Windows Analysis Report
https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-

Overview

General Information

Sample URL:	https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-
Analysis ID:	1532846
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

AI detected phishing page (G)

Yara detected HtmlPhish54

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML page contains hidden javascript code

HTML title does not match URL

Stores files to the Windows start menu directory

URL contains potential PII (phishing indication)

Classification

Signatures

Phishing

AI detected phishing page

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1

LLM: Score: 9 Reasons: The brand 'Microsoft' is a well-known global technology company., The legitimate domain for Microsoft is 'microsoft.com'., The provided URL '680c737c-daa070be.babjeetrading.com' does not match the legitimate domain for Microsoft., The URL contains suspicious elements such as random alphanumeric strings and an unrelated domain 'babjeetrading.com'., The presence of a username input field suggests an attempt to collect sensitive information, which is common in phishing sites. DOM: 2.13.pages.csv

AI detected phishing page (G)

Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	LLM: Score: 10 Reasons: The URL "0nline.babjeetrading.com" is suspicious. The number "0" is used in place of the letter "o", which is a common tactic used in phishing attacks to mimic legitimate URLs. The domain name "babjeetrading.com" does not appear to be related to Google or reCAPTCHA. The reCAPTCHA brand is owned by Google and is typically associated with the domain "google.com". The presence of only one input field, "I'm not a robot," is insufficient to determine the legitimacy of the site. reCAPTCHA often involves more complex challenges. The usage of a seemingly legitimate brand name like reCAPTCHA on a suspicious domain raises a strong concern for phishing. DOM: 1.4.pages.csv
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	LLM: Score: 10 Reasons: The URL contains a seemingly random subdomain (680c737c-daa070be) which is highly suspicious., The domain 'babjeetrading.com' does not match the typical format of Office 365 login pages., Office 365 is a well-known brand and a common target for phishing attacks., The presence of username and password fields is typical for login pages, which are often imitated in phishing attempts. DOM: 2.13.pages.csv

Yara detected HtmlPhish54

Source: Yara match

File source: 1.11.pages.csv, type: HTML

HTML body contains low number of good links

HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

HTTP Parser: Title: MLC Life Insurance - Sign In does not match URL

URL contains potential PII (phishing indication)

Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html

HTTP Parser: <input type="password" .../> found

Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No favicon

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1255Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g; path=/Upgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 56 6d 6f db 36 10 fe 9e 5f 71 d5 3e 38 2d 22 cb 4e d3 c6 6e 2c 0f a9 9b 62 2d da c4 58 dc a2 c5 30 04 94 78 b6 d8 50 a4 4a 52 7e d9 d0 ff be a3 24 27 8e ed 74 03 26 c0 30 c9 7b 7b ee 85 77 1c 3c 79 73 35 9a 7c 1d 5f 40 e6 72 39 3c 18 f8 3f 90 4c cd e2 00 55 e0 0f 90 f1 e1 01 d0 37 70 c2 49 1c 8e 99 e1 5a c1 55 69 e0 9d 72 68 4c 59 38 a1 d5 20 aa c9 07 35 6f 8e 8e 91 4e 57 84 f8 bd 14 f3 38 48 35 31 2b 17 ba 55 81 01 34 bb 38 70 b8 74 91 37 7a 06 69 c6 8c 45 17 7f 9a bc 0d 7b 01 44 c3 0d 4d 8a e5 18 07 73 81 8b 42 1b b7 21 bf 10 dc 65 31 c7 b9 48 31 ac 36 47 20 94 70 82 c9 d0 a6 4c 62 dc 3d 82 9c 2d 45 5e e6 eb 83 7b dd 1f 2f 26 e7 70 79 fe f1 22 0e 8c 4e b4 b3 01 8c ae 2e 27 17 97 93 38 50 5a 28 8e cb 23 50 7a aa a5 d4 8b 60 f8 98 6b 2c cd 30 f4 90 8c 96 1b d8 c8 6c c8 66 18 77 b6 9c f9 2f b2 4a 87 15 e9 27 a2 b8 2c 84 41 bb 21 f4 33 43 85 61 b3 9c 3d 66 a1 16 92 42 dd 82 41 19 07 d6 ad 24 da 0c 91 62 9d 19 9c c6 c1 af 37 a9 b5 37 39 13 2a d6 b7 c1 5a c2 a6 46 14 ae b6 e9 bf 69 a9 52 5f 0d 60 33 bd 78 2d 75 7a 3b a6 08 1c 3e 85 bf ef 58 fc c7 75 5a e6 84 a2 9d 68 be 6a a7 92 59 fb 41 58 d7 66 9c 1f b6 a4 66 1c 79 eb e9 d9 7e 91 19 ba 0b 89 7e 69 5f af 46 5e f4 92 8a e3 b0 2a 30 42 87 26 78 fa 47 e7 cf 76 e5 41 9b 0b 5b 48 b6 82 18 82 e0 5e df 8f 06 7d b4 09 bf f1 05 ac 49 bd b7 df 6c cc 2c 0f 86 f7 4c 83 a8 be 0b 03 0f 1a 2a d0 71 2b f1 3e 86 05 39 d9 22 0a 17 f3 35 e1 0e 4e eb 81 fa e1 ff f6 43 69 85 c1 d9 16 76 a5 9b ed 24 13 16 3c 1c ca 23 25 9e ea 03 de b3 39 bb ae a8 4f 06 d1 1d 63 13 82 0d c4 46 2f 5a cd f1 36 a9 29 1a 2a 1e 19 ca 59 78 5c 2d 6c 1e 1e b7 28 3e c4 37 7c 54 aa f2 24 9c 6a 93 22 6c 69 e9 ad b5 f4 5a c3 07 a9 1e 14 0f f7 fe 3b b7 b0 d2 25 2c d0 20 24 84 d4 0a 35 3b 02 ab a9 ce 33 5a 02 4b 74 e9 3c 8b a9 c9 68 e8 d6 73 84 d2 82 67 b8 ad a4 73 31 cb 1c 24 08 0c e8 b2 b7 61 92 79 75 cc ff 60 8a 0b 0a 19 b3 5a 55 12 b6 61 ce 58 51 a0 f2 3d 25 95 25 27 4b af 1e 42 8d b6 b0 0e 4a b9 0b 9e 2e d6 f0 ab 2e 5b 95 a1 42 93 13 84 cb 23 d4 73 8f dd 65 46 97 b3 ac 36 bb c0 c4 0a 87 b0 10 2e 03 5b 16 14 bd ac cc 19 dd a8 02 91 0f 22 52 f5 a8 fe 39 02 15 0a 4b 24 f2 8d ac 03 53 3c d2 86 a2 ad 6f 05 d5 83 50 75 9c c8 d2 3a 56 8f ab 3d f7 a8 0c a7 0a 37 6e 75 17 da 42 96 33 52 e3 4b cd e0 9c 72 ea dd d8 b0 38 35 3a 07 53 2a 45 e7 ed 5d e5 83 68 3b 4a fb 52 fe 3b 4e 29 3d 8a 0a e7 dd 9b 57 f0 cb f1 e9 c9 0b de eb f6 c3 d3 a4 cf c3 6e b7 c7 c2 17 d3 a4 1b 3e e7 2f 7b fd 4e a7 9f f4 5f a4 3b a9 d9 32 b2 ae 4c a5 1d dd 57 18 4b 4a b8 af cb bc 90 48 31 77 19 c2 28 63 52 a2 a2 Data Ascii: Vmo6_q>8-"Nn,b-X
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/css;charset=UTF-8Content-Length: 7321Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 3d db b2 db 38 72 bf a2 cc d4 64 c7 3b a4 4c 51 a2 ae b5 9b 9d da 97 7d c8 ee 0f b8 fc 40 91 d0 11 d7 14 a9 90 94 cf f1 28 ca 9f a5 f2 49 f9 85 34 ee 8d 1b a9 b1 b3 b3 e3 b2 07 ea 6e 02 8d 6e 34 ba 01 02 cd 3f 55 97 6b db 0d b3 5b 57 ff f8 fe fd a9 6d 86 7e fe d2 b6 2f 35 c9 af 55 3f 2f da cb fb a2 ef ff ed 94 5f aa fa cb 1f fe 3d 1f da fd 32 49 a2 55 92 fc e7 5f 29 31 e9 ba 7c f8 d7 fe 76 ec c9 f0 87 3a 1f aa 26 62 ff c6 e4 6d 78 77 98 f7 5d dc 36 f5 97 a8 ff fc b2 6f da e1 c7 7d d7 b6 c3 bb 7b fb 99 74 a7 ba 7d dd 9f ab b2 24 cd e3 da 91 68 80 27 f2 8e e4 1a 99 df 86 f6 91 47 80 9c 15 6d 49 ee c7 bc f8 f4 d2 b5 b7 a6 8c 8b b6 6e bb fd d0 e5 4d 7f 85 87 9a e1 31 3f 0e 4d 34 a7 95 c4 4d fb da e5 d7 fb eb b9 1a 48 0c f8 82 ec 39 48 10 c1 3f 71 99 37 2f a4 9b e7 c5 50 7d 26 18 b4 37 40 e4 94 df ea 61 ee 81 19 74 55 73 6a e7 36 c0 a0 b8 76 d5 25 ef be cc 3d 30 83 ae bf 15 05 e9 fb b9 07 66 d0 bd e6 5d 53 35 2f 73 0f 4c d1 9d da ee 02 92 6a 86 ae ad a3 79 7b 25 cd 1f e7 65 d7 5e cb f6 b5 89 87 f6 05 94 8c 3a 3e 4a c1 fb 3c 46 42 7b 3c 86 17 9d 1d 23 11 fd 1c 23 11 5d c4 43 01 aa 7d a1 0a 6e c8 63 0e 43 8c dc e9 20 8e 5f 49 f5 72 1e f6 9b 24 39 f0 b1 f2 7d 92 24 ff c2 07 7b 4e 87 0b 95 0b 08 2a be 41 7b 43 35 d4 24 06 71 15 e4 2e a8 4f c7 d3 e6 b4 c1 64 bc de be fa 85 ec d3 f4 fa 26 50 55 43 3a f1 a4 33 3c bf 2f b2 e2 58 a4 87 6b 5e 96 54 2f b3 34 bb be 69 1e 0e 8f f3 70 a9 79 b5 dc be f6 da a4 0e b8 17 60 6d 87 f8 d2 c7 6c 74 53 0e e2 bc fc fb ad 1f f6 8b 24 f9 e1 00 54 c7 4f d5 e0 c7 3e f2 6e a8 8a 9a 44 79 5f 95 24 2a 09 b0 5c f7 d1 a9 7a 29 f2 eb 50 b5 0d 2d de c0 fc 4e 60 98 30 08 ce 24 2f e9 ff 68 47 ae 51 d5 5c 6f c3 87 e1 cb 95 fc e1 54 d5 e4 63 74 81 0e 47 17 d2 dc a2 26 ff 1c f5 a4 60 55 f4 b7 0b d5 ed bd ac fa 6b 9d 7f d9 1f eb b6 f8 f4 c8 6f 65 d5 46 45 de 7c ce 7b 30 e2 f6 a5 a3 ca fd 0c 6c b4 8a b2 6a 6a 90 60 cc 1e 38 80 dd 03 af 79 1d e7 75 f5 d2 ec 8f 79 4f 28 96 57 c4 a6 8f 0f 62 34 f7 1f df a9 2a a8 e6 0f 67 2e a8 e4 31 3f 43 17 a3 0f 7c 5e f9 08 93 ca 05 88 60 50 60 ea 47 2e b5 bc 4a b7 c7 22 3f 30 c9 95 a4 68 41 f0 d0 1f 41 24 ed 28 df 9f e9 94 74 6f 6f 03 65 07 1a 39 46 e5 10 b5 d7 81 0b a9 07 8e 60 48 5a c3 ee 51 9e 1a 31 64 86 2f 35 d9 57 03 f4 aa 78 80 9c 3e a1 91 02 03 ed 84 47 e8 03 66 52 10 e7 15 0d b6 4d f6 c3 81 09 49 f6 f1 70 6d fb 8a f1 d9 11 3a d7 7e 26 41 c9 b1 f9 ae ba bc dc 2d 82 0b 88 a7 26 0f da d0 d0 5e f7 f1 3c 23 17 da f4 fd d8 0e 43 7b 01 40 4a 21 f4 c9 63 db c1 80 80 4e 9f bb 7b 7c 69 7f 89 8f ed 1b 65 8c 0e 68 aa 0d 98 7b 29 48 8d c2 00 3a 00 56 7a fb 7d b4 cf 4f 74 00 ee 8f 04 cc 89 e0 a1 57 9c 49 f1 09 a8 3f 62 60 97 c3 a0 f8 78 f7 34 cb 39 e6 4c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D\|~\|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!*XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl\|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]W'nW<BH>[J[]Q'q5hYJJ6Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF\|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D\|~\|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!*XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl\|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]W'nW<BH>[J[]Q'q5hYJJ6Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF\|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<

Source: global traffic	HTTP traffic detected: GET /?Mlcinsurance=grant.harpur@mlcinsurance.com.au HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?_css_main=ok HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveOrigin: http://aa.ns.agingbydesignministry.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?_js=asdAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g

Source: global traffic	DNS traffic detected: DNS query: 60ms64xz.r.eu-west-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: nym1-ib.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: aa.ns.agingbydesignministry.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 0nline.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 6afe6eac-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 7a77ef93-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 680c737c-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: a609b987-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: login-okta.babjeetrading.com

Source: unknown

HTTP traffic detected: POST /?_red=1 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveContent-Length: 5Cache-Control: max-age=0Upgrade-Insecure-Requests: 1Origin: http://aa.ns.agingbydesignministry.orgContent-Type: application/x-www-form-urlencodedUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5gData Raw: 68 61 73 68 3d Data Ascii: hash=

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/html; charset=iso-8859-1Content-Length: 277Connection: keep-aliveServer: ApacheData Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 68 72 3e 0a 3c 61 64 64 72 65 73 73 3e 41 70 61 63 68 65 20 53 65 72 76 65 72 20 61 74 20 61 61 2e 6e 73 2e 61 67 69 6e 67 62 79 64 65 73 69 67 6e 6d 69 6e 69 73 74 72 79 2e 6f 72 67 20 50 6f 72 74 20 38 30 3c 2f 61 64 64 72 65 73 73 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><hr><address>Apache Server at aa.ns.agingbydesignministry.org Port 80</address></body></html>

Source: unknown	Network traffic detected: HTTP traffic on port 52137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52112
Source: unknown	Network traffic detected: HTTP traffic on port 52143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52113
Source: unknown	Network traffic detected: HTTP traffic on port 52120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52081
Source: unknown	Network traffic detected: HTTP traffic on port 52146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52120
Source: unknown	Network traffic detected: HTTP traffic on port 52123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52129
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52121
Source: unknown	Network traffic detected: HTTP traffic on port 52157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52131
Source: unknown	Network traffic detected: HTTP traffic on port 52126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52096
Source: unknown	Network traffic detected: HTTP traffic on port 52158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52137
Source: unknown	Network traffic detected: HTTP traffic on port 52102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52142
Source: unknown	Network traffic detected: HTTP traffic on port 52129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52140
Source: unknown	Network traffic detected: HTTP traffic on port 52144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 52113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52145
Source: unknown	Network traffic detected: HTTP traffic on port 52155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52146
Source: unknown	Network traffic detected: HTTP traffic on port 52121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52149
Source: unknown	Network traffic detected: HTTP traffic on port 52081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52148
Source: unknown	Network traffic detected: HTTP traffic on port 52149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52150
Source: unknown	Network traffic detected: HTTP traffic on port 52152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 52166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 52162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52156
Source: unknown	Network traffic detected: HTTP traffic on port 52156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52157
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52155
Source: unknown	Network traffic detected: HTTP traffic on port 52082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52161
Source: unknown	Network traffic detected: HTTP traffic on port 52127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52162
Source: unknown	Network traffic detected: HTTP traffic on port 52096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52166
Source: unknown	Network traffic detected: HTTP traffic on port 52101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52106
Source: unknown	Network traffic detected: HTTP traffic on port 52085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52099 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@25/41@36/223

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

Screenshots

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
142.250.184.195	unknown	United States	15169	GOOGLEUS	false
142.250.185.67	unknown	United States	15169	GOOGLEUS	false
172.236.233.44	0nline.babjeetrading.com	United States	20940	AKAMAI-ASN1EU	true
34.104.35.123	unknown	United States	15169	GOOGLEUS	false
1.1.1.1	unknown	Australia	13335	CLOUDFLARENETUS	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
216.58.212.131	unknown	United States	15169	GOOGLEUS	false
216.58.212.132	unknown	United States	15169	GOOGLEUS	false
142.250.186.163	unknown	United States	15169	GOOGLEUS	false
142.250.186.174	unknown	United States	15169	GOOGLEUS	false
52.210.33.116	baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com	United States	16509	AMAZON-02US	false
3.211.174.227	server-38541367.us-east-1.elb.amazonaws.com	United States	14618	AMAZON-AESUS	false
64.233.166.84	unknown	United States	15169	GOOGLEUS	false
142.250.185.170	unknown	United States	15169	GOOGLEUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.174	unknown	United States	15169	GOOGLEUS	false
172.217.23.99	unknown	United States	15169	GOOGLEUS	false
142.250.185.164	www.google.com	United States	15169	GOOGLEUS	false
142.250.185.131	unknown	United States	15169	GOOGLEUS	false
68.67.179.164	nym1-ib.adnxs.com	United States	29990	ASN-APPNEXUS	false
172.217.16.195	unknown	United States	15169	GOOGLEUS	false
142.250.184.202	unknown	United States	15169	GOOGLEUS	false
216.58.212.170	unknown	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.16

Contacted Domains

Name	IP	Active
0nline.babjeetrading.com	172.236.233.44	true
6afe6eac-daa070be.babjeetrading.com	172.236.233.44	true
7a77ef93-daa070be.babjeetrading.com	172.236.233.44	true
nym1-ib.adnxs.com	68.67.179.164	true
login-okta.babjeetrading.com	172.236.233.44	true
www.google.com	142.250.185.164	true
baconredirects-elb-1vu8uzbbqecyf-1056340931.eu-west-1.elb.amazonaws.com	52.210.33.116	true
server-38541367.us-east-1.elb.amazonaws.com	3.211.174.227	true
680c737c-daa070be.babjeetrading.com	172.236.233.44	true
a609b987-daa070be.babjeetrading.com	172.236.233.44	true
aa.ns.agingbydesignministry.org	unknown	unknown
60ms64xz.r.eu-west-1.awstrack.me	unknown	unknown

Contacted URLs

Name	Malicious	Reputation
http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au	false	unknown
http://aa.ns.agingbydesignministry.org/?_js=asd	false	unknown
https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	true	unknown
http://aa.ns.agingbydesignministry.org/?_css_main=ok	false	unknown
http://aa.ns.agingbydesignministry.org/favicon.ico	false	unknown
http://aa.ns.agingbydesignministry.org/?_red=1	false	unknown
http://aa.ns.agingbydesignministry.org/?_jd=botd	false	unknown
http://aa.ns.agingbydesignministry.org/?_js_main=12	false	unknown
https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	true	unknown

Name	Type	MD5	SHA1	SHA256
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	5DA66639A63CFA8110FC41F22164F3FA	EBAB4BD41D973C3C2D2906EEB3E6D08B6C2560B4	5AC537200E4FA3B1EBB1706AEC1AFF8F4EF1B16750C1F5CADD9FA24F4532B5AA
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	B4AD18F13D3439B7A56503FA7F4B6EC9	F9FB5BE4C7D3F2CBD9895A78AD931333C6304682	D0B85A26BC3D6D7F235AC50D96F38FE2EB6C2C32EA584CA431934817018D9011
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Fri Oct 6 08:05:01 2023, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	DCDC6EAA351FC444991063D619A2A115	7F73467B8D0EFDAB82D538B552ADE17064134401	B612828390AC011CFA749B873546A80FF271744D56DA676F6521BF8CF1388D1E
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	1ABC5ED47F768A9DEDFD9F18E643D43A	0B85CDC3E796E9CBBC22CA8367F59F0DA3D0562C	5BD6B4C0877B4172BCE40D7BAF939D0D4650CCD3D307244AA9F382367446C9B1
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	6F9BEAD57ABD3989A855D99B8F3E8DCF	1C60D00598544CAFF7AA159D3C1E21685EDAEE19	9B8A53D17A5E14734E195717BF2C818D8E28C7EFAD7068237C570E4B517A0BF0
C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk	MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Has command line arguments, Icon number=0, Archive, ctime=Tue Oct 3 09:48:42 2023, mtime=Sun Oct 13 21:51:21 2024, atime=Wed Sep 27 04:28:28 2023, length=1210144, window=hide	BE43108F8CE5D5FD97498F70E9BB9209	0C6C873E527F24205D36F16AC25B06F3E3F8A570	16022E0D1DE6256E5384F98800022FF4F23BC31B9D67183FF5CFF05A1EFF8FB8
Chrome Cache Entry: 157	PNG image data, 233 x 50, 8-bit/color RGBA, non-interlaced	EDD9CCC22A7B7FD18AE3B5D73D276C54	529918702D4D27482C02B09BF3BF863366EA62A0	75BE2B8EF6AE1B32E9AD5C7D587A41E0B7D10D323C0E6C1DFB6B8C0B086266D8
Chrome Cache Entry: 158	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	07BF314AAB04047B9E9A959EE6F63DA3	17BEF6602672E2FD9956381E01356245144003E5	55EAF62CB05DA20088DC12B39D7D254D046CB1FD61DDF3AE641F1439EFD0A5EE
Chrome Cache Entry: 159	ASCII text, with no line terminators	96B191AE794C2C78387B3F4F9BB7A251	F974547DF0ADFFB7E80699552C6BCE3E709343A6	CE76758AEEF2CAF12021AFB5257D0CA4E9E5C20015C2C85D68BB27FA6B1AFB28
Chrome Cache Entry: 160	gzip compressed data, from Unix, original size modulo 2^32 7324	C8798EBDED153C62971BCA924F9DF9D0	37B38950670C0010918231E2B4E29130BA965CDC	FE1DCC0264A677CAF236FA4F2AA9A56D26EA262C3B311C84B94CBD2456E6DB31
Chrome Cache Entry: 162	Web Open Font Format (Version 2), TrueType, length 14940, version 1.0	A46FB7AAE99225FDFD9D64B2B8B1063F	1EE50BF5985C1956DDE1C06D9B1CEC4645DDB92B	4B5816BBFC52587979139951355FE4048DA02CE60E40CEF8E4A1EFB6CD396281
Chrome Cache Entry: 164	Unicode text, UTF-8 text, with very long lines (49026), with LF, NEL line terminators	FEE94C3936A7BDE0E34D3CA2E29A36C0	71F5E16D085777B19473E206BFD90FA712960F4B	A7CD48B9527E6FC425258C9DEDC338FEB7897C7DB34416585E5915AC58B0FC1A
Chrome Cache Entry: 166	Web Open Font Format (Version 2), TrueType, length 15340, version 1.0	19B7A0ADFDD4F808B53AF7E2CE2AD4E5	81D5D4C7B5035AD10CCE63CF7100295E0C51FDDA	C912A9CE0C3122D4B2B29AD26BFE06B0390D1A5BDAA5D6128692C0BEFD1DFBBD
Chrome Cache Entry: 167	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	0F2A4639B8A4CB30C76E8333C00D30A6	57E273A270BB864970D747C74B3F0A7C8E515B13	44B988703019CD6BFA86C91840FECF2A42B611B364E3EEA2F4EB63BF62714E98
Chrome Cache Entry: 168	HTML document, ASCII text	E158682C49201F8CE0FC84971481EDAC	D187459385DFDF84A1ADB154FF535009B8F72DD6	740F4BE9FE2C3DC71887DBC12D7E5315BE97E2E64153A467218B1655EE13D019
Chrome Cache Entry: 170	PNG image data, 70 x 70, 8-bit/color RGBA, non-interlaced	04EEEBA5B3538C4524D8E6828BA2C405	8DB73B75BC7547A90AEBD1377852EA3BF7CBC5EA	DA75C3F3CE27C081541DFB59EDD7E756FEFE054A9E0E976356C4B0D3778BB434
Chrome Cache Entry: 173	PNG image data, 420 x 94, 8-bit/color RGBA, non-interlaced	12BDACC832185D0367ECC23FD24C86CE	4422F316EB4D8C8D160312BB695FD1D944CBFF12	877AE491D9AAC5C6EF82A8430F9F652ACE8A0DBC7294BD112AAD49BD593769D0
Chrome Cache Entry: 174	gzip compressed data, from Unix, original size modulo 2^32 223282	B446C4F65DEE322A74A9F03902B4AA4F	333A47BADF236D2A5007A772C900FBE7C834DFC2	4D45285C1F380D825FB9AC1A813591BE2CFCA92B795AD4FF38A31A3E725EB199
Chrome Cache Entry: 175	ASCII text, with very long lines (1434), with no line terminators	428199CEE2F0EEB6B22877D19E9A5948	8904CC6022394076F644563F5AADCB999A23B9E5	9BB78787D230094E7B59FD220AF0A87160630712D25307D3DBEF05FB554A261F
Chrome Cache Entry: 176	JPEG image data, JFIF standard 1.02, aspect ratio, density 1x1, segment length 16, baseline, precision 8, 300x300, components 3	4D148F309A0B5B9E01277D880C0C421A	2B071F438ECE6E26DFC3EE93709AB1D9ADC2C412	4C0022D98D09910E05613E0C72D563A12597F813F85FDB512D8007F3AB8DF34C
Chrome Cache Entry: 177	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 178	Web Open Font Format (Version 2), CFF, length 42632, version 2.0	F37DD71E272C2E2A491B7F3E0BC3BC3B	74824DA964C79C9ACFB73D1F9501F6D2EEEB4373	419A069F2859715998EC2BEDA0659052F7E22469385CC25011C7ECBB97266719
Chrome Cache Entry: 181	gzip compressed data, from Unix, original size modulo 2^32 141825	07C728F081BF3ACDFF4FAB772665AA79	626EA7DB1CB087E31BBC52076F527535C19DA7FE	6476F117BD8B99967284B0AC5E64AF5016FD0F98C48F860E201D16B063999B1A
Chrome Cache Entry: 182	ASCII text, with very long lines (65536), with no line terminators	A0CE64213F4F6193A598DE1CDBAEA665	FEC9A873B214601198F7312BCB1BF99204014085	F0DFF86310E9D08A2D80DBE68BAE9367F8CD6CBD4B7D036F09B0702D035C7E8C
Chrome Cache Entry: 183	HTML document, ASCII text, with very long lines (617)	99210E7C2195DE81C0EEDF98787A69B3	7B26C66058385B60109AA6129C2161A399A6034D	5F75BFBFBF0C7CAC2C87D6CA5DE0661AEDC188B0900B6CEF5EFBAEA134B53302
Chrome Cache Entry: 184	gzip compressed data, from Unix, original size modulo 2^32 1819571	B8304EA01E11169821C7DC3083B7F5D4	0D789129D13BD8494DF6E3269DA6462F1A791EFE	A1DF0B7F0B76002B2A149C304DF7AA629A6B6729EF21289942939F62F1620FE4
Chrome Cache Entry: 185	PNG image data, 50 x 1155, 8-bit/color RGBA, non-interlaced	7846B2F8C6D0A7CA69FDD3D3C294E92D	E0BB021FFDF93C68FEF44DE2A3B08F378B6FB50A	40810B0318131F9BA52C83A17E633A0AC476ADE66EA8A914D6C4980571397665
Chrome Cache Entry: 187	ASCII text, with no line terminators	BCE74A066E68DD96B3B2540376EC6DBC	A28403B9557EE9ADA5CEF53311CDBA6B9444F9B3	3A1428F58A249E270186BCACA0B75F8B2BCC42324D711107791A9A343BD76BEA
Chrome Cache Entry: 189	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 190	gzip compressed data, from Unix, original size modulo 2^32 209447	EB24CBB5D291323AD08124508CC7CA18	613CDFF151C3EB9D3D925F0522E48AEA25AA3C41	9A28C00383D27BCF3EA4512ADDD2F5BCB84BBC5910B07520576D0E17EB318F29
Chrome Cache Entry: 196	HTML document, ASCII text, with very long lines (65080)	6CE97820B4BC613D05D5F51F664EFCA6	86E3AAE9D63C78214745F8CA5FCF65AEEDD492D2	81D27F6C1F60FA312B9C8056D904F4C132248F7760D32EC20AFD73DD4A4DA7A0
Chrome Cache Entry: 197	gzip compressed data, max compression, original size modulo 2^32 3242	806D9201A7BD5CB4545526D9BCFA9527	3AB241B33586DE172ADD76CAB7F26A3AFB6829F5	C52758BEDF1FE317CB8E01BD65CBC83997FD4BAD39BB95218D1F45585B9AFD80
Chrome Cache Entry: 198	Web Open Font Format (Version 2), TrueType, length 105804, version 1.0	007AD31A53F4AB3F58EE74F2308482CE	DFA9F8F3D79BF8A0001FE72EEADAD0490CBA59CC	152261291C938AA5AAD6A56D52B47FFCB893D1C0387E76D7F270A7382FF786D5
Chrome Cache Entry: 199	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 201	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 202	Web Open Font Format (Version 2), TrueType, length 98868, version 1.0	DC131113894217B5031000575D9DE002	F96348260751EA78B1D23E9557DB297290BDAF28	D612F1212B452AF07F1A5DEFB2B672E76A91F7139E7499FA48BB9B2B985C22D6
Chrome Cache Entry: 203	PNG image data, 48 x 48, 8-bit gray+alpha, non-interlaced	88E0F42C9FA4F94AA8BCD54D1685C180	5AD9D47A49B82718BAA3BE88550A0B3350270C42	89C62095126FCA89EA1511CF35B49B8306162946B0C26D6F60C5506C51D85992
Chrome Cache Entry: 204	ASCII text, with no line terminators	F3DFE1A46E91C1C5521B4ED0E336AE06	8112055ED07A442DD199C15A8B2C451A3E4B54E6	724FC56703E050F8625D033339E4C69746C05564BA34DF35003A34ED59432657
Chrome Cache Entry: 207	ASCII text, with very long lines (18026)	B6C546033517E98BCD9F15795CAA6358	3A2158811157E0D0C6A29A6AAA5472A186283B98	F49671129D0B86D684D6FD06C69A71603FA6338378F2E07640F8C769BABF78E6
Chrome Cache Entry: 208	MS Windows icon resource - 3 icons, 16x16 with PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced, 32 bits/pixel, 24x24 with PNG image data, 24 x 24, 8-bit/color RGBA, non-interlaced, 32 bits/pixel	156C2B030D103F44AE39CA515AD72512	C9B39FE343ECBAD1D57352AEBC27C18DB2FAEC0C	7907D74EF071D4568C5E51D55ADEFEFB76194F2E656320573D6B968941E3B6FD
Chrome Cache Entry: 209	gzip compressed data, from Unix, original size modulo 2^32 556	09E23C4A517A68FCFBF4DD0FE36AFF4A	BAAA1A92B99263ED2756DFB3CB43B2A1CBC82114	8CCA594D89F164A103404E944D3991E7B96F6F68D92DC70B8B72354AF00BFA95

Phishing

AI detected phishing page

AI detected phishing page (G)

Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	LLM: Score: 10 Reasons: The URL "0nline.babjeetrading.com" is suspicious. The number "0" is used in place of the letter "o", which is a common tactic used in phishing attacks to mimic legitimate URLs. The domain name "babjeetrading.com" does not appear to be related to Google or reCAPTCHA. The reCAPTCHA brand is owned by Google and is typically associated with the domain "google.com". The presence of only one input field, "I'm not a robot," is insufficient to determine the legitimacy of the site. reCAPTCHA often involves more complex challenges. The usage of a seemingly legitimate brand name like reCAPTCHA on a suspicious domain raises a strong concern for phishing. DOM: 1.4.pages.csv
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	LLM: Score: 10 Reasons: The URL contains a seemingly random subdomain (680c737c-daa070be) which is highly suspicious., The domain 'babjeetrading.com' does not match the typical format of Office 365 login pages., Office 365 is a well-known brand and a common target for phishing attacks., The presence of username and password fields is typical for login pages, which are often imitated in phishing attempts. DOM: 2.13.pages.csv

Yara detected HtmlPhish54

Source: Yara match

File source: 1.11.pages.csv, type: HTML

HTML body contains low number of good links

HTTP Parser: Number of links: 1

HTML page contains hidden javascript code

Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au

HTTP Parser: Base64 decoded: a[href="http://www.salidzini.lv/"][style="display: block; width: 88px; height: 31px; overflow: hidden; position: relative;"]

HTML title does not match URL

HTTP Parser: Title: MLC Life Insurance - Sign In does not match URL

URL contains potential PII (phishing indication)

Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au
Source: https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395	Sample URL: PII: grant.harpur@mlcinsurance.com.au

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: Iframe src: https://login-okta.babjeetrading.com/discovery/iframe.html

HTTP Parser: <input type="password" .../> found

Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://0nline.babjeetrading.com/?bond=grant.harpur@mlcinsurance.com.au	HTTP Parser: No favicon
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No favicon

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="author".. found

Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found
Source: https://680c737c-daa070be.babjeetrading.com/login/login.htm?fromURI=%2Fapp%2Foffice365%2Fexk1upv0r7yGSIhjl2p7%2Fsso%2Fwsfed%2Fpassive%3Flogin_hint%3Dgrant.harpur%2540mlcinsurance.com.au%26client-request-id%3D5903ec5b-ec60-4814-94a5-38491955f4e0%26username%3Dgrant.harpur%2540mlcinsurance.com.au%26wa%3Dwsignin1.0%26wtrealm%3Durn%3Afederation%3AMicrosoftOnline%26wctx%3Destsredirect%253D2%2526estsrequest%253DrQQIARAA42Kw0skoKSkottLXL8gvKknM0cvNTC7KL85PK8nPy8nMS9VLzs_Vyy9Kz0wBsYqEuASi3zBHJrwR8Ziy1MJTMvTLg1WMyoSN0L_AyPiCkXESk0J6UWJeiV5GYlFBaZFDbk5yZl5xKVAoGWJTYuktJkH_onTPlPBit9SU1KLEksz8vEfMBLVdYBF4xcJjwGzFwcElwCDBoMDwg4VxESvQvWusyn_bXWx0a9y98y73g36GU6z6AUVJlnne6dr5jib6qfkZxlHmJm65qflRjsGR_jnFAWl-oY5h5o4RxhEFkbZGVoYT2IQmsDGdYmP4wMbYwc4wi53hACfjAV6GH3y_H1-8Pev3rnceGwQYHggwAAA1	HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2

Detected non-DNS traffic on DNS port

Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53
Source: global traffic	TCP traffic: 192.168.2.16:52073 -> 1.1.1.1:53

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 192.229.211.108
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 4.245.163.56
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.10
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/html; charset=UTF-8Content-Length: 1255Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheSet-Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g; path=/Upgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 a5 56 6d 6f db 36 10 fe 9e 5f 71 d5 3e 38 2d 22 cb 4e d3 c6 6e 2c 0f a9 9b 62 2d da c4 58 dc a2 c5 30 04 94 78 b6 d8 50 a4 4a 52 7e d9 d0 ff be a3 24 27 8e ed 74 03 26 c0 30 c9 7b 7b ee 85 77 1c 3c 79 73 35 9a 7c 1d 5f 40 e6 72 39 3c 18 f8 3f 90 4c cd e2 00 55 e0 0f 90 f1 e1 01 d0 37 70 c2 49 1c 8e 99 e1 5a c1 55 69 e0 9d 72 68 4c 59 38 a1 d5 20 aa c9 07 35 6f 8e 8e 91 4e 57 84 f8 bd 14 f3 38 48 35 31 2b 17 ba 55 81 01 34 bb 38 70 b8 74 91 37 7a 06 69 c6 8c 45 17 7f 9a bc 0d 7b 01 44 c3 0d 4d 8a e5 18 07 73 81 8b 42 1b b7 21 bf 10 dc 65 31 c7 b9 48 31 ac 36 47 20 94 70 82 c9 d0 a6 4c 62 dc 3d 82 9c 2d 45 5e e6 eb 83 7b dd 1f 2f 26 e7 70 79 fe f1 22 0e 8c 4e b4 b3 01 8c ae 2e 27 17 97 93 38 50 5a 28 8e cb 23 50 7a aa a5 d4 8b 60 f8 98 6b 2c cd 30 f4 90 8c 96 1b d8 c8 6c c8 66 18 77 b6 9c f9 2f b2 4a 87 15 e9 27 a2 b8 2c 84 41 bb 21 f4 33 43 85 61 b3 9c 3d 66 a1 16 92 42 dd 82 41 19 07 d6 ad 24 da 0c 91 62 9d 19 9c c6 c1 af 37 a9 b5 37 39 13 2a d6 b7 c1 5a c2 a6 46 14 ae b6 e9 bf 69 a9 52 5f 0d 60 33 bd 78 2d 75 7a 3b a6 08 1c 3e 85 bf ef 58 fc c7 75 5a e6 84 a2 9d 68 be 6a a7 92 59 fb 41 58 d7 66 9c 1f b6 a4 66 1c 79 eb e9 d9 7e 91 19 ba 0b 89 7e 69 5f af 46 5e f4 92 8a e3 b0 2a 30 42 87 26 78 fa 47 e7 cf 76 e5 41 9b 0b 5b 48 b6 82 18 82 e0 5e df 8f 06 7d b4 09 bf f1 05 ac 49 bd b7 df 6c cc 2c 0f 86 f7 4c 83 a8 be 0b 03 0f 1a 2a d0 71 2b f1 3e 86 05 39 d9 22 0a 17 f3 35 e1 0e 4e eb 81 fa e1 ff f6 43 69 85 c1 d9 16 76 a5 9b ed 24 13 16 3c 1c ca 23 25 9e ea 03 de b3 39 bb ae a8 4f 06 d1 1d 63 13 82 0d c4 46 2f 5a cd f1 36 a9 29 1a 2a 1e 19 ca 59 78 5c 2d 6c 1e 1e b7 28 3e c4 37 7c 54 aa f2 24 9c 6a 93 22 6c 69 e9 ad b5 f4 5a c3 07 a9 1e 14 0f f7 fe 3b b7 b0 d2 25 2c d0 20 24 84 d4 0a 35 3b 02 ab a9 ce 33 5a 02 4b 74 e9 3c 8b a9 c9 68 e8 d6 73 84 d2 82 67 b8 ad a4 73 31 cb 1c 24 08 0c e8 b2 b7 61 92 79 75 cc ff 60 8a 0b 0a 19 b3 5a 55 12 b6 61 ce 58 51 a0 f2 3d 25 95 25 27 4b af 1e 42 8d b6 b0 0e 4a b9 0b 9e 2e d6 f0 ab 2e 5b 95 a1 42 93 13 84 cb 23 d4 73 8f dd 65 46 97 b3 ac 36 bb c0 c4 0a 87 b0 10 2e 03 5b 16 14 bd ac cc 19 dd a8 02 91 0f 22 52 f5 a8 fe 39 02 15 0a 4b 24 f2 8d ac 03 53 3c d2 86 a2 ad 6f 05 d5 83 50 75 9c c8 d2 3a 56 8f ab 3d f7 a8 0c a7 0a 37 6e 75 17 da 42 96 33 52 e3 4b cd e0 9c 72 ea dd d8 b0 38 35 3a 07 53 2a 45 e7 ed 5d e5 83 68 3b 4a fb 52 fe 3b 4e 29 3d 8a 0a e7 dd 9b 57 f0 cb f1 e9 c9 0b de eb f6 c3 d3 a4 cf c3 6e b7 c7 c2 17 d3 a4 1b 3e e7 2f 7b fd 4e a7 9f f4 5f a4 3b a9 d9 32 b2 ae 4c a5 1d dd 57 18 4b 4a b8 af cb bc 90 48 31 77 19 c2 28 63 52 a2 a2 Data Ascii: Vmo6_q>8-"Nn,b-X
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/css;charset=UTF-8Content-Length: 7321Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 c5 3d db b2 db 38 72 bf a2 cc d4 64 c7 3b a4 4c 51 a2 ae b5 9b 9d da 97 7d c8 ee 0f b8 fc 40 91 d0 11 d7 14 a9 90 94 cf f1 28 ca 9f a5 f2 49 f9 85 34 ee 8d 1b a9 b1 b3 b3 e3 b2 07 ea 6e 02 8d 6e 34 ba 01 02 cd 3f 55 97 6b db 0d b3 5b 57 ff f8 fe fd a9 6d 86 7e fe d2 b6 2f 35 c9 af 55 3f 2f da cb fb a2 ef ff ed 94 5f aa fa cb 1f fe 3d 1f da fd 32 49 a2 55 92 fc e7 5f 29 31 e9 ba 7c f8 d7 fe 76 ec c9 f0 87 3a 1f aa 26 62 ff c6 e4 6d 78 77 98 f7 5d dc 36 f5 97 a8 ff fc b2 6f da e1 c7 7d d7 b6 c3 bb 7b fb 99 74 a7 ba 7d dd 9f ab b2 24 cd e3 da 91 68 80 27 f2 8e e4 1a 99 df 86 f6 91 47 80 9c 15 6d 49 ee c7 bc f8 f4 d2 b5 b7 a6 8c 8b b6 6e bb fd d0 e5 4d 7f 85 87 9a e1 31 3f 0e 4d 34 a7 95 c4 4d fb da e5 d7 fb eb b9 1a 48 0c f8 82 ec 39 48 10 c1 3f 71 99 37 2f a4 9b e7 c5 50 7d 26 18 b4 37 40 e4 94 df ea 61 ee 81 19 74 55 73 6a e7 36 c0 a0 b8 76 d5 25 ef be cc 3d 30 83 ae bf 15 05 e9 fb b9 07 66 d0 bd e6 5d 53 35 2f 73 0f 4c d1 9d da ee 02 92 6a 86 ae ad a3 79 7b 25 cd 1f e7 65 d7 5e cb f6 b5 89 87 f6 05 94 8c 3a 3e 4a c1 fb 3c 46 42 7b 3c 86 17 9d 1d 23 11 fd 1c 23 11 5d c4 43 01 aa 7d a1 0a 6e c8 63 0e 43 8c dc e9 20 8e 5f 49 f5 72 1e f6 9b 24 39 f0 b1 f2 7d 92 24 ff c2 07 7b 4e 87 0b 95 0b 08 2a be 41 7b 43 35 d4 24 06 71 15 e4 2e a8 4f c7 d3 e6 b4 c1 64 bc de be fa 85 ec d3 f4 fa 26 50 55 43 3a f1 a4 33 3c bf 2f b2 e2 58 a4 87 6b 5e 96 54 2f b3 34 bb be 69 1e 0e 8f f3 70 a9 79 b5 dc be f6 da a4 0e b8 17 60 6d 87 f8 d2 c7 6c 74 53 0e e2 bc fc fb ad 1f f6 8b 24 f9 e1 00 54 c7 4f d5 e0 c7 3e f2 6e a8 8a 9a 44 79 5f 95 24 2a 09 b0 5c f7 d1 a9 7a 29 f2 eb 50 b5 0d 2d de c0 fc 4e 60 98 30 08 ce 24 2f e9 ff 68 47 ae 51 d5 5c 6f c3 87 e1 cb 95 fc e1 54 d5 e4 63 74 81 0e 47 17 d2 dc a2 26 ff 1c f5 a4 60 55 f4 b7 0b d5 ed bd ac fa 6b 9d 7f d9 1f eb b6 f8 f4 c8 6f 65 d5 46 45 de 7c ce 7b 30 e2 f6 a5 a3 ca fd 0c 6c b4 8a b2 6a 6a 90 60 cc 1e 38 80 dd 03 af 79 1d e7 75 f5 d2 ec 8f 79 4f 28 96 57 c4 a6 8f 0f 62 34 f7 1f df a9 2a a8 e6 0f 67 2e a8 e4 31 3f 43 17 a3 0f 7c 5e f9 08 93 ca 05 88 60 50 60 ea 47 2e b5 bc 4a b7 c7 22 3f 30 c9 95 a4 68 41 f0 d0 1f 41 24 ed 28 df 9f e9 94 74 6f 6f 03 65 07 1a 39 46 e5 10 b5 d7 81 0b a9 07 8e 60 48 5a c3 ee 51 9e 1a 31 64 86 2f 35 d9 57 03 f4 aa 78 80 9c 3e a1 91 02 03 ed 84 47 e8 03 66 52 10 e7 15 0d b6 4d f6 c3 81 09 49 f6 f1 70 6d fb 8a f1 d9 11 3a d7 7e 26 41 c9 b1 f9 ae ba bc dc 2d 82 0b 88 a7 26 0f da d0 d0 5e f7 f1 3c 23 17 da f4 fd d8 0e 43 7b 01 40 4a 21 f4 c9 63 db c1 80 80 4e 9f bb 7b 7c 69 7f 89 8f ed 1b 65 8c 0e 68 aa 0d 98 7b 29 48 8d c2 00 3a 00 56 7a fb 7d b4 cf 4f 74 00 ee 8f 04 cc 89 e0 a1 57 9c 49 f1 09 a8 3f 62 60 97 c3 a0 f8 78 f7 34 cb 39 e6 4c
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:24 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D\|~\|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!*XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl\|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]W'nW<BH>[J[]Q'q5hYJJ6Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF\|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 420Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 7d 52 4d 4b c3 40 10 bd f7 57 2c 28 ec 2e c8 52 c1 9b d4 82 e2 cd 93 28 1e eb 66 77 6a 56 92 dd b0 99 58 44 f3 df 9d 49 6a 6d 49 eb 1c 42 f2 e6 bd 37 5f 71 29 b6 28 5c 97 33 44 7c 7e 7c 10 0b 11 61 23 e8 4d 6d 42 f4 69 63 aa e4 2c 86 14 4d 99 61 ad af 67 6e 50 14 b6 85 91 fe 7a fe f5 27 37 29 87 b7 10 fb 03 ac b1 58 46 5b 43 ff fa ab a6 12 3b f1 d6 a9 5f ae de fd a2 48 e8 89 15 ea 26 65 54 23 4d 1b 2c 21 2a b5 2a b4 58 dc 88 55 41 2d 59 af f4 14 f7 80 e0 90 32 b3 df 54 1e 52 5f 33 41 11 d6 82 00 43 25 f4 16 e1 58 a7 2e fa db 44 aa 01 ea 05 54 2d ec e5 7d 72 5d 4d 83 18 0c 58 01 b5 2c 5f 6c 40 61 45 9d 06 d8 18 79 bd 23 73 6c d7 96 c1 13 b9 05 7c 0a 35 a4 0e 95 da 6b 65 3f a6 05 1e c1 87 4c 83 84 f8 36 b5 e7 18 97 b8 4e b9 26 fa 4e ef 32 58 84 fb 0a f8 4b 49 4e 4b 7d 4a 5c da b6 24 f1 f4 c8 8c 7f 7f 0b 29 35 8d d0 54 d6 81 92 67 f2 82 81 53 5e 21 36 1d fe d3 c9 90 97 7a a2 1e 70 c3 7f 06 4f cd 95 e5 09 0e 7e 36 23 27 78 0f f1 14 eb c3 56 1d d3 d8 69 42 e1 75 18 db 34 10 fd 5d 19 2a af 06 cd b4 a9 81 57 03 96 89 ef 27 9b d4 e2 91 0b 8c 6e 8e 57 c6 ac e5 8a ce bd b8 3c 42 dc ed a4 48 fe f3 a0 3e 5b d0 4a 8f 5b b7 5d 51 07 fa 27 0f 0d fb 0b 71 35 9f cf b7 68 cf cf 59 af 0d 9d ce 95 4a ff 00 4a 36 5a 81 cb 03 00 00 Data Ascii: }RMK@W,(.R(fwjVXDIjmIB7_q)(\3D\|~\|a#MmBic,MagnPz'7)XF[C;_H&eT#M,!*XUA-Y2TR_3AC%X.DT-}r]MX,_l@aEy#sl\|5ke?L6N&N2XKINK}J\$)5TgS^!6zpO~6#'xViBu4]W'nW<BH>[J[]Q'q5hYJJ6Z
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 4860Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 b5 3b 0d 73 db b6 92 7f 45 e6 74 7c e4 05 51 64 3b 6d e7 51 65 3d 89 e3 7c 5c 9d 26 63 a7 ed cd 69 74 1a 98 82 6c 36 12 a0 07 82 56 5c 89 ff fd ed e2 8b a0 44 d9 be 7b d3 99 36 22 16 8b c5 ee 62 b1 1f 00 7c 47 65 8f 65 b3 8a e7 aa 10 3c e6 44 25 6b c9 54 25 39 80 3f 5d ff c9 72 d5 2f 99 fa 2c 85 12 ea 7e c9 3e cd 36 9b f5 64 b2 c4 f6 64 92 8e c6 75 c1 4b 45 79 ce c4 ac f7 4a 4a 7a 7f 78 e8 a9 31 c2 93 35 eb 7b f4 8c d7 9b 4d bb 77 26 64 7c 07 3c a8 5e c1 7b 3c b1 33 2e dd 74 fd 5b 5a 7e 5a 71 98 7e c9 a4 ba ef e7 74 3e d7 4c 1e 1e c6 6c a4 c6 19 87 7f 92 9a 30 0d ac 87 8e 78 4f 93 27 8a 48 2f 0e 67 ab 58 6d 36 b1 ca 80 da a2 28 59 92 c4 b1 67 a6 20 02 98 71 a3 69 cc 92 b5 92 f7 eb 32 96 7d ce be 29 68 27 75 4e 55 7e 1b 03 d3 02 fe a9 6b 8f 5d 85 d8 ea 56 8a d5 83 e8 25 a2 a3 cc 7c c8 fa 53 c1 d9 69 11 b3 fe 1d 9d 57 2c 49 63 9e d9 6f c2 7b 81 6a d5 29 4f 41 82 9e 0a 78 06 32 0c 49 27 49 02 d3 32 1e 53 52 25 75 19 c7 32 93 7d ba 5c ce ef 51 09 9b cd 68 0c 08 5a 8a 04 91 1b 4e 94 59 03 ad 7f 22 09 e8 80 d0 6c 3d a7 d7 6c 9e 0e 48 c9 b8 4a fd 64 c9 ba 98 c5 47 87 c5 68 30 4e b4 8c bd 62 74 34 1e 5a e5 e2 77 4d 40 07 25 98 04 11 4b fc a9 5d a7 c8 d6 38 7b 5a c5 83 84 e8 b1 f0 79 94 10 d3 0d df c7 b0 82 91 9b 29 ca 32 5c 79 90 f9 ea 7e 71 2d e6 b0 d2 62 64 3e fb 85 62 92 2a 21 c7 59 c0 97 9d 45 dd 16 65 9d 10 31 0c d6 a5 f2 bd 1e bf dc 05 55 5a 36 65 c5 42 2d 7f 01 06 ce a5 04 db 8c de 31 6e e6 ec 15 65 8f ce 25 a3 d3 fb 1e fb c6 f2 4a 15 fc a6 1f 25 43 34 e1 a1 40 36 b3 01 a9 40 3f f0 49 b3 41 92 10 3a 4c d0 2c 90 78 76 44 24 c0 8b ec f8 10 51 4e 65 df 49 6f 5a 7a 6e b0 4e c0 70 5d 60 e3 85 31 78 99 90 41 92 1a 4b 04 e8 01 20 b9 1e 98 f0 08 97 17 ed 28 71 8b 31 2c 57 05 da 9e 04 86 0a 98 b5 ca 46 66 5a 52 18 db 1a 27 9a d1 64 9d d3 92 f5 06 a9 fe 39 4a 8b ac 1a 5e 83 84 5f 87 1a f0 32 b5 04 69 5f db c4 b3 67 64 ad 87 a7 38 29 c1 29 d3 83 a3 da 20 7f 9f 36 58 32 d3 08 30 ed 60 3c cc 05 07 4d 55 cc a0 fd 98 56 19 ed 83 81 f4 97 62 19 83 8a fa 68 34 a6 d1 a0 4e d9 8c 56 73 95 82 e6 50 58 83 44 b4 d8 73 c6 6f d4 ed cf 03 50 ce c8 b5 9e 83 0a 36 9b 1f 0e b2 cc a8 ff d8 7e 25 c9 1a 16 c2 93 ad 81 dc 49 e6 90 e2 83 62 b3 41 3e 7f 2e 74 1b 3f 7f 2a 46 27 7a 94 11 45 8b 61 34 82 63 7f f0 63 6d ff 4f 68 f6 0d 36 b6 88 d7 21 8e 28 42 d4 e3 16 ea f1 98 58 3d 54 e5 2d 98 a0 1b 04 1d 38 e8 11 0d d5 55 c6 8d 05 30 42 9d ab 01 d3 06 95 ff 40 ca 31 ac c0 a0 9e 15 1c 10 ee d7 2a 2b a0 05 dc 7c af 6d c0 9a 79 d5 ec 5e bf a8 60 89 08 4e ef 44 31 ed 0d ec 02 0f ea 3a 1e 55 40 14 7c 58 e3 3a a4 f1 af 66 e7 6c 36 c7 a0 1a 2a 6f aa 05 f8 8c d2 ae 4a e2 7c 3b 78 16 30 44 01 1c 9b 8e 61 f1 93 18 16 cf 9e 25 07 b
Source: global traffic	HTTP traffic detected: HTTP/1.1 200 OKDate: Sun, 13 Oct 2024 22:51:25 GMTContent-Type: text/javascript;charset=UTF-8Content-Length: 331Connection: keep-aliveServer: ApacheExpires: Thu, 19 Nov 1981 08:52:00 GMTCache-Control: no-store, no-cache, must-revalidatePragma: no-cacheUpgrade: h2Vary: Accept-EncodingContent-Encoding: gzipData Raw: 1f 8b 08 00 00 00 00 00 00 03 75 50 4d 4f 02 31 10 fd 2b a4 17 da 64 a9 89 de 84 e5 80 31 d1 44 13 13 f8 03 cd 74 a0 95 d2 59 db 59 91 10 fe bb 65 59 c0 83 5c fa 31 6f e6 bd 79 0f 28 66 1e 38 13 6d c0 54 5b 82 76 83 91 35 24 34 8c cf 01 8f 3f 29 32 24 df b0 50 e3 be 51 e7 04 b5 c8 ce 58 da ea 13 a8 3f b3 18 43 c7 96 79 17 f0 26 57 f0 71 5d 98 ba 26 9d 30 14 9e e3 33 3b 44 16 d5 a9 ec 12 2e af fc 1d ac 21 5f 04 ca c9 c6 c7 bf 0b af 90 7b 85 d9 ee d5 4a d1 fc 8c c0 34 0c ce 08 55 9d 88 ea cb 98 36 cc 06 dc bc 2b cb fd 86 2c 3e 0a 08 94 d1 8a 83 aa 9c 45 be 32 7f b5 98 76 73 0c 08 4c 49 0a 1f 9b 96 f5 b1 e5 18 47 b9 34 c5 a2 12 57 58 2f a9 8d 76 46 7c 8e 01 b9 6d 6a a9 ea e9 be 77 e2 63 11 7f 59 bc bf d5 42 f4 4b 69 d3 34 18 ed 93 f3 c1 ca 3e 5d f5 1f d6 a5 a0 0e e3 65 1b 81 3d c5 c1 59 4d aa 42 4f db 59 20 58 7f 98 15 ca cb f8 55 6e 38 b1 fe 7b 00 c1 e4 5c 62 5d 17 33 4c 71 14 c8 58 4c 62 3a b9 2b e8 74 78 5b b5 2a 56 16 7e 83 d4 b2 ec 5c 55 f7 f8 a0 0e bf 6c 5b 87 24 3c 02 00 00 Data Ascii: uPMO1+d1DtYYeY\1oy(f8mT[v5$4?)2$PQX?Cy&Wq]&03;D.!_{J4U6+,>E2vsLIG4WX/vF\|mjwcYBKi4>]e=YMBOY XUn8{\b]3LqXLb:+tx[*V~\Ul[$<

Source: global traffic	HTTP traffic detected: GET /?Mlcinsurance=grant.harpur@mlcinsurance.com.au HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?_css_main=ok HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/css,/;q=0.1Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveOrigin: http://aa.ns.agingbydesignministry.orgUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?_js=asdAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://aa.ns.agingbydesignministry.org/?Mlcinsurance=grant.harpur@mlcinsurance.com.auAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js=asd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_jd=botd HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g
Source: global traffic	HTTP traffic detected: GET /?_js_main=12 HTTP/1.1Host: aa.ns.agingbydesignministry.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=icvj9b40dm0btfiprfl8og9a5g

Source: global traffic	DNS traffic detected: DNS query: 60ms64xz.r.eu-west-1.awstrack.me
Source: global traffic	DNS traffic detected: DNS query: nym1-ib.adnxs.com
Source: global traffic	DNS traffic detected: DNS query: aa.ns.agingbydesignministry.org
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: 0nline.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 6afe6eac-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 7a77ef93-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: 680c737c-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: a609b987-daa070be.babjeetrading.com
Source: global traffic	DNS traffic detected: DNS query: login-okta.babjeetrading.com

Source: unknown

Source: global traffic

Source: unknown	Network traffic detected: HTTP traffic on port 52137 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52114 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52118
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52119
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52112
Source: unknown	Network traffic detected: HTTP traffic on port 52143 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52113
Source: unknown	Network traffic detected: HTTP traffic on port 52120 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52116
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52117
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52114
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52115
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52082
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52081
Source: unknown	Network traffic detected: HTTP traffic on port 52146 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52120
Source: unknown	Network traffic detected: HTTP traffic on port 52123 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52084
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52085
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52129
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52140 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52161 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52123
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52124
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52088
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52121
Source: unknown	Network traffic detected: HTTP traffic on port 52157 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52122
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52127
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52128
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52125
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52126
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52093
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52094
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52130
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52098
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52131
Source: unknown	Network traffic detected: HTTP traffic on port 52126 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52154 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52096
Source: unknown	Network traffic detected: HTTP traffic on port 52158 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52116 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52141 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52135 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52160 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52084 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52134
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52135
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52099
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52132
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52133
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52138
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52136
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52137
Source: unknown	Network traffic detected: HTTP traffic on port 52102 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52141
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52142
Source: unknown	Network traffic detected: HTTP traffic on port 52129 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52140
Source: unknown	Network traffic detected: HTTP traffic on port 52144 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52132 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52098 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 52113 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52138 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52145
Source: unknown	Network traffic detected: HTTP traffic on port 52155 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52146
Source: unknown	Network traffic detected: HTTP traffic on port 52121 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52143
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52144
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52149
Source: unknown	Network traffic detected: HTTP traffic on port 52081 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52147
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52148
Source: unknown	Network traffic detected: HTTP traffic on port 52149 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52124 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52152
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52153
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52150
Source: unknown	Network traffic detected: HTTP traffic on port 52152 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52118 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 52166 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 52162 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52133 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52156
Source: unknown	Network traffic detected: HTTP traffic on port 52156 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52157
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52154
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52155
Source: unknown	Network traffic detected: HTTP traffic on port 52082 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52158
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52159
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52160
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52164
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52161
Source: unknown	Network traffic detected: HTTP traffic on port 52127 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52153 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52162
Source: unknown	Network traffic detected: HTTP traffic on port 52096 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52130 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52115 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52165 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52136 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52167
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52168
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52165
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52166
Source: unknown	Network traffic detected: HTTP traffic on port 52101 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52150 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52122 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52147 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52168 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52093 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52112 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52164 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52106 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52088 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52125 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52148 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52119 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52167 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52094 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52159 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52134 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52117 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52142 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52101
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52102
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 52106
Source: unknown	Network traffic detected: HTTP traffic on port 52085 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52145 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52128 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52131 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 52099 -> 443

Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52082 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.190.159.4:443 -> 192.168.2.16:52113 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 2.23.209.140:443 -> 192.168.2.16:52117 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 4.245.163.56:443 -> 192.168.2.16:52129 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@25/41@36/223

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://60ms64xz.r.eu-west-1.awstrack.me/L0/https:%2F%2Fnym1-ib.adnxs.com%2Fclick2%3Fe=wqT_3QKhAfCBoQAAAAMAxBkFAQj1xf22BhCN5rHDq8rIsXYY6OvVqs3R1c9aIPXtswsoykEwhx04AkDV-qXwAUiY1VJQAFoDVVNEYgNVU0RorAJw-gF4kfdrgAG5zAOIAQGQAQGYAQWgAQKpAVM7_DVZo44_sQHWE0zrJXyFP7kBAAAAwMzM7D_BAREUDMkBUDsJKDDYAQDgAQDwAdEO-AEA%2Fs=555aa6e5683ce51c048a98b83e6a923b5a8d9a2c%2Fbcr=AAAAAAAA8D8=%2Fcnd=%25218hVjbgiv18IdENX6pfABGJjVUiAAKAAxmpmZmZmZuT86CU5ZTTI6NTI1NECoR0kAAAAAAADwP1EAAAAAAAAAAFkAAAAAAAAAAGEAAAAAAAAAAGkAAAAAAAAAAHEAAAAAAAAAAHgAiQEAAAAAAADwPw..%2Fcca=MzcxOSNOWU0yOjUyNTQ=%2Fbn=58937%2Fclickenc=http%253A%252F%252Faa.ns.agingbydesignministry.org%3FMlcinsurance=grant.harpur@mlcinsurance.com.au/1/0102019284444055-c8ec5399-450a-413f-acab-546e07ef32e7-000000/Qxx4uNY6H1RoEfFUkvzFba2SPik=395"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2212 --field-trial-handle=1720,i,8374593274894758696,2123169348789437923,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown

Source: Window Recorder

Window detected: More than 3 window changes detected

Stores files to the Windows start menu directory

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk

ID:	1532846
Product:	CloudBasic
Start time:	00:50:50
Start date:	14.10.2024
Cookbook:	defaultwindowsinteractivecookbook.jbs
System description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Architecture:	WINDOWS

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Boot Survival

Screenshots

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs