Windows Analysis Report
https://email.baystatedigital.com/

Overview

General Information

Sample URL:	https://email.baystatedigital.com/
Analysis ID:	1522148
Tags:	urlscan
Infos:

Detection

Score:	3
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Detected non-DNS traffic on DNS port

Found iframes

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

Stores files to the Windows start menu directory

Classification

Signatures

Found iframes

Source: https://sso.secureserver.net/login?app=email&realm=pass

HTTP Parser: Iframe src: https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/fp?x-kpsdk-v=j-0.0.0

HTML body contains low number of good links

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: Number of links: 1
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: Number of links: 0
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: Number of links: 0
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: Title: Sign In does not match URL
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: Title: Reset my password does not match URL
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: Title: Sign In does not match URL
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: Title: Reset my password does not match URL

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: <input type="password" .../> found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: <input type="password" .../> found

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No favicon

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49727 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.8:49903 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: email.baystatedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth HTTP/1.1Host: email.secureserver.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /@elastic/apm-rum@5.16.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@elastic/apm-rum@5.16.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=1&C_TOUCH=2024-09-29T11:08:49.841Z; market=en-US
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=2&C_TOUCH=2024-09-29T11:09:05.916Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=3&C_TOUCH=2024-09-29T11:09:10.227Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=4&C_TOUCH=2024-09-29T11:09:22.891Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z
Source: global traffic	HTTP traffic detected: GET /g/collect?v=2&tid=G-11GY9GPGDG&gtm=45he49p0v9186435885za200&_p=1727608188749&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101671035~101686685~101747727&cid=1390147669.1727608137&ecid=1886395659&ul=en-us&sr=1280x1024&_fplc=0&ur=US&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sst.rnd=1788108591.1727608190&sst.tft=1727608188749&sst.sp=1&sst.em_event=1&sst.ude=0&_s=1&sid=1727608190&sct=1&seg=0&dl=https%3A%2F%2Fsso.secureserver.net%2Flogin%3Fapp%3Demail%26realm%3Dpass&dt=Sign%20In&en=scroll&_fv=1&_ss=1&ep.anonymize_ip=true&epn.percent_scrolled=90&tfd=3430&richsstsse HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sso.secureserver.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger;event-source;navigation-sourceAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z; _ga_11GY9GPGDG=GS1.1.1727608190.1.0.1727608190.0.0.1886395659; _ga=GA1.1.1390147669.1727608137
Source: global traffic	HTTP traffic detected: GET /g/collect?v=2&tid=G-11GY9GPGDG&gtm=45he49p0v9186435885za200&_p=1727608188749&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101671035~101686685~101747727&cid=1390147669.1727608137&ecid=1886395659&ul=en-us&sr=1280x1024&_fplc=0&ur=US&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sst.rnd=1788108591.1727608190&sst.tft=1727608188749&sst.sp=1&sst.em_event=1&sst.ude=0&_s=1&sid=1727608190&sct=1&seg=0&dl=https%3A%2F%2Fsso.secureserver.net%2Flogin%3Fapp%3Demail%26realm%3Dpass&dt=Sign%20In&en=scroll&_fv=1&_ss=1&ep.anonymize_ip=true&epn.percent_scrolled=90&tfd=3430&richsstsse HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z; _ga_11GY9GPGDG=GS1.1.1727608190.1.0.1727608190.0.0.1886395659; _ga=GA1.1.1390147669.1727608137

Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Yj:function(){e=zb()},nd:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=lA(a,c,e);N(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return N(122),!0;if(d&&f){for(var m=Kb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},oA=function(){var a=[],b=function(c){return ob(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={eh:e,ah:f,bh:g,Ph:k,Qh:m,Ge:n,Bb:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};F(function(){for(var t=E.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(QC(w,"iframe_api")\|\|QC(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!HC&&OC(x[A],p.Ge))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: return b}DC.H="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: var SB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var k=Oz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);N(121);if(m==="https://www.facebook.com/tr/")return N(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!wy(k,yy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: email.baystatedigital.com
Source: global traffic	DNS traffic detected: DNS query: email.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: sso.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: img6.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: gui.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: reporting.cdndex.io
Source: global traffic	DNS traffic detected: DNS query: g.sst.gpl.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: img1.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: events.api.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: csp.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io
Source: global traffic	DNS traffic detected: DNS query: _9243._https.cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io

Source: unknown

HTTP traffic detected: POST /csp/collect HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-aliveContent-Length: 2809sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://sso.secureserver.netSec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z; _ga_11GY9GPGDG=GS1.1.1727608190.1.0.1727608190.0.0.1886395659; _ga=GA1.1.1390147669.1727608137

Source: chromecache_126.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_161.2.dr, chromecache_142.2.dr	String found in binary or memory: https://feross.org
Source: chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_130.2.dr, chromecache_221.2.dr, chromecache_191.2.dr, chromecache_186.2.dr	String found in binary or memory: https://sso.secureserver.net/v1/account/reset?app=email&realm=pass
Source: chromecache_130.2.dr, chromecache_221.2.dr, chromecache_191.2.dr, chromecache_186.2.dr	String found in binary or memory: https://sso.secureserver.net/v1/account/retrieve?app=email&realm=pass
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_170.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_199.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49727 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@20/157@50/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1900,i,1157449053875135814,2097530389074965015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.baystatedigital.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1900,i,1157449053875135814,2097530389074965015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.212.23.110	proxy-nlb-prod-us-west-2-v5-ac4e52c97755301b.elb.us-west-2.amazonaws.com	United States	16509	AMAZON-02US	false
104.17.248.203	unpkg.com	United States	13335	CLOUDFLARENETUS	false
75.2.72.163	g.sst.gpl.secureserver.net	United States	16509	AMAZON-02US	false
15.197.155.180	email.secureserver.net	United States	7430	TANDEMUS	false
13.32.99.103	reporting.cdndex.io	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.186.100	unknown	United States	15169	GOOGLEUS	false
172.217.18.100	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.8
192.168.2.9

Contacted Domains

Name	IP	Active
g.sst.gpl.secureserver.net	75.2.72.163	true
bg.microsoft.map.fastly.net	199.232.214.172	true
proxy-nlb-prod-us-west-2-v5-ac4e52c97755301b.elb.us-west-2.amazonaws.com	54.212.23.110	true
www.google.com	172.217.18.100	true
reporting.cdndex.io	13.32.99.103	true
unpkg.com	104.17.248.203	true
email.secureserver.net	15.197.155.180	true
fp2e7a.wpc.phicdn.net	192.229.221.95	true
img1.wsimg.com	unknown	unknown
events.api.secureserver.net	unknown	unknown
cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io	unknown	unknown
email.baystatedigital.com	unknown	unknown
img6.wsimg.com	unknown	unknown
_9243._https.cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io	unknown	unknown
csp.secureserver.net	unknown	unknown
gui.secureserver.net	unknown	unknown
sso.secureserver.net	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://unpkg.com/@elastic/apm-rum@5.16.1/dist/bundles/elastic-apm-rum.umd.min.js	false	unknown
https://email.baystatedigital.com/	false	unknown
https://sso.secureserver.net/account/reset?app=email&realm=pass	false	unknown
https://sso.secureserver.net/account/reset?app=email&realm=pass#main	false	unknown
https://g.sst.gpl.secureserver.net/csp/collect	false	unknown
https://email.secureserver.net/auth	false	unknown
https://sso.secureserver.net/login?app=email&realm=pass	false	unknown
https://sso.secureserver.net/login?app=email&realm=pass#main	false	unknown
https://g.sst.gpl.secureserver.net/gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 10:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	9A30023792AAF8FDF6A1E194AC5C25B7	2FA4F581BE752E3ED3D487D8EADDBB4094FBA5FB	C70737719B88DEED2E33D2CE0A0C822FF45C718B404813263FCB08BE6460B557
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 10:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6244E761E5E01B80B4D30B852729B2E7	76CC5C0D1F353FCA3049A9864946EBE9EAE990ED	21D179A48BAED6F0CC9B4034F6289754A96BF27AAD29133BFD913DEA2CAFA584
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Thu Oct 5 07:00:51 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	390FF977CCF2075BA9E0F56A9BA73EF2	8E500768CA84F010254DB9306AF09E31A2DA9002	AA7C1F4A27EF7413391EC9FAB286A8546023F182F45B0296EA750CDE3791B404
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 10:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	975457D8C2D900F0A5067CF8B125AAC7	0B7D294EF14624753E16875E0FE0E9A517AAEC69	9448BF8A6747578EB1FA80DEB79F7A350379C81EA3C8B056D08C41E715B17AC4
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 10:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	08270D644CABAA4EB90F1BA09C747887	70E5013CB8ED16138CD73E28AF31A28981B8E463	14439BAC632A775A6977B9947906E0222EA07ED720500B166C69BB6EEC1D9FED
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Sep 29 10:08:44 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	ABE80333DAA7BAD032AD0FBE43312DD7	AF30C7661E77CC5EFF447ACDE5B6B443A3C38D29	2C7F1E0CFAB071D9349F697D56F32942067949ED5DB12D7F7B8ACCDCC8246962
Chrome Cache Entry: 123	ASCII text, with very long lines (60994)	790282F8B5614B66E913E2D51D5E3379	64B6A78DEAF1219E77617DEC67BBB96D49D11BC7	2EC8E85E0B6AFCCF233DCF66ECAD1BA238EC32E714F41F1E13DB4B676468E4B3
Chrome Cache Entry: 124	ASCII text, with very long lines (65536), with no line terminators	C6AB097865257137DE0018A8335D53A5	4564F22B4855F3D469D3F728C503D34453FA7365	5761AFBEE8E6DF164C19553179EE9E0052B418D3916B6E22BACBE83E618855B9
Chrome Cache Entry: 125	ASCII text, with very long lines (65464)	971D0425C0C1E5E5ADF9352A9D0E309B	3697A3A72E686E4C6A269C529E60761ADF8A91A1	FCB784B59417DA95772480B2607B0D9FD0D2ECAE6563AC966649745C7C41CE5C
Chrome Cache Entry: 126	ASCII text, with very long lines (5945)	FF1EB08F66AD6C1782044753A5C87AEE	4CEAC5D2997E3FA6D4EC44952B74435B2E78E68B	61D7EE26EA8A09059E36AEDF834A081DB0BD84A3C51BB98CD146A0D30AC509C9
Chrome Cache Entry: 127	ASCII text, with very long lines (11425), with no line terminators	8B3F257F0E674B6BB18CFFBDB2C1BD1A	93830EA1B43B0A5B17AD46803C9327F60A5A8B76	887120D3415B795E12CAB3C1AA244732EFC7BA99EA24F54C704726AB8F1112E5
Chrome Cache Entry: 128	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 129	ASCII text, with very long lines (64024)	EEA9BCC48AF6022049AC7AC3D123E476	0E1D337DB21F28673F9B9600AAEF4969AB381E26	5068DC0C8CAC19B85816E6F88EA7912CE447692EAE6CF2917D673EAC527C2D22
Chrome Cache Entry: 130	JSON data	B9D95F6492E2EF0A5835CED3103F7265	2E583F3BFCA1835FEFAB0E212C29F82C3965C715	71898E334910B66E508D861D5C3325E2DBFC009679E61C2D4D916E8861B350DE
Chrome Cache Entry: 131	ASCII text	83A02FE42F8C2198E7C608AFF363AA49	7B20AE1014450492CC708E3C9DC7522B05C2EFFD	E64954DC34E12C7190CC2338A54B07644FF0F102AA71CC7209BCBB49C3009F7C
Chrome Cache Entry: 132	ASCII text, with very long lines (5945)	69802F8512060372FCD5265C052802EA	8715197D089503D490A2A584F6232BECE1FD935E	C9B7E0B7651A9BA510C93D1C6402995B148ADBB0A3965623189D9E17440A52D5
Chrome Cache Entry: 133	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 134	ASCII text, with very long lines (15552), with no line terminators	8A73C18531547EDCC69760BC6F8E2C5E	4511EACD8B069BE680DDF09CED308A4720BC4EBD	EF203E5413D06B64540F3FFD4F25B700DB4E84127F7F29C716702C7A6945A688
Chrome Cache Entry: 135	ASCII text, with very long lines (15453), with no line terminators	74991A2A6C44B8D0038CFAE6057F94BF	C656BE99D226A9E54EC4DF42517EC99FCB89F3D9	BDBF297EDD3CAC9331DE1BFD8A4FCD242B1AC93C4516C60E71D246DAFC84F39A
Chrome Cache Entry: 136	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 137	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 138	ASCII text, with very long lines (60994)	790282F8B5614B66E913E2D51D5E3379	64B6A78DEAF1219E77617DEC67BBB96D49D11BC7	2EC8E85E0B6AFCCF233DCF66ECAD1BA238EC32E714F41F1E13DB4B676468E4B3
Chrome Cache Entry: 139	ASCII text, with no line terminators	B6652DF95DB52FEB4DAF4ECA35380933	65451D110137761B318C82D9071C042DB80C4036	6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E
Chrome Cache Entry: 140	ASCII text, with very long lines (804), with no line terminators	3D2870162DB102916E683C7DD6D65DCE	A8ABF46CEA107E090780C4ECD82A7172E6680B3F	0052FD3A60526FBEA739C4970C333C455FC216A0428281C889A404F943D2DED0
Chrome Cache Entry: 141	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 142	ASCII text, with very long lines (65536), with no line terminators	B2A2FEA46B1DC68ED9BA6F8FCAD7DBA0	9ACFC0F04D2AD66AE61B441BF4781AE0D50AA746	30446076534589A0D4594239FE2B584CE9EE20322FAA6595BE197D8D41E9013C
Chrome Cache Entry: 143	ASCII text, with very long lines (16442), with no line terminators	770AB831374E38AE036BAAB315DA787A	972FB9B63FB0FCA8E7491EA241FC1CECE0F30076	0258E63FFDF393B895DA974497A7FD54B69F80B01902078CD7231DB045BB57D5
Chrome Cache Entry: 144	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 145	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 146	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 147	ASCII text, with very long lines (3111), with no line terminators	87ABC59C8DBD60FBE06A98B0B6B4F0E6	2265129EE3AAD9806DE9F2E48F82F1EBDA43D251	F327F2A5F0637678BEE5AD7542003ABA3D9ED1F12664183C7FEF2BA38EB5A5D4
Chrome Cache Entry: 148	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 149	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 150	ASCII text, with very long lines (15453), with no line terminators	74991A2A6C44B8D0038CFAE6057F94BF	C656BE99D226A9E54EC4DF42517EC99FCB89F3D9	BDBF297EDD3CAC9331DE1BFD8A4FCD242B1AC93C4516C60E71D246DAFC84F39A
Chrome Cache Entry: 151	ASCII text	83A02FE42F8C2198E7C608AFF363AA49	7B20AE1014450492CC708E3C9DC7522B05C2EFFD	E64954DC34E12C7190CC2338A54B07644FF0F102AA71CC7209BCBB49C3009F7C
Chrome Cache Entry: 152	ASCII text, with very long lines (2528)	5A3C09ADA3E8754D1F83B97656867399	31C610DB58624819032C4AD91EF0FF3D34C19D4D	1CA9683D05E88A0AC1D3F3D5830AEDEE5C3C5303CDCA381D687F2FD3687FC4D7
Chrome Cache Entry: 153	ASCII text, with very long lines (11425), with no line terminators	8B3F257F0E674B6BB18CFFBDB2C1BD1A	93830EA1B43B0A5B17AD46803C9327F60A5A8B76	887120D3415B795E12CAB3C1AA244732EFC7BA99EA24F54C704726AB8F1112E5
Chrome Cache Entry: 154	ASCII text, with very long lines (6913), with no line terminators	A95A4859ADD990C236C157DEB21DD9F9	5C043993CD2C542290CF28B6E49B2B76248B1988	E64671DD5100B6206C8B46D3B273F7231C730D76E270609666230D9CA94DBA97
Chrome Cache Entry: 155	ASCII text, with very long lines (65467)	569E13CE263C9661ADED9787B99A356F	C83954114CB48519CFEDE4328B25318CCCE9E79A	0B20D4891C8B024265DFBE0A13F48F3B23BC4A94F51CC8EEA6815B094415361D
Chrome Cache Entry: 156	Unicode text, UTF-8 text, with very long lines (65529), with no line terminators	78B313271AF2E0F82E2A0C236C542193	1529FBDEC1726487F10685A2F5D29361C9E6CCC1	8E2C8C4F69721DA52D0AC7E5C403E521AD5C7F943718865E6F2175A0BF525013
Chrome Cache Entry: 157	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 158	ASCII text, with very long lines (2528)	5A3C09ADA3E8754D1F83B97656867399	31C610DB58624819032C4AD91EF0FF3D34C19D4D	1CA9683D05E88A0AC1D3F3D5830AEDEE5C3C5303CDCA381D687F2FD3687FC4D7
Chrome Cache Entry: 159	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 160	ASCII text, with very long lines (33349), with no line terminators	979AD53FE6F4452AF45EF2A0BD946812	1271231D3ED6665500DA6E52686F879059FBEA2A	9CC97C629EE44F534AED62688729C0B4AAD2DD1F24A0730F3BDDD07FF0625136
Chrome Cache Entry: 161	ASCII text, with very long lines (65536), with no line terminators	B2A2FEA46B1DC68ED9BA6F8FCAD7DBA0	9ACFC0F04D2AD66AE61B441BF4781AE0D50AA746	30446076534589A0D4594239FE2B584CE9EE20322FAA6595BE197D8D41E9013C
Chrome Cache Entry: 162	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 163	ASCII text, with very long lines (804), with no line terminators	3D2870162DB102916E683C7DD6D65DCE	A8ABF46CEA107E090780C4ECD82A7172E6680B3F	0052FD3A60526FBEA739C4970C333C455FC216A0428281C889A404F943D2DED0
Chrome Cache Entry: 164	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 165	ASCII text, with very long lines (65536), with no line terminators	CBCC778112A86505AD63B015231E91FD	C9670A57D1D8529A4DA8C4F2F33145AE7B25A1E0	C9FBF4780846D0AC5AC3D79827EB85BD600FDD2C74BF8E7058784C646A4F342A
Chrome Cache Entry: 166	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 167	ASCII text, with very long lines (65464)	971D0425C0C1E5E5ADF9352A9D0E309B	3697A3A72E686E4C6A269C529E60761ADF8A91A1	FCB784B59417DA95772480B2607B0D9FD0D2ECAE6563AC966649745C7C41CE5C
Chrome Cache Entry: 168	ASCII text, with no line terminators	FE6305B441C36EB4E0091ED8D1A43B48	6F5849D7585219A60FC1DF3DFE0D1B2732665527	8122D90D43D4B6260BE39D0C755B8756A4095489F8497357F5F4A4F44E62B63C
Chrome Cache Entry: 169	ASCII text, with very long lines (897), with no line terminators	8020555821168C5C8FACDF7B15F62CCE	0D35401830E8B6B7EA38E5E7C51CD1B8366187BE	274BFB53FF54B12CEECEA82BE8595C56D2FB4A241A70CEF496685096D439F37D
Chrome Cache Entry: 170	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 171	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 172	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 173	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 174	ASCII text, with very long lines (6913), with no line terminators	A95A4859ADD990C236C157DEB21DD9F9	5C043993CD2C542290CF28B6E49B2B76248B1988	E64671DD5100B6206C8B46D3B273F7231C730D76E270609666230D9CA94DBA97
Chrome Cache Entry: 175	ASCII text, with very long lines (65536), with no line terminators	E19D66E3EB06EC1152DCE7E25808836E	9F751A5A4D439E71ADA216BE9D2D43C11041F922	E3810803ECDFB21CAE5E4EED194F6C74223562CBCBCD3E9281D6597ACD50679A
Chrome Cache Entry: 176	ASCII text, with very long lines (2345)	7094713E19E38FD311ECCE146BCA2607	6763211E2E1013B1A60A7D0F86950F1D48890881	8C5F3C3F9D070B6C03D3528B0CBC25707D4E9DA20A984D781CCBBE90A4A1AAEB
Chrome Cache Entry: 177	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 178	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 179	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 180	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 181	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 182	ASCII text, with very long lines (21556)	1C56940A864F144FAE2EB40EE952CB94	EBFC754CE962A1F9025853F2995B3987F0383D87	3C37A4AA3CF6AAAE6921A4B750C0E4F81FD338D6878BE90B0FAF2F921039CB23
Chrome Cache Entry: 183	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 184	ASCII text, with no line terminators	66E176CBB74E26C1EA7F3BF0857CF62A	BA31DBCC0C92080A7DA5F42249FADFA5F22140DC	4F6C47C1B7C0C87A59C73129C4F59219CA6F0A7A97850D1211CDDBB0C27A9F8F
Chrome Cache Entry: 185	ASCII text, with very long lines (2343)	575B5480531DA4D14E7453E2016FE0BC	E5C5F3134FE29E60B591C87EA85951F0AEA36EE1	DE36E50194320A7D3EF1ACE9BD34A875A8BD458B253C061979DD628E9BF49AFD
Chrome Cache Entry: 186	JSON data	B9D95F6492E2EF0A5835CED3103F7265	2E583F3BFCA1835FEFAB0E212C29F82C3965C715	71898E334910B66E508D861D5C3325E2DBFC009679E61C2D4D916E8861B350DE
Chrome Cache Entry: 187	ASCII text, with no line terminators	B6652DF95DB52FEB4DAF4ECA35380933	65451D110137761B318C82D9071C042DB80C4036	6F5B4AA00D2F8D6AED9935B471806BF7ACEF464D0C1D390260E5FE27F800C67E
Chrome Cache Entry: 188	ASCII text, with very long lines (9813), with no line terminators	FBA6282886B031CE9438555B8183940B	B3E210C91980C9CFB624D2CDC854A1C24FACF5B6	3EBB45593DB5EA43E34BCEABAFC896D59FF011173F37C9770C98E4F66749F6A2
Chrome Cache Entry: 189	ASCII text, with very long lines (21556)	1C56940A864F144FAE2EB40EE952CB94	EBFC754CE962A1F9025853F2995B3987F0383D87	3C37A4AA3CF6AAAE6921A4B750C0E4F81FD338D6878BE90B0FAF2F921039CB23
Chrome Cache Entry: 190	ASCII text, with very long lines (15552), with no line terminators	8A73C18531547EDCC69760BC6F8E2C5E	4511EACD8B069BE680DDF09CED308A4720BC4EBD	EF203E5413D06B64540F3FFD4F25B700DB4E84127F7F29C716702C7A6945A688
Chrome Cache Entry: 191	JSON data	B9D95F6492E2EF0A5835CED3103F7265	2E583F3BFCA1835FEFAB0E212C29F82C3965C715	71898E334910B66E508D861D5C3325E2DBFC009679E61C2D4D916E8861B350DE
Chrome Cache Entry: 192	ASCII text, with very long lines (65536), with no line terminators	680C7D664BD12E21DCC7C54F84C9A157	C86D07BB146F6BCD1D4C86CA8FC976A7E336F88A	1A96A3053AD5F5C2D8EE805B0B37C7C761FE9A203DB9ABBC6F42B04EA22FC642
Chrome Cache Entry: 193	ASCII text, with very long lines (12175), with no line terminators	796551E3C70A5CD0F1FE126254EFACD7	B2BC2322BDB7ADA97EBC9A89F68B1E9B4D4F7B7A	FF39A9A989717A6AE045D982E355BA4A8F2105FD014C99F81CDE6FD25F285F85
Chrome Cache Entry: 194	ASCII text, with very long lines (65536), with no line terminators	0165518AA2441C5308EEE2912028D095	77BE53474C3733518FDC5881F291F20D04890BCF	85CD354E36AA3BEB57458CDDC349B414ADA38CA14E8ECFC4A9BBA4F2BE73C2AF
Chrome Cache Entry: 195	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 196	ASCII text, with very long lines (65536), with no line terminators	C6AB097865257137DE0018A8335D53A5	4564F22B4855F3D469D3F728C503D34453FA7365	5761AFBEE8E6DF164C19553179EE9E0052B418D3916B6E22BACBE83E618855B9
Chrome Cache Entry: 197	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 198	ASCII text, with very long lines (65464)	BADFB9475EF67713E5C9C9165642FA84	2DE0B6A780623C1734FD88D3B57575E6D3782189	AE85790F738EABC45B480CAF002B32C19EED798F4B99C376B09366BBD22D5EB4
Chrome Cache Entry: 199	ASCII text, with very long lines (2345)	4A2F59C98BA5C3E4403AEFD21CB5F969	32054CF1E0681FDEE4FDA4198A4CE6C6B74B7688	C428F00F8D8F8D049063F1918967AD2C6341F9D0E2688DA01B1F2885A2349DEE
Chrome Cache Entry: 200	ASCII text, with very long lines (65536), with no line terminators	CBCC778112A86505AD63B015231E91FD	C9670A57D1D8529A4DA8C4F2F33145AE7B25A1E0	C9FBF4780846D0AC5AC3D79827EB85BD600FDD2C74BF8E7058784C646A4F342A
Chrome Cache Entry: 201	ASCII text, with very long lines (33349), with no line terminators	979AD53FE6F4452AF45EF2A0BD946812	1271231D3ED6665500DA6E52686F879059FBEA2A	9CC97C629EE44F534AED62688729C0B4AAD2DD1F24A0730F3BDDD07FF0625136
Chrome Cache Entry: 202	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 203	ASCII text, with very long lines (65464)	BADFB9475EF67713E5C9C9165642FA84	2DE0B6A780623C1734FD88D3B57575E6D3782189	AE85790F738EABC45B480CAF002B32C19EED798F4B99C376B09366BBD22D5EB4
Chrome Cache Entry: 204	ASCII text, with very long lines (12175), with no line terminators	796551E3C70A5CD0F1FE126254EFACD7	B2BC2322BDB7ADA97EBC9A89F68B1E9B4D4F7B7A	FF39A9A989717A6AE045D982E355BA4A8F2105FD014C99F81CDE6FD25F285F85
Chrome Cache Entry: 205	ASCII text, with very long lines (3111), with no line terminators	87ABC59C8DBD60FBE06A98B0B6B4F0E6	2265129EE3AAD9806DE9F2E48F82F1EBDA43D251	F327F2A5F0637678BEE5AD7542003ABA3D9ED1F12664183C7FEF2BA38EB5A5D4
Chrome Cache Entry: 206	ASCII text, with very long lines (11306), with no line terminators	271E9943DF1F52582C2DD2ECFF8F817C	8BB9177F5F8F2C00EC49B92D0EFF9E00AB618C14	27AE7298EAFD5FAF394486388EBE0A79EFBCCBE1025DEE1F4EC3F7A1C04F15D8
Chrome Cache Entry: 207	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 208	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 209	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 210	ASCII text, with very long lines (9813), with no line terminators	FBA6282886B031CE9438555B8183940B	B3E210C91980C9CFB624D2CDC854A1C24FACF5B6	3EBB45593DB5EA43E34BCEABAFC896D59FF011173F37C9770C98E4F66749F6A2
Chrome Cache Entry: 211	ASCII text, with very long lines (65536), with no line terminators	680C7D664BD12E21DCC7C54F84C9A157	C86D07BB146F6BCD1D4C86CA8FC976A7E336F88A	1A96A3053AD5F5C2D8EE805B0B37C7C761FE9A203DB9ABBC6F42B04EA22FC642
Chrome Cache Entry: 212	ASCII text, with very long lines (65467)	569E13CE263C9661ADED9787B99A356F	C83954114CB48519CFEDE4328B25318CCCE9E79A	0B20D4891C8B024265DFBE0A13F48F3B23BC4A94F51CC8EEA6815B094415361D
Chrome Cache Entry: 213	ASCII text, with very long lines (64024)	EEA9BCC48AF6022049AC7AC3D123E476	0E1D337DB21F28673F9B9600AAEF4969AB381E26	5068DC0C8CAC19B85816E6F88EA7912CE447692EAE6CF2917D673EAC527C2D22
Chrome Cache Entry: 214	ASCII text, with very long lines (897), with no line terminators	8020555821168C5C8FACDF7B15F62CCE	0D35401830E8B6B7EA38E5E7C51CD1B8366187BE	274BFB53FF54B12CEECEA82BE8595C56D2FB4A241A70CEF496685096D439F37D
Chrome Cache Entry: 215	ASCII text, with very long lines (65536), with no line terminators	0165518AA2441C5308EEE2912028D095	77BE53474C3733518FDC5881F291F20D04890BCF	85CD354E36AA3BEB57458CDDC349B414ADA38CA14E8ECFC4A9BBA4F2BE73C2AF
Chrome Cache Entry: 216	ASCII text, with very long lines (11306), with no line terminators	271E9943DF1F52582C2DD2ECFF8F817C	8BB9177F5F8F2C00EC49B92D0EFF9E00AB618C14	27AE7298EAFD5FAF394486388EBE0A79EFBCCBE1025DEE1F4EC3F7A1C04F15D8
Chrome Cache Entry: 217	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 218	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 219	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 220	GIF image data, version 89a, 1 x 1	325472601571F31E1BF00674C368D335	2DAEAA8B5F19F0BC209D976C02BD6ACB51B00B0A	B1442E85B03BDCAF66DC58C7ABB98745DD2687D86350BE9A298A1D9382AC849B
Chrome Cache Entry: 221	JSON data	B9D95F6492E2EF0A5835CED3103F7265	2E583F3BFCA1835FEFAB0E212C29F82C3965C715	71898E334910B66E508D861D5C3325E2DBFC009679E61C2D4D916E8861B350DE

Found iframes

Source: https://sso.secureserver.net/login?app=email&realm=pass

HTTP Parser: Iframe src: https://sso.secureserver.net/149e9513-01fa-4fb0-aad4-566afd725d1b/2d206a39-8ed7-437e-a3be-862e0f06eea3/fp?x-kpsdk-v=j-0.0.0

HTML body contains low number of good links

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: Number of links: 1
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: Number of links: 0
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: Number of links: 0
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: Number of links: 0

HTML body contains password input but no form action

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: <input type="password" .../> found but no <form action="...

HTML title does not match URL

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: Title: Sign In does not match URL
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: Title: Reset my password does not match URL
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: Title: Sign In does not match URL
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: Title: Reset my password does not match URL

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: <input type="password" .../> found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: <input type="password" .../> found

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No favicon
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No favicon

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="author".. found

Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/login?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found
Source: https://sso.secureserver.net/account/reset?app=email&realm=pass#main	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49727 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.8:49903 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.143.211
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 23.206.229.226
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: email.baystatedigital.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /auth HTTP/1.1Host: email.secureserver.netConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /@elastic/apm-rum@5.16.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1Host: unpkg.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /@elastic/apm-rum@5.16.1/dist/bundles/elastic-apm-rum.umd.min.js HTTP/1.1Host: unpkg.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=1&C_TOUCH=2024-09-29T11:08:49.841Z; market=en-US
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=2&C_TOUCH=2024-09-29T11:09:05.916Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=3&C_TOUCH=2024-09-29T11:09:10.227Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=4&C_TOUCH=2024-09-29T11:09:22.891Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z
Source: global traffic	HTTP traffic detected: GET /gtag/js?id=G-11GY9GPGDG&l=_sGtmDataLayer HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _ga=GA1.2.1390147669.1727608137; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z
Source: global traffic	HTTP traffic detected: GET /g/collect?v=2&tid=G-11GY9GPGDG&gtm=45he49p0v9186435885za200&_p=1727608188749&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101671035~101686685~101747727&cid=1390147669.1727608137&ecid=1886395659&ul=en-us&sr=1280x1024&_fplc=0&ur=US&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sst.rnd=1788108591.1727608190&sst.tft=1727608188749&sst.sp=1&sst.em_event=1&sst.ude=0&_s=1&sid=1727608190&sct=1&seg=0&dl=https%3A%2F%2Fsso.secureserver.net%2Flogin%3Fapp%3Demail%26realm%3Dpass&dt=Sign%20In&en=scroll&_fv=1&_ss=1&ep.anonymize_ip=true&epn.percent_scrolled=90&tfd=3430&richsstsse HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Origin: https://sso.secureserver.netSec-Fetch-Site: same-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAttribution-Reporting-Eligible: trigger;event-source;navigation-sourceAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z; _ga_11GY9GPGDG=GS1.1.1727608190.1.0.1727608190.0.0.1886395659; _ga=GA1.1.1390147669.1727608137
Source: global traffic	HTTP traffic detected: GET /g/collect?v=2&tid=G-11GY9GPGDG&gtm=45he49p0v9186435885za200&_p=1727608188749&gcs=G111&gcd=13t3t3t3t5l1&npa=0&dma=0&tag_exp=101671035~101686685~101747727&cid=1390147669.1727608137&ecid=1886395659&ul=en-us&sr=1280x1024&_fplc=0&ur=US&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&are=1&frm=0&pscdl=noapi&_eu=AEA&sst.rnd=1788108591.1727608190&sst.tft=1727608188749&sst.sp=1&sst.em_event=1&sst.ude=0&_s=1&sid=1727608190&sct=1&seg=0&dl=https%3A%2F%2Fsso.secureserver.net%2Flogin%3Fapp%3Demail%26realm%3Dpass&dt=Sign%20In&en=scroll&_fv=1&_ss=1&ep.anonymize_ip=true&epn.percent_scrolled=90&tfd=3430&richsstsse HTTP/1.1Host: g.sst.gpl.secureserver.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: pathway=2be96445-b34a-4514-ab40-0a78dd9da835; visitor=vid=2be96445-b34a-4514-ab40-0a78dd9da835; _policy=%7B%22restricted_market%22:true,%22tracking_market%22:%22explicit%22%7D; market=en-US; _gid=GA1.2.634316938.1727608137; _gat_gtag_UA_115508484_1=1; currency=USD; fb_sessiontraffic=S_TOUCH=&pathway=2be96445-b34a-4514-ab40-0a78dd9da835&V_DATE=&pc=5&C_TOUCH=2024-09-29T11:09:48.273Z; _ga_11GY9GPGDG=GS1.1.1727608190.1.0.1727608190.0.0.1886395659; _ga=GA1.1.1390147669.1727608137

Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: Math.round(q);v["gtm.videoElapsedTime"]=Math.round(f);v["gtm.videoPercent"]=r;v["gtm.videoVisible"]=t;return v},Yj:function(){e=zb()},nd:function(){d()}}};var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=lA(a,c,e);N(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return N(122),!0;if(d&&f){for(var m=Kb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},oA=function(){var a=[],b=function(c){return ob(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: if(!(e\|\|f\|\|g\|\|k.length\|\|m.length))return;var p={eh:e,ah:f,bh:g,Ph:k,Qh:m,Ge:n,Bb:b},q=C.YT;if(q)return q.ready&&q.ready(d),b;var r=C.onYouTubeIframeAPIReady;C.onYouTubeIframeAPIReady=function(){r&&r();d()};F(function(){for(var t=E.getElementsByTagName("script"),u=t.length,v=0;v<u;v++){var w=t[v].getAttribute("src");if(QC(w,"iframe_api")\|\|QC(w,"player_api"))return b}for(var x=E.getElementsByTagName("iframe"),y=x.length,A=0;A<y;A++)if(!HC&&OC(x[A],p.Ge))return wc("https://www.youtube.com/iframe_api"), equals www.youtube.com (Youtube)
Source: chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: return b}DC.H="internal.enableAutoEventOnTimer";var gc=ja(["data-gtm-yt-inspected-"]),FC=["www.youtube.com","www.youtube-nocookie.com"],GC,HC=!1; equals www.youtube.com (Youtube)
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: var SB=function(a,b,c,d,e){var f=Jz("fsl",c?"nv.mwt":"mwt",0),g;g=c?Jz("fsl","nv.ids",[]):Jz("fsl","ids",[]);if(!g.length)return!0;var k=Oz(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);N(121);if(m==="https://www.facebook.com/tr/")return N(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!wy(k,yy(b, equals www.facebook.com (Facebook)

Source: global traffic	DNS traffic detected: DNS query: email.baystatedigital.com
Source: global traffic	DNS traffic detected: DNS query: email.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: sso.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: img6.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: unpkg.com
Source: global traffic	DNS traffic detected: DNS query: gui.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: reporting.cdndex.io
Source: global traffic	DNS traffic detected: DNS query: g.sst.gpl.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: img1.wsimg.com
Source: global traffic	DNS traffic detected: DNS query: events.api.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: csp.secureserver.net
Source: global traffic	DNS traffic detected: DNS query: cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io
Source: global traffic	DNS traffic detected: DNS query: _9243._https.cca039482a104d5d9b04bd2e20f6bb64.apm.us-west-2.aws.found.io

Source: unknown

Source: chromecache_126.2.dr	String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_161.2.dr, chromecache_142.2.dr	String found in binary or memory: https://feross.org
Source: chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_130.2.dr, chromecache_221.2.dr, chromecache_191.2.dr, chromecache_186.2.dr	String found in binary or memory: https://sso.secureserver.net/v1/account/reset?app=email&realm=pass
Source: chromecache_130.2.dr, chromecache_221.2.dr, chromecache_191.2.dr, chromecache_186.2.dr	String found in binary or memory: https://sso.secureserver.net/v1/account/retrieve?app=email&realm=pass
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_170.2.dr	String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://td.doubleclick.net
Source: chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.google.com
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_132.2.dr, chromecache_126.2.dr, chromecache_176.2.dr, chromecache_199.2.dr	String found in binary or memory: https://www.googleadservices.com
Source: chromecache_199.2.dr	String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_185.2.dr, chromecache_170.2.dr	String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_132.2.dr, chromecache_126.2.dr	String found in binary or memory: https://www.youtube.com/iframe_api

Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49676 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49926 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49935 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49814
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown	Network traffic detected: HTTP traffic on port 49925 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49915 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49926
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49841
Source: unknown	Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49915
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49709 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49927 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49814 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49709
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49703

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49726 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.8:49727 version: TLS 1.2

Source: classification engine

Classification label: clean3.win@20/157@50/10

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1900,i,1157449053875135814,2097530389074965015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://email.baystatedigital.com/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2056 --field-trial-handle=1900,i,1157449053875135814,2097530389074965015,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1522148
Product:	CloudBasic
Start time:	13:07:37
Start date:	29.09.2024
Cookbook:	browseurl.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Windows Analysis Report
https://email.baystatedigital.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report https://email.baystatedigital.com/

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
https://email.baystatedigital.com/