Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com

Overview

General Information

Sample URL:https://m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com
Analysis ID:1470059
Infos:

Detection

EvilProxy, HTMLPhisher
Score:88
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

AI detected phishing page
Phishing site detected (based on favicon image match)
Yara detected Evil Proxy Phishing kit
Yara detected HtmlPhish10
Detected use of open redirect vulnerability
HTML page contains obfuscated javascript
Phishing site detected (based on image similarity)
Phishing site detected (based on logo match)
Detected non-DNS traffic on DNS port
HTML body contains low number of good links
HTML body contains password input but no form action
HTML title does not match URL
HTTP GET or POST without a user agent
Invalid 'forgot password' link found
Invalid T&C link found
Stores files to the Windows start menu directory
URL contains potential PII (phishing indication)

Classification

  • System is w10x64
  • chrome.exe (PID: 5556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
    • chrome.exe (PID: 3168 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,13008705181317920607,996865177238050219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • chrome.exe (PID: 3184 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)
  • cleanup
No configs have been found
SourceRuleDescriptionAuthorStrings
2.2.script.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
    2.3.script.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
      2.2.pages.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
        2.2.pages.csvJoeSecurity_HtmlPhish_10Yara detected HtmlPhish_10Joe Security
          2.3.pages.csvJoeSecurity_EvilProxyYara detected Evil Proxy Phishing kitJoe Security
            Click to see the 1 entries
            No Sigma rule has matched
            No Snort rule has matched

            Click to jump to signature section

            Show All Signature Results

            Phishing

            barindex
            Source: https://6oi2f9j4yn.alstagetts.techLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://6oi2f9j4yn.alstagetts.tech' is highly suspicious as it does not match the legitimate domain 'microsoft.com' associated with the brand Microsoft. The page displays a prominent login form, which is a common tactic used in phishing attacks to harvest user credentials. Additionally, the presence of a suspicious link ('Cancel') and the use of social engineering techniques (e.g., mimicking a legitimate Microsoft login page) further indicate that this is likely a phishing site. DOM: 2.2.pages.csv
            Source: https://6oi2f9j4yn.alstagetts.techLLM: Score: 9 brands: Microsoft Reasons: The URL 'https://6oi2f9j4yn.alstagetts.tech' does not match the legitimate domain for Microsoft, which is 'microsoft.com'. The domain name appears suspicious and unrelated to Microsoft. The webpage mimics a Microsoft login page, which is a common social engineering technique used in phishing attacks. The presence of a prominent login form asking for a password without additional verification methods like CAPTCHA further raises suspicion. Additionally, the link 'Forgotten my password' could potentially lead to a malicious site. DOM: 2.3.pages.csv
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmMatcher: Template: microsoft matched with high similarity
            Source: Yara matchFile source: 2.2.script.csv, type: HTML
            Source: Yara matchFile source: 2.3.script.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: Yara matchFile source: 2.2.pages.csv, type: HTML
            Source: Yara matchFile source: 2.3.pages.csv, type: HTML
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeHTTP traffic: Proxy from: m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http:sellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com to http:sellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com
            Source: https://6oi2f9j4yn.alstagetts.tech/?email=bobibobi@outlook.comHTTP Parser: var _0x17d0bb=_0x4400;function _0x4400(_0x33d568,_0x56aee1){var _0x28f930=_0x1e42();return _0x4400=f
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmMatcher: Found strong image similarity, brand: MICROSOFT
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmMatcher: Template: microsoft matched
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmMatcher: Template: microsoft matched
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Number of links: 0
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: <input type="password" .../> found but no <form action="...
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Title: K866EG676L3QUDQQC6QV does not match URL
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Invalid link: Forgotten my password
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Invalid link: Terms of use
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Invalid link: Terms of use
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: Invalid link: Privacy & cookies
            Source: https://m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.comSample URL: PII: bobibobi@outlook.com
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: <input type="password" .../> found
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: No <meta name="author".. found
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: No <meta name="author".. found
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: No <meta name="copyright".. found
            Source: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmHTTP Parser: No <meta name="copyright".. found
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
            Source: global trafficTCP traffic: 192.168.2.5:55924 -> 1.1.1.1:53
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 23.1.237.91
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 184.28.90.27
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: unknownUDP traffic detected without corresponding DNS query: 1.1.1.1
            Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: ipinfo.ioConnection: Keep-Alive
            Source: global trafficHTTP traffic detected: GET /ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com HTTP/1.1Host: m.exactag.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?email=bobibobi@outlook.com HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: http://sellartatauction.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: */*Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
            Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.2/dist/css/bootstrap.min.css HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://6oi2f9j4yn.alstagetts.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://6oi2f9j4yn.alstagetts.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /npm/bootstrap@5.3.2/dist/js/bootstrap.bundle.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Origin: https://6oi2f9j4yn.alstagetts.techsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://6oi2f9j4yn.alstagetts.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /?email=bobibobi@outlook.com HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveCache-Control: max-age=0sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://6oi2f9j4yn.alstagetts.tech/?email=bobibobi@outlook.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1
            Source: global trafficHTTP traffic detected: GET /m/e62523453f3c0794ad1fa9af43b6f1bb.htm HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveCache-Control: max-age=0Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: same-originSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://6oi2f9j4yn.alstagetts.tech/?email=bobibobi@outlook.comAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/cxx/DCBKZTLT6IMD2SJ6P1XEP4CRZ HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/sm/VMZ3B36LZU6UKFJXGJCEOW92O HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/jx/THEKM0RGZKDV9CW2O3J19AJG2 HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/aty/XTEK7LC7GHEZIC1B6JMS5QLOA HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/bxg/MAKYRSDFWGBS8ZKFRY4MEBSXU HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/mlg.svg?DA8SF4WIUPH5G6UHS9FZDL62H HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/ecpt/LW90FAPU0BZCH1YDC6PMJRYRA HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: */*Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/bxg/MAKYRSDFWGBS8ZKFRY4MEBSXU HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/mlg.svg?DA8SF4WIUPH5G6UHS9FZDL62H HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/mxl/sig_op.svg HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://6oi2f9j4yn.alstagetts.techSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://6oi2f9j4yn.alstagetts.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/ic/EWVZKXCA3Y9F53SCYSZVXF4HF HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/ic/EWVZKXCA3Y9F53SCYSZVXF4HF HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://6oi2f9j4yn.alstagetts.tech/Accept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /shared/1.0/content/images/arrow_left_a9cc2824ef3517b6c4160dcf8ff7d410.svg HTTP/1.1Host: aadcdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /m/script.php HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: */*Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: GET /oplo/osiwuhjfmniek/bobibobi@outlook.com HTTP/1.1Host: sellartatauction.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sellartatauction.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://sellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.comAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficHTTP traffic detected: GET /favicon.ico HTTP/1.1Host: sellartatauction.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Referer: http://sellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.comAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
            Source: global trafficDNS traffic detected: DNS query: m.exactag.com
            Source: global trafficDNS traffic detected: DNS query: sellartatauction.com
            Source: global trafficDNS traffic detected: DNS query: 6oi2f9j4yn.alstagetts.tech
            Source: global trafficDNS traffic detected: DNS query: www.google.com
            Source: global trafficDNS traffic detected: DNS query: cdn.jsdelivr.net
            Source: global trafficDNS traffic detected: DNS query: api.ipify.org
            Source: unknownHTTP traffic detected: POST /m/script.php HTTP/1.1Host: 6oi2f9j4yn.alstagetts.techConnection: keep-aliveContent-Length: 544sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: */*Content-Type: application/x-www-form-urlencoded; charset=UTF-8X-Requested-With: XMLHttpRequestsec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: https://6oi2f9j4yn.alstagetts.techSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://6oi2f9j4yn.alstagetts.tech/m/e62523453f3c0794ad1fa9af43b6f1bb.htmAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=0c3456f9676d06db63b1995faac070b4; preload=1; rt=e62523453f3c0794ad1fa9af43b6f1bb.htm
            Source: global trafficHTTP traffic detected: HTTP/1.1 404 Not FoundDate: Tue, 09 Jul 2024 11:48:21 GMTServer: ApacheContent-Length: 315Keep-Alive: timeout=5, max=99Connection: Keep-AliveContent-Type: text/html; charset=iso-8859-1Data Raw: 3c 21 44 4f 43 54 59 50 45 20 48 54 4d 4c 20 50 55 42 4c 49 43 20 22 2d 2f 2f 49 45 54 46 2f 2f 44 54 44 20 48 54 4d 4c 20 32 2e 30 2f 2f 45 4e 22 3e 0a 3c 68 74 6d 6c 3e 3c 68 65 61 64 3e 0a 3c 74 69 74 6c 65 3e 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 3c 2f 74 69 74 6c 65 3e 0a 3c 2f 68 65 61 64 3e 3c 62 6f 64 79 3e 0a 3c 68 31 3e 4e 6f 74 20 46 6f 75 6e 64 3c 2f 68 31 3e 0a 3c 70 3e 54 68 65 20 72 65 71 75 65 73 74 65 64 20 55 52 4c 20 77 61 73 20 6e 6f 74 20 66 6f 75 6e 64 20 6f 6e 20 74 68 69 73 20 73 65 72 76 65 72 2e 3c 2f 70 3e 0a 3c 70 3e 41 64 64 69 74 69 6f 6e 61 6c 6c 79 2c 20 61 20 34 30 34 20 4e 6f 74 20 46 6f 75 6e 64 0a 65 72 72 6f 72 20 77 61 73 20 65 6e 63 6f 75 6e 74 65 72 65 64 20 77 68 69 6c 65 20 74 72 79 69 6e 67 20 74 6f 20 75 73 65 20 61 6e 20 45 72 72 6f 72 44 6f 63 75 6d 65 6e 74 20 74 6f 20 68 61 6e 64 6c 65 20 74 68 65 20 72 65 71 75 65 73 74 2e 3c 2f 70 3e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN"><html><head><title>404 Not Found</title></head><body><h1>Not Found</h1><p>The requested URL was not found on this server.</p><p>Additionally, a 404 Not Founderror was encountered while trying to use an ErrorDocument to handle the request.</p></body></html>
            Source: chromecache_149.2.drString found in binary or memory: https://acctcdn.msauth.net/images/clear1x1.png
            Source: chromecache_142.2.dr, chromecache_136.2.drString found in binary or memory: https://getbootstrap.com/)
            Source: chromecache_142.2.dr, chromecache_136.2.drString found in binary or memory: https://github.com/twbs/bootstrap/blob/main/LICENSE)
            Source: chromecache_142.2.drString found in binary or memory: https://github.com/twbs/bootstrap/graphs/contributors)
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
            Source: unknownNetwork traffic detected: HTTP traffic on port 49710 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49740
            Source: unknownNetwork traffic detected: HTTP traffic on port 49727 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49720 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49739
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49738
            Source: unknownNetwork traffic detected: HTTP traffic on port 49717 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49736 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49737
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49736
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49735
            Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49675 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49732
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49731
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49730
            Source: unknownNetwork traffic detected: HTTP traffic on port 49732 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49711 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49703 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49724 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49728 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49721 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49729
            Source: unknownNetwork traffic detected: HTTP traffic on port 49752 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49728
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49727
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49726
            Source: unknownNetwork traffic detected: HTTP traffic on port 49718 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49725
            Source: unknownNetwork traffic detected: HTTP traffic on port 49735 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49724
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49723
            Source: unknownNetwork traffic detected: HTTP traffic on port 49739 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49674 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 55928
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49721
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49720
            Source: unknownNetwork traffic detected: HTTP traffic on port 49731 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49725 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49729 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49719 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 55928 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49719
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49718
            Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49717
            Source: unknownNetwork traffic detected: HTTP traffic on port 49715 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49716
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49715
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
            Source: unknownNetwork traffic detected: HTTP traffic on port 49738 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49711
            Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49710
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
            Source: unknownNetwork traffic detected: HTTP traffic on port 49673 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49752
            Source: unknownNetwork traffic detected: HTTP traffic on port 49730 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
            Source: unknownNetwork traffic detected: HTTP traffic on port 49726 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49740 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49723 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49716 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49703
            Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
            Source: unknownNetwork traffic detected: HTTP traffic on port 49737 -> 443
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49718 version: TLS 1.2
            Source: unknownHTTPS traffic detected: 184.28.90.27:443 -> 192.168.2.5:49719 version: TLS 1.2
            Source: classification engineClassification label: mal88.phis.win@23/42@16/11
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome AppsJump to behavior
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,13008705181317920607,996865177238050219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8
            Source: unknownProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://m.exactag.com/ai.aspx?tc=d9282403bc40b07205bbd26a23a8d2e6b6b4f9&url=http%3Asellartatauction.com/oplo/osiwuhjfmniek/bobibobi@outlook.com"
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2100 --field-trial-handle=1996,i,13008705181317920607,996865177238050219,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction /prefetch:8Jump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: C:\Program Files\Google\Chrome\Application\chrome.exeProcess created: unknown unknownJump to behavior
            Source: Google Drive.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: YouTube.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Sheets.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Gmail.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Slides.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Docs.lnk.0.drLNK file: ..\..\..\..\..\..\..\..\..\Program Files\Google\Chrome\Application\chrome_proxy.exe
            Source: Window RecorderWindow detected: More than 3 window changes detected