Windows Analysis Report
securedoc_20241008T101508.html

Overview

General Information

Sample name:	securedoc_20241008T101508.html
Analysis ID:	1529329
MD5:	7e365cf299ea2aa0ff1c113e29b36162
SHA1:	db25151f246d8e735e64044b1bbdc6ec79a408fd
SHA256:	994aab3577a4eb7b947ff3c046f44c3e69305d925720bd3be8b7b70ce67ae8ab
Infos:

Detection

Score:	52
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Suspicious Javascript code found in HTML file

Detected hidden input values containing email addresses (often used in phishing pages)

Detected non-DNS traffic on DNS port

HTML title does not match URL

IP address seen in connection with other malware

JA3 SSL client fingerprint seen in connection with other malware

Stores files to the Windows start menu directory

Unusual large HTML page

Classification

Signatures

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 0.0.pages.csv

Suspicious Javascript code found in HTML file

Source: securedoc_20241008T101508.html	HTTP Parser: document.write
Source: securedoc_20241008T101508.html	HTTP Parser: location.href
Source: securedoc_20241008T101508.html	HTTP Parser: .location
Source: securedoc_20241008T101508.html	HTTP Parser: .location

Detected hidden input values containing email addresses (often used in phishing pages)

Source: securedoc_20241008T101508.html	HTTP Parser: "Poppy, Amanda L" <amanda_poppy@uhc.com>
Source: securedoc_20241008T101508.html	HTTP Parser: Secure Message from amanda_poppy@uhc.com
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: {'name':null,'msgID':'\|1__61365b13000001926cb2c7d2956fcd8219945c83@mail10674.corpmailsvcs.com','keysize':24,'flags':3073,'rid':'','algnames':{'encryption':{'data':'AES'}},'algparams':{'encryption':{'data':{'IV':'+BNmZJxdeCRsf0gkEqly7g=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1728400508903.txt',1,'','',13,[0,11379],'Body-1728400508903.txt','ISO-8859-1'],['image001.jpg',2,'','image001.jpg',21,[11379,1174],'image001.jpg','ISO-8859-1'],['image003.jpg',2,'','image003.jpg',21,[12553,28847],'image003.jpg','ISO-8859-1'],['Census Form.xlsx',2,'','Census Form.xlsx',5,[41400,44594],'Census Form.xlsx','ISO-8859-1'],['Why Level Funded Brochure.pdf',2,'','Why Level Funded Brochure.pdf',5,[85994,2338309],'Why Level Funded Brochure.pdf','ISO-8859-1'],['MessageBar.html',4,'','',1,[2424303,33261],'MessageBar.html','ISO-8859-1']],'salt':'yL/MU7G57ZUAJKsFEVQ7GopEm+U=','data':['','','']}

HTML title does not match URL

Source: securedoc_20241008T101508.html

HTTP Parser: Title: Secure Registered Envelope:Secure Message from amanda_poppy@uhc.com does not match URL

Unusual large HTML page

Source: securedoc_20241008T101508.html

HTTP Parser: Total size: 3518556

Source: securedoc_20241008T101508.html

HTTP Parser: <input type="password" .../> found

Source: securedoc_20241008T101508.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: No favicon
Source: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=en	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: No favicon

Source: securedoc_20241008T101508.html

HTTP Parser: No <meta name="author".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:57092 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.16:57090 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /postx.css HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ctdNI3oq2DfXjbcPMtP+3Mx+V05Cw6JGlv5vpk3oHwurXcMl6jhp3AmaoYEPq+JIM3JJVCFFnzse75ngDJWXEzUKyUxh3ISUoacxNtygmSyGh3on6mtHQ5PUs+r7
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ctdNI3oq2DfXjbcPMtP+3Mx+V05Cw6JGlv5vpk3oHwurXcMl6jhp3AmaoYEPq+JIM3JJVCFFnzse75ngDJWXEzUKyUxh3ISUoacxNtygmSyGh3on6mtHQ5PUs+r7
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Light.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=58jBqsCm3p0BQA02+FQMVkM10qgzNo28c/Q4w3FCNFWGnBozwN9hq+IVL1Ms7/ex8H7wWfTRQ1e5gRVoS0dUUkFXmc0wsUXzBqMU5o0pFl40gYEcBoXhvK4N2fPI
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=ECD14276DBBF49C387503E349BE24A5F; AWSALB=gOEkrQJ3jzG26n9iIQBJE1sRlrzF4Vb8dnP6lbVQ9XrJh3sK8MQcTPIzwzqVS42HNVza5rE7WXPID7b6QcXY9DWU1VLTjRryEaBWJ+LWb6NxykhiUHfWDU0Ndh2S; AWSALBCORS=58jBqsCm3p0BQA02+FQMVkM10qgzNo28c/Q4w3FCNFWGnBozwN9hq+IVL1Ms7/ex8H7wWfTRQ1e5gRVoS0dUUkFXmc0wsUXzBqMU5o0pFl40gYEcBoXhvK4N2fPI
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=iGeGPLcElGdC1uerN0e43hd8pOxK4iDlDwqqSzwnZiM0V84epj+pli5cfHLLRwrico3cTD4iiZC7czjv5Mn3oi3uQv83BZKioj0Q4mN4Ak2MuAaCI1U0XT4QJjIa; AWSALBCORS=gMlPPa9smMCe/e9PKYjdGOmhbyAHptD2FOAH1xXK+0qE0fLEMkYgRy6weJCKEPenCq0l54sl1NjCKFds2kQHJ5tQFCUaeIhc4o1tozObe0+EXyQD+4tDd9+Ibpfh
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=gMlPPa9smMCe/e9PKYjdGOmhbyAHptD2FOAH1xXK+0qE0fLEMkYgRy6weJCKEPenCq0l54sl1NjCKFds2kQHJ5tQFCUaeIhc4o1tozObe0+EXyQD+4tDd9+Ibpfh
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; AWSALB=ZDea7lPXTymHZFdJ+TqcnNkF8OQKtHQX9ZA458pIFAQCLYtV/HIrWK50mDelLdihHmI24zu7x28h6ddBnzr4J3r4JGFG7tNa44mSqOXK2Ft2jY+GrZcD7IFvROPW; AWSALBCORS=iPDtEyTqwKikVvopO/uY2ogCDIqwtuH+p+UQ4Pn1TKjAE3q6nJ0WURGBVg3tUcaXvI9xRccjGUFQCWcNKJyepQ29guJWlaxz700nzY3YGMwrdYNPXGb5UigRsPmP
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RW7vkxnn+k1BEWN&MD=wZFRRcpn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=j9i42tSSJDQfi423zhuvitbC3pv5bmEu6QH/ijSxuTEbWGTDiGbQ3+M602bc3EoAG6CGV/GJb/K1U72lOsONqdk07ah/pOpeTWD2b2yItdvWLQZUJR+EDXjrTgry
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=1MwH66Q7hHXFgw2PO5gb+yzmvgr5BiK7gg/YUILklrkutuqHcCaWYdFsIALxNS7pMKq8aIUWqf/p4WEKvsHl3MfdaeWGmw3CeR4PHE8TxvabVVxnB42hmfnOOzDk
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RW7vkxnn+k1BEWN&MD=wZFRRcpn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /websafe/help?topic=AddrNotShown&localeUI=en HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; AWSALB=3Og05ozOgTih9wlMowjlDpUblMEp4QqnQkn72m/KUZkP2X1J2+wC8cUKs2QA7ITk2d2LEpft3+Q11a6PU1FJiRaDa7rUP+PzFPjFpDwpjpXyd70DoAPz/lSGMgYk; AWSALBCORS=1MwH66Q7hHXFgw2PO5gb+yzmvgr5BiK7gg/YUILklrkutuqHcCaWYdFsIALxNS7pMKq8aIUWqf/p4WEKvsHl3MfdaeWGmw3CeR4PHE8TxvabVVxnB42hmfnOOzDk
Source: global traffic	HTTP traffic detected: GET /websafe/templates/css/postx.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/css/customHelp.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /admin/cisco-fonts.min.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /websafe/templates/standard-scripts.js HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /websafe/templates/screen-reader.js HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/standard-scripts.js HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=3/RZ5TRwSSPX4yTz8pPdapYG/VXDcRJ8JJOw+SefZfesO3dt/ZOXOMjF6iroa7DSaG0i/I6ek+qPMpKlV1urFFw3jhYfV/1umf8n23U6wKtivjrPl0QGoTeNxhjK; AWSALBCORS=3/RZ5TRwSSPX4yTz8pPdapYG/VXDcRJ8JJOw+SefZfesO3dt/ZOXOMjF6iroa7DSaG0i/I6ek+qPMpKlV1urFFw3jhYfV/1umf8n23U6wKtivjrPl0QGoTeNxhjK
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/screen-reader.js HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/SharpSans/SharpSans-Bold.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fghQpkcjgpWoO3okO2Yygs360O8LXnJG2oDto+TX9ggQoynhNj6t0izKQ/7AfNYtaGao6aaaLemyI9fkKIO+QFZdrLjLv1BwdFanq9FjFsst5CbmMLRNa8N2W/pG; AWSALBCORS=fghQpkcjgpWoO3okO2Yygs360O8LXnJG2oDto+TX9ggQoynhNj6t0izKQ/7AfNYtaGao6aaaLemyI9fkKIO+QFZdrLjLv1BwdFanq9FjFsst5CbmMLRNa8N2W/pG
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=4qoo+ADL7AI+9oFFOEpGdauEqtzPtVcpt0wqiMlZUgsdH8X9D1lJEnu7M8gZjSYN5hmzSax9e4bFo7omdiT8UOxYqewgBdLErZahRqrGTgrOVUvjrt21kQQ0EkBP; AWSALBCORS=4qoo+ADL7AI+9oFFOEpGdauEqtzPtVcpt0wqiMlZUgsdH8X9D1lJEnu7M8gZjSYN5hmzSax9e4bFo7omdiT8UOxYqewgBdLErZahRqrGTgrOVUvjrt21kQQ0EkBP
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=GVKd4nyf+ekdQR95lAKY6soDD92s81QcXNoitEblr9jLcGMKN61IJrOS+7S3j/kxNRTwIQ1cO2tVSO1bfgTHjP4c8iFDGlRBm415A59wsokVCX8M4Ge7h1dLBmPF; AWSALBCORS=WEor/uakyCwGHntmyf2kPsx+HVzLPqGoLxQv9MRnICnSn6vvESEydTuYtZN0k6fiv7+4D7/315mOsdl1esgk9gYl1EdwDxbC8YokOB6Wgutm6LUXy7qa7h20+iSr
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=GVKd4nyf+ekdQR95lAKY6soDD92s81QcXNoitEblr9jLcGMKN61IJrOS+7S3j/kxNRTwIQ1cO2tVSO1bfgTHjP4c8iFDGlRBm415A59wsokVCX8M4Ge7h1dLBmPF; AWSALBCORS=4pJF91zigjcpe/u5Jnroc4pv5VMFjdI4HKV5knZKbUD27CiXQEYoyp4h8YESERYxXzQIoqfpexLYUwqh5bc6xg4DLW5HR0AxdbuPdctNUyCKsVkWaD2q4MXtPy03
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: static.cres-aws.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: res.cisco.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com

Source: chromecache_180.2.dr, chromecache_174.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: securedoc_20241008T101508.html	String found in binary or memory: http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6
Source: chromecache_153.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterLightWeightSlant
Source: chromecache_183.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterSemiBoldWeightSlant
Source: chromecache_161.2.dr, chromecache_182.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlant
Source: chromecache_154.2.dr, chromecache_181.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlantRegular
Source: chromecache_167.2.dr	String found in binary or memory: http://www.sharptype.co
Source: chromecache_167.2.dr	String found in binary or memory: http://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://w
Source: securedoc_20241008T101508.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Source: securedoc_20241008T101508.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
Source: securedoc_20241008T101508.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
Source: chromecache_155.2.dr, chromecache_150.2.dr, chromecache_175.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_153.2.dr, chromecache_183.2.dr	String found in binary or memory: https://github.com/rsms/inter)Inter
Source: chromecache_154.2.dr, chromecache_181.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
Source: chromecache_161.2.dr, chromecache_182.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: chromecache_165.2.dr, chromecache_164.2.dr	String found in binary or memory: https://github.com/select2/select2/blob/master/LICENSE.md
Source: chromecache_155.2.dr, chromecache_150.2.dr, chromecache_175.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_155.2.dr, chromecache_150.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=authFrame
Source: chromecache_148.2.dr, chromecache_184.2.dr	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=null
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/images/loginbg.gif
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/keyserver/Logout
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/keyserver/keyserver
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=AddrNotShown
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=PPNotShown
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=RegEnvelope
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/pswdForgot.action
Source: securedoc_20241008T101508.html	String found in binary or memory: https://static.cres-aws.com/CRES_login_bg.jpg
Source: securedoc_20241008T101508.html	String found in binary or memory: https://static.cres-aws.com/postx.css

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 57098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 57114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 57101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57114
Source: unknown	Network traffic detected: HTTP traffic on port 57092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57110
Source: unknown	Network traffic detected: HTTP traffic on port 57115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 57112 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:57092 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winHTML@20/70@28/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20241008T101508.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5445686682342090761,7875340082080687336,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5445686682342090761,7875340082080687336,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: securedoc_20241008T101508.html

Static file information: File size 3518556 > 1048576

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

Screenshots

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.186.68	www.google.com	United States	15169	GOOGLEUS	false
104.17.24.14	unknown	United States	13335	CLOUDFLARENETUS	false
50.17.52.147	res.cisco.com	United States	14618	AMAZON-AESUS	false
54.204.51.182	unknown	United States	14618	AMAZON-AESUS	false
13.32.121.35	unknown	United States	16509	AMAZON-02US	false
104.18.11.207	maxcdn.bootstrapcdn.com	United States	13335	CLOUDFLARENETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
52.21.182.221	unknown	United States	14618	AMAZON-AESUS	false
104.17.25.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
13.32.121.110	d2qj7djftjbj85.cloudfront.net	United States	16509	AMAZON-02US	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
res.cisco.com	50.17.52.147	true
cdnjs.cloudflare.com	104.17.25.14	true
maxcdn.bootstrapcdn.com	104.18.11.207	true
www.google.com	142.250.186.68	true
d2qj7djftjbj85.cloudfront.net	13.32.121.110	true
static.cres-aws.com	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en	false	unknown
https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg	false	unknown
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en	false	unknown
https://res.cisco.com/websafe/templates/standard-scripts.js	false	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en	false	unknown
https://res.cisco.com/admin/fonts/Inter/Inter-Regular.ttf	false	unknown
https://res.cisco.com/websafe/images/loginbg.gif	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css	false	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en	false	unknown
https://res.cisco.com/websafe/templates/css/postx.css	false	unknown
file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	true	unknown
https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1	false	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/css/bootstrap.min.css	false	unknown
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1	false	unknown
https://static.cres-aws.com/postx.css	false	unknown
https://res.cisco.com/admin/cisco-fonts.min.css	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js	false	unknown
https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=en	false	unknown
https://maxcdn.bootstrapcdn.com/bootstrap/4.3.1/js/bootstrap.min.js	false	unknown
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1	false	unknown
https://cdnjs.cloudflare.com/ajax/libs/popper.js/1.14.7/umd/popper.min.js	false	unknown
https://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en	false	unknown
https://static.cres-aws.com/fonts/Inter/Inter-Light.ttf	false	unknown
https://res.cisco.com/favicon.ico	false	unknown
https://res.cisco.com/admin/fonts/Inter/Inter-Bold.ttf	false	unknown
https://res.cisco.com/admin/fonts/SharpSans/SharpSans-Bold.ttf	false	unknown
https://res.cisco.com/websafe/templates/css/customHelp.css	false	unknown
https://static.cres-aws.com/fonts/Inter/Inter-Regular.ttf	false	unknown
http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en	false	unknown
https://static.cres-aws.com/fonts/Inter/Inter-SemiBold.ttf	false	unknown
https://res.cisco.com/keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36	false	unknown
https://static.cres-aws.com/CRES_login_bg.jpg	false	unknown
https://res.cisco.com/websafe/templates/screen-reader.js	false	unknown
https://static.cres-aws.com/fonts/Inter/Inter-Bold.ttf	false	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5DF4A39F46676893FDEACEF4BC37A260	DDAC87CA6517E529C77C02811DD49D946233B75D	66FD9B5B94423C25DD7F3C9ADE1BFAB1E78DA7D73AF5A71641BD65F167B02440
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	393938929427B9FBDC9FA35661119FB4	E7E00E534BB13F2D63763A620B47DB2171EB1A08	5C32391EFC0C10EC45932DC327C4BDA880AAE78FBAE4CB3EB7D35FFBAA0453D1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	A8C92CDB8D19EC92FB1E67463C9599C0	2765E323A3C0E44D08AAF81F0465A15F7D40C814	06913567FE49590187628E604CEEED58D2B74210DAD0FFE34BA05DD964E16128
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	74E09E40F5778A0BC298DFACE612E30A	9214F1CCEC6EED10D5281BF5019EC0E3B0AE4270	05DD75CDE4C336FA86335DE83A7CBCF9ADB8B068C6F2C3CF150FFC442734E9B5
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	E03B50C21066166F84817AB5C24C3995	31C0765D59E02C1BE36CBD381CE070081D994EED	223B8624F7909E60F91B16339E39B9E18A44598CF764ACD7CA8ED9567C28917A
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Tue Oct 8 18:15:26 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	CEFF91832B668A8458A9ADCC36D87384	ECA8A5AD0CD51DE1F36601448C34B6C172ACE16B	FDB4797744394BC33A820F1E501C61FC02D1885839C1051731FC5E6DAE7C2AC7
Chrome Cache Entry: 147	assembler source, ASCII text, with very long lines (554)	A0B4FF216E038470B000B63F5AA39816	319D6BB77F2115DA9F977569477AC010F87E6386	7A61694ACF36F22050B90F751DBAFC330D5025471F83F5C08F663CD2633448F7
Chrome Cache Entry: 148	ASCII text, with very long lines (322), with CRLF, LF line terminators	ED81C9FD930C49EB352B5E92600BDEC7	870DFA77F7F27F6A5843B724B1687BB87CD40E96	DDB691487AE0A89AC3CB64526AE6356F835C0FCBA889C602DE63B9B67E3D6630
Chrome Cache Entry: 149	ASCII text, with CRLF line terminators	0EF5306CD54F1799C9FA23548762EC4A	6E56D085A9136CBE8EBEC45DA4F18BA0299C5F0C	CD4EB96D517491FCBA4D0748AD53B58DA9A3644DB226BE8B55FD93473AD8ADDD
Chrome Cache Entry: 150	ASCII text, with very long lines (57791)	E1D98D47689E00F8ECBC5D9F61BDB42E	6778FED3CF095A318141A31F455C8F4663885BDE	0A34A87842C539C1F4FEEC56BBA982FD596B73500046A6E6FE38A22260C6577B
Chrome Cache Entry: 151	ASCII text, with CRLF line terminators	0EF5306CD54F1799C9FA23548762EC4A	6E56D085A9136CBE8EBEC45DA4F18BA0299C5F0C	CD4EB96D517491FCBA4D0748AD53B58DA9A3644DB226BE8B55FD93473AD8ADDD
Chrome Cache Entry: 152	SVG Scalable Vector Graphics image	1F6AF349658BA40D72AA4C87AECC722A	E3ABD390D66D37C5C245C6AD172E5433584E2B39	042CD20A95524AAAE53879E8D0210E9D79F0EB9E42E7C6E25EE4A8BDE703FAC0
Chrome Cache Entry: 153	TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter LightRegular3.019;	60C8F64064078554B6469EEDA25944EB	732E278A85762A0EDFB4E077E44E3EB39D8AF92E	7FB161BBEB1C03F21D9A80601400D803E7EA7DD6FC8EA164F2B2A073E7722953
Chrome Cache Entry: 154	TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte	D17C0274915408CEE0308D5476DF9F45	444CDCA680F8CE64C16FE5A606DCFBE4B33E7925	F9342F2D916AA89C924BC2ADCC1D3BFBB6EB54675E48953BACC49024FC768F76
Chrome Cache Entry: 155	ASCII text, with very long lines (57791)	E1D98D47689E00F8ECBC5D9F61BDB42E	6778FED3CF095A318141A31F455C8F4663885BDE	0A34A87842C539C1F4FEEC56BBA982FD596B73500046A6E6FE38A22260C6577B
Chrome Cache Entry: 156	GIF image data, version 89a, 1280 x 808	C22D6210FC87C4743002CEA8A581D766	F0050B25B3FCBF863695CFD025E611A98A353CC8	A0DF8C2C2AAF954F3F45E88A82B2F15AB918BA9DA08EB7BE21569C6143BA5262
Chrome Cache Entry: 157	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1440x960, components 3	E38D601F1F6EF6663954EC55183C5FDE	63D466158889D3043056ACDFBF330F16E55DA498	9B8699D04D29EC9D28E06E4953C40AADE72619EF9813F25632E25DD5FFDBC89C
Chrome Cache Entry: 158	ASCII text	096CE0B8694339B10AA989E61521A9CA	4834282EA07AFF4A2D83684E9538F51475077297	252FC0DEE0B0A65A653A09D20E388C3A9B2D201ACCEAE55FDB19B5ACDD5A75FE
Chrome Cache Entry: 159	GIF image data, version 89a, 1280 x 808	C22D6210FC87C4743002CEA8A581D766	F0050B25B3FCBF863695CFD025E611A98A353CC8	A0DF8C2C2AAF954F3F45E88A82B2F15AB918BA9DA08EB7BE21569C6143BA5262
Chrome Cache Entry: 160	ASCII text	FFD024A5F355F3A7D58EE4A0989472F0	391284200A85AC7C1A91EED218F929E6625DF107	8009FACCEF527042BDEF7373469CEFF25079ED17A5328FB0FF9EBF9F3A91D022
Chrome Cache Entry: 161	TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I	A4A7379505CD554EA9523594B7C28B2A	C2767D146C3C10FE6C9B8AC0F181EF907C111F19	EEAB48280AACD4FC83C1C7E735681DF9EDD1B59588DDE23D0339BCF6552FB788
Chrome Cache Entry: 162	assembler source, ASCII text, with very long lines (532)	327455C921FD609119557C0E6C125F1A	313B51FF43F674A6D3C912B5F7BE6D161382CA05	ED17CD34424CD1231D8AEAF80F0DC27F604BE4AE9A8C61D82581B2984FD1E1AF
Chrome Cache Entry: 163	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1920x1280, components 3	C3598F2D3BF6694DF3378AAFC792BFEE	BBCA95477B9B15A41E4EDC59784D76F621A27263	A7842139A79734699FB6BD749733DA53E30B3634FB8C2695B57FD1A017DD1FE2
Chrome Cache Entry: 164	Unicode text, UTF-8 text, with very long lines (64131)	7C909F6DD07BED69C9CDABC9DEE2C131	7EF0ABFDB5935CDC2D50953FC0CEE43ABB501C28	C1F5534ED276A1EAA57B106C7DADCC994A01EFBC033513EA4F5435580D8C327E
Chrome Cache Entry: 165	Unicode text, UTF-8 text, with very long lines (64131)	7C909F6DD07BED69C9CDABC9DEE2C131	7EF0ABFDB5935CDC2D50953FC0CEE43ABB501C28	C1F5534ED276A1EAA57B106C7DADCC994A01EFBC033513EA4F5435580D8C327E
Chrome Cache Entry: 166	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 167	TrueType Font data, 15 tables, 1st "FFTM", 30 names, Macintosh	FD6EC063F4FDB8130A0BB83B8BFEEF1B	1C58C28756170ED365D535C2A4667FA34BDAF2F6	6D821BFA1C0E286427E0B31DA501B39333E2A3D791CEBF213B2E605393656D8A
Chrome Cache Entry: 168	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1920x1280, components 3	C3598F2D3BF6694DF3378AAFC792BFEE	BBCA95477B9B15A41E4EDC59784D76F621A27263	A7842139A79734699FB6BD749733DA53E30B3634FB8C2695B57FD1A017DD1FE2
Chrome Cache Entry: 169	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 170	SVG Scalable Vector Graphics image	1F6AF349658BA40D72AA4C87AECC722A	E3ABD390D66D37C5C245C6AD172E5433584E2B39	042CD20A95524AAAE53879E8D0210E9D79F0EB9E42E7C6E25EE4A8BDE703FAC0
Chrome Cache Entry: 171	ASCII text, with very long lines (65447)	2C872DBE60F4BA70FB85356113D8B35E	EE48592D1FFF952FCF06CE0B666ED4785493AFDC	FC9A93DD241F6B045CBFF0481CF4E1901BECD0E12FB45166A8F17F95823F0B1A
Chrome Cache Entry: 172	JPEG image data, Exif standard: [TIFF image data, little-endian, direntries=1, copyright=sandra cifo. www.cifography.com. 2016], baseline, precision 8, 1440x960, components 3	E38D601F1F6EF6663954EC55183C5FDE	63D466158889D3043056ACDFBF330F16E55DA498	9B8699D04D29EC9D28E06E4953C40AADE72619EF9813F25632E25DD5FFDBC89C
Chrome Cache Entry: 173	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	E19FDB47503248CA528DCCE82458B722	51CBCBF58B3A7DFF677E3551BC4A3EDBC5DFFC93	62A8461E328D5BACE3780FF738D0B58F6502592C04AFA564E0A8A792583A7BFB
Chrome Cache Entry: 174	ASCII text, with very long lines (20831)	56456DB9D72A4B380ED3CB63095E6022	6DBCE88AEE15B42F29083DF7A07513CF3B486BA0	66F3A07E1FA9B64A686B66381E4458DBC8ABF3DBBFF954720C4EEC07B84411C2
Chrome Cache Entry: 175	ASCII text, with very long lines (65324)	A15C2AC3234AA8F6064EF9C1F7383C37	6E10354828454898FDA80F55F3DECB347FD9ED21	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
Chrome Cache Entry: 176	MS Windows icon resource - 1 icon, 16x16, 32 bits/pixel	E19FDB47503248CA528DCCE82458B722	51CBCBF58B3A7DFF677E3551BC4A3EDBC5DFFC93	62A8461E328D5BACE3780FF738D0B58F6502592C04AFA564E0A8A792583A7BFB
Chrome Cache Entry: 177	ASCII text, with very long lines (14965)	9F54E6414F87E0D14B9E966F19A174F9	AE5735562FAABD1A2D9803BBD7BF4C502B5E4F51	15D6AD4DFDB43D0AFFAD683E70029F97A8F8FC8637A28845009EE0542DCCDF81
Chrome Cache Entry: 178	ASCII text	096CE0B8694339B10AA989E61521A9CA	4834282EA07AFF4A2D83684E9538F51475077297	252FC0DEE0B0A65A653A09D20E388C3A9B2D201ACCEAE55FDB19B5ACDD5A75FE
Chrome Cache Entry: 179	ASCII text	FB2ECA121A12D98402B53355D9EACF7E	4BD42A075D32E7631D6D378FDCB4135DB20BA191	2E1C61EEC11CFDBC16A55D6433341F9CE2A5253BA94F01FADC2D4BA31A8719EB
Chrome Cache Entry: 180	ASCII text, with very long lines (20831)	56456DB9D72A4B380ED3CB63095E6022	6DBCE88AEE15B42F29083DF7A07513CF3B486BA0	66F3A07E1FA9B64A686B66381E4458DBC8ABF3DBBFF954720C4EEC07B84411C2
Chrome Cache Entry: 181	TrueType Font data, 16 tables, 1st "GDEF", 12 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterBold3.019;RSMS;Inte	D17C0274915408CEE0308D5476DF9F45	444CDCA680F8CE64C16FE5A606DCFBE4B33E7925	F9342F2D916AA89C924BC2ADCC1D3BFBB6EB54675E48953BACC49024FC768F76
Chrome Cache Entry: 182	TrueType Font data, 16 tables, 1st "GDEF", 11 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)InterRegular3.019;RSMS;I	A4A7379505CD554EA9523594B7C28B2A	C2767D146C3C10FE6C9B8AC0F181EF907C111F19	EEAB48280AACD4FC83C1C7E735681DF9EDD1B59588DDE23D0339BCF6552FB788
Chrome Cache Entry: 183	TrueType Font data, 16 tables, 1st "GDEF", 14 names, Microsoft, language 0x409, Copyright 2020 The Inter Project Authors (https://github.com/rsms/inter)Inter SemiBoldRegular3.0	92AF2DEDB78F3805419CC20406CE221C	A3A66F1E6440FD5F02D4AD6B4EE5C070C985F314	2CA1ABDD9117DC47F0064CCA5021441A28F2BFA6365727DD9502EEEF6288F29C
Chrome Cache Entry: 184	ASCII text, with very long lines (322), with CRLF, LF line terminators	B18AAAED466952FC36B90D31B8179B9C	152B55235D738A235B317F137A124E111792B30A	2562A60764A9B07888A2A9465C14A015C82FE22239F647B20E24A743F758FD07

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html

LLM: Score: 10 Reasons: HTML file with login form DOM: 0.0.pages.csv

Suspicious Javascript code found in HTML file

Source: securedoc_20241008T101508.html	HTTP Parser: document.write
Source: securedoc_20241008T101508.html	HTTP Parser: location.href
Source: securedoc_20241008T101508.html	HTTP Parser: .location
Source: securedoc_20241008T101508.html	HTTP Parser: .location

Detected hidden input values containing email addresses (often used in phishing pages)

Source: securedoc_20241008T101508.html	HTTP Parser: "Poppy, Amanda L" <amanda_poppy@uhc.com>
Source: securedoc_20241008T101508.html	HTTP Parser: Secure Message from amanda_poppy@uhc.com
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: {'name':null,'msgID':'\|1__61365b13000001926cb2c7d2956fcd8219945c83@mail10674.corpmailsvcs.com','keysize':24,'flags':3073,'rid':'','algnames':{'encryption':{'data':'AES'}},'algparams':{'encryption':{'data':{'IV':'+BNmZJxdeCRsf0gkEqly7g=='}}},'keyserverhost':'res.cisco.com:443','securereplyhost':'res.cisco.com:443','openerhost':'res.cisco.com:443','toc':[['Body-1728400508903.txt',1,'','',13,[0,11379],'Body-1728400508903.txt','ISO-8859-1'],['image001.jpg',2,'','image001.jpg',21,[11379,1174],'image001.jpg','ISO-8859-1'],['image003.jpg',2,'','image003.jpg',21,[12553,28847],'image003.jpg','ISO-8859-1'],['Census Form.xlsx',2,'','Census Form.xlsx',5,[41400,44594],'Census Form.xlsx','ISO-8859-1'],['Why Level Funded Brochure.pdf',2,'','Why Level Funded Brochure.pdf',5,[85994,2338309],'Why Level Funded Brochure.pdf','ISO-8859-1'],['MessageBar.html',4,'','',1,[2424303,33261],'MessageBar.html','ISO-8859-1']],'salt':'yL/MU7G57ZUAJKsFEVQ7GopEm+U=','data':['','','']}

HTML title does not match URL

Source: securedoc_20241008T101508.html

HTTP Parser: Title: Secure Registered Envelope:Secure Message from amanda_poppy@uhc.com does not match URL

Unusual large HTML page

Source: securedoc_20241008T101508.html

HTTP Parser: Total size: 3518556

Source: securedoc_20241008T101508.html

HTTP Parser: <input type="password" .../> found

Source: securedoc_20241008T101508.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: No favicon
Source: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=en	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/securedoc_20241008T101508.html	HTTP Parser: No favicon

Source: securedoc_20241008T101508.html

HTTP Parser: No <meta name="author".. found

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:57092 version: TLS 1.2

Source: chrome.exe

Memory has grown: Private usage: 1MB later: 39MB

Detected non-DNS traffic on DNS port

Source: global traffic

TCP traffic: 192.168.2.16:57090 -> 1.1.1.1:53

IP address seen in connection with other malware

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 104.18.11.207 104.18.11.207
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250

JA3 SSL client fingerprint seen in connection with other malware

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 20.12.23.50
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10

Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/css/select2.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /postx.css HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/select2/4.0.12/js/select2.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgnEtQdA!!/branding/customer-logo.gif?f=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ctdNI3oq2DfXjbcPMtP+3Mx+V05Cw6JGlv5vpk3oHwurXcMl6jhp3AmaoYEPq+JIM3JJVCFFnzse75ngDJWXEzUKyUxh3ISUoacxNtygmSyGh3on6mtHQ5PUs+r7
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=ctdNI3oq2DfXjbcPMtP+3Mx+V05Cw6JGlv5vpk3oHwurXcMl6jhp3AmaoYEPq+JIM3JJVCFFnzse75ngDJWXEzUKyUxh3ISUoacxNtygmSyGh3on6mtHQ5PUs+r7
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=o/11+axsAKHTsmTe2U5bp2yqXipulLInwENQ/J1HCfvsE2LCCoOMvMFGmuADoqqbUdVa/CNehl42S2sUzK6sKxEdHFdWBZA2Tax1Juadq7A25lTknJBvh/H16iAQ
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Light.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-SemiBold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: static.cres-aws.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: nullsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://static.cres-aws.com/postx.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=58jBqsCm3p0BQA02+FQMVkM10qgzNo28c/Q4w3FCNFWGnBozwN9hq+IVL1Ms7/ex8H7wWfTRQ1e5gRVoS0dUUkFXmc0wsUXzBqMU5o0pFl40gYEcBoXhvK4N2fPI
Source: global traffic	HTTP traffic detected: GET /websafe/images/loginbg.gif HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=ECD14276DBBF49C387503E349BE24A5F; AWSALB=gOEkrQJ3jzG26n9iIQBJE1sRlrzF4Vb8dnP6lbVQ9XrJh3sK8MQcTPIzwzqVS42HNVza5rE7WXPID7b6QcXY9DWU1VLTjRryEaBWJ+LWb6NxykhiUHfWDU0Ndh2S; AWSALBCORS=58jBqsCm3p0BQA02+FQMVkM10qgzNo28c/Q4w3FCNFWGnBozwN9hq+IVL1Ms7/ex8H7wWfTRQ1e5gRVoS0dUUkFXmc0wsUXzBqMU5o0pFl40gYEcBoXhvK4N2fPI
Source: global traffic	HTTP traffic detected: GET /keyserver/keyserver?su=&df=&tf=&lp=en&v=2&m=%7c1__61365b13000001926cb2c7d2956fcd8219945c83%40mail10674.corpmailsvcs.com&s=1&f=0&d=1728414926610&action=open&j=1&jc=l_&jca=%22RPCRef%22%3apayload.rpc%2c%0a%22callback%22%3aqr&src=1&na=Netscape&nj=0&njs=1&nl=en-US&np=Win32&nu=Mozilla%2f5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36&nv=5.0%20%28Windows%20NT%2010.0%3b%20Win64%3b%20x64%29%20AppleWebKit%2f537.36%20%28KHTML%2c%20like%20Gecko%29%20Chrome%2f117.0.0.0%20Safari%2f537.36 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=iGeGPLcElGdC1uerN0e43hd8pOxK4iDlDwqqSzwnZiM0V84epj+pli5cfHLLRwrico3cTD4iiZC7czjv5Mn3oi3uQv83BZKioj0Q4mN4Ak2MuAaCI1U0XT4QJjIa; AWSALBCORS=gMlPPa9smMCe/e9PKYjdGOmhbyAHptD2FOAH1xXK+0qE0fLEMkYgRy6weJCKEPenCq0l54sl1NjCKFds2kQHJ5tQFCUaeIhc4o1tozObe0+EXyQD+4tDd9+Ibpfh
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=gMlPPa9smMCe/e9PKYjdGOmhbyAHptD2FOAH1xXK+0qE0fLEMkYgRy6weJCKEPenCq0l54sl1NjCKFds2kQHJ5tQFCUaeIhc4o1tozObe0+EXyQD+4tDd9+Ibpfh
Source: global traffic	HTTP traffic detected: GET /CRES_login_bg.jpg HTTP/1.1Host: static.cres-aws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/images/pullFeature/arrowDown.svg HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; AWSALB=ZDea7lPXTymHZFdJ+TqcnNkF8OQKtHQX9ZA458pIFAQCLYtV/HIrWK50mDelLdihHmI24zu7x28h6ddBnzr4J3r4JGFG7tNa44mSqOXK2Ft2jY+GrZcD7IFvROPW; AWSALBCORS=iPDtEyTqwKikVvopO/uY2ogCDIqwtuH+p+UQ4Pn1TKjAE3q6nJ0WURGBVg3tUcaXvI9xRccjGUFQCWcNKJyepQ29guJWlaxz700nzY3YGMwrdYNPXGb5UigRsPmP
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RW7vkxnn+k1BEWN&MD=wZFRRcpn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=j9i42tSSJDQfi423zhuvitbC3pv5bmEu6QH/ijSxuTEbWGTDiGbQ3+M602bc3EoAG6CGV/GJb/K1U72lOsONqdk07ah/pOpeTWD2b2yItdvWLQZUJR+EDXjrTgry
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALBCORS=1MwH66Q7hHXFgw2PO5gb+yzmvgr5BiK7gg/YUILklrkutuqHcCaWYdFsIALxNS7pMKq8aIUWqf/p4WEKvsHl3MfdaeWGmw3CeR4PHE8TxvabVVxnB42hmfnOOzDk
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=RW7vkxnn+k1BEWN&MD=wZFRRcpn HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /websafe/help?topic=AddrNotShown&localeUI=en HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; AWSALB=3Og05ozOgTih9wlMowjlDpUblMEp4QqnQkn72m/KUZkP2X1J2+wC8cUKs2QA7ITk2d2LEpft3+Q11a6PU1FJiRaDa7rUP+PzFPjFpDwpjpXyd70DoAPz/lSGMgYk; AWSALBCORS=1MwH66Q7hHXFgw2PO5gb+yzmvgr5BiK7gg/YUILklrkutuqHcCaWYdFsIALxNS7pMKq8aIUWqf/p4WEKvsHl3MfdaeWGmw3CeR4PHE8TxvabVVxnB42hmfnOOzDk
Source: global traffic	HTTP traffic detected: GET /websafe/templates/css/postx.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/css/bootstrap.min.css HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/css/customHelp.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /admin/cisco-fonts.min.css HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /websafe/templates/standard-scripts.js HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /websafe/templates/screen-reader.js HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6; AWSALBCORS=W9cCsarrMB41E7B4X3DuWjUNXQR9UwgFNqBTlAgTJwt0ncweJPsYN6vLI5tllM+8CWZmqdoJDeh40SBafKX3zkvxsonhmYgcfPj/+v5AmXDHRMrre1wFtD/YGud6
Source: global traffic	HTTP traffic detected: GET /ajax/libs/popper.js/1.14.7/umd/popper.min.js HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/standard-scripts.js HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=3/RZ5TRwSSPX4yTz8pPdapYG/VXDcRJ8JJOw+SefZfesO3dt/ZOXOMjF6iroa7DSaG0i/I6ek+qPMpKlV1urFFw3jhYfV/1umf8n23U6wKtivjrPl0QGoTeNxhjK; AWSALBCORS=3/RZ5TRwSSPX4yTz8pPdapYG/VXDcRJ8JJOw+SefZfesO3dt/ZOXOMjF6iroa7DSaG0i/I6ek+qPMpKlV1urFFw3jhYfV/1umf8n23U6wKtivjrPl0QGoTeNxhjK
Source: global traffic	HTTP traffic detected: GET /bootstrap/4.3.1/js/bootstrap.min.js HTTP/1.1Host: maxcdn.bootstrapcdn.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /websafe/templates/screen-reader.js HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: JSESSIONID=80DBAD8E3D8B0800F14F49794DB57E69; WebSafe.current-locale=en; WebSafe.current-locale-changed=true; AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/Inter/Inter-Regular.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/SharpSans/SharpSans-Bold.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /admin/fonts/Inter/Inter-Bold.ttf HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://res.cisco.comsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: fontReferer: https://res.cisco.com/admin/cisco-fonts.min.cssAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd; AWSALBCORS=oNLMJoPHhCRuu2isuhRg9xDpiihQprJRP9rquh9rtHWrvt5HkFtJqOaKqUPAD0dJjhYYaXbzy5Avc/8Ow0ngkmIMAM3M335UpVgWZCSfbWJF60Fs8p5LsbrJCEnd
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cisco.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://res.cisco.com/websafe/help?topic=AddrNotShown&localeUI=enAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=fghQpkcjgpWoO3okO2Yygs360O8LXnJG2oDto+TX9ggQoynhNj6t0izKQ/7AfNYtaGao6aaaLemyI9fkKIO+QFZdrLjLv1BwdFanq9FjFsst5CbmMLRNa8N2W/pG; AWSALBCORS=fghQpkcjgpWoO3okO2Yygs360O8LXnJG2oDto+TX9ggQoynhNj6t0izKQ/7AfNYtaGao6aaaLemyI9fkKIO+QFZdrLjLv1BwdFanq9FjFsst5CbmMLRNa8N2W/pG
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=4qoo+ADL7AI+9oFFOEpGdauEqtzPtVcpt0wqiMlZUgsdH8X9D1lJEnu7M8gZjSYN5hmzSax9e4bFo7omdiT8UOxYqewgBdLErZahRqrGTgrOVUvjrt21kQQ0EkBP; AWSALBCORS=4qoo+ADL7AI+9oFFOEpGdauEqtzPtVcpt0wqiMlZUgsdH8X9D1lJEnu7M8gZjSYN5hmzSax9e4bFo7omdiT8UOxYqewgBdLErZahRqrGTgrOVUvjrt21kQQ0EkBP
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=GVKd4nyf+ekdQR95lAKY6soDD92s81QcXNoitEblr9jLcGMKN61IJrOS+7S3j/kxNRTwIQ1cO2tVSO1bfgTHjP4c8iFDGlRBm415A59wsokVCX8M4Ge7h1dLBmPF; AWSALBCORS=WEor/uakyCwGHntmyf2kPsx+HVzLPqGoLxQv9MRnICnSn6vvESEydTuYtZN0k6fiv7+4D7/315mOsdl1esgk9gYl1EdwDxbC8YokOB6Wgutm6LUXy7qa7h20+iSr
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en&try=1 HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: AWSALB=GVKd4nyf+ekdQR95lAKY6soDD92s81QcXNoitEblr9jLcGMKN61IJrOS+7S3j/kxNRTwIQ1cO2tVSO1bfgTHjP4c8iFDGlRBm415A59wsokVCX8M4Ge7h1dLBmPF; AWSALBCORS=4pJF91zigjcpe/u5Jnroc4pv5VMFjdI4HKV5knZKbUD27CiXQEYoyp4h8YESERYxXzQIoqfpexLYUwqh5bc6xg4DLW5HR0AxdbuPdctNUyCKsVkWaD2q4MXtPy03
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=google&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6KFHBg7wt9go4Ql3GNTqfUK02FMnw3OPKiutUutxwRaT5y2uoi9dYYTXcTjmYVA!!/?button=ok&lp=en HTTP/1.1Host: res.cisco.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: static.cres-aws.com
Source: global traffic	DNS traffic detected: DNS query: cdnjs.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: res.cisco.com
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: maxcdn.bootstrapcdn.com

Source: chromecache_180.2.dr, chromecache_174.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT).
Source: securedoc_20241008T101508.html	String found in binary or memory: http://res.cisco.com/envelopeopener/pf/ZGJAVG9rZW4zMzcxOjEzNTk2/vldpQ4dumx5mtur6tu9R0xjhujwiTsXu.l-6
Source: chromecache_153.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterLightWeightSlant
Source: chromecache_183.2.dr	String found in binary or memory: http://scripts.sil.org/OFLInterSemiBoldWeightSlant
Source: chromecache_161.2.dr, chromecache_182.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlant
Source: chromecache_154.2.dr, chromecache_181.2.dr	String found in binary or memory: http://scripts.sil.org/OFLWeightSlantRegular
Source: chromecache_167.2.dr	String found in binary or memory: http://www.sharptype.co
Source: chromecache_167.2.dr	String found in binary or memory: http://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://www.sharptype.cohttp://w
Source: securedoc_20241008T101508.html	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/3.7.1/jquery.min.js
Source: securedoc_20241008T101508.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/css/select2.min.css
Source: securedoc_20241008T101508.html	String found in binary or memory: https://cdnjs.cloudflare.com/ajax/libs/select2/4.0.12/js/select2.min.js
Source: chromecache_155.2.dr, chromecache_150.2.dr, chromecache_175.2.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_153.2.dr, chromecache_183.2.dr	String found in binary or memory: https://github.com/rsms/inter)Inter
Source: chromecache_154.2.dr, chromecache_181.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterBold3.019;RSMS;Inter-BoldInter
Source: chromecache_161.2.dr, chromecache_182.2.dr	String found in binary or memory: https://github.com/rsms/inter)InterRegular3.019;RSMS;Inter-RegularInter
Source: chromecache_165.2.dr, chromecache_164.2.dr	String found in binary or memory: https://github.com/select2/select2/blob/master/LICENSE.md
Source: chromecache_155.2.dr, chromecache_150.2.dr, chromecache_175.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_155.2.dr, chromecache_150.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=authFrame
Source: chromecache_148.2.dr, chromecache_184.2.dr	String found in binary or memory: https://res.cisco.com/websafe/custom.action?cmd=changeExpiredPassword&id=null
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/images/loginbg.gif
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/images/pullFeature/arrowDown.svg
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com/websafe/logo/qWuRZDIlFFn0Z.ejbun830-rfiY7KGOHGT2q9s4Y9v3gB5g005b.rfoQ7ujVDdQgn
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/envelopeopener/decrypt_envelope.jsp
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/keyserver/Logout
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/keyserver/keyserver
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=AddrNotShown
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=PPNotShown
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/help?topic=RegEnvelope
Source: securedoc_20241008T101508.html	String found in binary or memory: https://res.cisco.com:443/websafe/pswdForgot.action
Source: securedoc_20241008T101508.html	String found in binary or memory: https://static.cres-aws.com/CRES_login_bg.jpg
Source: securedoc_20241008T101508.html	String found in binary or memory: https://static.cres-aws.com/postx.css

Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57103 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57096
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57097
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57092
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 57098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 57117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57100 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49714 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 57114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49712 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57108 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57111 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49715 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49715
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49714
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49713
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49712
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49710
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57105 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49710 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49713 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57107 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57104 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57100
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57103
Source: unknown	Network traffic detected: HTTP traffic on port 57099 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57110 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57108
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57109
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57104
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57105
Source: unknown	Network traffic detected: HTTP traffic on port 57101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57106
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57107
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57111
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57112
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57113
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57114
Source: unknown	Network traffic detected: HTTP traffic on port 57092 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57110
Source: unknown	Network traffic detected: HTTP traffic on port 57115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57109 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 57117
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 57097 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 57112 -> 443

Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49741 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:49743 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.16:49742 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.12.23.50:443 -> 192.168.2.16:57092 version: TLS 1.2

Source: classification engine

Classification label: mal52.phis.winHTML@20/70@28/11

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\securedoc_20241008T101508.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5445686682342090761,7875340082080687336,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2160 --field-trial-handle=1964,i,5445686682342090761,7875340082080687336,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Google Drive.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr	LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: securedoc_20241008T101508.html

Static file information: File size 3518556 > 1048576

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	Jump to behavior

ID:	1529329
Product:	CloudBasic
Start time:	21:14:54
Start date:	08.10.2024
Sample:	securedoc_20241008T101508.html
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS
MD5:	7e365cf299ea2aa0ff1c113e29b36162
SHA1:	db25151f246d8e735e64044b1bbdc6ec79a408fd
SHA256:	994aab3577a4eb7b947ff3c046f44c3e69305d925720bd3be8b7b70ce67ae8ab
Filetype:	Scalable Vector Graphics (18501/1) 24.18%

Windows Analysis Report
securedoc_20241008T101508.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report securedoc_20241008T101508.html

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Software Vulnerabilities

Networking

System Summary

Boot Survival

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
securedoc_20241008T101508.html