Windows Analysis Report
https://www.elastic.co/security-labs/elevate-your-threat-hunting?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=15000445268&linkId=626315843

Overview

General Information

Sample URL: https://www.elastic.co/security-labs/elevate-your-threat-hunting?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=15000445268&linkId=626315843
Analysis ID: 1539394
Infos:

Detection

Cuba, Latrodectus, UACMe, Xmrig
Score: 92
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Malicious sample detected (through community Yara rule)
Yara detected Cuba ransomware
Yara detected Latrodectus
Yara detected UACMe UAC Bypass tool
Yara detected Xmrig cryptocurrency miner
Contains functionality to create processes via WMI
Found strings related to Crypto-Mining
Phishing site detected (based on logo match)
Creates a DirectInput object (often for capturing keystrokes)
Detected non-DNS traffic on DNS port
HTML body contains password input but no form action
HTML body with high number of embedded images detected
Installs a raw input device (often for capturing keystrokes)
Stores files to the Windows start menu directory
Yara signature match

Classification

Name Description Attribution Blogpost URLs Link
Cuba Ransomware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.cuba
Name Description Attribution Blogpost URLs Link
Latrodectus, Latrodectus First discovered in October 2023, BLACKWIDOW is a backdoor written in C that communicates over HTTP using RC4 encrypted requests. The malware has the capability to execute discovery commands, query information about the victim's machine, update itself, as well as download and execute an EXE, DLL, or shellcode. The malware is believed to have been developed by LUNAR SPIDER, the creators of IcedID (aka BokBot) Malware. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.latrodectus
Name Description Attribution Blogpost URLs Link
UACMe A toolkit maintained by hfiref0x which incorporates numerous UAC bypass techniques for Windows 7 - Windows 10. Typically, components of this tool are stripped out and reused by malicious actors. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.uacme
Name Description Attribution Blogpost URLs Link
xmrig According to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information. No Attribution https://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig

Exploits

barindex
Source: Yara match File source: dropped/chromecache_355, type: DROPPED
Source: Yara match File source: dropped/chromecache_451, type: DROPPED

Phishing

barindex
Source: https://cloud.elastic.co/login?cta=cloud-registration&pg=security-labs&plcmt=navigation&tech=trial Matcher: Template: microsoft matched
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://cloud.elastic.co/login?cta=cloud-registration&pg=security-labs&plcmt=navigation&tech=trial HTTP Parser: <input type="password" .../> found but no <form action="...
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: Total embedded image size: 14578
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: <input type="password" .../> found
Source: https://cloud.elastic.co/login?cta=cloud-registration&pg=security-labs&plcmt=navigation&tech=trial HTTP Parser: <input type="password" .../> found
Source: https://www.elastic.co/security-labs/elevate-your-threat-hunting?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=15000445268&linkId=626315843 HTTP Parser: No favicon
Source: https://www.elastic.co/security-labs/elevate-your-threat-hunting?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=15000445268&linkId=626315843 HTTP Parser: No favicon
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: No favicon
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: No <meta name="author".. found
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: No <meta name="author".. found
Source: https://cloud.elastic.co/login?cta=cloud-registration&pg=security-labs&plcmt=navigation&tech=trial HTTP Parser: No <meta name="author".. found
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: No <meta name="copyright".. found
Source: https://cloud.elastic.co/registration?cta=cloud-registration&tech=trial&plcmt=navigation&pg=security-labs HTTP Parser: No <meta name="copyright".. found
Source: https://cloud.elastic.co/login?cta=cloud-registration&pg=security-labs&plcmt=navigation&tech=trial HTTP Parser: No <meta name="copyright".. found

Bitcoin Miner

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: dropped/chromecache_255, type: DROPPED
Source: Yara match File source: dropped/chromecache_452, type: DROPPED
Source: Yara match File source: dropped/chromecache_355, type: DROPPED
Source: Yara match File source: dropped/chromecache_451, type: DROPPED
Source: chromecache_355.2.dr String found in binary or memory: s crypto mining operations","slug":"invisible-miners-unveiling-ghostengine","date":"2024-05-22","description":"Elastic Security Labs has identified REF4578, an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining.","image":"ghostengine.jpg","tags":["ref4578","ghostengine","xmrig","crypto","hiddenshovel"],"body":{"raw":"\n## Preamble\n\nElastic Security Labs has identified an intrusion set incorporating several malicious modules and leveraging vulnerable drivers to disable known security solutions (EDRs) for crypto mining. Additionally, the team discovered capabilities to establish persistence, install a previously undocumented backdoor, and execute a crypto-miner. We refer to this intrusion set as REF4578 and the primary payload as GHOSTENGINE (tangental research by the team at Antiy has named parts of this intrusion set [HIDDENSHOVEL](https://www.antiy.com/response/HideShoveling.html)).\n\n## Key takeaways\n\n* Malware authors incorporated many contingency and duplication mechanisms\n* GHOSTENGINE leverages vulnerable drivers to terminate and delete known EDR agents that would likely interfere with the deployed and well-known coin miner\n* This campaign involved an uncommon amount of complexity to ensure both the installation and persistence of the XMRIG miner\n\n## Code analysis \n\n![REF4578 execution flow](/assets/images/invisible-miners-unveiling-ghostengine/image4.png \"REF4578 execution flow\")\n\nOn May 6, 2024, at 14:08:33 UTC, the execution of a PE file named `Tiworker.exe` (masquerading as the legitimate Windows `TiWorker.exe` file) signified the beginning of the REF4578 intrusion. The following alerts were captured in telemetry, indicating a known vulnerable driver was deployed.\n\n![REF4578 executes Tiworker to start the infection chain](/assets/images/invisible-miners-unveiling-ghostengine/image8.png \"REF4578 executes Tiworker to start the infection chain\")\n\nUpon execution, this file downloads and executes a PowerShell script that orchestrates the entire execution flow of the intrusion. Analysis revealed that this binary executes a hardcoded PowerShell command line to retrieve an obfuscated script, `get.png,` which is used to download further tools, modules, and configurations from the attacker C2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: chrome.exe Memory has grown: Private usage: 0MB later: 58MB
Source: global traffic TCP traffic: 192.168.2.5:62232 -> 1.1.1.1:53
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 184.28.90.27
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 23.1.237.91
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: global traffic HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic HTTP traffic detected: GET /cs/iubenda_cs.js HTTP/1.1Host: cdn.iubenda.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookie_solution/iubenda_cs/1.68.0/core-en.js HTTP/1.1Host: cdn.iubenda.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cs/iubenda_cs.js HTTP/1.1Host: cdn.iubenda.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookie-solution/confs/js/67332803.js HTTP/1.1Host: cs.iubenda.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookie_solution/iubenda_cs/1.68.0/core-en.js HTTP/1.1Host: cdn.iubenda.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /cookie-solution/confs/js/67332803.js HTTP/1.1Host: cs.iubenda.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/other-Win32-v19.bundle HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /ads/pixel.js HTTP/1.1Host: www.redditstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /e8eb94c57118720c.min.js HTTP/1.1Host: tag.demandbase.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/conversions-config/v1/pixel/config/a2_dzxpwixmjt9l_telemetry HTTP/1.1Host: www.redditstatic.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pixels/a2_dzxpwixmjt9l/config HTTP/1.1Host: pixel-config.reddit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/pixel.js HTTP/1.1Host: www.redditstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/v1/marketo/forms.js HTTP/1.1Host: marketo.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/pk_ec27dac96e63040fe28d23ffcf4a8453/tags.js HTTP/1.1Host: tag.clearbitscripts.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /elastic.co/deployment.js?367010150 HTTP/1.1Host: lift-ai-js.marketlinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/risk.js HTTP/1.1Host: risk.clearbit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/sync?exc=lr HTTP/1.1Host: s.company-target.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ads/conversions-config/v1/pixel/config/a2_dzxpwixmjt9l_telemetry HTTP/1.1Host: www.redditstatic.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pixels/a2_dzxpwixmjt9l/config HTTP/1.1Host: pixel-config.reddit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /ping.min.js HTTP/1.1Host: pixel.byspotify.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120600v4s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120402v21s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120609v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120608v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224902v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /bat.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /up_loader.1.1.0.js HTTP/1.1Host: js.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /uwt.js HTTP/1.1Host: static.ads-twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/pk_ec27dac96e63040fe28d23ffcf4a8453/tags.js HTTP/1.1Host: tag.clearbitscripts.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /elastic.co/deployment.js?367010150 HTTP/1.1Host: lift-ai-js.marketlinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /assets/v1/marketo/forms.js HTTP/1.1Host: marketo.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/fs.js HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://www.elastic.cosec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /seg?t=1&add=35414607 HTTP/1.1Host: secure.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /td/ga/rul?tid=G-Q7TEQDPTH5&gacid=1186234245.1729606219&gtm=45je4ah0v884236656z8865912973za200zb865912973&dma=0&gcd=13l3l3l3l1l1&npa=0&pscdl=noapi&aip=1&fledge=1&frm=0&tag_exp=101686685~101823847~101836706&z=570909134 HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/risk.js HTTP/1.1Host: risk.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rum?cm_dsp_id=18&expiry=1745331020&external_user_id=89c271cf-fe8d-4296-8ea0-21b6b50aebf6 HTTP/1.1Host: dsum-sec.casalemedia.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rp.gif?ts=1729606217419&id=a2_dzxpwixmjt9l&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e4601e69-da93-4459-b659-f9b25e2351d1&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_49267bce&dpm=&dpcc=&dprc= HTTP/1.1Host: alb.reddit.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /j/collect?t=dc&aip=1&_r=3&v=1&_v=j101&tid=UA-12395217-10&cid=1186234245.1729606219&jid=328704550&gjid=322953229&_gid=1652310353.1729606219&_u=YGBAiAABBAAAAG~&z=1491133104 HTTP/1.1Host: stats.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /e8eb94c57118720c.min.js HTTP/1.1Host: tag.demandbase.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /p/action/5425009.js HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sync?UIDM=89c271cf-fe8d-4296-8ea0-21b6b50aebf6 HTTP/1.1Host: partners.tremorhub.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120610v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /ping.min.js HTTP/1.1Host: pixel.byspotify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120613v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120611v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120612v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120614v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /464526.gif HTTP/1.1Host: id.rlcdn.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /api/v3/ip.json?referrer=&page=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&page_title=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs HTTP/1.1Host: api.company-target.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tuuid=89c271cf-fe8d-4296-8ea0-21b6b50aebf6; tuuid_lu=1729606220|ix:0|mctv:0|rp:0
Source: global traffic HTTP traffic detected: GET /bounce?%2Fseg%3Ft%3D1%26add%3D35414607 HTTP/1.1Host: secure.adnxs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: XANDR_PANID=fF2bIb9x5_QzM_m7CGVwiJ1oD9B0Op-UqaEAZUPr5WFKLikoYLWkbZW68G-YrMJ3JiApmRb49NxjGGe6qDcC6CoACoJW7ycj9kdycjr4Mg4.; receive-cookie-deprecation=1; uuid2=7278455667361881206
Source: global traffic HTTP traffic detected: GET /bg9s?x-amz-cf-id=W-P4527SEYYhv0yc-5ujevNHoPpFxf3AZScfTy1LxfbBAATHn-2hzQ==&api-version=v3 HTTP/1.1Host: tag-logger.demandbase.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /up_loader.1.1.0.js HTTP/1.1Host: js.adsrvr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f98fc1b5-b030-4ec9-9a57-b1666b52631b&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=a2d3e356-f909-400c-bd56-2b3c8a0c6af3&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&tw_iframe_status=0&txn_id=o50k2&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rum?cm_dsp_id=18&expiry=1745331020&external_user_id=89c271cf-fe8d-4296-8ea0-21b6b50aebf6&C=1 HTTP/1.1Host: dsum-sec.casalemedia.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CMID=ZxeyTdHM4T8AAFF.AFdvOAAA; CMPS=2381; CMPRO=2381
Source: global traffic HTTP traffic detected: GET /rp.gif?ts=1729606217419&id=a2_dzxpwixmjt9l&event=PageVisit&m.itemCount=undefined&m.value=&m.valueDecimal=undefined&m.currency=undefined&m.transactionId=&m.customEventName=&m.products=&m.conversionId=&uuid=e4601e69-da93-4459-b659-f9b25e2351d1&aaid=&em=&external_id=&idfa=&integration=gtm&opt_out=0&sh=1280&sw=1024&v=rdt_49267bce&dpm=&dpcc=&dprc= HTTP/1.1Host: alb.reddit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/settings/o-1YRR3Q-na1/v1/web HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /s/fs.js HTTP/1.1Host: edge.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f98fc1b5-b030-4ec9-9a57-b1666b52631b&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=a2d3e356-f909-400c-bd56-2b3c8a0c6af3&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&tw_iframe_status=0&txn_id=o50k2&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /a/gif.gif?actTypeId=31&cid=16579567&r=1729606220250&ref=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&version=2.4 HTTP/1.1Host: ibc-flow.techtarget.comConnection: keep-aliveibc_rate_tier: 16579567sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /en_US/fbevents.js HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v2/pk_ec27dac96e63040fe28d23ffcf4a8453/destinations.min.js HTTP/1.1Host: x.clearbitjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v2/pk_ec27dac96e63040fe28d23ffcf4a8453/tracking.min.js HTTP/1.1Host: x.clearbitjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/pk_ec27dac96e63040fe28d23ffcf4a8453/forms.js?page_path=%2Fsecurity-labs%2Felevate-your-threat-hunting HTTP/1.1Host: x.clearbitjs.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120615v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120616v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120618v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120617v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120619v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /action/0?ti=5425009&tm=gtm002&Ver=2&mid=60c74ae5-8a2a-450e-8d8c-2b7781052680&bo=1&sid=5eaf07f0907f11ef992dc30922caf242&vid=5eaf9660907f11efada93bbc6e9c2c12&vids=1&msclkid=N&uach=pv%3D10.0.0&pi=918639831&lg=en-US&sw=1280&sh=1024&sc=24&tl=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&p=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&r=&lt=12217&evt=pageLoad&sv=1&cdb=AQAA&rn=604117 HTTP/1.1Host: bat.bing.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /p/action/5425009.js HTTP/1.1Host: bat.bing.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /elastic.co/snippet.js?viewId=62108688 HTTP/1.1Host: lift-ai-js.marketlinc.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /signals/config/1636465863246433?v=2.9.172&r=stable&domain=www.elastic.co&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112 HTTP/1.1Host: connect.facebook.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /sync?UIDM=89c271cf-fe8d-4296-8ea0-21b6b50aebf6 HTTP/1.1Host: partners.tremorhub.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: tvid=34ee452118ab4656abe00e230670cdcf; tv_UIDM=89c271cf-fe8d-4296-8ea0-21b6b50aebf6
Source: global traffic HTTP traffic detected: GET /rules/rule120620v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120621v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120622v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/integrations?OrgId=o-1YRR3Q-na1&isInFrame=false&isNative=false HTTP/1.1Host: rs.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120624v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120623v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /s/settings/o-1YRR3Q-na1/v1/web HTTP/1.1Host: edge.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/ingest HTTP/1.1Host: pixels.spotify.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rum?cm_dsp_id=18&expiry=1745331020&external_user_id=89c271cf-fe8d-4296-8ea0-21b6b50aebf6&C=1 HTTP/1.1Host: dsum-sec.casalemedia.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: CMID=ZxeyTdHM4T8AAFF.AFdvOAAA; CMPS=2381; CMPRO=2381
Source: global traffic HTTP traffic detected: GET /a/gif.gif?actTypeId=31&cid=16579567&r=1729606220250&ref=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&version=2.4 HTTP/1.1Host: ibc-flow.techtarget.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: __cf_bm=XFO0HGYfv2ACwowzhvhKpVgE3HUSNlOKJbBNbQ5y73g-1729606220-1.0.1.1-UJBn0oaCaYKS_jFMs_WAhvXv_Pz8YUcjKPZoHJc2U.Z1sDQdlmldxcT86z_Rcwb47p_TBrULk7bmcc2dJBCHZw
Source: global traffic HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f98fc1b5-b030-4ec9-9a57-b1666b52631b&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=a2d3e356-f909-400c-bd56-2b3c8a0c6af3&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&tw_iframe_status=0&txn_id=o50k2&type=javascript&version=2.3.30 HTTP/1.1Host: t.coConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: muc_ads=93ce6e48-90df-4ce1-aa26-46d661235d3b; __cf_bm=7uJ7PK.tCRfI14pUganxirZVw7ciXoYmbX8J6SQBJDw-1729606222-1.0.1.1-A5dwyeBIDXnEXFH7cZpGV6.W9maytwJGyIvVnU2lH9BpDGvztY48wWzM9fP5dU45OUucThcI25O_vjzRzQjLiw
Source: global traffic HTTP traffic detected: GET /1/i/adsct?bci=4&eci=3&event=%7B%7D&event_id=f98fc1b5-b030-4ec9-9a57-b1666b52631b&integration=gtm&p_id=Twitter&p_user_id=0&pl_id=a2d3e356-f909-400c-bd56-2b3c8a0c6af3&tw_document_href=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&tw_iframe_status=0&txn_id=o50k2&type=javascript&version=2.3.30 HTTP/1.1Host: analytics.twitter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: guest_id_marketing=v1%3A172960622241312477; guest_id_ads=v1%3A172960622241312477; personalization_id="v1_axoexgmg7XK4s3GOKF/usg=="; guest_id=v1%3A172960622241312477
Source: global traffic HTTP traffic detected: GET /rules/rule120625v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/page HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /bounce?%2Fseg%3Ft%3D1%26add%3D35414607 HTTP/1.1Host: secure.adnxs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: uuid2=7278455667361881206; anj=dTM7k!M4/8CxrEQF']wIg2C%yoTKv`!]tbP6j2F-XstGt!@Dda$ov_r
Source: global traffic HTTP traffic detected: GET /bg9s?x-amz-cf-id=W-P4527SEYYhv0yc-5ujevNHoPpFxf3AZScfTy1LxfbBAATHn-2hzQ==&api-version=v3 HTTP/1.1Host: tag-logger.demandbase.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/fingerprint HTTP/1.1Host: risk.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120626v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /v2/pk_ec27dac96e63040fe28d23ffcf4a8453/destinations.min.js HTTP/1.1Host: x.clearbitjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v1/pk_ec27dac96e63040fe28d23ffcf4a8453/forms.js?page_path=%2Fsecurity-labs%2Felevate-your-threat-hunting HTTP/1.1Host: x.clearbitjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120627v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /datalayer/v4/latest.js HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rec/integrations?OrgId=o-1YRR3Q-na1&isInFrame=false&isNative=false HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120628v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /tr/?id=1636465863246433&ev=PageView&dl=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&rl=&if=false&ts=1729606223540&cd[referrer]=&sw=1280&sh=1024&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729606223537.276108119418112473&ler=empty&cdl=API_unavailable&it=1729606220815&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1636465863246433&ev=PageView&dl=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&rl=&if=false&ts=1729606223540&cd[referrer]=&sw=1280&sh=1024&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729606223537.276108119418112473&ler=empty&cdl=API_unavailable&it=1729606220815&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAttribution-Reporting-Eligible: trigger, event-source;navigation-sourceReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120629v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /signals/config/1636465863246433?v=2.9.172&r=stable&domain=www.elastic.co&hme=d82868061a8c707cd31395a3055e7449daa03bd520872727258c39e6af34523e&ex_m=70%2C120%2C106%2C110%2C61%2C4%2C99%2C69%2C16%2C96%2C88%2C51%2C54%2C171%2C174%2C186%2C182%2C183%2C185%2C29%2C100%2C53%2C77%2C184%2C166%2C169%2C179%2C180%2C187%2C130%2C41%2C34%2C142%2C15%2C50%2C193%2C192%2C132%2C18%2C40%2C1%2C43%2C65%2C66%2C67%2C71%2C92%2C17%2C14%2C95%2C91%2C90%2C107%2C52%2C109%2C39%2C108%2C30%2C93%2C26%2C167%2C170%2C139%2C85%2C56%2C83%2C33%2C73%2C0%2C94%2C32%2C28%2C82%2C87%2C47%2C46%2C86%2C37%2C11%2C12%2C13%2C6%2C7%2C25%2C22%2C23%2C57%2C62%2C64%2C75%2C101%2C27%2C76%2C9%2C8%2C80%2C48%2C21%2C103%2C102%2C104%2C97%2C10%2C20%2C3%2C38%2C74%2C19%2C5%2C89%2C81%2C44%2C35%2C84%2C2%2C36%2C63%2C42%2C105%2C45%2C79%2C68%2C111%2C60%2C59%2C31%2C98%2C58%2C55%2C49%2C78%2C72%2C24%2C112 HTTP/1.1Host: connect.facebook.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /elastic.co/snippet.js?viewId=62108688 HTTP/1.1Host: lift-ai-js.marketlinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /v2/pk_ec27dac96e63040fe28d23ffcf4a8453/tracking.min.js HTTP/1.1Host: x.clearbitjs.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/985891458/?random=1729606223851&cv=11&fst=1729606223851&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v895104880z8865912973za201zb865912973&gcd=13l3l3l3l1l1&dma=0&tag_exp=101686685~101823847~101836706&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&hn=www.googleadservices.com&frm=0&tiba=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&ga_uid=G-Q7TEQDPTH5.c8f01cf3-8dc7-4270-a93e-0f11c211f8c2&npa=0&pscdl=noapi&auid=17672680.1729606216&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=dmb_audience%3DBot&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /td/rul/985891458?random=1729606223851&cv=11&fst=1729606223851&fmt=3&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v895104880z8865912973za201zb865912973&gcd=13l3l3l3l1l1&dma=0&tag_exp=101686685~101823847~101836706&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&hn=www.googleadservices.com&frm=0&tiba=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&ga_uid=G-Q7TEQDPTH5.c8f01cf3-8dc7-4270-a93e-0f11c211f8c2&npa=0&pscdl=noapi&auid=17672680.1729606216&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=dmb_audience%3DBot HTTP/1.1Host: td.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: test_cookie=CheckForPermission
Source: global traffic HTTP traffic detected: GET /rules/rule120630v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /datalayer/v4/latest.js HTTP/1.1Host: edge.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120631v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120632v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120633v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120634v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /v1/p HTTP/1.1Host: app.clearbit.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /tr/?id=1636465863246433&ev=PageView&dl=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&rl=&if=false&ts=1729606223540&cd[referrer]=&sw=1280&sh=1024&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729606223537.276108119418112473&ler=empty&cdl=API_unavailable&it=1729606220815&coo=false&rqm=GET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120635v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /privacy_sandbox/pixel/register/trigger/?id=1636465863246433&ev=PageView&dl=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&rl=&if=false&ts=1729606223540&cd[referrer]=&sw=1280&sh=1024&v=2.9.172&r=stable&ec=0&o=4126&fbp=fb.1.1729606223537.276108119418112473&ler=empty&cdl=API_unavailable&it=1729606220815&coo=false&rqm=FGET HTTP/1.1Host: www.facebook.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /pagead/viewthroughconversion/985891458/?random=1729606223851&cv=11&fst=1729606223851&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v895104880z8865912973za201zb865912973&gcd=13l3l3l3l1l1&dma=0&tag_exp=101686685~101823847~101836706&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&hn=www.googleadservices.com&frm=0&tiba=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&ga_uid=G-Q7TEQDPTH5.c8f01cf3-8dc7-4270-a93e-0f11c211f8c2&npa=0&pscdl=noapi&auid=17672680.1729606216&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=dmb_audience%3DBot&rfmt=3&fmt=4 HTTP/1.1Host: googleads.g.doubleclick.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUnOr2SUmF7xNheUALE_WUa49CiLUPsxzeO5U7hkyFLQDS2WKjSvdhuDM63B
Source: global traffic HTTP traffic detected: GET /pagead/1p-user-list/985891458/?random=1729606223851&cv=11&fst=1729605600000&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v895104880z8865912973za201zb865912973&gcd=13l3l3l3l1l1&dma=0&tag_exp=101686685~101823847~101836706&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&hn=www.googleadservices.com&frm=0&tiba=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&ga_uid=G-Q7TEQDPTH5.c8f01cf3-8dc7-4270-a93e-0f11c211f8c2&npa=0&pscdl=noapi&auid=17672680.1729606216&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=dmb_audience%3DBot&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfdI56CN-Y_sqrmhJONZscTUmmkshTM0_12j_FwyNV4R8qexm_&random=496018591&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120636v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /visitor-scoring HTTP/1.1Host: visitor-scoring-new.marketlinc.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120637v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120638v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120639v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120642v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120641v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120640v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=o-1YRR3Q-na1&UserId=5991464404463616&SessionId=2263100182742291018&PageId=1181149337488990652&Seq=1&ClientTime=1729606225462&PageStart=1729606223354&PrevBundleTime=0&LastActivity=1251&IsNewSession=true&ContentEncoding=gzip HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120644v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120643v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /track/up?adv=bciceyi&ref=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&upid=46vcaz5&upv=1.1.0&paapi=1 HTTP/1.1Host: insight.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120645v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120647v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120646v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /pagead/1p-user-list/985891458/?random=1729606223851&cv=11&fst=1729605600000&bg=ffffff&guid=ON&async=1&gtm=45be4ah0v895104880z8865912973za201zb865912973&gcd=13l3l3l3l1l1&dma=0&tag_exp=101686685~101823847~101836706&u_w=1280&u_h=1024&url=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&hn=www.googleadservices.com&frm=0&tiba=Elevate%20Your%20Threat%20Hunting%20with%20Elastic%20%E2%80%94%20Elastic%20Security%20Labs&ga_uid=G-Q7TEQDPTH5.c8f01cf3-8dc7-4270-a93e-0f11c211f8c2&npa=0&pscdl=noapi&auid=17672680.1729606216&uaa=x86&uab=64&uafvl=Google%2520Chrome%3B117.0.5938.132%7CNot%253BA%253DBrand%3B8.0.0.0%7CChromium%3B117.0.5938.132&uamb=0&uam=&uap=Windows&uapv=10.0.0&uaw=0&fledge=1&data=dmb_audience%3DBot&rfmt=3&fmt=3&is_vtc=1&cid=CAQSKQDpaXnfdI56CN-Y_sqrmhJONZscTUmmkshTM0_12j_FwyNV4R8qexm_&random=496018591&rmt_tld=0&ipr=y HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120648v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120649v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /track/upb/?adv=bciceyi&ref=https%3A%2F%2Fwww.elastic.co%2Fsecurity-labs%2Felevate-your-threat-hunting%3Futm_source%3Dorganic-social%26utm_medium%3Dtwitter%26utm_campaign%3Desl%3A_threat_research_esl_blog_post%26utm_content%3D15000445268%26linkId%3D626315843&upid=46vcaz5&upv=1.1.0&paapi=1 HTTP/1.1Host: match.adsrvr.orgConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TDID=33966d44-00b1-476d-aed8-59d1e78fe114
Source: global traffic HTTP traffic detected: GET /rules/rule120651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120652v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120654v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120653v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=o-1YRR3Q-na1&UserId=5991464404463616&SessionId=2263100182742291018&PageId=1181149337488990652&Seq=2&ClientTime=1729606227951&PageStart=1729606223354&PrevBundleTime=1729606226955&LastActivity=3745&IsNewSession=true&ContentEncoding=gzip HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule120656v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120657v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120655v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120659v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120658v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /universal_pixel.1.1.0.js HTTP/1.1Host: js.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://match.adsrvr.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TDID=33966d44-00b1-476d-aed8-59d1e78fe114; TDCPM=CAESFQoGZ29vZ2xlEgsIruCGnKqruT0QBRIWCgdydWJpY29uEgsIloCHnKqruT0QBRIXCghhcHBuZXh1cxILCPagh5yqq7k9EAUYBSgDMgsIoriJycCruT0QBUIPIg0IARIJCgV0aWVyMxABWgdiY2ljZXlpYAE.
Source: global traffic HTTP traffic detected: GET /rules/rule120660v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120661v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120662v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120663v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120664v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /universal_pixel.1.1.0.js HTTP/1.1Host: js.adsrvr.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TDID=33966d44-00b1-476d-aed8-59d1e78fe114; TDCPM=CAESFQoGZ29vZ2xlEgsIruCGnKqruT0QBRIWCgdydWJpY29uEgsIloCHnKqruT0QBRIXCghhcHBuZXh1cxILCPagh5yqq7k9EAUYBSgDMgsIoriJycCruT0QBUIPIg0IARIJCgV0aWVyMxABWgdiY2ljZXlpYAE.
Source: global traffic HTTP traffic detected: GET /pixel?google_nid=TheTradeDesk&google_cm&google_sc&google_hm=MzM5NjZkNDQtMDBiMS00NzZkLWFlZDgtNTlkMWU3OGZlMTE0&gdpr=0&gdpr_consent=&ttd_tdid=33966d44-00b1-476d-aed8-59d1e78fe114 HTTP/1.1Host: cm.g.doubleclick.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://match.adsrvr.org/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: IDE=AHWqTUnOr2SUmF7xNheUALE_WUa49CiLUPsxzeO5U7hkyFLQDS2WKjSvdhuDM63B
Source: global traffic HTTP traffic detected: GET /track/pxl/?adv=bciceyi&ct=0:l8nmulj&fmt=3 HTTP/1.1Host: insight.adsrvr.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: TDID=33966d44-00b1-476d-aed8-59d1e78fe114; TDCPM=CAESFQoGZ29vZ2xlEgsIruCGnKqruT0QBRIWCgdydWJpY29uEgsIloCHnKqruT0QBRIXCghhcHBuZXh1cxILCPagh5yqq7k9EAUYBSgDMgsIoriJycCruT0QBUIPIg0IARIJCgV0aWVyMxABWgdiY2ljZXlpYAE.
Source: global traffic HTTP traffic detected: GET /rules/rule120669v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120666v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120665v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120668v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120667v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120671v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120670v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120672v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120674v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120673v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120677v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120676v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120678v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120679v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120675v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120680v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120682v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120602v10s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120601v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120681v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224901v11s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700400v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700401v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703901v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703351v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703350v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703501v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701801v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703500v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701800v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703401v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703400v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700500v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701351v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701350v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700501v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /recaptcha/enterprise.js?render=6Lc2djseAAAAAJ6EDjg36g1PXoo8VjUwNXrOyKR5 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://cloud.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /eval/614cd9082d277e0ccfbd7420/eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiNmVkOWQyNzAtOTA3Zi0xMWVmLTgzZGItNjcyM2QzZDIzNDkyIn0 HTTP/1.1Host: clientstream.launchdarkly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/event-streamCache-Control: no-cachesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://cloud.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cloud.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule700750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /s/settings/G3PDG/v1/web HTTP/1.1Host: edge.fullstory.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://cloud.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cloud.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule703450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /s/settings/G3PDG/v1/web HTTP/1.1Host: edge.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rec/page HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule702651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /recaptcha/enterprise.js?render=6Lc2djseAAAAAJ6EDjg36g1PXoo8VjUwNXrOyKR5 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule702900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703601v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703600v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703851v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703850v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703801v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703701v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703800v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703700v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703751v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=1&PageStart=1729606250691&PrevBundleTime=0&LastActivity=855&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule703750v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704051v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704050v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /recaptcha/enterprise/anchor?ar=1&k=6Lc2djseAAAAAJ6EDjg36g1PXoo8VjUwNXrOyKR5&co=aHR0cHM6Ly9jbG91ZC5lbGFzdGljLmNvOjQ0Mw..&hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=q8red0knj2fm HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://cloud.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule701701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702051v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702050v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703651v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703650v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703151v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703150v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703951v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=2&PageStart=1729606250691&PrevBundleTime=1729606253676&LastActivity=1598&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule703950v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700001v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700000v2s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701850v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701851v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703051v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703050v3s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2djseAAAAAJ6EDjg36g1PXoo8VjUwNXrOyKR5&co=aHR0cHM6Ly9jbG91ZC5lbGFzdGljLmNvOjQ0Mw..&hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=q8red0knj2fmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/bg/YAeXDIeLrqaTuqvHjT8o32uxA5ggKcNoyH5bEzCB0AA.js HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6Lc2djseAAAAAJ6EDjg36g1PXoo8VjUwNXrOyKR5&co=aHR0cHM6Ly9jbG91ZC5lbGFzdGljLmNvOjQ0Mw..&hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR&size=invisible&cb=q8red0knj2fmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule700101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700951v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700950v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=lqsTZ5beIbCkK4uGEGv9JmUR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule703551v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703550v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702701v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=3&PageStart=1729606250691&PrevBundleTime=1729606256915&LastActivity=3332&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /js/bg/YAeXDIeLrqaTuqvHjT8o32uxA5ggKcNoyH5bEzCB0AA.js HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*X-Client-Data: CIe2yQEIprbJAQipncoBCMDdygEIlKHLAQiFoM0BCOnFzQEIucrNAQiK080BGI/OzQEYwtjNARjrjaUXSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule702700v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701901v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701900v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704001v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704000v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702401v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702400v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701551v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701550v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700301v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700300v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702001v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702000v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702601v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702600v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703201v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703200v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700251v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700250v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule700650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703301v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule703300v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701751v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701750v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701651v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=4&PageStart=1729606250691&PrevBundleTime=1729606261922&LastActivity=4908&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule701650v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702451v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule702450v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701101v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule701100v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120128v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120603v8s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120607v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230104v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230157v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230158v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /eval/614cd9082d277e0ccfbd7420/eyJhbm9ueW1vdXMiOnRydWUsImtpbmQiOiJ1c2VyIiwia2V5IjoiNmVkOWQyNzAtOTA3Zi0xMWVmLTgzZGItNjcyM2QzZDIzNDkyIn0 HTTP/1.1Host: clientstream.launchdarkly.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: text/event-streamCache-Control: no-cachesec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://cloud.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://cloud.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule230162v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230164v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230165v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230166v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230167v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230168v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230169v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230170v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230171v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230172v1s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230173v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule230174v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule224900v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule120119v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704101v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704100v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704201v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=5&PageStart=1729606250691&PrevBundleTime=1729606266887&LastActivity=1022&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: GET /rules/rule704200v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704151v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule704150v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rules/rule226009v0s19.xml HTTP/1.1Connection: Keep-AliveAccept-Encoding: gzipUser-Agent: Microsoft Office/16.0 (Windows NT 10.0; 16.0.16827; Pro)Host: otelrules.azureedge.net
Source: global traffic HTTP traffic detected: GET /rec/bundle?OrgId=G3PDG&UserId=6613073561595904&SessionId=6430909721762529254&PageId=899233927892021987&Seq=6&PageStart=1729606250691&PrevBundleTime=1729606272642&LastActivity=5999&IsNewSession=true HTTP/1.1Host: rs.fullstory.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: |\n\nLast year at Black Hat Asia 2023 ([abstract](https://www.blackhat.com/asia-23/briefings/schedule/#ppldump-is-dead-long-live-ppldump-31052), [slides](http://i.blackhat.com/Asia-23/AS-23-Landau-PPLdump-Is-Dead-Long-Live-PPLdump.pdf), [recording](https://www.youtube.com/watch?v=5xteW8Tm410)), we disclosed a vulnerability in the Windows kernel, showing how bad assumptions in paging can be exploited to inject code into PPL, defeating security features like [LSA](https://learn.microsoft.com/en-us/windows-server/security/credentials-protection-and-management/configuring-additional-lsa-protection) & [Anti-Malware Process Protection](https://learn.microsoft.com/en-us/windows/win32/services/protecting-anti-malware-services-). The attack leveraged False File Immutability assumptions for DLLs in PPLs, as we just described, though we hadn equals www.youtube.com (Youtube)
Source: chromecache_456.2.dr, chromecache_304.2.dr String found in binary or memory: c?"runIfCanceled":"runIfUncanceled",[]);if(!g.length)return!0;var k=SA(a,c,e);V(121);if(k["gtm.elementUrl"]==="https://www.facebook.com/tr/")return V(122),!0;if(d&&f){for(var m=Lb(b,g.length),n=0;n<g.length;++n)g[n](k,m);return m.done}for(var p=0;p<g.length;++p)g[p](k,function(){});return!0},VA=function(){var a=[],b=function(c){return qb(a,function(d){return d.form===c})};return{store:function(c,d){var e=b(c);e?e.button=d:a.push({form:c,button:d})},get:function(c){var d=b(c);return d?d.button:null}}}, equals www.facebook.com (Facebook)
Source: chromecache_351.2.dr String found in binary or memory: oz](https://twitter.com/pwntester/status/1471465662975561734), who identified that while the default setting formatMsgNoLookups was accurately set to true, there were alternative locations for lookups to take place. Technical details are still unfolding from the community, however the Log4j2 team shared the following message within their security updates:\n\n_The reason these measures are insufficient is that, in addition to the Thread Context attack vector mentioned above, there are still code paths in Log4j where message lookups could occur: known examples are applications that use Logger.printf(\"%s\", userInput), or applications that use a custom message factory, where the resulting messages do not implement StringBuilderFormattable. There may be other attack vectors._\n\n_The safest thing to do is to upgrade Log4j to a safe version, or remove the JndiLookup class from the log4j-core jar._ [_Reference here_](https://logging.apache.org/log4j/2.x/security.html)\n\nGiven this new information, and readily available[POCs](https://twitter.com/marcioalm/status/1471740771581652995) available for exploitation, the Apache team has recommended those impacted upgrade to the latest, safe version of Log4j2, or alternatively remove the JndiLookup class from the log4j-core jar.\n\nElastic Security has observed many threat actors and benign scanners leveraging this new methodology already in some edge environments, with payloads incorporating previous attack methodologies such as key extraction attempts and base64 encoded payloads:\n\n![A preview of the rapid acceleration of scanning attempts adopting this new vulnerability](/assets/images/analysis-of-log4shell-cve-2021-45046/scanning-attempts-vulnerability.jpg)\n\nWe anticipate adding further details as we learn them, and thank the team at lunasec specifically for providing a [detailed, early summary](https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/) of this emerging situation, and of course, provide kudos to [Alvaro Mu equals www.twitter.com (Twitter)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: re proud of. Importantly, we partnered closely with [Dhrumil Patel](https://www.linkedin.com/in/pateldhrumil/), our product management lead, and [Jen Ellard,](https://twitter.com/jellard8) security product marketing lead, for the [Threat Report](https://www.elastic.co/explore/security-without-limits/global-threat-report) effort to make sure our points were clear and meaningful to our user base.\n\nAll of that brought us to the end of our eight week plan to develop the report. By late August, we were largely pencils-down on the content but far from done. We equals www.linkedin.com (Linkedin)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: re proud of. Importantly, we partnered closely with [Dhrumil Patel](https://www.linkedin.com/in/pateldhrumil/), our product management lead, and [Jen Ellard,](https://twitter.com/jellard8) security product marketing lead, for the [Threat Report](https://www.elastic.co/explore/security-without-limits/global-threat-report) effort to make sure our points were clear and meaningful to our user base.\n\nAll of that brought us to the end of our eight week plan to develop the report. By late August, we were largely pencils-down on the content but far from done. We equals www.twitter.com (Twitter)
Source: chromecache_357.2.dr, chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: return b}jD.F="internal.enableAutoEventOnTimer";var hc=la(["data-gtm-yt-inspected-"]),lD=["www.youtube.com","www.youtube-nocookie.com"],mD,nD=!1; equals www.youtube.com (Youtube)
Source: chromecache_455.2.dr String found in binary or memory: return function(a,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var b=f.getFbeventsModules("signalsFBEventsGetTier"),c=d();function d(){try{if(a.trustedTypes&&a.trustedTypes.createPolicy){var b=a.trustedTypes;return b.createPolicy("facebook.com/signals/iwl",{createScriptURL:function(a){var b=new URL(a);b=b.hostname.endsWith(".facebook.com")&&b.pathname=="/signals/iwl.js";if(!b)throw new Error("Disallowed script URL");return a}})}}catch(a){}return null}e.exports=function(a,d){d=b(d);d=d==null?"www.facebook.com":"www."+d+".facebook.com";d="https://"+d+"/signals/iwl.js?pixel_id="+a;if(c!=null)return c.createScriptURL(d);else return d}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_455.2.dr String found in binary or memory: return function(f,b,c,d){var e={exports:{}};e.exports;(function(){"use strict";var a=/^https:\/\/www\.([A-Za-z0-9\.]+)\.facebook\.com\/tr\/?$/,b=["https://www.facebook.com/tr","https://www.facebook.com/tr/"];e.exports=function(c){if(b.indexOf(c)!==-1)return null;var d=a.exec(c);if(d==null)throw new Error("Malformed tier: "+c);return d[1]}})();return e.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_455.2.dr String found in binary or memory: return function(f,g,h,i){var j={exports:{}};j.exports;(function(){"use strict";var a={ENDPOINT:"https://www.facebook.com/tr/",INSTAGRAM_TRIGGER_ATTRIBUTION:"https://www.instagram.com/tr/",AEM_ENDPOINT:"https://www.facebook.com/.well-known/aggregated-event-measurement/",GPS_ENDPOINT:"https://www.facebook.com/privacy_sandbox/pixel/register/trigger/",TOPICS_API_ENDPOINT:"https://www.facebook.com/privacy_sandbox/topics/registration/"};j.exports=a})();return j.exports}(a,b,c,d)}); equals www.facebook.com (Facebook)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: s ES|QL queries\n - Recovery of approximately 80% of its configuration fields\n - Recovery of about 90% of its C2 commands\n - Sample virtual addresses under each IDA Pro screenshot\n - And more!\n \n![REMCOS execution diagram](/assets/images/dissecting-remcos-rat-part-one/image77.png)\n\n\nFor any questions or feedback, feel free to reach out to us on social media [@elasticseclabs](https://twitter.com/elasticseclabs) or in the Elastic [Community Slack](https://elasticstack.slack.com).\n\n### Loading the configuration\n\nThe REMCOS configuration is stored in an encrypted blob within a resource named ```SETTINGS```. This name appears consistent across different versions of REMCOS.\n\n![REMCOS config stored in encrypted SETTINGS resource](/assets/images/dissecting-remcos-rat-part-one/image29.png)\n\n\nThe malware begins by loading the encrypted configuration blob from its resource section.\n\n![0x41B4A8 REMCOS loads its encrypted configuration from resources](/assets/images/dissecting-remcos-rat-part-one/image40.png)\n\n\nTo load the encrypted configuration, we use the following Python script and the [Lief](https://pypi.org/project/lief/) module.\n\n```\nimport lief\n\ndef read_encrypted_configuration(path: pathlib.Path) -> bytes | None:\n\tif not (pe := lief.parse(path)):\n \t\treturn None\n\n\tfor first_level_child in pe.resources.childs:\n \t\tif first_level_child.id != 10:\n \t\tcontinue\n\n \tfor second_level_child in first_level_child.childs:\n \t\tif second_level_child.name == \"SETTINGS\":\n \t\t\treturn bytes(second_level_child.childs[0].content)\n```\n\nWe can confirm that version 4.9.3 maintains the same structure and decryption scheme as previously described by [Fortinet researchers](https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing):\n\n![Fortinet reported structure and decryption scheme](/assets/images/dissecting-remcos-rat-part-one/image55.png)\n\n\nWe refer to the equals www.twitter.com (Twitter)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: s attempt to fire an alert by replicating this activity. For this, we simply log into our Okta admin console from the same device with multiple user accounts.\n\nAs we can see, we now have an alert for this custom rule!\n\n![Triggered alert for events matching custom detection rule](/assets/images/monitoring-okta-threats-with-elastic-security/image4.png)\n\n_Image 22: Triggered alert for events matching custom detection rule_\n\n## Bonus: synchronize Active Directory (AD)\n\nAs discussed in our [previous Okta installation](https://www.elastic.co/security-labs/starter-guide-to-understanding-okta), a core service offering in Okta is to synchronize with third-party IAM directory services such as AD, Google Workspace, and others. Doing so in your lab can enable further threat detection capabilities as cross-correlation between Windows logs and Okta for users would be possible. For this article, we will step through synchronizing with AD on a local Windows Server. Note - We recommend deploying a Windows Elastic Agent to your Windows Server and setting up the [Windows](https://docs.elastic.co/en/integrations/windows) and [Elastic Defend](https://www.elastic.co/guide/en/security/current/install-endpoint.html) integrations for additional log ingestion.\n\n 1. [Setup](https://www.linkedin.com/pulse/how-install-active-directory-domain-services-windows-server-2019-/) your Windows Server (we are using WinServer 2019)\n 2. Deploy the Okta AD agent from your Okta admin console\n a. Directory > Directory Integrations\n b. Add Directory > Add Active Directory\n 3. Walk through guided steps to install Okta AD agent on Windows Server\n a. Execution of the Okta Agent executable will require a setup on the Windows Server side as well\n 4. Confirm Okta AD agent was successfully deployed\n 5. Synchronize AD with Okta\n a. Directory > Directory Integrations\n b. Select new AD integration\n c. elect equals www.linkedin.com (Linkedin)
Source: chromecache_356.2.dr, chromecache_408.2.dr String found in binary or memory: s own [James Spiteri](https://www.linkedin.com/in/jamesspiteri/), you can immediately dive into an Elastic Cloud Stack and learn using the [EQLPlaygound](<https://eqlplayground.io/s/eqldemo/app/security/timelines/default?sourcerer=(default:(id:security-solution-eqldemo,selectedPatterns:!(eqldemo,%27logs-endpoint.*-eqldemo%27,%27logs-system.*-eqldemo%27,%27logs-windows.*-eqldemo%27,metricseqldemo)))&timerange=(global:(linkTo:!(),timerange:(from:%272022-05-29T22:00:00.000Z%27,fromStr:now%2Fd,kind:relative,to:%272022-05-30T21:59:59.999Z%27,toStr:now%2Fd)),timeline:(linkTo:!(),timerange:(from:%272022-04-17T22:00:00.000Z%27,kind:absolute,to:%272022-04-18T21:59:59.999Z%27)))&timeline=(activeTab:eql,graphEventId:%27%27,id:%279844bdd4-4dd6-5b22-ab40-3cd46fce8d6b%27,isOpen:!t)>). The playground takes advantage of the native Security [Timeline](https://www.elastic.co/guide/en/security/current/timelines-ui.html) correlation capabilities, and provides notes to enable learning EQL. The playground is a publicly available Elastic Security instance, pre-populated with suspicious events generated from a Sofacy group [payload](https://unit42.paloaltonetworks.com/unit42-sofacy-attacks-multiple-government-entities/). The only thing you need to access the site is a browser!\n\n![EQLPlayground](/assets/images/handy-elastic-tools-for-the-enthusiastic-detection-engineer/image3.png)\n\nEssentially, you equals www.linkedin.com (Linkedin)
Source: chromecache_356.2.dr, chromecache_408.2.dr String found in binary or memory: s ruleset is by launching RTA scripts that simulate threat behaviors. If you are unfamiliar with RTA, it is an open-source tool used by TRaDE to generate suspicious activity and unit test rules across multiple Stack releases. We encourage you to check out the [2018 post](https://www.elastic.co/blog/introducing-endgame-red-team-automation) by [Devon Kerr,](https://www.linkedin.com/in/devonkerr/) which introduced the capability.\n\nSometimes folks ask our team for sample data, methods to generate suspicious events to baseline configurations, or a testing environment with many alerts already generated in the Elastic Stack. We also regression test rules to validate new features added to the SIEM or Endpoint agent, any modifications based on rule tuning, or for maintenance. This process can become time-consuming with hundreds of rules to test across multiple Stack versions.\n\nIn the latest 8.4 dev cycle, we spent some time generating new macOS, Linux, and Windows RTAs. Consistent with the openness theme, we migrated our endpoint behavior tests to the Detection Rules [repo](https://github.com/elastic/detection-rules/tree/main/rta) for the community! Current RTA development is focused on endpoint behavior, and we continue to expand the coverage of our rulesets with new RTAs, so look forward to even more RTAs in the not-too-distant future.\n\n![Cloning RTA](/assets/images/handy-elastic-tools-for-the-enthusiastic-detection-engineer/cloning_rta.jpg)\n\nOnce you equals www.linkedin.com (Linkedin)
Source: chromecache_416.2.dr String found in binary or memory: t be possible without our Elastic colleagues who make our powerful world-spanning capability. \n\nOne essential contributor is the Threat Research and Detection Engineering team (TRaDE), who develop features like rules and investigation guides, and assigned the legendary [Terrance DeJesus](https://twitter.com/_xDeJesus). Terrance was instrumental in creating the inaugural report, applying his [cloud attack surface expertise](https://www.elastic.co/security-labs/google-workspace-attack-surface-part-one) and security operations experience to this process. Another crucial team is Security Data Analytics (SDA), which is responsible for all the systems that enable us to analyze telemetry. [Chris Donaher](https://twitter.com/c_donaher) leads SDA by day (also by night, technically), and helped us comb through hundreds of millions of events this year. \n\nThe work from these teams and the rest of Elastic Security Labs shows our commitment to providing security teams with actionable intelligence about threat phenomena so they can better prepare for, resist, and evict threats. By democratizing access to knowledge and resources, including publications like the Global Threat Report, we hope to demonstrate a more effective way to improve security outcomes. We equals www.twitter.com (Twitter)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: t interfere. \n\n### Endpoint tampering\n\nThis year we also saw the popularity of Bring Your Own Vulnerable Driver (BYOVD), which was [described](https://www.elastic.co/security-labs/forget-vulnerable-drivers-admin-is-all-you-need) by [Gabe Landau](https://twitter.com/GabrielLandau) in a recent publication and provides a way to load an exploitable driver on Windows systems. Drivers run with system-level privileges but what equals www.twitter.com (Twitter)
Source: chromecache_357.2.dr, chromecache_456.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: var yC=function(a,b,c,d,e){var f=pA("fsl",c?"nv.mwt":"mwt",0),g;g=c?pA("fsl","nv.ids",[]):pA("fsl","ids",[]);if(!g.length)return!0;var k=uA(a,"gtm.formSubmit",g),m=a.action;m&&m.tagName&&(m=a.cloneNode(!1).action);V(121);if(m==="https://www.facebook.com/tr/")return V(122),!0;k["gtm.elementUrl"]=m;k["gtm.formCanceled"]=c;a.getAttribute("name")!=null&&(k["gtm.interactedFormName"]=a.getAttribute("name"));e&&(k["gtm.formSubmitElement"]=e,k["gtm.formSubmitElementText"]=e.value);if(d&&f){if(!bz(k,dz(b, equals www.facebook.com (Facebook)
Source: global traffic DNS traffic detected: DNS query: www.elastic.co
Source: global traffic DNS traffic detected: DNS query: play.vidyard.com
Source: global traffic DNS traffic detected: DNS query: www.google.com
Source: global traffic DNS traffic detected: DNS query: cdn.iubenda.com
Source: global traffic DNS traffic detected: DNS query: cs.iubenda.com
Source: global traffic DNS traffic detected: DNS query: idb.iubenda.com
Source: global traffic DNS traffic detected: DNS query: a.quora.com
Source: global traffic DNS traffic detected: DNS query: static.ads-twitter.com
Source: global traffic DNS traffic detected: DNS query: www.redditstatic.com
Source: global traffic DNS traffic detected: DNS query: snap.licdn.com
Source: global traffic DNS traffic detected: DNS query: script.crazyegg.com
Source: global traffic DNS traffic detected: DNS query: tag.demandbase.com
Source: global traffic DNS traffic detected: DNS query: lift-ai-js.marketlinc.com
Source: global traffic DNS traffic detected: DNS query: tag.clearbitscripts.com
Source: global traffic DNS traffic detected: DNS query: pixel-config.reddit.com
Source: global traffic DNS traffic detected: DNS query: marketo.clearbit.com
Source: global traffic DNS traffic detected: DNS query: risk.clearbit.com
Source: global traffic DNS traffic detected: DNS query: px.ads.linkedin.com
Source: global traffic DNS traffic detected: DNS query: connect.facebook.net
Source: global traffic DNS traffic detected: DNS query: stats.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: js.adsrvr.org
Source: global traffic DNS traffic detected: DNS query: api.company-target.com
Source: global traffic DNS traffic detected: DNS query: secure.adnxs.com
Source: global traffic DNS traffic detected: DNS query: s.company-target.com
Source: global traffic DNS traffic detected: DNS query: munchkin.marketo.net
Source: global traffic DNS traffic detected: DNS query: sjrtp2-cdn.marketo.com
Source: global traffic DNS traffic detected: DNS query: pixel.byspotify.com
Source: global traffic DNS traffic detected: DNS query: trk.techtarget.com
Source: global traffic DNS traffic detected: DNS query: edge.fullstory.com
Source: global traffic DNS traffic detected: DNS query: analytics.google.com
Source: global traffic DNS traffic detected: DNS query: td.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: q.quora.com
Source: global traffic DNS traffic detected: DNS query: dsum-sec.casalemedia.com
Source: global traffic DNS traffic detected: DNS query: partners.tremorhub.com
Source: global traffic DNS traffic detected: DNS query: pixel.rubiconproject.com
Source: global traffic DNS traffic detected: DNS query: alb.reddit.com
Source: global traffic DNS traffic detected: DNS query: ibc-flow.techtarget.com
Source: global traffic DNS traffic detected: DNS query: pixels.spotify.com
Source: global traffic DNS traffic detected: DNS query: stun.services.mozilla.com
Source: global traffic DNS traffic detected: DNS query: id.rlcdn.com
Source: global traffic DNS traffic detected: DNS query: tag-logger.demandbase.com
Source: global traffic DNS traffic detected: DNS query: t.co
Source: global traffic DNS traffic detected: DNS query: analytics.twitter.com
Source: global traffic DNS traffic detected: DNS query: x.clearbitjs.com
Source: global traffic DNS traffic detected: DNS query: rs.fullstory.com
Source: global traffic DNS traffic detected: DNS query: www.linkedin.com
Source: global traffic DNS traffic detected: DNS query: 813-mam-392.mktoresp.com
Source: global traffic DNS traffic detected: DNS query: app.clearbit.com
Source: global traffic DNS traffic detected: DNS query: visitor-scoring-new.marketlinc.com
Source: global traffic DNS traffic detected: DNS query: www.facebook.com
Source: global traffic DNS traffic detected: DNS query: googleads.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: insight.adsrvr.org
Source: global traffic DNS traffic detected: DNS query: match.adsrvr.org
Source: global traffic DNS traffic detected: DNS query: cm.g.doubleclick.net
Source: global traffic DNS traffic detected: DNS query: cloud.elastic.co
Source: global traffic DNS traffic detected: DNS query: ib.adnxs.com
Source: global traffic DNS traffic detected: DNS query: app.launchdarkly.com
Source: global traffic DNS traffic detected: DNS query: clientstream.launchdarkly.com
Source: global traffic DNS traffic detected: DNS query: 8fb3096e1c3e431cb988445dd1f7c1a7.apm.us-east-1.aws.cloud.es.io
Source: global traffic DNS traffic detected: DNS query: events.launchdarkly.com
Source: global traffic DNS traffic detected: DNS query: w3-reporting-nel.reddit.com
Source: unknown HTTP traffic detected: POST /csdata?db=hits1 HTTP/1.1Host: idb.iubenda.comConnection: keep-aliveContent-Length: 54sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Content-Type: text/plain;charset=UTF-8Accept: */*Origin: https://www.elastic.coSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.elastic.co/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/javascript;charset=utf-8Content-Length: 82Connection: closecache-control: private, max-age=600vary: Accept-Encodingdate: Tue, 22 Oct 2024 14:10:20 GMTx-envoy-response-flags: -server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffX-Cache: Error from cloudfrontVia: 1.1 e47c87f8fd9c4c08ac7559d0bcc2b4c2.cloudfront.net (CloudFront)X-Amz-Cf-Pop: FRA56-P9X-Amz-Cf-Id: zwfekZMiYth0arOa8tQWHhV2ndqAwhpN1o6WjKAieoae3bL8-dHvEA==
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Founddate: Tue, 22 Oct 2024 14:10:24 GMTserver: envoyContent-Length: 0strict-transport-security: max-age=31536000x-content-type-options: nosniffVia: HTTP/2 edgeproxy, 1.1 googleAlt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000Connection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundx-cascade: passcontent-type: application/jsonx-api-version: 2016-05-03vary: Accept-Encodingdate: Tue, 22 Oct 2024 14:10:24 GMTx-envoy-response-flags: -server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffconnection: closetransfer-encoding: chunked
Source: global traffic HTTP traffic detected: HTTP/1.1 404 Not Foundcontent-type: application/javascript;charset=utf-8date: Tue, 22 Oct 2024 14:10:24 GMTcontent-length: 0x-envoy-response-flags: -server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffconnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencache-control: private, max-age=600content-type: application/jsonvary: Accept-Encodingcontent-length: 28date: Tue, 22 Oct 2024 14:10:24 GMTx-envoy-response-flags: -server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffconnection: close
Source: global traffic HTTP traffic detected: HTTP/1.1 403 Forbiddencache-control: private, max-age=600content-type: application/jsonvary: Accept-Encodingcontent-length: 28date: Tue, 22 Oct 2024 14:10:25 GMTx-envoy-response-flags: -server: Clearbitstrict-transport-security: max-age=63072000; includeSubDomains; preloadx-content-type-options: nosniffconnection: close
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: http://i.blackhat.com/Asia-23/AS-23-Landau-PPLdump-Is-Dead-Long-Live-PPLdump.pdf)
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: http://javascript.nwbox.com/IEContentLoaded/
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: http://www.elastic.co/gtr)
Source: chromecache_416.2.dr String found in binary or memory: http://www.elastic.co/security)
Source: chromecache_416.2.dr String found in binary or memory: http://www.elastic.co/security-labs)
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://a.quora.com/qevents.js
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://ad.doubleclick.net
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://ade.googlesyndication.com
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://admin.google.com/)
Source: chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://adservice.google.com/pagead/regclk?
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://ampcid.google.com/v1/publisher:getClientId
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://apps.google.com/supportwidget/articlehome?hl=en&article_url=https%3A%2F%2Fsupport.google.com
Source: chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://attack.mitre.org/tactics/TA0002)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://attack.mitre.org/tactics/TA0003/)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://attack.mitre.org/tactics/TA0008)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/tactics/TA0039/)).
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1003/002/)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1003/003/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1015/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1015/).
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1021/002/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1036/)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1036/008/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1070/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1078/004/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1098/003/)).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1102/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1102/002/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1114/))
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1133)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1136/003/))
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1210)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1213/))
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1218/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1534/))
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1547/001/)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1547/001/):
Source: chromecache_444.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1550/001/
Source: chromecache_444.2.dr, chromecache_355.2.dr, chromecache_322.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1550/001/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1552/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1552/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1566/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1584/006/))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://attack.mitre.org/techniques/T1606/002/)).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://auth0.com/docs/authenticate/protocols/oauth)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://auth0.com/docs/authenticate/protocols/openid-connect-protocol)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://auth0.com/docs/authenticate/protocols/ws-fed-protocol)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://aws.amazon.com/ecs/).
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://bazaar.abuse.ch/sample/54d064799115f302a66220b3d0920c1158608a5ba76277666c4ac532b53e855f/)
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://bsky.app/profile/filippo.abyssdomain.expert/post/3kowjkx2njy2b)
Source: chromecache_357.2.dr, chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://cct.google/taggy/agent.js
Source: chromecache_264.2.dr, chromecache_420.2.dr String found in binary or memory: https://cdn.iubenda.com/cookie_solution/iubenda_cs/1.68.0/core-
Source: chromecache_424.2.dr, chromecache_327.2.dr String found in binary or memory: https://clearbit.com
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://click.palletsprojects.com/en/8.1.x/)
Source: chromecache_465.2.dr, chromecache_416.2.dr, chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.elastic.co/registration)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.elastic.co/registration)of
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.google.com/bigquery/docs/datasets-intro)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.google.com/bigquery?hl=en)
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://cloud.google.com/firewall/docs/firewalls)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.google.com/iam/docs/service-accounts)
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://cloud.google.com/storage/docs/json_api/v1/buckets)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://cloud.google.com/vpc/docs/flow-logs)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://cloud.google.com/vpc/docs/routes)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://colab.google/)
Source: chromecache_315.2.dr, chromecache_455.2.dr String found in binary or memory: https://connect.facebook.net/
Source: chromecache_315.2.dr, chromecache_455.2.dr String found in binary or memory: https://connect.facebook.net/log/fbevents_telemetry/
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://console.cloud.google.com/)with
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-0847)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7644)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://datatracker.ietf.org/doc/html/rfc7644))
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://detectionengineering.io)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/blog/2020/12/21/beginners-guide-to-jwt))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/api/openapi/okta-management/management/tag/Session/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/api/openapi/okta-management/management/tag/SystemLog/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/auth-servers/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/iam-overview-authentication-factors/#authentication-methods
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/inline-hooks/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/okta-data-model/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/policies/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/saml/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/scim/#how-does-scim-work).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/session/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/concepts/user-profiles/).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/guides/dpop/main/#oauth-2-0-dpop-jwt-flow))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/guides/tokens/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/reference/api/oidc/#endpoints))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/reference/core-okta-api/#manage-okta-objects).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/reference/core-okta-api/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developer.okta.com/docs/reference/okta-expression-language-in-identity-engine/)).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/admin-sdk)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/admin-sdk/directory/v1/guides/delegation)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/admin-sdk/reports/reference/rest)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/admin-sdk/reports/v1/get-start/overview)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/apps-script/guides/services/authorization)
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/workspace)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/workspace).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/workspace/guides/configure-oauth-consent)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://developers.google.com/workspace/marketplace/terms/policies)
Source: chromecache_323.2.dr, chromecache_280.2.dr, chromecache_345.2.dr, chromecache_397.2.dr String found in binary or memory: https://developers.marketo.com/MunchkinLicense.pdf
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://dirtypipe.cm4all.com/
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://dirtypipe.cm4all.com/)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://docs.aws.amazon.com/vpc/latest/userguide/security-groups.html).
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://docs.datadoghq.com/security/detection_rules/)
Source: chromecache_463.2.dr, chromecache_401.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://docs.docker.com/compose/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/auditd)
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_451.2.dr, chromecache_255.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/endpoint)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/google_workspace)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/google_workspace).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/okta)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/osquery_manager)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://docs.elastic.co/en/integrations/windows)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://docs.fileformat.com/compression/gz/).
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://doublepulsar.com/follina-a-microsoft-office-code-execution-vulnerability-1a47fce5629e)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://drive.google.com/file/d/13Uw38ZrNeYwfoIuD76qlLgyXP8kRc8Nz/view?usp=sharing).
Source: chromecache_416.2.dr String found in binary or memory: https://ela.st/gtr)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://elasticstack.slack.com).
Source: chromecache_444.2.dr String found in binary or memory: https://elasticstack.slack.com/archives/C016E72DWDS
Source: chromecache_444.2.dr, chromecache_355.2.dr, chromecache_322.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://elasticstack.slack.com/archives/C016E72DWDS)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://fastapi.tiangolo.com/)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://fastapi.tiangolo.com/advanced/extending-openapi/)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/AzAgarampur/byeintegrity5-uac).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/CCob/ThreadlessInject)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/IconStorages)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/IconStorages/images)
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: https://github.com/InteractiveAdvertisingBureau/GDPR-Transparency-and-Consent-Framework/blob/master/
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: https://github.com/InteractiveAdvertisingBureau/Global-Privacy-Platform/blob/main/Core/CMP%20API%20S
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/KoenZomers/OneDriveAPI)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/Microsoft/Windows-driver-samples/blob/622212c3fff587f23f6490a9da939fb85968f651/fi
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://github.com/RickdeJager/cupshax/blob/main/cupshax.py)
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/SigmaHQ/sigma)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://github.com/Textualize/rich)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules#how-to-contribute)
Source: chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules).
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules)repository:
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/414d32027632a49fb239abb8fbbb55d3fa8dd861/rules/linux
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/6bdfddac8edea5e327bf28aed7e6dc4a7f701dc6/rules/windo
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/integrations/google_workspace/persistence
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/integrations/okta/persistence_attempt_to_
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/linux/persistence_suspicious_ssh_executio
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/collection_email_powershell_excha
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/collection_winrar_encryption.toml
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/credential_access_copy_ntds_sam_v
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/credential_access_dcsync_replicat
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/defense_evasion_defender_exclusio
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/defense_evasion_masquerading_werf
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/defense_evasion_suspicious_certut
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/discovery_net_view.toml)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/execution_scheduled_task_powershe
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/execution_unusual_dns_service_chi
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/execution_unusual_dns_service_fil
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/initial_access_suspicious_ms_offi
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_dns_server_overf
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_executable_tool_
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_execution_from_t
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_execution_via_fi
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_rdp_sharprdp_tar
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_remote_file_copy
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_scheduled_task_t
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_suspicious_rdp_c
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/lateral_movement_via_startup_fold
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_disable_uac_
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/blob/main/rules/windows/privilege_escalation_windows_serv
Source: chromecache_444.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/tree/main/hunting
Source: chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/tree/main/hunting)
Source: chromecache_416.2.dr, chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/tree/main/rules)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/tree/main/rules/integrations/google_workspace)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/detection-rules/tree/main/rules/integrations/okta)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/endpoint-package/blob/main/custom_schemas/custom_api.yml):
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://github.com/elastic/labs-releases
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://github.com/elastic/labs-releases)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://github.com/elastic/labs-releases/issues)
Source: chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/command_and_control_connec
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/defense_evasion_binary_mas
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/defense_evasion_potential_
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/defense_evasion_remote_pro
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/initial_access_microsoft_o
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/initial_access_suspicious_
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/persistence_startup_persis
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/behavior/rules/privilege_escalation_uac_b
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_DoorMe.yar).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_Remcos.yar)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_SiestaGraph.yar
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_Trojan_SuddenIcon.yar)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/blob/main/yara/rules/Windows_VulnDriver_Mhyprot.yar
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/tree/main/behavior).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://github.com/elastic/protections-artifacts/tree/main/yara).
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/gabriellandau/ItsNotASecurityBoundary).
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/gabriellandau/ItsNotASecurityBoundary/tree/main/FineButWeCanStillEasilyStopIt).
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://github.com/gabriellandau/PPLFault)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/gtworek/PSBits/tree/master/LSASecretDumper)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://github.com/hasherezade/funky_malware_formats/blob/f1cacba4ee347601dceacda04e4de8c699971d29/i
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/hfiref0x/UACME/tree/v3.2.x)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/imfiver/CVE-2022-0847
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/imfiver/CVE-2022-0847)
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://github.com/krux/postscribe/blob/master/LICENSE.
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/liamg/traitor
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/liamg/traitor)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://github.com/maxpl0it/CVE-2020-1350-DoS)
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/panther-labs/panther-analysis)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/rapid7/metasploit-framework/pull/16303
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://github.com/rapid7/metasploit-framework/pull/16303)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://github.com/rbmm/LdrpKernel32DllName)
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://github.com/tukaani-project/xz))
Source: chromecache_440.2.dr, chromecache_426.2.dr String found in binary or memory: https://github.com/zloirock/core-js
Source: chromecache_440.2.dr, chromecache_426.2.dr String found in binary or memory: https://github.com/zloirock/core-js/blob/v3.37.1/LICENSE
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: https://global.prod.uidapi.com
Source: chromecache_357.2.dr, chromecache_456.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://google.com
Source: chromecache_357.2.dr, chromecache_456.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://googleads.g.doubleclick.net
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://haxx.in/files/dirtypipez.c
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://haxx.in/files/dirtypipez.c)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/apps/apps_single_logout.htm))
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/dashboard/dashboard.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/directory/ad-agent-main.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/directory/ad-agent-new-integration.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/directory/configuring_agentless_sso.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/provisioning/lcm/con-okta-prov.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/security/network/network-zones.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/en-us/content/topics/security/threat-insight/about-threatinsight.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/oie/en-us/content/topics/identity-engine/devices/el-about.htm)).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/oie/en-us/content/topics/identity-engine/oie-index.htm)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://help.okta.com/oie/en-us/content/topics/identity-engine/policies/about-app-sign-on-policies.h
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://hevodata.com/learn/google-bigquery-create-table/#b2)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://hex-rays.com/IDA-pro/)
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: https://js.adsrvr.org/uid2-sdk.js
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://jumpcloud.com/daas-glossary/directory-as-a-service-daas))
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://labs.withsecure.com/publications/spoofing-call-stacks-to-confuse-edrs)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://linux.die.net/man/8/auditd)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://logging.apache.org/log4j/2.x/security.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://lolbas-project.github.io/)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.agent_tesla))
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.darkvnc)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.doorme)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.formbook):
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.glupteba)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.poulight_stealer)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://malpedia.caad.fkie.fraunhofer.de/details/win.unidentified_111)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://man7.org/linux/man-pages/man2/pipe.2.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://man7.org/linux/man-pages/man2/syscalls.2.html)
Source: chromecache_424.2.dr, chromecache_327.2.dr String found in binary or memory: https://marketo.clearbit.com
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://medium.com/walmartglobaltech/icedid-gets-loaded-af073b7b6d39)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://mh-nexus.de/en/hxd/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://mitre-attack.github.io/attack-navigator/#layerURL=https%3A%2F%2Fgist.githubusercontent.com%2
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://nakedsecurity.sophos.com/2017/05/05/google-phish-thats-a-worm-what-happened-and-what-to-do/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://numpy.org/)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2011-2697)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2011-2964))
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2021-45046)
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://nvd.nist.gov/vuln/detail/CVE-2024-3094)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://oasis-open.github.io/cti-documentation/stix/intro).
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://opencsirt.org/wp-content/uploads/2023/11/SIM3_v2_interim_standard.pdf)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://openid.net/specs/openid-connect-core-1_0.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://owasp.org/www-community/attacks/xss/)
Source: chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://pagead2.googlesyndication.com
Source: chromecache_331.2.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204/?id=turtlex_join_ig&tx_jig=$
Source: chromecache_357.2.dr, chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://pagead2.googlesyndication.com/pagead/gen_204?id=tcfe
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://pandas.pydata.org/about/)
Source: chromecache_441.2.dr String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_444.2.dr String found in binary or memory: https://play.vidyard.com/embed/v4.js
Source: chromecache_331.2.dr String found in binary or memory: https://publickeyservice.msmt.gcp.privacysandboxservices.com
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://px.ads.linkedin.com/collect?
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://pypi.org/project/lief/)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://python-poetry.org/)
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://q.quora.com/_/ad/
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://realpython.com/python-data-cleaning-numpy-pandas/)
Source: chromecache_441.2.dr String found in binary or memory: https://recaptcha.net
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://releases.ubuntu.com/focal/)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://research.checkpoint.com/2020/resolving-your-way-into-domain-admin:-exploiting-a-17-year-old-
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://research.splunk.com/detections/)
Source: chromecache_380.2.dr, chromecache_260.2.dr String found in binary or memory: https://risk-edge.clearbit.com
Source: chromecache_260.2.dr String found in binary or memory: https://risk.clearbit.com
Source: chromecache_380.2.dr, chromecache_260.2.dr String found in binary or memory: https://risk.dev.clearbit.io
Source: chromecache_380.2.dr, chromecache_260.2.dr String found in binary or memory: https://risk.staging.clearbit.io
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://samltool.io/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://scipy.org/)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://secret.club/2020/04/23/directory-deletion-shell.html).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://sectigo.com/ssl-certificates-tls/code-signing).
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://snap.licdn.com/li.lms-analytics/insight.min.js
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://spring.io/blog/2022/03/31/spring-framework-rce-early-announcement)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://spring.io/projects/spring-framework)
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://static.ads-twitter.com/uwt.js
Source: chromecache_350.2.dr, chromecache_460.2.dr String found in binary or memory: https://stats.g.doubleclick.net/g/collect
Source: chromecache_459.2.dr String found in binary or memory: https://stats.g.doubleclick.net/j/collect
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://strontic.github.io/xcyclopedia/library/apds.dll-DF461ADCCD541185313F9439313D1EE1.html)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.google.com/a/answer/10181140#zippy=%2Cwindows-device-management%2Ccustom-settings)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.google.com/a/answer/106368?hl=en)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.google.com/a/answer/7061566?hl=en).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.google.com/a/answer/9250996?hl=en)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.google.com/a/users/answer/9308866?hl=en)
Source: chromecache_441.2.dr String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://support.okta.com/help/s/article/The-Okta-User-Profile-And-Application-User-Profile?language=
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://sysdig.com/blog/cve-2022-0847-dirty-pipe-sysdig/)
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://tagassistant.google.com/
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://tanzu.vmware.com/security/cve-2022-22965)
Source: chromecache_357.2.dr, chromecache_331.2.dr, chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://td.doubleclick.net
Source: chromecache_331.2.dr String found in binary or memory: https://td.doubleclick.net/td/bjs
Source: chromecache_331.2.dr String found in binary or memory: https://td.doubleclick.net/td/bts
Source: chromecache_331.2.dr String found in binary or memory: https://td.doubleclick.net/td/buyer.wasm
Source: chromecache_331.2.dr String found in binary or memory: https://td.doubleclick.net/td/update?ig_name=4s17672680.1729606216
Source: chromecache_331.2.dr String found in binary or memory: https://tdsf.doubleclick.net/td/adfetch/gda?adg_id=166471558460
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://thehackernews.com/2023/04/ransomware-hackers-using-aukill-tool-to.html).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://threatfox.abuse.ch/ioc/1023850/)
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://tukaani.org/xz-backdoor)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/DanielStepanic)
Source: chromecache_465.2.dr, chromecache_416.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://twitter.com/GabrielLandau)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/_devonkerr_)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/_xDeJesus)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/_xDeJesus).
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/andythevariable)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/c_donaher)
Source: chromecache_444.2.dr String found in binary or memory: https://twitter.com/elasticseclabs
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://twitter.com/elasticseclabs)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://twitter.com/jellard8)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://twitter.com/jonasLyk)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://twitter.com/jonasl/status/1501840914381258756).
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://twitter.com/marcioalm/status/1471740771581652995)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://twitter.com/pwntester)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://twitter.com/pwntester/status/1471465662975561734)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://ubuntu.com/blog/cups-remote-code-execution-vulnerability-fix-available).
Source: chromecache_443.2.dr, chromecache_339.2.dr String found in binary or memory: https://unifiedid.com/docs/sdks/client-side-identity#event-types-and-payload-details
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://unit42.paloaltonetworks.com/cloaked-ursa-online-storage-services-campaigns/).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/features/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/products/apps-script/)and
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/products/docs/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/products/drive/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://workspace.google.com/products/sheets/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.3cx.com/community/forums)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.3cx.com/community/threads/3cx-desktopapp-security-alert.119951/);
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.3cx.com/company/customers/)
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_451.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.antiy.com/response/HideShoveling.html)).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.avanan.com/blog/google-docs-comment-exploit-allows-for-distribution-of-phishing-and-malw
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.blackhat.com/asia-23/briefings/schedule/#ppldump-is-dead-long-live-ppldump-31052)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.cisa.gov/news-events/cybersecurity-advisories/aa21-048a).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.crowdstrike.com/blog/crowdstrike-detects-and-prevents-active-intrusion-campaign-targetin
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2024-47076)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2024-47175)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2024-47176)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.cve.org/CVERecord?id=CVE-2024-47177)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.cybereason.com/blog/threat-analysis-report-all-paths-lead-to-cobalt-strike-icedid-emotet
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.deepinstinct.com/blog/dirty-vanity-a-new-approach-to-code-injection-edr-bypass)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/beats/packetbeat)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/beats/winlogbeat)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.elastic.co/blog/analysis-of-log4shell-cve-2021-45046).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/blog/category/solutions)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.elastic.co/blog/detecting-log4j2-with-elastic-security)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/blog/elastic-security-opens-public-detection-rules-repo)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/blog/getting-started-elasticsearch-query-language).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/blog/introducing-elastic-endpoint-security)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/blog/playing-defense-against-gamaredon-group).
Source: chromecache_287.2.dr, chromecache_282.2.dr String found in binary or memory: https://www.elastic.co/brand
Source: chromecache_463.2.dr, chromecache_401.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/elastic-agent)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/endpoint-security/)
Source: chromecache_416.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.elastic.co/explore/security-without-limits/global-threat-report)
Source: chromecache_416.2.dr String found in binary or memory: https://www.elastic.co/explore/security-without-limits/global-threat-report).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-installation-configuration.html).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/auditbeat/current/auditbeat-module-auditd.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-installation-configuration.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-auditd.html)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-module-google_workspace.html)on
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/guide/en/beats/filebeat/master/filebeat-module-auditd.html
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/cloud/current/ec-account-user-settings.html#ec-account-security-mfa)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/cloud/current/ec-billing-gcp.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-allowed-values-event-category.html#ecs-event-categor
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-file.html#field-file-path).
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-process.html#field-process-args)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-process.html#field-process-entity-id)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-process.html#field-process-entity-id))
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-process.html#field-process-executable)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-process.html#field-process-pid)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-reference.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/ecs/current/ecs-source.html#field-source-ip)
Source: chromecache_287.2.dr, chromecache_282.2.dr String found in binary or memory: https://www.elastic.co/guide/en/elasticsearch/reference/current/data-tiers.html#frozen-tier
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/elasticsearch/reference/current/eql-syntax.html#eql-sequences)
Source: chromecache_355.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/elasticsearch/reference/current/esql.html)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/guide/en/elasticsearch/reference/current/query-dsl-range-query.html#ranges-on
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/guide/en/elasticsearch/reference/master/eql.html)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/fleet/current/fleet-overview.html)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/guide/en/kibana/current/data-views.html)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/attack-discovery.html)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/configure-endpoint-integration-policy.html#memory-p
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/detection-engine-overview.html).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/getting-started.html)
Source: chromecache_463.2.dr, chromecache_401.2.dr, chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/install-endpoint.html)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/prebuilt-rule-1-0-2-threat-intel-indicator-match.ht
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/prebuilt-rules-downloadable-updates.html)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/guide/en/security/current/rules-ui-create.html)
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/guide/en/siem/guide/7.8/rules-ui-create.html#create-rule-ui)
Source: chromecache_444.2.dr String found in binary or memory: https://www.elastic.co/integrations
Source: chromecache_444.2.dr, chromecache_355.2.dr, chromecache_322.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/integrations)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/integrations/).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/integrations/data-integrations)
Source: chromecache_287.2.dr, chromecache_282.2.dr String found in binary or memory: https://www.elastic.co/legal/terms-of-use
Source: chromecache_287.2.dr, chromecache_282.2.dr String found in binary or memory: https://www.elastic.co/legal/trademarks
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/partners/aws?utm_campaign=Comp-Stack-Trials-AWSElasticsearch-AMER-NA-Exact&ut
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/partners/microsoft-azure)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/security)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://www.elastic.co/security-labs/)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://www.elastic.co/security-labs/2022-elastic-global-threat-report-announcement)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/GrimResource
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.elastic.co/security-labs/a-peek-behind-the-bpfdoor)
Source: chromecache_444.2.dr String found in binary or memory: https://www.elastic.co/security-labs/assets/images/elevate-your-threat-hunting/elevate-your-threat-h
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/security-labs/click-click-boom-automating-protections-testing-with-detonate)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/detecting-and-responding-to-dirty-pipe-with-elastic#auditd-rule
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/dissecting-remcos-rat-part-one)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/dissecting-remcos-rat-part-three)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/dissecting-remcos-rat-part-two)
Source: chromecache_444.2.dr String found in binary or memory: https://www.elastic.co/security-labs/elevate-your-threat-hunting
Source: chromecache_465.2.dr, chromecache_416.2.dr, chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.elastic.co/security-labs/forget-vulnerable-drivers-admin-is-all-you-need)
Source: chromecache_465.2.dr, chromecache_416.2.dr, chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/security-labs/google-workspace-attack-surface-part-one)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/security-labs/into-the-weeds-how-we-run-detonate)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/pikabot-i-choose-you)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/qbot-malware-analysis)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://www.elastic.co/security-labs/revisiting-blister-new-developments-of-the-blister-loader)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.elastic.co/security-labs/starter-guide-to-understanding-okta)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/stopping-vulnerable-driver-attacks)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.elastic.co/security-labs/thawing-the-permafrost-of-icedid-summary)
Source: chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.elastic.co/security-labs/the-elastic-container-project)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/unpacking-icedid)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.elastic.co/security-labs/update-to-the-REF2924-intrusion-set-and-related-campaigns)
Source: chromecache_444.2.dr String found in binary or memory: https://www.elastic.co/security/threat-hunting
Source: chromecache_444.2.dr, chromecache_355.2.dr, chromecache_322.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_405.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.elastic.co/security/threat-hunting).
Source: chromecache_322.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_405.2.dr String found in binary or memory: https://www.elastic.co/training/network-security-monitoring-engineer)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/#Remediation)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.evilsocket.net/2024/09/26/Attacking-UNIX-systems-via-CUPS-Part-I/)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.fortinet.com/blog/threat-research/latest-remcos-rat-phishing):
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://www.google-analytics.com/analytics.js
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://www.google-analytics.com/debug/bootstrap?id=
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://www.google-analytics.com/gtm/js?id=
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://www.google.%/ads/ga-audiences
Source: chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://www.google.com
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://www.google.com/ads/ga-audiences
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_357.2.dr, chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://www.googleadservices.com
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.googleapis.com/auth/admin.reports.audit.readonly
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.googleapis.com/auth/admin.reports.audit.readonly)
Source: chromecache_350.2.dr, chromecache_456.2.dr, chromecache_460.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://www.googletagmanager.com
Source: chromecache_357.2.dr, chromecache_456.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://www.googletagmanager.com/a?
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://www.googletagmanager.com/dclk/ns/v1.js
Source: chromecache_349.2.dr, chromecache_459.2.dr String found in binary or memory: https://www.googletagmanager.com/gtag/js?id=
Source: chromecache_444.2.dr, chromecache_394.2.dr String found in binary or memory: https://www.googletagmanager.com/gtm.js?id=
Source: chromecache_357.2.dr, chromecache_456.2.dr, chromecache_274.2.dr, chromecache_304.2.dr String found in binary or memory: https://www.googletagmanager.com/static/service_worker/
Source: chromecache_362.2.dr, chromecache_387.2.dr, chromecache_441.2.dr String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__.
Source: chromecache_385.2.dr, chromecache_430.2.dr, chromecache_462.2.dr, chromecache_308.2.dr String found in binary or memory: https://www.gstatic.com/recaptcha/releases/lqsTZ5beIbCkK4uGEGv9JmUR/recaptcha__en.js
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.ired.team/offensive-security/credential-access-and-credential-dumping/dumping-lsa-secret
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.ired.team/offensive-security/lateral-movement/lateral-movement-with-psexec)
Source: chromecache_355.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_255.2.dr, chromecache_408.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.iso.org/obp/ui/en/#iso:std:iso-iec:27001:ed-3:v1:en)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.justice.gov/opa/pr/emotet-botnet-disrupted-international-cyber-operation)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://www.linkedin.com/in/pateldhrumil/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.linkedin.com/pulse/how-install-active-directory-domain-services-windows-server-2019-/)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.lunasec.io/docs/blog/log4j-zero-day-severity-of-cve-2021-45046-increased/)
Source: chromecache_350.2.dr, chromecache_460.2.dr String found in binary or memory: https://www.merchant-center-analytics.goog
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.mycert.org.my/portal/advisory?id=MA-774.022020)
Source: chromecache_463.2.dr, chromecache_401.2.dr String found in binary or memory: https://www.oasis-open.org/committees/tc_home.php?wg_abbrev=cti)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/blog/2021/02/single-sign-on-sso/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/free-trial/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/integrations/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/products/universal-directory).
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/resources/whitepaper/ad-architecture/)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.okta.com/resources/whitepaper/ad-architecture/).
Source: chromecache_355.2.dr, chromecache_467.2.dr, chromecache_351.2.dr, chromecache_356.2.dr, chromecache_451.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.openwall.com/lists/oss-security/2024/03/29/4)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.reddit.com/r/crowdstrike/comments/125r3uu/20230329_situational_awareness_crowdstrike/).
Source: chromecache_393.2.dr, chromecache_407.2.dr String found in binary or memory: https://www.redditstatic.com/ads/49267bce/pixel.js
Source: chromecache_357.2.dr, chromecache_274.2.dr String found in binary or memory: https://www.redditstatic.com/ads/pixel.js
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://www.redhat.com/en/blog/red-hat-response-openprinting-cups-vulnerabilities)
Source: chromecache_465.2.dr, chromecache_416.2.dr String found in binary or memory: https://www.redhat.com/en/resources/state-of-linux-public-cloud-solutions-ebook)
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.samltool.com/generic_sso_res.php)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.sentinelone.com/blog/smoothoperator-ongoing-campaign-trojanizes-3cx-software-in-software
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.statista.com/statistics/432390/active-gmail-users/).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.team-cymru.com/post/inside-the-icedid-backconnect-protocol)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.todyl.com/blog/post/threat-advisory-3cx-softphone-telephony-campaign).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/earth-baku-returns)
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/).
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/50c2f1bb99d742d8ae0ad7c049362b0e62d2d219b610dcf25ba50c303ccfef54
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/5b25db204b5cd5cc3193f4378dd270dced80da9d39874d8b6fdd75e97d2cc907
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/aa124a4b4df12b34e74ee7f6c683b2ebec4ce9a8edcf9be345823b4fdcf5d868
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/aee22a35cbdac3f16c3ed742c0b1bfe9739a13469cf43b36fb2c63565111028c
Source: chromecache_355.2.dr, chromecache_451.2.dr, chromecache_403.2.dr, chromecache_378.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/b17c0bdffa9086531e05677aad51252c6a883598109473fc2f4b4b8bfec8b6d3
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/bf356c43e4f9fd1fa4e00fe276cedcba4b08905051c2c621276f36ba332bff1d
Source: chromecache_355.2.dr, chromecache_451.2.dr String found in binary or memory: https://www.virustotal.com/gui/file/ed241c92f9bc969a160da2c4c0b006581fa54f9615646dd46467d24fe5526c7a
Source: chromecache_452.2.dr, chromecache_255.2.dr String found in binary or memory: https://www.welivesecurity.com/2020/05/26/agentbtz-comratv4-ten-year-journey/)
Source: chromecache_467.2.dr, chromecache_351.2.dr String found in binary or memory: https://www.youtube.com/watch?v=5xteW8Tm410))
Source: chromecache_435.2.dr String found in binary or memory: https://x.clearbitjs.com/v1/pk_ec27dac96e63040fe28d23ffcf4a8453/forms.js?page_path=
Source: chromecache_435.2.dr String found in binary or memory: https://x.clearbitjs.com/v2/pk_ec27dac96e63040fe28d23ffcf4a8453/destinations.min.js
Source: chromecache_435.2.dr String found in binary or memory: https://x.clearbitjs.com/v2/pk_ec27dac96e63040fe28d23ffcf4a8453/tracking.min.js
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://x.com/evilsocket/status/1838220677389656127)
Source: chromecache_467.2.dr, chromecache_351.2.dr, chromecache_452.2.dr, chromecache_356.2.dr, chromecache_255.2.dr, chromecache_408.2.dr String found in binary or memory: https://x.com/shodanhq/status/1839418045757845925)
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49986
Source: unknown Network traffic detected: HTTP traffic on port 49817 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49985
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49984
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49983
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49982
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49980
Source: unknown Network traffic detected: HTTP traffic on port 49932 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49852 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62470 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49979
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49978
Source: unknown Network traffic detected: HTTP traffic on port 62390 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49977
Source: unknown Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49976
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49975
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49732
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49974
Source: unknown Network traffic detected: HTTP traffic on port 50085 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49973
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49972
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49971
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49970
Source: unknown Network traffic detected: HTTP traffic on port 62308 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62321 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49703 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49784 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50004 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62275 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49969
Source: unknown Network traffic detected: HTTP traffic on port 49978 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49886 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49968
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49967
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49965
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49963
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49962
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49961
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49960
Source: unknown Network traffic detected: HTTP traffic on port 62343 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50073 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50028 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49959
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49958
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49957
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49956
Source: unknown Network traffic detected: HTTP traffic on port 62241 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62469 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49954
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown Network traffic detected: HTTP traffic on port 49839 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62379 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49944 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62411 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49910 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62447 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49949
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49948
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49947
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49946
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49703
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49945
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49944
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49943
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown Network traffic detected: HTTP traffic on port 49922 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62460 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49784
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49783
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown Network traffic detected: HTTP traffic on port 62345 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49968 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50026 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62425 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62377 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown Network traffic detected: HTTP traffic on port 62251 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62459 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49991 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62311 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49768
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49763
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49762
Source: unknown Network traffic detected: HTTP traffic on port 62437 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49896 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62389 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49956 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62333 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50083 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49999
Source: unknown Network traffic detected: HTTP traffic on port 62482 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49998
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49996
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49994
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49993
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49992
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49991
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49990
Source: unknown Network traffic detected: HTTP traffic on port 49874 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49934 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49989
Source: unknown Network traffic detected: HTTP traffic on port 62355 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49988
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49987
Source: unknown Network traffic detected: HTTP traffic on port 62255 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62315
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62316
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62317
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62318
Source: unknown Network traffic detected: HTTP traffic on port 50071 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62319
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62310
Source: unknown Network traffic detected: HTTP traffic on port 49849 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62311
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62312
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62313
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62314
Source: unknown Network traffic detected: HTTP traffic on port 62335 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49900 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62243 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62289 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49872 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62326
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62328
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62329
Source: unknown Network traffic detected: HTTP traffic on port 62370 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62320
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62321
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62322
Source: unknown Network traffic detected: HTTP traffic on port 62449 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62462 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62323
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62324
Source: unknown Network traffic detected: HTTP traffic on port 62301 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62408 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49930 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62472 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49986 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62339
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62330
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62331
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62332
Source: unknown Network traffic detected: HTTP traffic on port 62427 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62333
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62334
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62335
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62336
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown Network traffic detected: HTTP traffic on port 50012 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49797
Source: unknown Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49795
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49792
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62350
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49791
Source: unknown Network traffic detected: HTTP traffic on port 62323 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62348
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62349
Source: unknown Network traffic detected: HTTP traffic on port 49825 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62450 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62340
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62341
Source: unknown Network traffic detected: HTTP traffic on port 49907 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62342
Source: unknown Network traffic detected: HTTP traffic on port 62359 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62343
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62344
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62345
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62346
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62347
Source: unknown Network traffic detected: HTTP traffic on port 49859 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62439 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62380 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62297 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62440 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50081 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49919 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49954 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50014 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49988 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49827 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62357 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49882 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49976 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62418 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62452 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62347 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62253 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50024 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49860 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49998 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62287 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62369 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50058 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62474 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62304
Source: unknown Network traffic detected: HTTP traffic on port 50002 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62305
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62306
Source: unknown Network traffic detected: HTTP traffic on port 62313 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62307
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62308
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62309
Source: unknown Network traffic detected: HTTP traffic on port 49920 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62300
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62301
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62302
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62303
Source: unknown Network traffic detected: HTTP traffic on port 62349 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62303 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62246 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62281
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62283
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62284
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50056
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50055
Source: unknown Network traffic detected: HTTP traffic on port 62384 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50058
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50057
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50059
Source: unknown Network traffic detected: HTTP traffic on port 49961 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62281 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50060
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62274
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62275
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62276
Source: unknown Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62278
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62290
Source: unknown Network traffic detected: HTTP traffic on port 49732 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62291
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62292
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62293
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62294
Source: unknown Network traffic detected: HTTP traffic on port 62293 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50065
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50064
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50067
Source: unknown Network traffic detected: HTTP traffic on port 62417 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50066
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50069
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50068
Source: unknown Network traffic detected: HTTP traffic on port 62315 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50070
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50072
Source: unknown Network traffic detected: HTTP traffic on port 62258 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50071
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50074
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50073
Source: unknown Network traffic detected: HTTP traffic on port 62441 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62286
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62287
Source: unknown Network traffic detected: HTTP traffic on port 50080 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62288
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62289
Source: unknown Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50076
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50075
Source: unknown Network traffic detected: HTTP traffic on port 50057 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50077
Source: unknown Network traffic detected: HTTP traffic on port 49892 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50079
Source: unknown Network traffic detected: HTTP traffic on port 62475 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50081
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50080
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50083
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50082
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50085
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50084
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62296
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62297
Source: unknown Network traffic detected: HTTP traffic on port 49904 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62298
Source: unknown Network traffic detected: HTTP traffic on port 49847 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62396 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62405 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62453 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62362 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50079 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49983 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49938 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50023 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49811 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50017
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50019
Source: unknown Network traffic detected: HTTP traffic on port 62431 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62480
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62481
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62240
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62482
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50010
Source: unknown Network traffic detected: HTTP traffic on port 62477 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50012
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50011
Source: unknown Network traffic detected: HTTP traffic on port 50055 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50014
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50015
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62239
Source: unknown Network traffic detected: HTTP traffic on port 62339 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62394 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62472
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62473
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62474
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62233
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62475
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62234
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62476
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62235
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62477
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62236
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62237
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50029
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50028
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62250
Source: unknown Network traffic detected: HTTP traffic on port 62268 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62251
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50020
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50023
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50022
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50025
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50024
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50027
Source: unknown Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50026
Source: unknown Network traffic detected: HTTP traffic on port 62360 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49985 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62249
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50030
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62241
Source: unknown Network traffic detected: HTTP traffic on port 50067 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62242
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62243
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62244
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62245
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62246
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62247
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62248
Source: unknown Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50011 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49928 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50032
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50031
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50034
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50033
Source: unknown Network traffic detected: HTTP traffic on port 62234 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62305 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50035
Source: unknown Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50041
Source: unknown Network traffic detected: HTTP traffic on port 62465 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62253
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62254
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62255
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62256
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62257
Source: unknown Network traffic detected: HTTP traffic on port 62350 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62258
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62259
Source: unknown Network traffic detected: HTTP traffic on port 49973 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50033 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50042
Source: unknown Network traffic detected: HTTP traffic on port 62415 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50044
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown Network traffic detected: HTTP traffic on port 62256 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49880 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62266
Source: unknown Network traffic detected: HTTP traffic on port 62443 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62267
Source: unknown Network traffic detected: HTTP traffic on port 62372 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62268
Source: unknown Network traffic detected: HTTP traffic on port 49792 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 62269
Source: unknown Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49958 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62421 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62467 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49889 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62398 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49946 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50077 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62329 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62455 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49855 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62403 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49924 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62376 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62340 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62283 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49831 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50031 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62291 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50006 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50065 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62317 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49867 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62307 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62236 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49762 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50075 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49833 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49938
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49937
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49936
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49935
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49934
Source: unknown Network traffic detected: HTTP traffic on port 62480 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49933
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49932
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49931
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49930
Source: unknown Network traffic detected: HTTP traffic on port 62413 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50008 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49971 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62342 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49936 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62445 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49928
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49927
Source: unknown Network traffic detected: HTTP traffic on port 62248 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49925
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49924
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49923
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49922
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49921
Source: unknown Network traffic detected: HTTP traffic on port 62319 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49920
Source: unknown Network traffic detected: HTTP traffic on port 49821 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49877 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62423 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49914 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49919
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49918
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49914
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49913
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49911
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49910
Source: unknown Network traffic detected: HTTP traffic on port 62352 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49948 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 50041 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49843 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49899 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62457 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62386 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62401 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49908
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49907
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49906
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49904
Source: unknown Network traffic detected: HTTP traffic on port 49993 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49903
Source: unknown Network traffic detected: HTTP traffic on port 62330 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49901
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49900
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown Network traffic detected: HTTP traffic on port 62458 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 62378 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49860
Source: unknown Network traffic detected: HTTP traffic on port 62412 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49875 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49795 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 49990 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49859
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49858
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49856
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49855
Source: unknown Network traffic detected: HTTP traffic on port 49841 -> 443
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49853
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49852
Source: unknown Network traffic detected: HTTP traffic on port 443 -> 49851
Source: unknown Network traffic detected: HTTP traffic on port 49967 -> 443
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49732 version: TLS 1.2
Source: unknown HTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49748 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49772 version: TLS 1.2
Source: unknown HTTPS traffic detected: 13.107.246.60:443 -> 192.168.2.5:49983 version: TLS 1.2
Source: chromecache_403.2.dr Binary or memory string: \n\n``` C\nLPDIRECTINPUT8\t\tlpDI = NULL;\nLPDIRECTINPUTDEVICE8\tlpKeyboard = NULL;\n\nBYTE key[256];\nZeroMemory(key, sizeof(key));\n\nDirectInput8Create(hInstance, DIRECTINPUT_VERSION, IID_IDirectInput8, (LPVOID*)&lpDI, NULL);\nlpDI->CreateDevice(GUID_SysKeyboard, &lpKeyboard, NULL);\nlpKeyboard->SetDataFormat(&c_dfDIKeyboard);\nlpKeyboard->SetCooperativeLevel(hwndMain, DISCL_FOREGROUND | DISCL_NONEXCLUSIVE | DISCL_NOWINKEY);\n\nwhile(true)\n{\n HRESULT ret = lpKeyboard->GetDeviceState(sizeof(key), key);\n if (FAILED(ret)) {\n lpKeyboard->Acquire();\n lpKeyboard->GetDeviceState(sizeof(key), key);\n }\n SaveTheKey(key, \"log.txt\");\t\n Sleep(50);\n}\n```\n\n## Windows API memstr_92df702b-e
Source: chromecache_403.2.dr Binary or memory string: [```RegisterRawInputDevices```](https://learn.microsoft.com/ja-jp/windows/win32/api/winuser/nf-winuser-registerrawinputdevices) API memstr_290a4acf-6

Spam, unwanted Advertisements and Ransom Demands

barindex
Source: Yara match File source: 1.52..script.csv, type: HTML

System Summary

barindex
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Bughatch_98f3c0be Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Identifies Invoke Assembly module from Cobalt Strike Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Netwire_1b43df38 Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Qbot_7d5dc64a Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_59e029c3 Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_0f768f60 Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_8453771b Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_1a7d804b Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: MacOS_Hacktool_Swiftbelt_bc62ede6 Author: unknown
Source: 1.52..script.csv, type: HTML Matched rule: Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution Author: ditekSHen
Source: chromecache_355.2.dr Binary or memory string: s address (within A) to a thread-specific region of memory called the stack. This saved pointer is known as the return address - it's where execution will resume once the B has finished its job. If B were to call a third function C, then a return address within B will also be saved to the stack. These return addresses can be retrieved through a process known as a [stack walk](https://learn.microsoft.com/en-us/windows/win32/debug/capturestackbacktrace), which reconstructs the sequence of function calls that led to the current thread state. Stack walks list return addresses in reverse-chronological order, so the most recent function is always at the top.\n\nIn Windows, when we double-click on **notepad.exe**, for example, the following series of functions are called: \n\n - The green section is related to base thread initialization performed by the operating system and is usually identical across all operations (file, registry, process, library, etc.)\n - The red section is the user code; it is often composed of multiple modules and provides approximate details of how the process creation operation was reached\n - The blue section is the Win32 and Native API layer; this is operation-specific, including the last 2 to 3 intermediary Windows modules before forwarding the operation details for effective execution in kernel mode\n\nThe following screenshot depicts the call stack for this execution chain:\n\n![](/assets/images/peeling-back-the-curtain-with-call-stacks/image17.png)\n\nHere is an example of file creation using **notepad.exe** where we can see a similar pattern: \n\n - The blue part lists the last user mode intermediary Windows APIs before forwarding the create file operation to kernel mode drivers for effective execution\n - The red section includes functions from **user32.dll** and **notepad.exe**, which indicate that this file operation was likely initiated via GUI\n - The green part represents the initial thread initialization\n \n ![](/assets/images/peeling-back-the-curtain-with-call-stacks/image19.png)\n\n## Events Explainability\n\nApart from using call stacks for finding known bad, like [unbacked memory regions](https://www.elastic.co/security-labs/hunting-memory) with RWX permissions that may be the remnants of prior code injection. Call stacks provide very low-level visibility that often reveals greater insights than logs can otherwise provide. \n\nAs an example, while hunting for suspicious process executions started by **WmiPrvSe.exe** via WMI, you find this instance of **notepad.exe**:\n\n![](/assets/images/peeling-back-the-curtain-with-call-stacks/image21.png)\n\nReviewing the standard event log fields, you may expect that it was started using the [Win32_Process](https://learn.microsoft.com/en-us/windows/win32/cimwin32prov/win32-process) class using the **wmic.exe process call create notepad.exe** syntax. However, the event details describe a series of modules and functions: \n\n![](/assets/images/peeling-back-the-curtain-with memstr_eefd597c-f
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Bughatch_98f3c0be reference_sample = b495456a2239f3ba48e43ef295d6c00066473d6a7991051e1705a48746e8051f, os = windows, severity = x86, creation_date = 2022-05-09, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Bughatch, fingerprint = 1ac6b1285e1925349e4e578de0b2f1cf8a008cddbb1a20eb8768b1fcc4b0c8d3, id = 98f3c0be-1327-4ba2-9320-c1a9ce90b4a4, last_modified = 2022-06-09
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_CobaltStrike_09b79efa os = windows, severity = x86, description = Identifies Invoke Assembly module from Cobalt Strike, creation_date = 2021-03-23, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.CobaltStrike, fingerprint = 04ef6555e8668c56c528dc62184331a6562f47652c73de732e5f7c82779f2fd8, id = 09b79efa-55d7-481d-9ee0-74ac5f787cef, last_modified = 2021-08-23
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Netwire_1b43df38 reference_sample = e6f446dbefd4469b6c4d24988dd6c9ccd331c8b36bdbc4aaf2e5fc49de2c3254, os = windows, severity = x86, creation_date = 2021-06-28, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Netwire, fingerprint = 4142ea14157939dc23b8d1f5d83182aef3a5877d2506722f7a2706b7cb475b76, id = 1b43df38-886e-4f58-954a-a09f30f19907, last_modified = 2021-08-23
Source: 1.52..script.csv, type: HTML Matched rule: Windows_Trojan_Qbot_7d5dc64a reference_sample = a2bacde7210d88675564106406d9c2f3b738e2b1993737cb8bf621b78a9ebf56, os = windows, severity = x86, creation_date = 2021-10-04, scan_context = file, memory, license = Elastic License v2, threat_name = Windows.Trojan.Qbot, fingerprint = ab80d96a454e0aad56621e70be4d55f099c41b538a380feb09192d252b4db5aa, id = 7d5dc64a-a597-44ac-a0fd-cefffc5e9cff, last_modified = 2022-01-13
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_59e029c3 reference_sample = 144526d30ae747982079d5d340d1ff116a7963aba2e3ed589e7ebc297ba0c1b3, os = linux, severity = x86, creation_date = 2022-05-10, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.BPFDoor, fingerprint = cc9b75b1f1230e3e2ed289ef5b8fa2deec51197e270ec5d64ff73722c43bb4e8, id = 59e029c3-a57c-44ad-a554-432efc6b591a, last_modified = 2022-05-10
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_0f768f60 reference_sample = 3a1b174f0c19c28f71e1babde01982c56d38d3672ea14d47c35ae3062e49b155, os = linux, severity = x86, creation_date = 2022-05-10, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.BPFDoor, fingerprint = 55097020a70d792e480542da40b91fd9ab0cc23f8736427f398998962e22348e, id = 0f768f60-1d6c-4af9-8ae3-c1c8fbbd32f4, last_modified = 2022-05-10
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_8453771b reference_sample = 591198c234416c6ccbcea6967963ca2ca0f17050be7eed1602198308d9127c78, os = linux, severity = x86, creation_date = 2022-05-10, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.BPFDoor, fingerprint = b9d07bda8909e7afb1a1411a3bad1e6cffec4a81eb47d42f2292a2c4c0d97fa7, id = 8453771b-a78f-439d-be36-60439051586a, last_modified = 2022-05-10
Source: 1.52..script.csv, type: HTML Matched rule: Linux_Trojan_BPFDoor_1a7d804b reference_sample = 76bf736b25d5c9aaf6a84edd4e615796fffc338a893b49c120c0b4941ce37925, os = linux, severity = x86, creation_date = 2022-05-10, scan_context = file, memory, license = Elastic License v2, threat_name = Linux.Trojan.BPFDoor, fingerprint = e7f92df3e3929b8296320300bb341ccc69e00d89e0d503a41190d7c84a29bce2, id = 1a7d804b-9d39-4855-abe9-47b72bd28f07, last_modified = 2022-05-10
Source: 1.52..script.csv, type: HTML Matched rule: MacOS_Hacktool_Swiftbelt_bc62ede6 reference_sample = 452c832a17436f61ad5f32ee1c97db05575160105ed1dcd0d3c6db9fb5a9aea1, os = macos, severity = x86, creation_date = 2021-10-12, scan_context = file, memory, license = Elastic License v2, threat_name = MacOS.Hacktool.Swiftbelt, fingerprint = 98d14dba562ad68c8ecc00780ab7ee2ecbe912cd00603fff0eb887df1cd12fdb, id = bc62ede6-e6f1-4c9e-bff2-ef55a5d12ba1, last_modified = 2021-10-25
Source: 1.52..script.csv, type: HTML Matched rule: INDICATOR_SUSPICIOUS_PWSH_B64Encoded_Concatenated_FileEXEC author = ditekSHen, description = Detects PowerShell scripts containing patterns of base64 encoded files, concatenation and execution
Source: chromecache_451.2.dr Binary string: s memory content with a malicious payload: \n\n![Image Hollow from Unbacked Memory rule match examples](/assets/images/doubling-down-etw-callstacks/image2.png)\n\n### AMSI and WLDP Memory Patching\n\nIdentifies attempts to modify the permissions or write to Microsoft Antimalware Scan Interface or the Windows Lock Down Policy related DLLs from memory to modify its behavior for evading malicious content checks: \n\n```\napi where\n\n (\n (process.Ext.api.name : \"VirtualProtect*\" and \n process.Ext.api.parameters.protection : \"*W*\") or\n\n process.Ext.api.name : \"WriteProcessMemory*\"\n ) and\n\n process.Ext.api.summary : (\"* amsi.dll*\", \"* mpoav.dll*\", \"* wldp.dll*\") \n```\n\n![AMSI and WLDP Memory Patching rule match examples](/assets/images/doubling-down-etw-callstacks/image6.png)\n\n### Evasion via Event Tracing for Windows Patching\n\nIdentifies attempts to patch the Microsoft Event Tracing for Windows via memory modification: \n\n```\napi where process.Ext.api.name : \"WriteProcessMemory*\" and \n\nprocess.Ext.api.summary : (\"*ntdll.dll!Etw*\", \"*ntdll.dll!NtTrace*\") and \n\nnot process.executable : (\"?:\\\\Windows\\\\System32\\\\lsass.exe\", \"\\\\Device\\\\HarddiskVolume*\\\\Windows\\\\System32\\\\lsass.exe\")\n```\n\n![Evasion via Event Tracing for Windows Patching rule match examples](/assets/images/doubling-down-etw-callstacks/image4.png)\n\n### Windows System Module Remote Hooking\n\nIdentifies attempts to write to a remote process memory to modify NTDLL or Kernelbase modules as a preparation step for stealthy code injection:\n\n```\napi where process.Ext.api.name : \"WriteProcessMemory\" and \n\nprocess.Ext.api.behaviors == \"cross-process\" and \n\nprocess.Ext.api.summary : (\"*ntdll.dll*\", \"*kernelbase.dll*\")\n```\n\nBelow is an example of matches on [ThreadLessInject](https://github.com/CCob/ThreadlessInject), a new process injection technique that involves hooking an export function from a remote process to gain shellcode execution (avoiding the creation of a remote thread):\n\n![ThreadlessInject example detecting via the Windows System Module Remote Hooking rule](/assets/images/doubling-down-etw-callstacks/image3.png)\n\n## Conclusion\n\nUntil Microsoft provides vendors with kernel callbacks for security-relevant syscalls, Threat-Intelligence ETW will remain the most robust visibility into in-memory threats on Windows. At Elastic, we
Source: chromecache_378.2.dr Binary string: forcing the process to load a malicious DLL. \n\n```\nlibrary where \n \n// BaseThreadInitThunk must be exported by the rogue bootstrap DLL\n _arraysearch(process.thread.Ext.call_stack, $entry, $entry.symbol_info :\n \"*!BaseThreadInitThunk*\") and\n\n// excluding kernel32 that exports normally exports BasethreadInitThunk\nnot _arraysearch(process.thread.Ext.call_stack, $entry, $entry.symbol_info\n (\"?:\\\\Windows\\\\System32\\\\kernel32.dll!BaseThreadInitThunk*\", \n \"?:\\\\Windows\\\\SysWOW64\\\\kernel32.dll!BaseThreadInitThunk*\", \n \"?:\\\\Windows\\\\WinSxS\\\\*\\\\kernel32.dll!BaseThreadInitThunk*\", \n \"?:\\\\Windows\\\\WinSxS\\\\Temp\\\\PendingDeletes\\\\*!BaseThreadInitThunk*\", \n \"\\\\Device\\\\*\\\\Windows\\\\*\\\\kernel32.dll!BaseThreadInitThunk*\"))\n```\n\nExample of match: \n![](/assets/images/peeling-back-the-curtain-with-call-stacks/image15.png)\n\n## Suspicious Remote Registry Modification\nSimilar to the scheduled task example, the remote registry service is hosted in **svchost.exe**. We can use the call stack to detect registry modification by monitoring when the Remote Registry service points to an executable or script file. This may indicate an attempt to move laterally via remote configuration changes.\n\n```\nregistry where \n\nevent.action == \"modification\" and \n\nuser.id : (\"S-1-5-21*\", \"S-1-12-*\") and \n\n process.name : \"svchost.exe\" and \n\n// The regsvc.dll in call stack indicate that this is indeed the \n// svchost.exe instance hosting the Remote registry service\n\nprocess.thread.Ext.call_stack_summary : \"*regsvc.dll|rpcrt4.dll*\" and\n\n (\n // suspicious registry values\n registry.data.strings : (\"*:\\\\*\\\\*\", \"*.exe*\", \"*.dll*\", \"*rundll32*\", \n \"*powershell*\", \"*http*\", \"* /c *\", \"*COMSPEC*\", \"\\\\\\\\*.*\") or\n \n // suspicious keys like Services, Run key and COM\n registry.path :\n (\"HKLM\\\\SYSTEM\\\\ControlSet*\\\\Services\\\\*\\\\ServiceDLL\",\n \"HKLM\\\\SYSTEM\\\\ControlSet*\\\\Services\\\\*\\\\ImagePath\",\n \"HKEY_USERS\\\\*Classes\\\\*\\\\InprocServer32\\\\\",\n \"HKEY_USERS\\\\*Classes\\\\*\\\\LocalServer32\\\\\",\n \"H*\\\\Software\\\\Microsoft\\\\Windows\\\\CurrentVersion\\\\Run\\\\*\") or\n \n // potential attempt to remotely disable a service \n (registry.value : \"Start\" and registry.data.strings : \"4\")\n )\n```\n\nThis example matches when the Run key registry value is modified remotely via the Remote Registry service: \n\n![](/assets/images/peeling-back-the-curtain-with-call-stacks/image11.png)\n\n## Conclusion\nAs we
Source: classification engine Classification label: mal92.rans.phis.troj.expl.evad.mine.win@27/332@222/60
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 --field-trial-handle=2040,i,16886515858095146127,10418092158726626576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
Source: unknown Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://www.elastic.co/security-labs/elevate-your-threat-hunting?utm_source=organic-social&utm_medium=twitter&utm_campaign=esl:_threat_research_esl_blog_post&utm_content=15000445268&linkId=626315843"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=1616 --field-trial-handle=2040,i,16886515858095146127,10418092158726626576,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe Process created: unknown unknown Jump to behavior
Source: Google Drive.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: YouTube.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Sheets.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Gmail.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Slides.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Docs.lnk.0.dr LNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
Source: Window Recorder Window detected: More than 3 window changes detected
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Google Drive.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\YouTube.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Sheets.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Gmail.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Slides.lnk Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe File created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps\Docs.lnk Jump to behavior
Source: chromecache_351.2.dr Binary or memory string: .","image":"thumbnail-security-logos-lock.png","body":{"raw":"\nOn March 29, 2022 a vulnerability in the [Spring framework](https://spring.io/projects/spring-framework) was [disclosed](https://tanzu.vmware.com/security/cve-2022-22965) to the public by VMware. This vulnerability had several prerequisites affecting impact:\n\n- Spring framework versions 5.3.0-5.3.17, 5.2.0-5.2.19, potentially software versions prior to 5.2.x\n- An application running as a Spring MVX or WebFlux object\n- Apache Tomcat as the container for that application\n- The application packaged as a Web Application Resource (WAR)\n\nSpecifically, this vulnerability targets the ClassLoader() class, though similar undiscovered vulnerabilities in other classes are likely. A URI parameter can be passed to Tomcat as part of a standard web request to exploit this vulnerability.\n\n## What is the threat?\n\nCVE-2022-22965 is a vulnerability that may affect systems on which the Spring Framework has been installed, and which expose Spring MVC or WebFlux applications running on JDK 9 or later. The exploit associated with this vulnerability requires Apache Tomcat, and that applications are deployed as Web Application Resources (WARs)

Stealing of Sensitive Information

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: dropped/chromecache_355, type: DROPPED
Source: Yara match File source: dropped/chromecache_451, type: DROPPED

Remote Access Functionality

barindex
Source: Yara match File source: sslproxydump.pcap, type: PCAP
Source: Yara match File source: dropped/chromecache_355, type: DROPPED
Source: Yara match File source: dropped/chromecache_451, type: DROPPED
  • No. of IPs < 25%
  • 25% < No. of IPs < 50%
  • 50% < No. of IPs < 75%
  • 75% < No. of IPs