Windows Analysis Report
http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect

Overview

General Information

Sample URL:	http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect
Analysis ID:	1610102
Infos:

Detection

Score:	22
Range:	0 - 100
Confidence:	80%

Signatures

HTML page contains hidden URLs

Detected hidden input values containing email addresses (often used in phishing pages)

Detected suspicious crossdomain redirect

HTML page contains hidden javascript code

Suricata IDS alerts with low severity for network traffic

URL contains potential PII (phishing indication)

Classification

Signatures

Phishing

HTML page contains hidden URLs

Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=

HTTP Parser: https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: dale.rogers@duke-energy.com

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com

URL contains potential PII (phishing indication)

Source: http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect

Sample URL: PII: dALe.RoGErS@DUKE-EnERGY.Com

Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2924_325478310			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2924_1481738819			Jump to behavior

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: dsadserve.com to http://ioadserve.com/email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: ioadserve.com to https://intof.io/cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=ahr0chm6ly9uzxdzlmzpbmfuy2lhbg5ld3nszxr0zxiuy29tlze2nwq2ngixotrmn2zmlz9jyxrlz29yet0xnjzimjcwzwi2zti4oczlbwfpbd1kywxllnjvz2vyc0bkdwtllwvuzxjnes5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: intof.io to https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: dsadserve.com to https://intof.io/cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=ahr0chm6ly9uzxdzlmzpbmfuy2lhbg5ld3nszxr0zxiuy29tlze2nwq2ngixotrmn2zmlz9jyxrlz29yet0xnjzimjcwzwi2zti4oczlbwfpbd1kywxllnjvz2vyc0bkdwtllwvuzxjnes5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 34.197.163.17:80 -> 192.168.11.20:49726
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 34.197.163.17:443 -> 192.168.11.20:49723
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49724
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49727
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49755

Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.89
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.89
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.250.16
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect HTTP/1.1Host: dsadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect HTTP/1.1Host: ioadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883 HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023511&ck=a27724adc12e6d3884dea8ea0d18036eec5b4b2d&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20= HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883 HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20= HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /iocreatives/iopreload.svg HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iocreatives/iopreload.svg HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: intof.ioConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /cto/process.php?email=dale.rogers@duke-energy.com&adid=118&pubid=55&campaign=21070&creative=0&au=1334&type=2&ts=1739023520&ck=0ace1d9c0d22ec11d3be17bcaea2d81068de35c6&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20%3D&sub= HTTP/1.1Host: intof.ioConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288 HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/mezaservices.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://news.financialnewsletter.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /img/mezaservices.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tOjQ0Mw..&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=rbwj7qxbxq6f HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://news.financialnewsletter.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tOjQ0Mw..&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=rbwj7qxbxq6fUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288 HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /script/bootstrap.css HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/chart.js HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/site-logos/financialnewsletter.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/site-logos/financialnewsletter.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/chart.js HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /site.webmanifest HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-16x16.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-16x16.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect HTTP/1.1Host: ioadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: e87636cb66b0a9f6aa2c9758d0594f39047cac01=%257B%252220250208%2522%253A%255Bnull%255D%257D
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dsadserve.com
Source: global traffic	DNS traffic detected: DNS query: ioadserve.com
Source: global traffic	DNS traffic detected: DNS query: intof.io
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: news.financialnewsletter.com

Source: unknown

HTTP traffic detected: POST /recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveContent-Length: 11213sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"Content-Type: application/x-protobuffersec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Origin: https://www.google.comX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu

Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundDate: Sat, 08 Feb 2025 14:05:19 GMTServer: Apache/2.4.27 (Amazon) OpenSSL/1.0.2k-fips PHP/7.0.25Content-Length: 209Connection: closeContent-Type: text/html; charset=iso-8859-1

Source: chromecache_66.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/disclaimer/
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/top-4-artificial-intelligence-stocks-poised-for-rapid-growth/
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/top-4-gold-stocks-poised-to-soar-as-gold-price-climbs-higher/
Source: chromecache_66.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwaPGR_p.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmQiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmUiAo.woff2
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmXiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmYiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmZiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmaiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmbiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVn6iArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVnoiArmlw.wo
Source: chromecache_70.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_70.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_66.1.dr	String found in binary or memory: https://news.financialnewsletter.com/165d64b194f7ff/2?skip=
Source: chromecache_66.1.dr	String found in binary or memory: https://news.financialnewsletter.com/click/165d64b194f7ff/1658f0d449b38f/1673de7ad71f6e/aHR0cHM6Ly9n
Source: chromecache_99.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_66.1.dr	String found in binary or memory: https://stocksearning.com/privacy-policy.aspx
Source: chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_73.1.dr, chromecache_82.1.dr, chromecache_80.1.dr	String found in binary or memory: https://www.google.com/recaptcha/enterprise/
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/PcIQSvk4Y5ANjYUx0f4froA1/recaptcha__.
Source: chromecache_73.1.dr, chromecache_85.1.dr, chromecache_86.1.dr, chromecache_83.1.dr, chromecache_82.1.dr, chromecache_80.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/PcIQSvk4Y5ANjYUx0f4froA1/recaptcha__en.js
Source: chromecache_66.1.dr	String found in binary or memory: https://www.wyattresearch.com/privacy-policy/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: classification engine

Classification label: sus22.phis.win@20/76@32/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\scoped_dir2924_325478310

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2256,i,96231069491599523,5049526572170094342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2272 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2256,i,96231069491599523,5049526572170094342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2272 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2924_325478310			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2924_1481738819			Jump to behavior

Screenshots

Behavior

Click here to start
Slideshow Behavior Animation

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Network Map

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Contacted Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
54.156.254.128	intof.io	United States	14618	AMAZON-AESUS	false
142.251.163.147	www.google.com	United States	15169	GOOGLEUS	false
142.251.163.103	unknown	United States	15169	GOOGLEUS	false
142.251.111.103	unknown	United States	15169	GOOGLEUS	false
54.211.190.162	dsadserve.com	United States	14618	AMAZON-AESUS	false
34.197.163.17	ioadserve.com	United States	14618	AMAZON-AESUS	false
16.182.39.48	unknown	United States	unknown	unknown	false
142.251.16.105	unknown	United States	15169	GOOGLEUS	false
172.253.63.147	unknown	United States	15169	GOOGLEUS	false
52.216.95.149	s3.amazonaws.com	United States	16509	AMAZON-02US	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
64.233.180.105	unknown	United States	15169	GOOGLEUS	false
52.0.153.10	news.financialnewsletter.com	United States	14618	AMAZON-AESUS	true

Private

IP
192.168.11.20

Contacted Domains

Name	IP	Active
dsadserve.com	54.211.190.162	true
ioadserve.com	34.197.163.17	true
s3.amazonaws.com	52.216.95.149	true
intof.io	54.156.254.128	true
news.financialnewsletter.com	52.0.153.10	true
www.google.com	142.251.163.147	true

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://news.financialnewsletter.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://intof.io/favicon.ico	false		high
https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com	true	Avira URL Cloud: safe	unknown
https://intof.io/cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883	false		high
http://ioadserve.com/email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect	false	Avira URL Cloud: safe	unknown
https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	false		unknown
https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	false		high
https://www.google.com/recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR	false		high
https://news.financialnewsletter.com/script/bootstrap.css	false	Avira URL Cloud: safe	unknown
https://news.financialnewsletter.com/site.webmanifest	false	Avira URL Cloud: safe	unknown
https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023511&ck=a27724adc12e6d3884dea8ea0d18036eec5b4b2d&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	false		high
https://www.google.com/recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR	false		high
https://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect	false	Avira URL Cloud: safe	unknown
https://news.financialnewsletter.com/favicon-32x32.png	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1	false		high
https://www.google.com/complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw	false		high
https://www.google.com/recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR	false		high
https://news.financialnewsletter.com/img/site-logos/financialnewsletter.png	false	Avira URL Cloud: safe	unknown
https://news.financialnewsletter.com/scripts/chart.js	false	Avira URL Cloud: safe	unknown
https://intof.io/cto/process.php?email=dale.rogers@duke-energy.com&adid=118&pubid=55&campaign=21070&creative=0&au=1334&type=2&ts=1739023520&ck=0ace1d9c0d22ec11d3be17bcaea2d81068de35c6&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20%3D&sub=	false		high
https://news.financialnewsletter.com/favicon-16x16.png	false	Avira URL Cloud: safe	unknown
https://s3.amazonaws.com/iocreatives/iopreload.svg	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58	false		high
https://news.financialnewsletter.com/img/mezaservices.png	false	Avira URL Cloud: safe	unknown
https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288	false		unknown
https://ioadserve.com/email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect	false	Avira URL Cloud: safe	unknown
https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tOjQ0Mw..&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=rbwj7qxbxq6f	false		high

Name	Type	MD5	SHA1	SHA256
Chrome Cache Entry: 100	Web Open Font Format (Version 2), TrueType, length 20928, version 1.0	02E18AA1A344F3345345384D3B3DECAA	0881AA60698735802EA73FF97E621634AD3A9C2F	E5B29C36B2E7A2F4DB58307359FA574004BE43D39790E4B7A3CF80A7B16E8BB6
Chrome Cache Entry: 101	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 102	ASCII text, with very long lines (32180)	32015DD42E9582A80A84736F5D9A44D7	41B4BFBAA96BE6D1440DB6E78004ADE1C134E276	8AF93BD675E1CFD9ECC850E862819FDAC6E3AD1F5D761F970E409C7D9C63BDC3
Chrome Cache Entry: 61	SVG Scalable Vector Graphics image	111701CF8194A5E4A6D43E932EE5E834	E7011CDEC7F31B793A209EB126C25D0A25959C09	FE6411D3E7064877072FB25000544525E1A6B72CB296C8AAB16E8EF5C7A714B7
Chrome Cache Entry: 62	PNG image data, 250 x 88, 8-bit/color RGBA, non-interlaced	B9060145E5DA8B5B2CA5DE8601B97531	085F6FF2091FCDEF0E04F072E077606D1F4F603C	D252E494A0ABB07BFB09569E20A862BA4FB1EEA31AE036C93450C6B6B4B584BD
Chrome Cache Entry: 63	ASCII text, with very long lines (65536), with no line terminators	2DAFE09DE7AF9737D7DD056C1381AB6F	4ECA73EE52E530739DA8B330F5965EBC74F6FD3A	77C432DB1C5AD68335D3B81901B7EDC5C1426178A90D055BB74BC45A833553AF
Chrome Cache Entry: 64	ASCII text, with very long lines (65536), with no line terminators	2DAFE09DE7AF9737D7DD056C1381AB6F	4ECA73EE52E530739DA8B330F5965EBC74F6FD3A	77C432DB1C5AD68335D3B81901B7EDC5C1426178A90D055BB74BC45A833553AF
Chrome Cache Entry: 65	ASCII text, with very long lines (32180)	32015DD42E9582A80A84736F5D9A44D7	41B4BFBAA96BE6D1440DB6E78004ADE1C134E276	8AF93BD675E1CFD9ECC850E862819FDAC6E3AD1F5D761F970E409C7D9C63BDC3
Chrome Cache Entry: 66	HTML document, Unicode text, UTF-8 text, with very long lines (1219), with CRLF, LF line terminators	63BF4D4EC3F0897DD67E537368F38D11	3B1CC7214268D464E31956BD5A1113BC13EB15BB	B1EC78FF082E13C084012FFA72851BCFD337109D6B9807137CDBD2BFF81E77E8
Chrome Cache Entry: 67	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 68	Web Open Font Format (Version 2), TrueType, length 23580, version 1.0	E1B3B5908C9CF23DFB2B9C52B9A023AB	FCD4136085F2A03481D9958CC6793A5ED98E714C	918B7DC3E2E2D015C16CE08B57BCB64D2253BAFC1707658F361E72865498E537
Chrome Cache Entry: 69	HTML document, ASCII text	18FFB59B61525F781CF9251045BE575D	BD7318B00B15B7A1C8A48524419FA2E5C27A5B6D	B6682CAB65D3243B5B75EFB7279DBF49491957484780F2BA0A87632CC0E25642
Chrome Cache Entry: 70	ASCII text, with very long lines (65324)	A15C2AC3234AA8F6064EF9C1F7383C37	6E10354828454898FDA80F55F3DECB347FD9ED21	60B19E5DA6A9234FF9220668A5EC1125C157A268513256188EE80F2D2C8D8D36
Chrome Cache Entry: 71	Web Open Font Format (Version 2), TrueType, length 15344, version 1.0	5D4AEB4E5F5EF754E307D7FFAEF688BD	06DB651CDF354C64A7383EA9C77024EF4FB4CEF8	3E253B66056519AA065B00A453BAC37AC5ED8F3E6FE7B542E93A9DCDCC11D0BC
Chrome Cache Entry: 72	Web Open Font Format (Version 2), TrueType, length 23040, version 1.0	DE69CF9E514DF447D1B0BB16F49D2457	2AC78601179C3A63BA3F3F3081556B12DDCAF655	C447DD7677B419DB7B21DBDFC6277C7816A913FFDA76FD2E52702DF538DE0E49
Chrome Cache Entry: 73	ASCII text, with very long lines (1658), with no line terminators	F6FB772AAB6DB02D2EFB3D66618597CD	74FDC0371755BC4E2DB47153F5CF029ABA04C0B1	B046701F0F150215BEEFC82FFED9CCC70C16DB8B349E3A15171D4B3CF85E1F4C
Chrome Cache Entry: 74	ASCII text, with very long lines (3419)	E1D9B67A57690831C071E3E6E9317E0B	66D561AE44301DE39DC7C164D840FCEF914E13D1	7CECDD2A34BC39390B39BB6FA53745995DD0BA2DB373457A01024D7A1BCBA4A5
Chrome Cache Entry: 75	ASCII text, with very long lines (563)	8FD6CC4B5FE6CF93CCD55E16936AD472	EA16EC99387D163FB0CD30B20C1A9AA13824C0DC	512EC85DF0EFC0DC724EAF4021332929A6AC4CBE28F83D9B598247B22882C266
Chrome Cache Entry: 76	Web Open Font Format (Version 2), TrueType, length 20928, version 1.0	02E18AA1A344F3345345384D3B3DECAA	0881AA60698735802EA73FF97E621634AD3A9C2F	E5B29C36B2E7A2F4DB58307359FA574004BE43D39790E4B7A3CF80A7B16E8BB6
Chrome Cache Entry: 77	ASCII text, with very long lines (1572)	15E5424392CC3DDCCFF707F48EE9DD7D	5775B1559BE8C604AB30C058B52F777BB6080E74	C5B0A31F67C76ED63DB31EEA643905B4D8D88E0A7E1805377234902ED5FF5B59
Chrome Cache Entry: 78	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 79	Web Open Font Format (Version 2), TrueType, length 22504, version 1.0	1C6C65523675ABC6FCD78E804325BD77	898D9808304DC157F5DCB18CA169EC6E2B96B3D7	08664859BAAB5ED98F0BF818ED77E38464FF1826DC6406D5ECBD651409AFBD92
Chrome Cache Entry: 80	ASCII text, with very long lines (1658), with no line terminators	F6FB772AAB6DB02D2EFB3D66618597CD	74FDC0371755BC4E2DB47153F5CF029ABA04C0B1	B046701F0F150215BEEFC82FFED9CCC70C16DB8B349E3A15171D4B3CF85E1F4C
Chrome Cache Entry: 81	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 82	ASCII text, with very long lines (1658), with no line terminators	F6FB772AAB6DB02D2EFB3D66618597CD	74FDC0371755BC4E2DB47153F5CF029ABA04C0B1	B046701F0F150215BEEFC82FFED9CCC70C16DB8B349E3A15171D4B3CF85E1F4C
Chrome Cache Entry: 83	ASCII text, with no line terminators	93B242294B51B5819EAE314D33C4B979	3265B2D40AD855D5499B9B150F6EA9B9FF16C261	D7F00E051AF3B18B08F179C7B86530AB6B420B4BB9A16843AC22CC8B04640B05
Chrome Cache Entry: 84	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 85	ASCII text, with no line terminators	93B242294B51B5819EAE314D33C4B979	3265B2D40AD855D5499B9B150F6EA9B9FF16C261	D7F00E051AF3B18B08F179C7B86530AB6B420B4BB9A16843AC22CC8B04640B05
Chrome Cache Entry: 86	ASCII text, with no line terminators	93B242294B51B5819EAE314D33C4B979	3265B2D40AD855D5499B9B150F6EA9B9FF16C261	D7F00E051AF3B18B08F179C7B86530AB6B420B4BB9A16843AC22CC8B04640B05
Chrome Cache Entry: 87	ASCII text, with very long lines (563)	8FD6CC4B5FE6CF93CCD55E16936AD472	EA16EC99387D163FB0CD30B20C1A9AA13824C0DC	512EC85DF0EFC0DC724EAF4021332929A6AC4CBE28F83D9B598247B22882C266
Chrome Cache Entry: 88	SVG Scalable Vector Graphics image	111701CF8194A5E4A6D43E932EE5E834	E7011CDEC7F31B793A209EB126C25D0A25959C09	FE6411D3E7064877072FB25000544525E1A6B72CB296C8AAB16E8EF5C7A714B7
Chrome Cache Entry: 89	ASCII text, with very long lines (563)	8FD6CC4B5FE6CF93CCD55E16936AD472	EA16EC99387D163FB0CD30B20C1A9AA13824C0DC	512EC85DF0EFC0DC724EAF4021332929A6AC4CBE28F83D9B598247B22882C266
Chrome Cache Entry: 90	PNG image data, 651 x 172, 8-bit/color RGBA, non-interlaced	BAF900FD3F486C716AABA1EB12B889F3	2711FF0DDD00030A8F5B6C08326F4A54054D3156	83F5E60D27B4AB27F279FF2FCDF5F27B293DE4D9D21B52CA9ECBBACF5AA8081A
Chrome Cache Entry: 91	PNG image data, 250 x 88, 8-bit/color RGBA, non-interlaced	B9060145E5DA8B5B2CA5DE8601B97531	085F6FF2091FCDEF0E04F072E077606D1F4F603C	D252E494A0ABB07BFB09569E20A862BA4FB1EEA31AE036C93450C6B6B4B584BD
Chrome Cache Entry: 92	ASCII text	23F07988DB838B494B059299F0F83745	B867F010FE331F7E04431E7CE712E6B28AFF7E62	84F018AF5C775E81D96C86859FEE9FB6CCCF86D3FB32FC58616B6AA6786076F3
Chrome Cache Entry: 93	Web Open Font Format (Version 2), TrueType, length 15552, version 1.0	285467176F7FE6BB6A9C6873B3DAD2CC	EA04E4FF5142DDD69307C183DEF721A160E0A64E	5A8C1E7681318CAA29E9F44E8A6E271F6A4067A2703E9916DFD4FE9099241DB7
Chrome Cache Entry: 94	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced	EF9941290C50CD3866E2BA6B793F010D	4736508C795667DCEA21F8D864233031223B7832	1B9EFB22C938500971AAC2B2130A475FA23684DD69E43103894968DF83145B8A
Chrome Cache Entry: 95	ASCII text, with very long lines (1572)	15E5424392CC3DDCCFF707F48EE9DD7D	5775B1559BE8C604AB30C058B52F777BB6080E74	C5B0A31F67C76ED63DB31EEA643905B4D8D88E0A7E1805377234902ED5FF5B59
Chrome Cache Entry: 96	ASCII text, with very long lines (563)	8FD6CC4B5FE6CF93CCD55E16936AD472	EA16EC99387D163FB0CD30B20C1A9AA13824C0DC	512EC85DF0EFC0DC724EAF4021332929A6AC4CBE28F83D9B598247B22882C266
Chrome Cache Entry: 97	PNG image data, 651 x 172, 8-bit/color RGBA, non-interlaced	BAF900FD3F486C716AABA1EB12B889F3	2711FF0DDD00030A8F5B6C08326F4A54054D3156	83F5E60D27B4AB27F279FF2FCDF5F27B293DE4D9D21B52CA9ECBBACF5AA8081A
Chrome Cache Entry: 98	ASCII text, with no line terminators	AFB69DF47958EB78B4E941270772BD6A	D9FE9A625E906FF25C1F165E7872B1D9C731E78E	874809FB1235F80831B706B9E9B903D80BD5662D036B7712CC76F8C684118878
Chrome Cache Entry: 99	ASCII text, with very long lines (563)	8FD6CC4B5FE6CF93CCD55E16936AD472	EA16EC99387D163FB0CD30B20C1A9AA13824C0DC	512EC85DF0EFC0DC724EAF4021332929A6AC4CBE28F83D9B598247B22882C266

Phishing

HTML page contains hidden URLs

HTTP Parser: https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com

Detected hidden input values containing email addresses (often used in phishing pages)

HTTP Parser: dale.rogers@duke-energy.com

HTML page contains hidden javascript code

HTTP Parser: Base64 decoded: https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com

URL contains potential PII (phishing indication)

Source: http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect

Sample URL: PII: dALe.RoGErS@DUKE-EnERGY.Com

Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon
Source: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288	HTTP Parser: No favicon

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2924_325478310			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2924_1481738819			Jump to behavior

Detected suspicious crossdomain redirect

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: dsadserve.com to http://ioadserve.com/email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: ioadserve.com to https://intof.io/cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=ahr0chm6ly9uzxdzlmzpbmfuy2lhbg5ld3nszxr0zxiuy29tlze2nwq2ngixotrmn2zmlz9jyxrlz29yet0xnjzimjcwzwi2zti4oczlbwfpbd1kywxllnjvz2vyc0bkdwtllwvuzxjnes5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: intof.io to https://news.financialnewsletter.com/165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	HTTP traffic: Redirect from: dsadserve.com to https://intof.io/cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=ahr0chm6ly9uzxdzlmzpbmfuy2lhbg5ld3nszxr0zxiuy29tlze2nwq2ngixotrmn2zmlz9jyxrlz29yet0xnjzimjcwzwi2zti4oczlbwfpbd1kywxllnjvz2vyc0bkdwtllwvuzxjnes5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883

Suricata IDS alerts with low severity for network traffic

Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 34.197.163.17:80 -> 192.168.11.20:49726
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 34.197.163.17:443 -> 192.168.11.20:49723
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49724
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49727
Source: Network traffic	Suricata IDS: 2031567 - Severity 2 - ET PHISHING Suspicious Redirect - Possible Phishing May 25 2016 : 54.156.254.128:443 -> 192.168.11.20:49755

Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 142.251.163.94
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.89
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.89
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 23.13.145.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 20.7.2.167
Source: unknown	TCP traffic detected without corresponding DNS query: 150.171.27.10
Source: unknown	TCP traffic detected without corresponding DNS query: 23.212.250.16
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	TCP traffic detected without corresponding DNS query: 20.190.190.132
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 239.255.255.250
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect HTTP/1.1Host: dsadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect HTTP/1.1Host: ioadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7sec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /complete/search?client=chrome-omni&gs_ri=chrome-ext-ansg&xssi=t&q=&oit=0&gs_rn=42&sugkey=AIzaSyBOti4mM-6x9WDnZIjIeyEU21OpBXqWBgw HTTP/1.1Host: www.google.comConnection: keep-aliveX-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883 HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023511&ck=a27724adc12e6d3884dea8ea0d18036eec5b4b2d&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20= HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/click.php?email=dale.rogers@duke-energy.com&cid=21070&pid=55&aid=118&au=1334&r=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=&ck=4d00dfa13bfe93e55fd159e5f76aceaed6264883 HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20= HTTP/1.1Host: intof.ioConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /iocreatives/iopreload.svg HTTP/1.1Host: s3.amazonaws.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /iocreatives/iopreload.svg HTTP/1.1Host: s3.amazonaws.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58 HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9pbnRvZi5pbzo0NDM.&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=d9s4pronyh58User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: intof.ioConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /cto/process.php?email=dale.rogers@duke-energy.com&adid=118&pubid=55&campaign=21070&creative=0&au=1334&type=2&ts=1739023520&ck=0ace1d9c0d22ec11d3be17bcaea2d81068de35c6&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20%3D&sub= HTTP/1.1Host: intof.ioConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/cto/capcha.php?email=dale.rogers@duke-energy.com&adid=118&au=1334&type=2&pubid=55&campaign=21070&ts=1739023944&ck=c8459e4a7d74647141e487fedd4e12470aa7c9c2&redirect=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tLzE2NWQ2NGIxOTRmN2ZmLz9jYXRlZ29yeT0xNjZiMjcwZWI2ZTI4OCZlbWFpbD1kYWxlLnJvZ2Vyc0BkdWtlLWVuZXJneS5jb20=Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /165d64b194f7ff/?category=166b270eb6e288&email=dale.rogers@duke-energy.com HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288 HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://intof.io/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/mezaservices.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise.js?render=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://news.financialnewsletter.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /img/mezaservices.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tOjQ0Mw..&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=rbwj7qxbxq6f HTTP/1.1Host: www.google.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: iframeReferer: https://news.financialnewsletter.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/webworker.js?hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1 HTTP/1.1Host: www.google.comConnection: keep-aliveAccept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEIrJ7OAQjkr84BCMO2zgEIvbnOAQjtvM4BCLu9zgEI1r3OAQjMv84BGMHLzAEYva7OARidsc4BSec-Fetch-Site: same-originSec-Fetch-Mode: same-originSec-Fetch-Dest: workerReferer: https://www.google.com/recaptcha/enterprise/anchor?ar=1&k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR&co=aHR0cHM6Ly9uZXdzLmZpbmFuY2lhbG5ld3NsZXR0ZXIuY29tOjQ0Mw..&hl=en&v=PcIQSvk4Y5ANjYUx0f4froA1&size=invisible&cb=rbwj7qxbxq6fUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AP_l5mOlIxaxjBhZLdeoSjGVDqhmx67oK1LaBBwGPYmQm6vmL4VXrnkEFoDcKDrBwq67GZLP4pEEggoQdE65Nac; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/reload?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288 HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://news.financialnewsletter.com/capcha.php?v1=165d64b194f7ff&v2=&v3=&fids=&email=dale.rogers@duke-energy.com&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /recaptcha/enterprise/clr?k=6LcyDKIfAAAAAMfG39onevA4nwLVKYxKokXovulR HTTP/1.1Host: www.google.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /X-Client-Data: CI+2yQEIorbJAQipncoBCMD2ygEIlaHLAQic/swBCIWgzQEI1r3OARjBy8wBSec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: _GRECAPTCHA=09AGVEItf51z3h37ptEPW5VBNWbwjY2RCqrBPX7TXwnmmQwNpE2M4sj-Zrjdozt5bxrgejmwKjCEFVtQLIfXzfOw0; NID=517=i4E8sm-BN75bnGkPw4VW8uy51aQ8ounjntfNX2fu8MFJNuIvCX0dRBy-XkHqHwKOVFSSaC2nqfULsnHhY3TzIXHWC90jS3Wi2BINtQIDr1LJvZE4Ud-byTNL9Q04Nd1-ydmJvrWYY5vORspW6soJ1bMj20dq8UvPjgkw2sOvmuTUanqu
Source: global traffic	HTTP traffic detected: GET /script/bootstrap.css HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/chart.js HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/site-logos/financialnewsletter.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /img/site-logos/financialnewsletter.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /scripts/chart.js HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /site.webmanifest HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: manifestReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-16x16.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-alivesec-ch-ua: "Chromium";v="128", "Not;A=Brand";v="24", "Google Chrome";v="128"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://news.financialnewsletter.com/165d64b194f7ff//?email=dale.rogers@duke-energy.com&fids=&c=1&iopid=&propid=&category=166b270eb6e288Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-32x32.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /favicon-16x16.png HTTP/1.1Host: news.financialnewsletter.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: bshown_165d64b194f7ff_1658f1f8a667bb=WyIxNjcwOTMzZTkxNjQ0ZiIsIjE2N2E2NzY2ZmEzZjY4Il0=
Source: global traffic	HTTP traffic detected: GET /email/1640687b94016e/55:0:1334/dale.rogers@duke-energy.com/redirect HTTP/1.1Host: ioadserve.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: e87636cb66b0a9f6aa2c9758d0594f39047cac01=%257B%252220250208%2522%253A%255Bnull%255D%257D
Source: global traffic	HTTP traffic detected: GET /r/r1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dsadserve.com
Source: global traffic	DNS traffic detected: DNS query: ioadserve.com
Source: global traffic	DNS traffic detected: DNS query: intof.io
Source: global traffic	DNS traffic detected: DNS query: s3.amazonaws.com
Source: global traffic	DNS traffic detected: DNS query: news.financialnewsletter.com

Source: unknown

Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900
Source: global traffic	TCP traffic: 192.168.11.20:55071 -> 239.255.255.250:1900

Source: global traffic

Source: chromecache_66.1.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.1.3/jquery.min.js
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://cloud.google.com/contact
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://cloud.google.com/recaptcha-enterprise/billing-information
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#are-there-any-qps-or-daily-limits-on-my-use-of-reca
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#localhost_support
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://developers.google.com/recaptcha/docs/faq#my-computer-or-network-may-be-sending-automated-que
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/disclaimer/
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/top-4-artificial-intelligence-stocks-poised-for-rapid-growth/
Source: chromecache_66.1.dr	String found in binary or memory: https://financialnewsletter.com/top-4-gold-stocks-poised-to-soar-as-gold-price-climbs-higher/
Source: chromecache_66.1.dr	String found in binary or memory: https://fonts.googleapis.com/css?family=Lato:400
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwaPGR_p.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh50XSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwaPGR_p.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6u9w4BMUTPHh6UVSwiPGQ.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjx4wXg.woff2)
Source: chromecache_92.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/lato/v24/S6uyw4BMUTPHjxAwXjeu.woff2)
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmQiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmUiAo.woff2
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmXiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmYiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmZiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmaiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVmbiArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVn6iArmlw.wo
Source: chromecache_77.1.dr, chromecache_95.1.dr	String found in binary or memory: https://fonts.gstatic.com/s/roboto/v47/KFOMCnqEu92Fr1ME7kSn66aGLdTylUAMQXC89YmC2DPNWub2bVnoiArmlw.wo
Source: chromecache_70.1.dr	String found in binary or memory: https://getbootstrap.com/)
Source: chromecache_70.1.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_66.1.dr	String found in binary or memory: https://news.financialnewsletter.com/165d64b194f7ff/2?skip=
Source: chromecache_66.1.dr	String found in binary or memory: https://news.financialnewsletter.com/click/165d64b194f7ff/1658f0d449b38f/1673de7ad71f6e/aHR0cHM6Ly9n
Source: chromecache_99.1.dr	String found in binary or memory: https://play.google.com/log?format=json&hasfast=true
Source: chromecache_66.1.dr	String found in binary or memory: https://stocksearning.com/privacy-policy.aspx
Source: chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha#6262736
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha/#6175971
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://support.google.com/recaptcha/?hl=en#6223828
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://www.google.com/recaptcha/api2/
Source: chromecache_73.1.dr, chromecache_82.1.dr, chromecache_80.1.dr	String found in binary or memory: https://www.google.com/recaptcha/enterprise/
Source: chromecache_96.1.dr, chromecache_75.1.dr, chromecache_87.1.dr, chromecache_89.1.dr, chromecache_99.1.dr	String found in binary or memory: https://www.gstatic.c..?/recaptcha/releases/PcIQSvk4Y5ANjYUx0f4froA1/recaptcha__.
Source: chromecache_73.1.dr, chromecache_85.1.dr, chromecache_86.1.dr, chromecache_83.1.dr, chromecache_82.1.dr, chromecache_80.1.dr	String found in binary or memory: https://www.gstatic.com/recaptcha/releases/PcIQSvk4Y5ANjYUx0f4froA1/recaptcha__en.js
Source: chromecache_66.1.dr	String found in binary or memory: https://www.wyattresearch.com/privacy-policy/

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 49789 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49781 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49686 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49720 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49803 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 49728 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49689 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 49752 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49728
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49798 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49727
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49724
Source: unknown	Network traffic detected: HTTP traffic on port 49790 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49723
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49689
Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49720
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49686
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49685
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49684
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49683
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49682
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49787 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49760 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49793 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49719
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49782 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49799
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49798
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49674
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49794
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49793
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49790
Source: unknown	Network traffic detected: HTTP traffic on port 49765 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49723 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49683 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49808 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49789
Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49788
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49787
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49786
Source: unknown	Network traffic detected: HTTP traffic on port 49779 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49813 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49782
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49781
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49780
Source: unknown	Network traffic detected: HTTP traffic on port 49727 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49776 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49799 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49813
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49779
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49778
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49776
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49775
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 49788 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49724 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49780 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49794 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49802 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49808
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49803
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49802
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49756 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49758 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49765
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49761
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49760
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49719 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 49778 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49758
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49755 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49756
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49755
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49752
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49786 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49761 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49775 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748

Source: classification engine

Classification label: sus22.phis.win@20/76@32/14

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\scoped_dir2924_325478310

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2256,i,96231069491599523,5049526572170094342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2272 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-subproc-heap-profiling --field-trial-handle=2256,i,96231069491599523,5049526572170094342,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20240909-180142.416000 --mojo-platform-channel-handle=2272 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\scoped_dir2924_325478310			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Directory created: C:\Program Files\chrome_BITS_2924_1481738819			Jump to behavior

ID:	1610102
Product:	CloudBasic
Start time:	15:08:10
Start date:	08.02.2025
Cookbook:	browseurl.jbs
System description:	Windows 10 64 bit 20H2 Native physical Machine for testing VM-aware malware (Office 2019, Chrome 128, Firefox 91, Adobe Reader DC 21, Java 8 Update 301
Architecture:	WINDOWS

Windows Analysis Report
http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect

Overview

General Information

Detection

Signatures

Classification

Signatures

Phishing

Compliance

Networking

System Summary

Screenshots

Behavior Graph

Network Map

Contacted Public IPs

Private

Contacted Domains

Contacted URLs

Windows Analysis Report
http://dsadserve.com/55/1334/1640687b94016e/dALe.RoGErS@DUKE-EnERGY.Com/redirect