQphzlP7o1oMxXquOw6.tUqWK4NSJBnjMDfjNyfq.jim79ils01ApfzpjDhhJimBP4..sNap2QOeKekGgdVfhFccQIQjuJbOmIW5q.Gla1QjwPjO_FJOYNM4z8u.zk7cO61Guc.i2Oz2FWxhO.Iz8GYg8xTMpTW7LzHg22nZBXYTXjq7lHFojOSi; 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /cdn-cgi/challenge-platform/h/b/jsd/r/8ba6f23a4da941ec HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/1&%20.css HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/2&%20.css HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/ HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-arch: "x86"sec-ch-ua-platform: "Windows"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-model: ""sec-ch-ua-bitness: "64"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.png HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.png HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.ico HTTP/1.1Host: mauriecward.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-arch: "x86"sec-ch-ua-full-version: "117.0.5938.132"sec-ch-ua-platform-version: "10.0.0"sec-ch-ua-full-version-list: "Google Chrome";v="117.0.5938.132", "Not;A=Brand";v="8.0.0.0", "Chromium";v="117.0.5938.132"sec-ch-ua-bitness: "64"sec-ch-ua-model: ""sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://mauriecward.com/www/default/Up/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; cf_clearance=Z.L1k1BDie4GGDEq0cW6ayQwTRqKkmObuDa1FOkmzco-1724875845-1.2.1.1-njq4zHlpjE8qtwrfKoOKFlEnMbQgZJihE1xfcHo4ToQJGJ.aqoYTdL6.CLN8lJ1B4470_6W8XrvOJRLUO.g96BDkold8z2n0ZAYwlOmHxGtbmdiMtUwem2Ge2MQG64iZn5L_x.t2VzQH_TLOzL5y6nwhkbxfDwNJ2oHR7ITlXXVlkqJX4esrR5CTWJiv6QosBy1ZtNXDmR9QPQqR7tFf1Gwu1ba871z60WFwL_xxCN9LzQhpYg9h0T21Ndkns5kfOEfQ6X3JScEi4bPkya760XFivVjPvawIhspuL2JGsnc9lZ8hGJc1L6V7i_0AarAel9wV2qWzg.VRI_WFTb0hH8GayYXmLMFC4LlQdhKhrEUmVVU3tmc4z2qfj7fIAa7pPqv87jbgvMhDGfXRAAbHY9NauNbBHTiG4Jpi9APNq0a6Df5jLaXcdzU68MtvdcdD; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET /www/default/Up/&/&%20.ico HTTP/1.1Host: mauriecward.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: 0vTAbXaatOmBjFebouKbLNRiP2c=6HwuNXQdpKjm82pnWueGwiIgRFs; KyTrG-gCiPGWoLMcg2mXJ_jmXF4=1724875841; QnlkbZlXGHtAxABijO5t0Q-nzMA=1724962241; MCyS4CSljlxbY9KkI9Toz0EbJO0=j2sBBi-ELGxk3DbGTmp6XLBgGdI; qYC5eyCo-xIoO5J8Zhmn49moqjM=8Qko3WiJvd5bLffhvwwvZuHxhA0; b7Xvg4IENqHq6PdSY_Ur20eIUaA=cRrl2AzWkJYyEFavDJ0CEiHqe8Y; M99FYx2WWRn52wyFP-zGRMXrRKQ=1724875845; sB0ZFWHS4BzLZ_rJmNrr9zYRZB4=1724962245; afgY_VZIM0IrKSzO93mowsRXVX0=NpUKiBNBi6E_L1aqh6SeIbcfHv4; EMO14_3oeM8GjyYTzNxDu81oJ2c=42YxV9r9hbUKV8ZCk-funqhsvzQ; CbBQbFXs_3PT1az3WkFMRSC2hcA=1724875846; 75TTEp_WOPJX24l98nICeO25kO4=1724962246; AaMN0Ib2529UiEAOWRsysoVfdx4=woKEwtaXx4QIC2WwVfAnmMbz1Wo
Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: leembal.com.mxConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: leembal.com.mx
Source: global traffic	DNS traffic detected: DNS query: mauriecward.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: challenges.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: sdx.xfinity.com

Source: unknown

Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:17 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:19 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:21 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:22 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: yvc4aeSl+wXTj6sr31scjeAQ6YjWWw8Bt/Q=$BMePj1MAqH72fzsvReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=GJNoFUNPpxkjDSz%2F9CoH6DD1yQtWBi2YzB%2BsPaIBj63gMLvx26zgbtbF2IOqcGgrEvg7EfOP%2F91%2FIBwqtNMHOVfvTc1uShILOCknzgCbD%2FJPfdHNmcw4oEsNFb9VEnSGI88%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ba6f1bfccd932fc-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:25 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:26 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: XGSKY7gHkk/h+xzDq/6TCJli0SRBRCIB5bg=$EhJPL2+AFCVYgzFCcache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ba6f1db8a95426b-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:30 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: G+tzPxMpLo7ee2XmmgVsmzlpG54ckhRPyOA=$M8CbdUxqtBPtZzfHServer: cloudflareCF-RAY: 8ba6f1f26a738cd4-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:40 GMTContent-Type: application/jsonContent-Length: 7Connection: closecf-chl-out: jz+3/JfpgEdQaf0MLyrwQMEhLSS7snAiKCw=$hCmOTOsd1Wtg8I/ocache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0Server: cloudflareCF-RAY: 8ba6f2357de05589-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:41 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Wed, 28 Aug 2024 20:10:41 GMTContent-Type: application/jsonContent-Length: 7Connection: closecache-control: private, max-age=0, no-store, no-cache, must-revalidate, post-check=0, pre-check=0cf-chl-out: 5SQEUUkIrwQbi0Wy17czE+6EqTazILvcBzA=$K0Pn1wo3MB55Db3fReport-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=xoQ58tLfP6qQ9K3ucq6yHOE2hn8RvJ5IFDdkUBhi5RlRXlf%2FUBMfrI34hCg1r73Ea8u96%2BXRr1AyhuhKkNsHkXJ5%2FLZmvwS%2FSY%2FTvCEiQNG5ypuGUezEmECS49tar3IP%2FCg%3D"}],"group":"cf-nel","max_age":604800}NEL: {"success_fraction":0,"report_to":"cf-nel","max_age":604800}Server: cloudflareCF-RAY: 8ba6f23a4cd08cb7-EWRalt-svc: h3=":443"; ma=86400
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:50 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge
Source: global traffic	HTTP traffic detected: HTTP/1.1 403 ForbiddenDate: Wed, 28 Aug 2024 20:10:51 GMTContent-Type: text/html; charset=UTF-8Transfer-Encoding: chunkedConnection: closeAccept-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACritical-CH: Sec-CH-UA-Bitness, Sec-CH-UA-Arch, Sec-CH-UA-Full-Version, Sec-CH-UA-Mobile, Sec-CH-UA-Model, Sec-CH-UA-Platform-Version, Sec-CH-UA-Full-Version-List, Sec-CH-UA-Platform, Sec-CH-UA, UA-Bitness, UA-Arch, UA-Full-Version, UA-Mobile, UA-Model, UA-Platform-Version, UA-Platform, UACross-Origin-Embedder-Policy: require-corpCross-Origin-Opener-Policy: same-originCross-Origin-Resource-Policy: same-originOrigin-Agent-Cluster: ?1Permissions-Policy: accelerometer=(),autoplay=(),browsing-topics=(),camera=(),clipboard-read=(),clipboard-write=(),geolocation=(),gyroscope=(),hid=(),interest-cohort=(),magnetometer=(),microphone=(),payment=(),publickey-credentials-get=(),screen-wake-lock=(),serial=(),sync-xhr=(),usb=()Referrer-Policy: same-originX-Content-Options: nosniffX-Frame-Options: SAMEORIGINcf-mitigated: challenge

Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-ExtraLight.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Light.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Medium.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Regular.woff2
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff
Source: chromecache_135.2.dr	String found in binary or memory: https://sdx.xfinity.com/fonts/latest/Xfinity_Standard/XfinityStandard-Thin.woff2

Source: unknown	Network traffic detected: HTTP traffic on port 50749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55109
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55105
Source: unknown	Network traffic detected: HTTP traffic on port 55083 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49717 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50744
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50746
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50745
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50748
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50749
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50742
Source: unknown	Network traffic detected: HTTP traffic on port 50744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55086
Source: unknown	Network traffic detected: HTTP traffic on port 50755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55083
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55089
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55087
Source: unknown	Network traffic detected: HTTP traffic on port 55086 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55081
Source: unknown	Network traffic detected: HTTP traffic on port 55105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50755
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50757
Source: unknown	Network traffic detected: HTTP traffic on port 55088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50756
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50751
Source: unknown	Network traffic detected: HTTP traffic on port 50747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50752
Source: unknown	Network traffic detected: HTTP traffic on port 50762 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55095
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49718
Source: unknown	Network traffic detected: HTTP traffic on port 55085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49717
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55091
Source: unknown	Network traffic detected: HTTP traffic on port 50756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 55090
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 55091 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50767 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50768
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50767
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50760
Source: unknown	Network traffic detected: HTTP traffic on port 55099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50762
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown	Network traffic detected: HTTP traffic on port 50753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50768 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50771
Source: unknown	Network traffic detected: HTTP traffic on port 55096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50772
Source: unknown	Network traffic detected: HTTP traffic on port 50760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50774
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55087 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49718 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55090 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55089 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 55095 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50757 -> 443

Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55081 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 88.221.168.226:443 -> 192.168.2.5:55090 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@25/42@20/8

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,3562335403308370151,11216506624506212134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://leembal.com.mx"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2268 --field-trial-handle=2216,i,3562335403308370151,11216506624506212134,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1500770
Product:	CloudBasic
Start time:	22:09:22
Start date:	28.08.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
http://leembal.com.mx

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://leembal.com.mx

Overview

General Information

Detection

Signatures

Classification

Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://leembal.com.mx