Edit tour

Windows Analysis Report
mal attachment.html

Overview

General Information

Sample name:	mal attachment.html
Analysis ID:	1426708
MD5:	2d3a37ea99c1430bc90229bf7cd846c7
SHA1:	aa61727a98dd565d631c72b35a30e150cb5ad91e
SHA256:	f2b1f71792ce2867ee7491fde20d78cce7f79b006cd0de90f0c1d7383d91c419
Infos:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Phishing site detected (based on favicon image match)

Yara detected HtmlPhish10

Yara detected HtmlPhish44

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious title

HTML file submission containing password form

HTML sample is only containing javascript code

Phishing site detected (based on image similarity)

Phishing site detected (based on logo match)

Suspicious Javascript code found in HTML file

Detected hidden input values containing email addresses (often used in phishing pages)

HTML body contains low number of good links

HTML body contains password input but no form action

HTML title does not match URL

IP address seen in connection with other malware

Invalid 'forgot password' link found

JA3 SSL client fingerprint seen in connection with other malware

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6020 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\mal attachment.html" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 1780 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2024,i,13121037808665432724,12509091682103536564,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Initial Sample

Source	Rule	Description	Author	Strings
mal attachment.html	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

Phishing site detected (based on favicon image match)

Source: file://	Matcher: Template: microsoft matched with high similarity
Source: file:///C:/Users/user/Desktop/mal%20attachment.html	Matcher: Template: microsoft matched with high similarity

Yara detected HtmlPhish10

Source: Yara match

File source: 0.0.pages.csv, type: HTML

Yara detected HtmlPhish44

Source: Yara match

File source: mal attachment.html, type: SAMPLE

Detected javascript redirector / loader

Source: mal attachment.html

HTTP Parser: Low number of body elements: 0

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

Tab title: Sing in to your account

HTML sample is only containing javascript code

Source: mal attachment.html

HTTP Parser: <script language="javascript">document.write( unescape( '%3C%21DOCTYPE%20html%3E%0A%3Chtml%20lang%3D%22en%22%3E%0A%20%3Chead%3E%0A%20%20%3Cmeta%20charset%3D%22UTF-8%22%20%2F%3E%0A%20%20%3Ctitle%3ESing%20in%20to%20your%20account%3C%2Ftitle%3E%0A%20%20...

Phishing site detected (based on image similarity)

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

Matcher: Found strong image similarity, brand: MICROSOFT

Phishing site detected (based on logo match)

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

Matcher: Template: microsoft matched

Suspicious Javascript code found in HTML file

Source: mal attachment.html

HTTP Parser: document.write

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: no@email.com

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: Title: Sing in to your account does not match URL

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: Invalid link: Forgot password?

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: No <meta name="copyright".. found

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: Joe Sandbox View	IP Address: 104.17.24.14 104.17.24.14
Source: Joe Sandbox View	IP Address: 208.80.154.240 208.80.154.240
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 13.107.213.41 13.107.213.41

Source: Joe Sandbox View

JA3 fingerprint: 28a2c9bd18a11de089ef85a160da29e4

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 104.46.162.224
Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 23.63.206.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 20.114.59.183
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172
Source: unknown	TCP traffic detected without corresponding DNS query: 199.232.214.172

Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1Host: cdnjs.cloudflare.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1Host: upload.wikimedia.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30091.10/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /16.000.30091.10/images/favicon.ico HTTP/1.1Host: logincdn.msauth.netConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /fs/windows/config.json HTTP/1.1Connection: Keep-AliveAccept: /Accept-Encoding: identityIf-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMTRange: bytes=0-2147483646User-Agent: Microsoft BITS/7.8Host: fs.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N7pwGaePGr+dBmb&MD=EEpTz+5v HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com
Source: global traffic	HTTP traffic detected: GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N7pwGaePGr+dBmb&MD=EEpTz+5v HTTP/1.1Connection: Keep-AliveAccept: /User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33Host: slscr.update.microsoft.com

Source: unknown

DNS traffic detected: queries for: cdnjs.cloudflare.com

Source: chromecache_73.2.dr	String found in binary or memory: http://daneden.me/animate
Source: chromecache_74.2.dr	String found in binary or memory: http://getbootstrap.com)
Source: chromecache_73.2.dr	String found in binary or memory: http://opensource.org/licenses/MIT
Source: chromecache_74.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49743
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49743 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49746 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49751 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49751
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49750
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49750 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49746
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49750 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.63.206.91:443 -> 192.168.2.4:49751 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49757 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 20.114.59.183:443 -> 192.168.2.4:49764 version: TLS 1.2

Source: classification engine

Classification label: mal96.phis.winHTML@24/13@8/10

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\mal attachment.html"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2024,i,13121037808665432724,12509091682103536564,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2024,i,13121037808665432724,12509091682103536564,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/mal%20attachment.html

HTTP Parser: file:///C:/Users/user/Desktop/mal%20attachment.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

⊘No Antivirus matches

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

Source	Detection	Scanner	Label	Link
part-0013.t-0009.t-msedge.net	0%	Virustotal		Browse
part-0012.t-0009.t-msedge.net	0%	Virustotal		Browse

URLs

Source	Detection	Scanner	Label	Link
http://daneden.me/animate	0%	URL Reputation	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
part-0013.t-0009.t-msedge.net	13.107.213.41	true	false	0%, Virustotal, Browse	unknown
cdnjs.cloudflare.com	104.17.24.14	true	false		high
www.google.com	74.125.136.103	true	false		high
upload.wikimedia.org	208.80.154.240	true	false		high
part-0012.t-0009.t-msedge.net	13.107.213.40	true	false	0%, Virustotal, Browse	unknown

Contacted URLs

Name	Malicious	Reputation
https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css	false	high
https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png	false	high
https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css	false	high
file:///C:/Users/user/Desktop/mal%20attachment.html	true	low

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_74.2.dr	false		high
http://opensource.org/licenses/MIT	chromecache_73.2.dr	false		high
http://daneden.me/animate	chromecache_73.2.dr	false	URL Reputation: safe	unknown
http://getbootstrap.com)	chromecache_74.2.dr	false		low

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.17.24.14	cdnjs.cloudflare.com	United States	13335	CLOUDFLARENETUS	false
208.80.154.240	upload.wikimedia.org	United States	14907	WIKIMEDIAUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
13.107.213.41	part-0013.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
13.107.213.40	part-0012.t-0009.t-msedge.net	United States	8068	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
74.125.136.103	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.13
192.168.2.14

General Information

Joe Sandbox version:	40.0.0 Tourmaline
Analysis ID:	1426708
Start date and time:	2024-04-16 13:57:34 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 39s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	mal attachment.html
Detection:	MAL
Classification:	mal96.phis.winHTML@24/13@8/10
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 173.194.219.94, 142.251.15.113, 142.251.15.102, 142.251.15.100, 142.251.15.138, 142.251.15.139, 142.251.15.101, 173.194.219.84, 34.104.35.123, 142.251.15.95, 64.233.176.95, 74.125.136.95, 173.194.219.95, 142.250.105.95, 108.177.122.95, 142.250.9.95, 172.217.215.95, 74.125.138.95, 64.233.177.95, 64.233.185.95, 172.253.124.95, 23.40.205.74, 192.229.211.108, 20.242.39.171, 52.165.164.15, 172.217.215.94, 108.177.122.101, 108.177.122.102, 108.177.122.100, 108.177.122.113, 108.177.122.139, 108.177.122.138
Excluded domains from analysis (whitelisted): logincdn.msauth.net, clients1.google.com, fs.microsoft.com, lgincdnmsftuswe2.azureedge.net, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, fe3.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, glb.cws.prod.dcat.dsp.trafficmanager.net, update.googleapis.com, lgincdnmsftuswe2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtSetInformationFile calls found.

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.17.24.14	http://vtaurl.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/font-awesome/5.15.4/webfonts/fa-brands-400.woff2
104.17.24.14	http://Voyages.CNTraveler.com	Get hash	malicious	Unknown	Browse	cdnjs.cloudflare.com/ajax/libs/ScrollMagic/2.0.5/plugins/animation.gsap.js
239.255.255.250	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse
	http://sobeteracotafancris.ro	Get hash	malicious	Unknown	Browse
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse
	https://thermal48828442111.dorik.io/	Get hash	malicious	HTMLPhisher	Browse
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse
	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open	Get hash	malicious	HTMLPhisher	Browse
	https://www.canva.com/design/DAGCNH9x9o0/YBJ_HrFDfb50kAUzVAfmdg/view?utm_content=DAGCNH9x9o0&utm_campaign=designshare&utm_medium=link&utm_source=editor	Get hash	malicious	Unknown	Browse
	https://ecouterrepondeurvocal.pro/35-hnJZib	Get hash	malicious	Unknown	Browse
13.107.213.41	Quotation.xls	Get hash	malicious	Unknown	Browse	2s.gg/3zM
13.107.213.41	http://www.serviceadg.com	Get hash	malicious	Unknown	Browse	fr.linkedin.com/company/service-adg
208.80.154.240	http://www.milliondollarcowboybar.com	Get hash	malicious	Unknown	Browse
	http://sellugsk.live	Get hash	malicious	Unknown	Browse
	https://mgg-pdf-1i4.pages.dev/	Get hash	malicious	HTMLPhisher	Browse
	95629727 Monthly Statement For An Refund 2024 Date Exist.HTML	Get hash	malicious	Unknown	Browse
	Funded Letter PDF.html	Get hash	malicious	HTMLPhisher	Browse
	Draft-Contact PDF.html	Get hash	malicious	HTMLPhisher	Browse
	eao4.html	Get hash	malicious	Unknown	Browse
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse
	https://hunterranchgolf-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
part-0013.t-0009.t-msedge.net	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.213.41
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	13.107.246.41
	https://sociallinks.lt.acemlnb.com/Prod/link-tracker?redirectUrl=aHR0cHMlM0ElMkYlMkZzb2NpYWxsaW5rcy5pbyUyRm9zaW50LXdlYmluYXJzJTJGd2ViaW5hci1lbmhhbmNpbmctYW1sLWludmVzdGlnYXRpb25zLXdpdGgtb3NpbnQlM0Z1dG1fc291cmNlJTNEZW1haWwlMjZ1dG1fbWVkaXVtJTNEd2ViaW5hciUyNnV0bV9jYW1wYWlnbiUzRGFtbF8wNF8yNA==&sig=bEXSTLMngghhoUjnhUiGrKrf6GsWGU1eAwJ54z8GbBH&iat=1712921684&a=%7C%7C612077526%7C%7C&account=sociallinks%2Eactivehosted%2Ecom&email=I4809riumLU7t4jf%2BoK9uHOsQeuYYw6CYkuCsQDv%3AFRtI69CZolNJDOUhiGMO%2BO9bqaecpEWw&s=f7847248dd0f6e35d5eb6514571a7081&i=993A1018A3A5488	Get hash	malicious	Unknown	Browse	13.107.213.41
	http://minhaclaro.dtmmkt.com.br/effectivemail/redirecionaclique.aspx?idabordagem=5252932746&idlink=12609016866&endereco=//act4change.co.ke/userr/hvhbjbjbjbjknk/cHJvcGVydGllc0BmYWRpbmd3ZXN0LmNvbQ==	Get hash	malicious	ReCaptcha Phish	Browse	13.107.246.41
	https://boonies.in/wp-content/cache/min/-/CHDETX/RDGDESDZRFSYJNOI/index.php?FGDD=1	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	Confidential_ New 2024 commission and agreement needs signature _ %255.eml	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://assets-usa.mkt.dynamics.com/bf3ca3b9-47ed-ee11-9048-00224806e307/digitalassets/standaloneforms/0cb76a16-5df6-ee11-a1fd-6045bd0a59e1	Get hash	malicious	HTMLPhisher	Browse	13.107.213.41
	https://main.dbe9ts7e6lxy9.amplifyapp.com/winside/00Windbndktw0win11advance/index.html	Get hash	malicious	TechSupportScam	Browse	13.107.213.41
	https://jwm.soundestlink.com/link/66142260efbbe899c64fc1c4/661422466ae147ba6b8aaa06/66112f95028675e6f013366e?signature=f5de2bbb155ed90a66e6b291ab936022763db8ac3ef0dfad508f140d389a16db	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
	http://66e2ff70.67a65a584ab875fe125c980e.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.41
upload.wikimedia.org	http://www.milliondollarcowboybar.com	Get hash	malicious	Unknown	Browse	208.80.154.240
	http://sellugsk.live	Get hash	malicious	Unknown	Browse	208.80.154.240
	https://mgg-pdf-1i4.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	95629727 Monthly Statement For An Refund 2024 Date Exist.HTML	Get hash	malicious	Unknown	Browse	208.80.154.240
	Funded Letter PDF.html	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	Draft-Contact PDF.html	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	eao4.html	Get hash	malicious	Unknown	Browse	208.80.154.240
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	https://hunterranchgolf-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
part-0012.t-0009.t-msedge.net	https://thermal48828442111.dorik.io/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	13.107.213.40
	https://ecouterrepondeurvocal.pro/35-hnJZib	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://15apmic10.z13.web.core.windows.net/	Get hash	malicious	TechSupportScam	Browse	13.107.213.40
	XLUjYJYd62.exe	Get hash	malicious	XWorm	Browse	13.107.246.40
	https://gq9yl.220q.cn/	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://7ipvlc.cn/	Get hash	malicious	Unknown	Browse	13.107.246.40
	https://emv1.4rk0pa.cn/	Get hash	malicious	Unknown	Browse	13.107.213.40
	https://mail.maersk.workers.dev/	Get hash	malicious	HTMLPhisher	Browse	13.107.213.40
	ACH REMITTANCE DOCUMENT 04.12.24.xlsb	Get hash	malicious	HTMLPhisher	Browse	13.107.246.40
cdnjs.cloudflare.com	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	104.17.24.14
	https://danharborsuit.sbs/access/wfiles.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://holtzbuilders-my.sharepoint.com/:b:/p/tlacasse/EQ1U0c5PZQJNpz-g0yw2FBkBCEA0rrj8r_d3YTf3Ilb8sg?e=lh93aE	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-daab4868e51e4062b2a29719ba8bfc5d.r2.dev/ngasav.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-a9679b2711464ea9917a6c5392d93ee5.r2.dev/araxn.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-d3e6397462f14fe4862bdc9854c18d5f.r2.dev/in.html	Get hash	malicious	HTMLPhisher	Browse	104.17.24.14
	https://pub-73ee129d9ec943f785408564adcaf985.r2.dev/cryn.html	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	MT103.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	172.67.74.152
	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	104.17.2.184
	zLH4Gkr36e.elf	Get hash	malicious	Mirai	Browse	1.14.30.15
	JR58WqLhRl.exe	Get hash	malicious	RisePro Stealer	Browse	104.26.4.15
	TANQUIVUIA.exe	Get hash	malicious	LummaC, RisePro Stealer	Browse	104.21.9.123
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse	104.18.11.207
	SecuriteInfo.com.Win32.TrojanX-gen.17997.17145.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
	http://sobeteracotafancris.ro	Get hash	malicious	Unknown	Browse	1.1.1.1
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	104.17.2.184
WIKIMEDIAUS	http://www.milliondollarcowboybar.com	Get hash	malicious	Unknown	Browse	208.80.154.240
	http://sellugsk.live	Get hash	malicious	Unknown	Browse	208.80.154.240
	https://mgg-pdf-1i4.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	95629727 Monthly Statement For An Refund 2024 Date Exist.HTML	Get hash	malicious	Unknown	Browse	208.80.154.240
	Funded Letter PDF.html	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	Draft-Contact PDF.html	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	eao4.html	Get hash	malicious	Unknown	Browse	208.80.154.240
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	Funded Letter.shtml	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
	https://hunterranchgolf-pdf.pages.dev/IP:	Get hash	malicious	HTMLPhisher	Browse	208.80.154.240
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	52.96.165.50
	zLH4Gkr36e.elf	Get hash	malicious	Mirai	Browse	13.83.69.117
	vEnh6fr6F0.elf	Get hash	malicious	Unknown	Browse	20.171.98.211
	szBCKC8yTb.elf	Get hash	malicious	Mirai	Browse	104.44.147.131
	tP8j8ZJdua.elf	Get hash	malicious	Mirai	Browse	40.84.64.117
	disktop.pif.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.42.12
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	13.107.213.40
	ylUZYIm2Lx.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11
MICROSOFT-CORP-MSN-AS-BLOCKUS	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	52.96.165.50
	zLH4Gkr36e.elf	Get hash	malicious	Mirai	Browse	13.83.69.117
	vEnh6fr6F0.elf	Get hash	malicious	Unknown	Browse	20.171.98.211
	szBCKC8yTb.elf	Get hash	malicious	Mirai	Browse	104.44.147.131
	tP8j8ZJdua.elf	Get hash	malicious	Mirai	Browse	40.84.64.117
	disktop.pif.exe	Get hash	malicious	AgentTesla, DBatLoader, PureLog Stealer, RedLine	Browse	13.107.139.11
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	13.107.42.12
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	13.107.213.40
	ylUZYIm2Lx.exe	Get hash	malicious	Mars Stealer, PureLog Stealer, Stealc, Vidar, zgRAT	Browse	20.157.87.45
	Oeyrmdo.exe	Get hash	malicious	AgentTesla, PureLog Stealer	Browse	13.107.137.11

JA3 Fingerprints

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
28a2c9bd18a11de089ef85a160da29e4	http://cubes.concordia.ca/track?type=click&enid=bWFpbGluZ2lkPTM2MjMmbWVzc2FnZWlkPTQxMjEmZGF0YWJhc2VpZD05MDEmc2VyaWFsPTEyNzU1MDM1NzUmZW1haWxpZD13YXJpZXN0NTkzMzgud2Vla2x5bWFpbEBibG9nZ2VyLmNvbSZ1c2VyaWQ9NDcxJmZsPSZleHRyYT1NdWx0aXZhcmlhdGVJZD0mJiY=&&&2028&&&http://gbmaucstans.com/?ddg5B=ZnJhbmNvaXMuYm91bGFuZ2VyQGNnaS5jb20=	Get hash	malicious	Unknown	Browse	23.63.206.91 20.114.59.183
	https://nts.embluemail.com/p/cl?data=Vt1BGZtgVLfostfhZom0hk8oVt5tiRlXt8RRT2mHtdghQTFUGtJ9hHhr3EU1SwPF1EvHGuTksiBjo87+ZeJps/CboX3Q8/0QJvV9bU2cNVg=!-!6j3,q9!-!https://secupo.webcindario.com/?conformite.idia@ca-idia.com	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 20.114.59.183
	https://1drv.ms/o/s!AhT23e1MofOfpnjbpE9m51fOcII5?e=K3DPPG	Get hash	malicious	HtmlDropper, HTMLPhisher	Browse	23.63.206.91 20.114.59.183
	2024-04-16_11h42_39.png	Get hash	malicious	Unknown	Browse	23.63.206.91 20.114.59.183
	https://t9015570267.p.clickup-attachments.com/t9015570267/72d38610-17ec-4e02-be10-f5425c6ab8eb/Proof_Of_Payment.HTML?view=open	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 20.114.59.183
	https://map.sewoon.org/1/themes/es/?cid=dcp@sanitasresidencial.com	Get hash	malicious	Unknown	Browse	23.63.206.91 20.114.59.183
	http://kunnskapsfilm.no	Get hash	malicious	Unknown	Browse	23.63.206.91 20.114.59.183
	ghVYKlWkRxFNuDb.exe	Get hash	malicious	AgentTesla	Browse	23.63.206.91 20.114.59.183
	https://danharborsuit.sbs/access/wfiles.html	Get hash	malicious	HTMLPhisher	Browse	23.63.206.91 20.114.59.183
	4PPlLk8IT5.exe	Get hash	malicious	PureLog Stealer, RedLine, zgRAT	Browse	23.63.206.91 20.114.59.183

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 67

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 68

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1000 x 213, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	17985
Entropy (8bit):	7.867885955041809
Encrypted:	false
SSDEEP:	384:DgxrQOw5eQiQSpyx1rlAf7uR00O2gkl0FZ6wNyO+eoVnDY:DgZQOQeDjAVU7dh2dl0b6XOoN8
MD5:	D8367010CBD3F35DFF2FB26C5B043F4A
SHA1:	8C48B1CCC8C2164EEB723FAD9525A34D0CAA0D51
SHA-256:	3CF087A7EB382716C98C713CC30D3BB3ABCB4FFEA6A61EAE443724B29279C1EB
SHA-512:	F77B384818DFCE7EAE2EFB7C4D197A4A0BD03FA19E2A493FDF6BB6EB37D13A3425E7481D1D52A523717EB18B017026F56B2A8545542E78C7DEADD7CD30661A2B
Malicious:	false
Reputation:	low
URL:	https://upload.wikimedia.org/wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png
Preview:	.PNG........IHDR....................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD............EXIDATx...y\|\U.?..sg.t..]..l. .. ...T@....H...d.N.../n...@.H.D...,.d..d.d...D..,..L.6..........&.=3s'....W-&....s.=.]..Q[....P...Zn\|a...nG/..c.j...z....................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...........Q.! """"""..u..Ed.U.!"3.li..""..4.hP.wD....`......,....<.8.}]]].0A'""""""..t:.u"......`/...`..".Y.......04...AD\|..ob.NDDDDDD._...Z...O.p....J.#..................N.7..N.9.@..a.NDDDDDD..y^c.P8..w..3A'""""".p]w.B.p.....hp.5"".wf...(....Mkkk.u.s....y.......Z&.....T.O..6.6..p]w......p..8.uww?.......g7O.4i..~..`.NDD4".tz.D"q...,...`...1.s]..c..\|.nF....?...!..UuOF..:....y.6....\../"....-kbd2.."..l..Ap...=.K...

Chrome Cache Entry: 69

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://logincdn.msauth.net/16.000.30091.10/images/favicon.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 70

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 1000 x 213, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	17985
Entropy (8bit):	7.867885955041809
Encrypted:	false
SSDEEP:	384:DgxrQOw5eQiQSpyx1rlAf7uR00O2gkl0FZ6wNyO+eoVnDY:DgZQOQeDjAVU7dh2dl0b6XOoN8
MD5:	D8367010CBD3F35DFF2FB26C5B043F4A
SHA1:	8C48B1CCC8C2164EEB723FAD9525A34D0CAA0D51
SHA-256:	3CF087A7EB382716C98C713CC30D3BB3ABCB4FFEA6A61EAE443724B29279C1EB
SHA-512:	F77B384818DFCE7EAE2EFB7C4D197A4A0BD03FA19E2A493FDF6BB6EB37D13A3425E7481D1D52A523717EB18B017026F56B2A8545542E78C7DEADD7CD30661A2B
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR....................gAMA......a.... cHRM..z&..............u0...`..:....p..Q<....bKGD............EXIDATx...y\|\U.?..sg.t..]..l. .. ...T@....H...d.N.../n...@.H.D...,.d..d.d...D..,..L.6..........&.=3s'....W-&....s.=.]..Q[....P...Zn\|a...nG/..c.j...z....................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...................1A'"""""""&.DDDDDDDL.........:........t"""""""b.NDDDDDD...........Q.! """"""..u..Ed.U.!"3.li..""..4.hP.wD....`......,....<.8.}]]].0A'""""""..t:.u"......`/...`..".Y.......04...AD\|..ob.NDDDDDD._...Z...O.p....J.#..................N.7..N.9.@..a.NDDDDDD..y^c.P8..w..3A'""""".p]w.B.p.....hp.5"".wf...(....Mkkk.u.s....y.......Z&.....T.O..6.6..p]w......p..8.uww?.......g7O.4i..~..`.NDD4".tz.D"q...,...`...1.s]..c..\|.nF....?...!..UuOF..:....y.6....\../"....-kbd2.."..l..Ap...=.K...

Chrome Cache Entry: 71

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 72

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://logincdn.msauth.net/shared/5/images/2_bc3d32a696895f78c19d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 73

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (52592)
Category:	downloaded
Size (bytes):	52789
Entropy (8bit):	5.115740062849333
Encrypted:	false
SSDEEP:	768:KkZcIOIVjl2eIWInPywe1aAvkqDX3oyq5BrieD0OTbsysV:KkZ8Pywe1aAvkqDX3oyq5BrieD0OTq
MD5:	178B651958CEFF556CBC5F355E08BBF1
SHA1:	97AFA151569F046B2E01F27C1871646E9CD87CAF
SHA-256:	8FE3FA119255ADB5E0C12479331F9E092E85BCFF56AB6ECC0510BFA2056B898D
SHA-512:	4F251A31B62B28565F41FA7EF67406384B7EBC6BB89CACCB93429A5779C589F2F72BC9FB9736FC0DAC93CCB38AD29372CF1189CC6452C3BF1EF31A89854449DD
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://cdnjs.cloudflare.com/ajax/libs/animate.css/3.5.2/animate.min.css
Preview:	@charset "UTF-8";../!. animate.css -http://daneden.me/animate. * Version - 3.5.1. * Licensed under the MIT license - http://opensource.org/licenses/MIT. . Copyright (c) 2016 Daniel Eden. */...animated{-webkit-animation-duration:1s;animation-duration:1s;-webkit-animation-fill-mode:both;animation-fill-mode:both}.animated.infinite{-webkit-animation-iteration-count:infinite;animation-iteration-count:infinite}.animated.hinge{-webkit-animation-duration:2s;animation-duration:2s}.animated.bounceIn,.animated.bounceOut,.animated.flipOutX,.animated.flipOutY{-webkit-animation-duration:.75s;animation-duration:.75s}@-webkit-keyframes bounce{0%,20%,53%,80%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezier(.215,.61,.355,1);-webkit-transform:translateZ(0);transform:translateZ(0)}40%,43%{-webkit-transform:translate3d(0,-30px,0);transform:translate3d(0,-30px,0)}40%,43%,70%{-webkit-animation-timing-function:cubic-bezier(.755,.05,.855,.06);anima

Chrome Cache Entry: 74

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65371)
Category:	downloaded
Size (bytes):	121200
Entropy (8bit):	5.0982146191887106
Encrypted:	false
SSDEEP:	768:Vy3Gxw/Vc/QWlJxtQOIuiHlq5mzI4X8OAduFKbv2ctg2Bd8JP7ecQVvH1FS:nw/a1fIuiHlq5mN8lDbNmPbh
MD5:	EC3BB52A00E176A7181D454DFFAEA219
SHA1:	6527D8BF3E1E9368BAB8C7B60F56BC01FA3AFD68
SHA-256:	F75E846CC83BD11432F4B1E21A45F31BC85283D11D372F7B19ACCD1BF6A2635C
SHA-512:	E8C5DAF01EAE68ED7C1E277A6E544C7AD108A0FA877FB531D6D9F2210769B7DA88E4E002C7B0BE3B72154EBF7CBF01A795C8342CE2DAD368BD6351E956195F8B
Malicious:	false
URL:	https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css
Preview:	/!. Bootstrap v3.3.7 (http://getbootstrap.com). * Copyright 2011-2016 Twitter, Inc.. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE). //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{font-family:sans-serif;-webkit-text-size-adjust:100%;-ms-text-size-adjust:100%}body{margin:0}article,aside,details,figcaption,figure,footer,header,hgroup,main,menu,nav,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{border-bottom:1px dotted}b,strong{font-weight:700}dfn{font-style:italic}h1{margin:.67em 0;font-size:2em}mark{color:#000;background:#ff0}small{font-size:80%}sub,sup{position:relative;font-size:75%;line-height:0;vertical-align:baseline}sup{top:-.5em}sub{bottom:-.25em}img{border:0}svg:not(:root){overflow:hidden}figure{margin:1em 40px}hr

Static File Info

General

File type:	HTML document, ASCII text, with very long lines (65536), with no line terminators
Entropy (8bit):	4.330573341291937
TrID:
File name:	mal attachment.html
File size:	165'516 bytes
MD5:	2d3a37ea99c1430bc90229bf7cd846c7
SHA1:	aa61727a98dd565d631c72b35a30e150cb5ad91e
SHA256:	f2b1f71792ce2867ee7491fde20d78cce7f79b006cd0de90f0c1d7383d91c419
SHA512:	457e3a6298503faa3880af07e2f09ef7c82af47b98524f6e3bb3bc00f3667eee5b7b08e141f7e698c24d816d558642780909794bd341b62e5e57c1b3a85647cd
SSDEEP:	3072:b9zcXWuOvKkZQvXsji/iYH6aMh/eQaFbPFtSmFZWyGml5VTnUvNKPTdQ9xfV:1cXWUD8i6YPMh2VJt7vemlfTnUGTdQ9H
TLSH:	00F3574C65B7A098C323765DFE4B375CD2609D8374B43424894C6983BA646CEECF7A8B
File Content Preview:	<script language="javascript">document.write( unescape( '%3C%21DOCTYPE%20html%3E%0A%3Chtml%20lang%3D%22en%22%3E%0A%20%3Chead%3E%0A%20%20%3Cmeta%20charset%3D%22UTF-8%22%20%2F%3E%0A%20%20%3Ctitle%3ESing%20in%20to%20your%20account%3C%2Ftitle%3E%0A%20%20%3Cli

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 13:58:17.050971031 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 13:58:17.113369942 CEST	49678	443	192.168.2.4	104.46.162.224
Apr 16, 2024 13:58:24.463550091 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.463586092 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.463649988 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.464205027 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464231014 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.464291096 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464339972 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464370966 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.464421988 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464658022 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.464679003 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.464793921 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464802980 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.464930058 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.464941978 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.682749987 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.683363914 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.683397055 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.684031963 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.684283018 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.684302092 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.684969902 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.685030937 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.685604095 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.685667992 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.688709021 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.688832998 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.690141916 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.690233946 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.692173004 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.692186117 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.692835093 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.692845106 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.704571009 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.719135046 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.719185114 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.722186089 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.722279072 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.722311974 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.722352982 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.726023912 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.726193905 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.726239920 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.739460945 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.768141031 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.771985054 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.772016048 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.802987099 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.818078995 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.839112043 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.839231968 CEST	443	49734	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.839293957 CEST	49734	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.841037989 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.841137886 CEST	443	49735	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.841180086 CEST	49735	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.841623068 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.841758966 CEST	443	49733	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.841888905 CEST	49733	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.860722065 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.860761881 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.860827923 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.861268997 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.861284018 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.861963987 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.862024069 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.862085104 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.862643003 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:24.862663984 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:24.932472944 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.932538986 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:24.932663918 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.934046984 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:24.934063911 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.075762033 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.075949907 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.077629089 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.077657938 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.077899933 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.077967882 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079041958 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079119921 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079129934 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079185963 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079474926 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079555035 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079761028 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079845905 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079922915 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079942942 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.079965115 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.079974890 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.124397993 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.167042971 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.167438030 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.167468071 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.168519974 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.168634892 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.168649912 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.168988943 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.169146061 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.169217110 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.169306040 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.189743042 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.216115952 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.299396038 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.299423933 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.334372044 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334410906 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334434986 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334474087 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334505081 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334517956 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334549904 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334608078 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.334609032 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.334609032 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.334685087 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334815025 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334846020 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334866047 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.334867954 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334887028 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.334889889 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.335470915 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.335503101 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.335530996 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.335553885 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.335577965 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.335597992 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.335629940 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.335649967 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.335663080 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.336291075 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.336323977 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.336353064 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.336358070 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.336376905 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.336401939 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.336421013 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.336432934 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337189913 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337240934 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337244034 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.337258101 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337306023 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337313890 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.337332010 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.337572098 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.337584972 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338174105 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338210106 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338226080 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.338239908 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338282108 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338303089 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.338318110 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.338659048 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.339634895 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339698076 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339725971 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339755058 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339776993 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.339777946 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339788914 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.339797020 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.339829922 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.340131044 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.340334892 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.340396881 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.340409994 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351479053 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351531029 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351624012 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351659060 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351675987 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351696968 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.351696968 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.351726055 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351742983 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.351778030 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351808071 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351855040 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.351865053 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.351913929 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.352269888 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.352346897 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.352381945 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.352416992 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.352427006 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.352435112 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.352471113 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.353216887 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353264093 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353275061 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.353281975 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353327036 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353363991 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353378057 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.353384972 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353398085 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.353960037 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.353996038 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354027033 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.354034901 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354074955 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354113102 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354125023 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.354131937 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354146004 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.354892969 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354934931 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.354945898 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.354953051 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355000973 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355050087 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.355057001 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355103016 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.355693102 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355809927 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355849981 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355885029 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355892897 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.355901003 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.355917931 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.356587887 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.356637955 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.356645107 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.356728077 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.356829882 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.356889009 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.357130051 CEST	49738	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.357140064 CEST	443	49738	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.420517921 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420531988 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420567989 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420579910 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420587063 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420628071 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.420665979 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.420694113 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.420718908 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.438218117 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.438345909 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.438416004 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.438411951 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.438412905 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.438483000 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.438533068 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.438612938 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.439403057 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.439469099 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.440059900 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.440140009 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.440154076 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.440244913 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.440295935 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.440310955 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.440423965 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.441049099 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.441118002 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.442420959 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.442488909 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.442506075 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.442567110 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.442981958 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.442990065 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.443063021 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.443063974 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.443113089 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.443285942 CEST	49740	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.443312883 CEST	443	49740	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.443562031 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.443618059 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.443644047 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.443691969 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.444112062 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.444169044 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.444242954 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.444297075 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.444814920 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.444884062 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.444896936 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.444961071 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.444972038 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.444993019 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.445038080 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.446141005 CEST	49739	443	192.168.2.4	104.17.24.14
Apr 16, 2024 13:58:25.446171045 CEST	443	49739	104.17.24.14	192.168.2.4
Apr 16, 2024 13:58:25.553848982 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.553898096 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.553966999 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.554200888 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.554215908 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.559559107 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.559644938 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.559684992 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.559712887 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.559756994 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.559998035 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.560036898 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.560070992 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.560153961 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.560174942 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.797995090 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.798265934 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.798301935 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.799177885 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.799249887 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.799261093 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.799367905 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.800040960 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.800106049 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.800209999 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.800218105 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:25.845561028 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:25.882671118 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.882926941 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.882949114 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.882973909 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.883135080 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.883142948 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.883994102 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.884058952 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.884294033 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.884344101 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.885158062 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.885246038 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.885315895 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.885385036 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.885446072 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.885498047 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.885507107 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.932123899 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:25.998404980 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.998405933 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:25.998424053 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.064364910 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064394951 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064424992 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064443111 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064451933 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064475060 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:26.064502954 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.064533949 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:26.084830999 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.084984064 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.085051060 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:26.085154057 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:26.085294008 CEST	49742	443	192.168.2.4	208.80.154.240
Apr 16, 2024 13:58:26.085334063 CEST	443	49742	208.80.154.240	192.168.2.4
Apr 16, 2024 13:58:26.088164091 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.088321924 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.088392973 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.089693069 CEST	49743	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.089706898 CEST	443	49743	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.189867020 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.235127926 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.235172987 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.235250950 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.235426903 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.235435009 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.527189016 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527215958 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527221918 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527265072 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527280092 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527292013 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527311087 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.527326107 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527335882 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527354956 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.527374983 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.527386904 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.527427912 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.528572083 CEST	49744	443	192.168.2.4	13.107.213.40
Apr 16, 2024 13:58:26.528588057 CEST	443	49744	13.107.213.40	192.168.2.4
Apr 16, 2024 13:58:26.533755064 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.533826113 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.533901930 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.534126997 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.534156084 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.555852890 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.556078911 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.556107044 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.557111979 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.557200909 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.557528019 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.557585955 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.557691097 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.557698011 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.611810923 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.658622980 CEST	49675	443	192.168.2.4	173.222.162.32
Apr 16, 2024 13:58:26.776892900 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.776976109 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.777036905 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.777781963 CEST	49746	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.777805090 CEST	443	49746	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.853286982 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.853573084 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.853595018 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.854563951 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.854628086 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.854940891 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.854989052 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.855081081 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:26.855087996 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:26.914040089 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451205015 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451272964 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451297045 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451325893 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451330900 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451337099 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451345921 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451363087 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451368093 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451390982 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451420069 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451425076 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451436996 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451474905 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.451489925 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451520920 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:27.451560020 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.454236984 CEST	49747	443	192.168.2.4	13.107.213.41
Apr 16, 2024 13:58:27.454258919 CEST	443	49747	13.107.213.41	192.168.2.4
Apr 16, 2024 13:58:28.531750917 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.531826019 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.531912088 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.533212900 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.533243895 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.754978895 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.769360065 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.769421101 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.770488024 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.770580053 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.839019060 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.839469910 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.884675980 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:28.884742975 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:28.931549072 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:29.391758919 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.391853094 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.391976118 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.394398928 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.394411087 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.613934994 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.614026070 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.616961002 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.616969109 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.617358923 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.654993057 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.696121931 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.813375950 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.813472033 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.813700914 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.833607912 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.833640099 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.833657980 CEST	49750	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.833666086 CEST	443	49750	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.891930103 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.892019987 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:29.892225981 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.892853022 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:29.892864943 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.106421947 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.106589079 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.109160900 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.109173059 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.109513044 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.112220049 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.156122923 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.313550949 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.313735008 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.313793898 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.315813065 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.315829992 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:30.315839052 CEST	49751	443	192.168.2.4	23.63.206.91
Apr 16, 2024 13:58:30.315844059 CEST	443	49751	23.63.206.91	192.168.2.4
Apr 16, 2024 13:58:38.755691051 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:38.755763054 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:38.756278992 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:39.045835018 CEST	49749	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:58:39.045892954 CEST	443	49749	74.125.136.103	192.168.2.4
Apr 16, 2024 13:58:40.171677113 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:40.171765089 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:40.171869040 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:40.173446894 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:40.173482895 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:40.683428049 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:40.683507919 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:40.693074942 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:40.693109035 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:40.693489075 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:40.737191916 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.392414093 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.436129093 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721777916 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721803904 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721812010 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721829891 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721853971 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721887112 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.721916914 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721932888 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.721932888 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721955061 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.721961975 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.721978903 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.721990108 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:41.721995115 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.722026110 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:58:41.722107887 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:42.069489956 CEST	49757	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:58:42.069549084 CEST	443	49757	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.225162983 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.225219965 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.229832888 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.231148005 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.231168032 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.752913952 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.752988100 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.790616035 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.790644884 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.790987015 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:19.816356897 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:19.864115953 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253120899 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253146887 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253154039 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253176928 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253189087 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253199100 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253216982 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.253242016 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253253937 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253264904 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.253269911 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253307104 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.253331900 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.253369093 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.253369093 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.308470964 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.308471918 CEST	49764	443	192.168.2.4	20.114.59.183
Apr 16, 2024 13:59:20.308507919 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:20.308532953 CEST	443	49764	20.114.59.183	192.168.2.4
Apr 16, 2024 13:59:28.936124086 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:28.936165094 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:28.936346054 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:28.937642097 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:28.937666893 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:29.150592089 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:29.156687021 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:29.156717062 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:29.157195091 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:29.158560991 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:29.158632040 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:29.206043959 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:36.071470022 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 16, 2024 13:59:36.071615934 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 16, 2024 13:59:36.174880028 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 16, 2024 13:59:36.174988031 CEST	80	49723	199.232.214.172	192.168.2.4
Apr 16, 2024 13:59:36.175060987 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 16, 2024 13:59:36.175178051 CEST	49723	80	192.168.2.4	199.232.214.172
Apr 16, 2024 13:59:36.175195932 CEST	80	49724	199.232.214.172	192.168.2.4
Apr 16, 2024 13:59:36.175273895 CEST	49724	80	192.168.2.4	199.232.214.172
Apr 16, 2024 13:59:39.170295000 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:39.170368910 CEST	443	49766	74.125.136.103	192.168.2.4
Apr 16, 2024 13:59:39.170444012 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:40.931869984 CEST	49766	443	192.168.2.4	74.125.136.103
Apr 16, 2024 13:59:40.931899071 CEST	443	49766	74.125.136.103	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 16, 2024 13:58:24.352447033 CEST	51623	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:24.352593899 CEST	50568	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:24.353565931 CEST	53035	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:24.353724957 CEST	49213	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:24.440363884 CEST	53	57843	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:24.455746889 CEST	53	63970	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:24.456562996 CEST	53	51623	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:24.456708908 CEST	53	50568	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:24.457882881 CEST	53	49213	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:24.458712101 CEST	53	53035	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:25.086601019 CEST	53	52360	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:25.448975086 CEST	51275	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:25.449229002 CEST	57592	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:25.553199053 CEST	53	51275	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:25.553340912 CEST	53	57592	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:28.423717976 CEST	61006	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:28.425429106 CEST	52461	53	192.168.2.4	1.1.1.1
Apr 16, 2024 13:58:28.527919054 CEST	53	61006	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:28.529361963 CEST	53	52461	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:37.452899933 CEST	53	63314	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:43.530498981 CEST	53	55477	1.1.1.1	192.168.2.4
Apr 16, 2024 13:58:47.640125990 CEST	138	138	192.168.2.4	192.168.2.255
Apr 16, 2024 13:59:02.390209913 CEST	53	63083	1.1.1.1	192.168.2.4
Apr 16, 2024 13:59:23.960033894 CEST	53	61359	1.1.1.1	192.168.2.4
Apr 16, 2024 13:59:24.767000914 CEST	53	49192	1.1.1.1	192.168.2.4
Apr 16, 2024 13:59:51.859873056 CEST	53	50033	1.1.1.1	192.168.2.4
Apr 16, 2024 14:00:36.537264109 CEST	53	53871	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 16, 2024 13:58:24.352447033 CEST	192.168.2.4	1.1.1.1	0x588	Standard query (0)	cdnjs.cloudflare.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:24.352593899 CEST	192.168.2.4	1.1.1.1	0x1fb6	Standard query (0)	cdnjs.cloudflare.com	65	IN (0x0001)	false
Apr 16, 2024 13:58:24.353565931 CEST	192.168.2.4	1.1.1.1	0xb869	Standard query (0)	upload.wikimedia.org	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:24.353724957 CEST	192.168.2.4	1.1.1.1	0xa658	Standard query (0)	upload.wikimedia.org	65	IN (0x0001)	false
Apr 16, 2024 13:58:25.448975086 CEST	192.168.2.4	1.1.1.1	0x754e	Standard query (0)	upload.wikimedia.org	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:25.449229002 CEST	192.168.2.4	1.1.1.1	0x2085	Standard query (0)	upload.wikimedia.org	65	IN (0x0001)	false
Apr 16, 2024 13:58:28.423717976 CEST	192.168.2.4	1.1.1.1	0x5929	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.425429106 CEST	192.168.2.4	1.1.1.1	0xdd55	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 16, 2024 13:58:24.456562996 CEST	1.1.1.1	192.168.2.4	0x588	No error (0)	cdnjs.cloudflare.com		104.17.24.14	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:24.456562996 CEST	1.1.1.1	192.168.2.4	0x588	No error (0)	cdnjs.cloudflare.com		104.17.25.14	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:24.456708908 CEST	1.1.1.1	192.168.2.4	0x1fb6	No error (0)	cdnjs.cloudflare.com			65	IN (0x0001)	false
Apr 16, 2024 13:58:24.458712101 CEST	1.1.1.1	192.168.2.4	0xb869	No error (0)	upload.wikimedia.org		208.80.154.240	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:25.553199053 CEST	1.1.1.1	192.168.2.4	0x754e	No error (0)	upload.wikimedia.org		208.80.154.240	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:25.559058905 CEST	1.1.1.1	192.168.2.4	0x177d	No error (0)	shed.dual-low.part-0012.t-0009.t-msedge.net	part-0012.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 13:58:25.559058905 CEST	1.1.1.1	192.168.2.4	0x177d	No error (0)	part-0012.t-0009.t-msedge.net		13.107.213.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:25.559058905 CEST	1.1.1.1	192.168.2.4	0x177d	No error (0)	part-0012.t-0009.t-msedge.net		13.107.246.40	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:26.234117985 CEST	1.1.1.1	192.168.2.4	0xd68d	No error (0)	shed.dual-low.part-0013.t-0009.t-msedge.net	part-0013.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 16, 2024 13:58:26.234117985 CEST	1.1.1.1	192.168.2.4	0xd68d	No error (0)	part-0013.t-0009.t-msedge.net		13.107.213.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:26.234117985 CEST	1.1.1.1	192.168.2.4	0xd68d	No error (0)	part-0013.t-0009.t-msedge.net		13.107.246.41	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.103	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.147	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.105	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.106	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.99	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.527919054 CEST	1.1.1.1	192.168.2.4	0x5929	No error (0)	www.google.com		74.125.136.104	A (IP address)	IN (0x0001)	false
Apr 16, 2024 13:58:28.529361963 CEST	1.1.1.1	192.168.2.4	0xdd55	No error (0)	www.google.com			65	IN (0x0001)	false

HTTP Request Dependency Graph

cdnjs.cloudflare.com

upload.wikimedia.org

logincdn.msauth.net

fs.microsoft.com

slscr.update.microsoft.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49735	104.17.24.14	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:24 UTC	553	OUT	GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49734	104.17.24.14	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:24 UTC	541	OUT	GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49733	208.80.154.240	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:24 UTC	643	OUT	GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1 Host: upload.wikimedia.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49739	104.17.24.14	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	553	OUT	GET /ajax/libs/twitter-bootstrap/3.3.7/css/bootstrap.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:25 UTC	948	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:25 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb04010-1d970" Last-Modified: Mon, 04 May 2020 16:17:20 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 2211751 Expires: Sun, 06 Apr 2025 11:58:25 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=jyOe9x0y4QFmwb%2BtLxRGLtvWDNDH9HbnlYZXAQgCazXdlUoFrl%2B5aQtg%2Fq6rsKCvM7Q2Ge7INTc7NYWLJcMjWqrFf%2BDyNCAxHLiXqdcF8qR2eLqphMI6WanlZjueOGnBf7G3OaoW"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 875400dffa06b06f-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 11:58:25 UTC	421	IN	Data Raw: 33 39 61 35 0d 0a 2f 2a 21 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 33 2e 33 2e 37 20 28 68 74 74 70 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 36 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0a 20 2a 2f 2f 2a 21 20 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 76 33 2e 30 2e 33 20 7c 20 4d 49 54 20 4c 69 63 65 6e 73 65 20 7c 20 67 69 74 68 75 62 2e 63 6f 6d 2f 6e 65 63 6f 6c 61 73 2f 6e 6f 72 6d 61 6c 69 7a 65 2e 63 73 73 20 2a 2f 68 74 6d 6c 7b Data Ascii: 39a5/! Bootstrap v3.3.7 (http://getbootstrap.com) * Copyright 2011-2016 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) //! normalize.css v3.0.3 \| MIT License \| github.com/necolas/normalize.css */html{
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 76 2c 73 65 63 74 69 6f 6e 2c 73 75 6d 6d 61 72 79 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 7d 61 75 64 69 6f 2c 63 61 6e 76 61 73 2c 70 72 6f 67 72 65 73 73 2c 76 69 64 65 6f 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 62 61 73 65 6c 69 6e 65 7d 61 75 64 69 6f 3a 6e 6f 74 28 5b 63 6f 6e 74 72 6f 6c 73 5d 29 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 30 7d 5b 68 69 64 64 65 6e 5d 2c 74 65 6d 70 6c 61 74 65 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 61 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 74 72 61 6e 73 70 61 72 65 6e 74 7d 61 3a 61 63 74 69 76 65 2c 61 3a 68 6f 76 65 72 7b 6f 75 74 6c 69 6e 65 3a 30 7d 61 62 62 72 5b 74 69 74 6c 65 5d 7b 62 6f 72 64 65 Data Ascii: v,section,summary{display:block}audio,canvas,progress,video{display:inline-block;vertical-align:baseline}audio:not([controls]){display:none;height:0}[hidden],template{display:none}a{background-color:transparent}a:active,a:hover{outline:0}abbr[title]{borde
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 67 68 74 3a 61 75 74 6f 7d 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 7b 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 6d 6f 7a 2d 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 63 6f 6e 74 65 6e 74 2d 62 6f 78 3b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 74 65 78 74 66 69 65 6c 64 7d 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 63 61 6e 63 65 6c 2d 62 75 74 74 6f 6e 2c 69 6e 70 75 74 5b 74 79 70 65 3d 73 65 61 72 63 68 5d 3a 3a 2d 77 65 62 6b 69 74 2d 73 65 61 72 63 68 2d 64 65 63 6f 72 61 74 69 6f 6e 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f Data Ascii: ght:auto}input[type=search]{-webkit-box-sizing:content-box;-moz-box-sizing:content-box;box-sizing:content-box;-webkit-appearance:textfield}input[type=search]::-webkit-search-cancel-button,input[type=search]::-webkit-search-decoration{-webkit-appearance:no
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 20 73 6f 6c 69 64 20 23 64 64 64 21 69 6d 70 6f 72 74 61 6e 74 7d 7d 40 66 6f 6e 74 2d 66 61 63 65 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 27 47 6c 79 70 68 69 63 6f 6e 73 20 48 61 6c 66 6c 69 6e 67 73 27 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 65 6f 74 29 3b 73 72 63 3a 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 65 6f 74 3f 23 69 65 66 69 78 29 20 66 6f 72 6d 61 74 28 27 65 6d 62 65 64 64 65 64 2d 6f 70 65 6e 74 79 70 65 27 29 2c 75 72 6c 28 2e 2e 2f 66 6f 6e 74 73 2f 67 6c 79 70 68 69 63 6f 6e 73 2d 68 61 6c 66 6c 69 6e 67 73 2d 72 65 67 75 6c 61 72 2e 77 6f 66 66 32 29 20 Data Ascii: solid #ddd!important}}@font-face{font-family:'Glyphicons Halflings';src:url(../fonts/glyphicons-halflings-regular.eot);src:url(../fonts/glyphicons-halflings-regular.eot?#iefix) format('embedded-opentype'),url(../fonts/glyphicons-halflings-regular.woff2)
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 30 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 68 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 68 2d 6c 69 73 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6f 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 7a 6f 6f 6d 2d 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 7a 6f 6f 6d 2d 6f 75 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 31 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e Data Ascii: 0"}.glyphicon-th:before{content:"\e011"}.glyphicon-th-list:before{content:"\e012"}.glyphicon-ok:before{content:"\e013"}.glyphicon-remove:before{content:"\e014"}.glyphicon-zoom-in:before{content:"\e015"}.glyphicon-zoom-out:before{content:"\e016"}.glyphicon
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 62 6f 6f 6b 6d 61 72 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 72 69 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 61 6d 65 72 61 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6f 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 62 6f 6c 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 38 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 69 74 61 6c 69 63 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 34 39 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 65 78 74 2d 68 65 69 67 68 74 3a Data Ascii: bookmark:before{content:"\e044"}.glyphicon-print:before{content:"\e045"}.glyphicon-camera:before{content:"\e046"}.glyphicon-font:before{content:"\e047"}.glyphicon-bold:before{content:"\e048"}.glyphicon-italic:before{content:"\e049"}.glyphicon-text-height:
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 6f 6e 2d 73 74 65 70 2d 66 6f 72 77 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 65 6a 65 63 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 38 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 6c 65 66 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 37 39 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 72 69 67 68 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 38 30 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 6c 75 73 2d 73 69 67 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 30 38 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6d 69 6e 75 73 2d 73 69 67 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a Data Ascii: on-step-forward:before{content:"\e077"}.glyphicon-eject:before{content:"\e078"}.glyphicon-chevron-left:before{content:"\e079"}.glyphicon-chevron-right:before{content:"\e080"}.glyphicon-plus-sign:before{content:"\e081"}.glyphicon-minus-sign:before{content:
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 6c 79 70 68 69 63 6f 6e 2d 63 6f 6d 6d 65 6e 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6d 61 67 6e 65 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 75 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 68 65 76 72 6f 6e 2d 64 6f 77 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 72 65 74 77 65 65 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 31 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 73 68 6f 70 70 69 6e 67 2d 63 61 72 74 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a Data Ascii: lyphicon-comment:before{content:"\e111"}.glyphicon-magnet:before{content:"\e112"}.glyphicon-chevron-up:before{content:"\e113"}.glyphicon-chevron-down:before{content:"\e114"}.glyphicon-retweet:before{content:"\e115"}.glyphicon-shopping-cart:before{content:
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 31 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 61 70 65 72 63 6c 69 70 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 32 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 68 65 61 72 74 2d 65 6d 70 74 79 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 6c 69 6e 6b 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 68 6f 6e 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 70 75 73 68 70 69 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 34 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 75 73 64 3a 62 65 66 6f 72 65 7b Data Ascii: efore{content:"\e141"}.glyphicon-paperclip:before{content:"\e142"}.glyphicon-heart-empty:before{content:"\e143"}.glyphicon-link:before{content:"\e144"}.glyphicon-phone:before{content:"\e145"}.glyphicon-pushpin:before{content:"\e146"}.glyphicon-usd:before{
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 33 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 72 65 6d 6f 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 34 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 73 61 76 65 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 35 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 66 6c 6f 70 70 79 2d 6f 70 65 6e 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 36 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 63 72 65 64 69 74 2d 63 61 72 64 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 37 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d 74 72 61 6e 73 66 65 72 3a 62 65 66 6f 72 65 7b 63 6f 6e 74 65 6e 74 3a 22 5c 65 31 37 38 22 7d 2e 67 6c 79 70 68 69 63 6f 6e 2d Data Ascii: ontent:"\e173"}.glyphicon-floppy-remove:before{content:"\e174"}.glyphicon-floppy-save:before{content:"\e175"}.glyphicon-floppy-open:before{content:"\e176"}.glyphicon-credit-card:before{content:"\e177"}.glyphicon-transfer:before{content:"\e178"}.glyphicon-

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49738	104.17.24.14	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	541	OUT	GET /ajax/libs/animate.css/3.5.2/animate.min.css HTTP/1.1 Host: cdnjs.cloudflare.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:25 UTC	943	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:25 GMT Content-Type: text/css; charset=utf-8 Transfer-Encoding: chunked Connection: close Access-Control-Allow-Origin: * Cache-Control: public, max-age=30672000 ETag: W/"5eb03d2a-ce35" Last-Modified: Mon, 04 May 2020 16:04:58 GMT cf-cdnjs-via: cfworker/kv Cross-Origin-Resource-Policy: cross-origin Timing-Allow-Origin: * X-Content-Type-Options: nosniff CF-Cache-Status: HIT Age: 28676 Expires: Sun, 06 Apr 2025 11:58:25 GMT Report-To: {"endpoints":[{"url":"https:\/\/a.nel.cloudflare.com\/report\/v4?s=%2BQqxMzEQDGePOsXTjLF%2FgaN1UppITXXnNBt72JUixyUPcTabdo6F15WFPc2fxqRG0NrWsyyuyiZqEOeBlSIguebcvLt9lxS23QDa20T5f4iht0GVsrMNMEI%2FECTFh21QKPgyYnHg"}],"group":"cf-nel","max_age":604800} NEL: {"success_fraction":0.01,"report_to":"cf-nel","max_age":604800} Strict-Transport-Security: max-age=15780000 Server: cloudflare CF-RAY: 875400dff99a07da-ATL alt-svc: h3=":443"; ma=86400
2024-04-16 11:58:25 UTC	426	IN	Data Raw: 33 39 61 61 0d 0a 40 63 68 61 72 73 65 74 20 22 55 54 46 2d 38 22 3b 0a 0a 2f 2a 21 0a 20 2a 20 61 6e 69 6d 61 74 65 2e 63 73 73 20 2d 68 74 74 70 3a 2f 2f 64 61 6e 65 64 65 6e 2e 6d 65 2f 61 6e 69 6d 61 74 65 0a 20 2a 20 56 65 72 73 69 6f 6e 20 2d 20 33 2e 35 2e 31 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 74 68 65 20 4d 49 54 20 6c 69 63 65 6e 73 65 20 2d 20 68 74 74 70 3a 2f 2f 6f 70 65 6e 73 6f 75 72 63 65 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 73 2f 4d 49 54 0a 20 2a 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 31 36 20 44 61 6e 69 65 6c 20 45 64 65 6e 0a 20 2a 2f 0a 0a 2e 61 6e 69 6d 61 74 65 64 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 31 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 Data Ascii: 39aa@charset "UTF-8";/! animate.css -http://daneden.me/animate * Version - 3.5.1 * Licensed under the MIT license - http://opensource.org/licenses/MIT * * Copyright (c) 2016 Daniel Eden */.animated{-webkit-animation-duration:1s;animation-du
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 74 65 64 2e 68 69 6e 67 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 32 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 32 73 7d 2e 61 6e 69 6d 61 74 65 64 2e 62 6f 75 6e 63 65 49 6e 2c 2e 61 6e 69 6d 61 74 65 64 2e 62 6f 75 6e 63 65 4f 75 74 2c 2e 61 6e 69 6d 61 74 65 64 2e 66 6c 69 70 4f 75 74 58 2c 2e 61 6e 69 6d 61 74 65 64 2e 66 6c 69 70 4f 75 74 59 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 2e 37 35 73 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 75 72 61 74 69 6f 6e 3a 2e 37 35 73 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 7b 30 25 2c 32 30 25 2c 35 33 25 2c 38 30 25 2c 74 6f 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f Data Ascii: ted.hinge{-webkit-animation-duration:2s;animation-duration:2s}.animated.bounceIn,.animated.bounceOut,.animated.flipOutX,.animated.flipOutY{-webkit-animation-duration:.75s;animation-duration:.75s}@-webkit-keyframes bounce{0%,20%,53%,80%,to{-webkit-animatio
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 30 29 7d 7d 2e 62 6f 75 6e 63 65 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 62 6f 75 6e 63 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 62 6f 75 6e 63 65 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 63 65 6e 74 65 72 20 62 6f 74 74 6f 6d 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 63 65 6e 74 65 72 20 62 6f 74 74 6f 6d 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 66 6c 61 73 68 7b 30 25 2c 35 30 25 2c 74 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 32 35 25 2c 37 35 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 66 6c 61 73 68 7b 30 25 2c 35 30 25 2c 74 6f 7b 6f 70 61 63 69 74 79 3a 31 7d 32 35 25 2c 37 35 25 7b 6f 70 61 63 69 74 79 3a 30 7d 7d 2e Data Ascii: 0)}}.bounce{-webkit-animation-name:bounce;animation-name:bounce;-webkit-transform-origin:center bottom;transform-origin:center bottom}@-webkit-keyframes flash{0%,50%,to{opacity:1}25%,75%{opacity:0}}@keyframes flash{0%,50%,to{opacity:1}25%,75%{opacity:0}}.
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 33 64 28 31 2e 32 35 2c 2e 37 35 2c 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 31 2e 32 35 2c 2e 37 35 2c 31 29 7d 34 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 37 35 2c 31 2e 32 35 2c 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 37 35 2c 31 2e 32 35 2c 31 29 7d 35 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 31 2e 31 35 2c 2e 38 35 2c 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 31 2e 31 35 2c 2e 38 35 2c 31 29 7d 36 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 35 2c 31 2e 30 35 2c 31 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 33 64 28 2e 39 35 2c 31 2e Data Ascii: 3d(1.25,.75,1);transform:scale3d(1.25,.75,1)}40%{-webkit-transform:scale3d(.75,1.25,1);transform:scale3d(.75,1.25,1)}50%{-webkit-transform:scale3d(1.15,.85,1);transform:scale3d(1.15,.85,1)}65%{-webkit-transform:scale3d(.95,1.05,1);transform:scale3d(.95,1.
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 61 74 65 59 28 2d 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 2d 33 70 78 29 20 72 6f 74 61 74 65 59 28 2d 35 64 65 67 29 7d 34 33 2e 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 70 78 29 20 72 6f 74 61 74 65 59 28 33 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 32 70 78 29 20 72 6f 74 61 74 65 59 28 33 64 65 67 29 7d 35 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 30 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 58 28 30 29 7d 7d 40 6b 65 79 66 72 61 6d 65 73 20 68 65 61 64 53 68 61 6b 65 7b 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e Data Ascii: ateY(-5deg);transform:translateX(-3px) rotateY(-5deg)}43.5%{-webkit-transform:translateX(2px) rotateY(3deg);transform:translateX(2px) rotateY(3deg)}50%{-webkit-transform:translateX(0);transform:translateX(0)}}@keyframes headShake{0%{-webkit-transform:tran
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 3a 72 6f 74 61 74 65 28 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 35 64 65 67 29 7d 38 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 35 64 65 67 29 7d 74 6f 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 30 64 65 67 29 7d 7d 2e 73 77 69 6e 67 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 74 6f 70 20 63 65 6e 74 65 72 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 74 6f 70 20 63 65 6e 74 65 72 3b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 73 77 69 6e 67 3b Data Ascii: :rotate(5deg);transform:rotate(5deg)}80%{-webkit-transform:rotate(-5deg);transform:rotate(-5deg)}to{-webkit-transform:rotate(0deg);transform:rotate(0deg)}}.swing{-webkit-transform-origin:top center;transform-origin:top center;-webkit-animation-name:swing;
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 35 25 2c 30 2c 30 29 20 72 6f 74 61 74 65 28 2d 35 64 65 67 29 7d 33 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 32 30 25 2c 30 2c 30 29 20 72 6f 74 61 74 65 28 33 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 32 30 25 2c 30 2c 30 29 20 72 6f 74 61 74 65 28 33 64 65 67 29 7d 34 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 2d 31 35 25 2c 30 2c 30 29 20 72 6f 74 61 74 65 28 2d 33 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 2d 31 35 25 2c 30 2c 30 29 20 72 6f 74 61 74 65 28 2d 33 64 65 67 29 7d 36 30 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 Data Ascii: 5%,0,0) rotate(-5deg)}30%{-webkit-transform:translate3d(20%,0,0) rotate(3deg);transform:translate3d(20%,0,0) rotate(3deg)}45%{-webkit-transform:translate3d(-15%,0,0) rotate(-3deg);transform:translate3d(-15%,0,0) rotate(-3deg)}60%{-webkit-transform:transla
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 72 61 6e 73 66 6f 72 6d 3a 73 6b 65 77 58 28 36 2e 32 35 64 65 67 29 20 73 6b 65 77 59 28 36 2e 32 35 64 65 67 29 7d 34 34 2e 34 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 6b 65 77 58 28 2d 33 2e 31 32 35 64 65 67 29 20 73 6b 65 77 59 28 2d 33 2e 31 32 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 6b 65 77 58 28 2d 33 2e 31 32 35 64 65 67 29 20 73 6b 65 77 59 28 2d 33 2e 31 32 35 64 65 67 29 7d 35 35 2e 35 25 7b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 73 6b 65 77 58 28 31 2e 35 36 32 35 64 65 67 29 20 73 6b 65 77 59 28 31 2e 35 36 32 35 64 65 67 29 3b 74 72 61 6e 73 66 6f 72 6d 3a 73 6b 65 77 58 28 31 2e 35 36 32 35 64 65 67 29 20 73 6b 65 77 59 28 31 2e 35 36 32 35 64 65 67 29 7d 36 36 2e 36 25 7b 2d 77 65 62 6b 69 Data Ascii: ransform:skewX(6.25deg) skewY(6.25deg)}44.4%{-webkit-transform:skewX(-3.125deg) skewY(-3.125deg);transform:skewX(-3.125deg) skewY(-3.125deg)}55.5%{-webkit-transform:skewX(1.5625deg) skewY(1.5625deg);transform:skewX(1.5625deg) skewY(1.5625deg)}66.6%{-webki
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 6a 65 6c 6c 6f 3b 61 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 6a 65 6c 6c 6f 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 63 65 6e 74 65 72 3b 74 72 61 6e 73 66 6f 72 6d 2d 6f 72 69 67 69 6e 3a 63 65 6e 74 65 72 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 49 6e 7b 30 25 2c 32 30 25 2c 34 30 25 2c 36 30 25 2c 38 30 25 2c 74 6f 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 Data Ascii: ebkit-animation-name:jello;animation-name:jello;-webkit-transform-origin:center;transform-origin:center}@-webkit-keyframes bounceIn{0%,20%,40%,60%,80%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezie
2024-04-16 11:58:25 UTC	1369	IN	Data Raw: 6e 69 6d 61 74 69 6f 6e 2d 6e 61 6d 65 3a 62 6f 75 6e 63 65 49 6e 7d 40 2d 77 65 62 6b 69 74 2d 6b 65 79 66 72 61 6d 65 73 20 62 6f 75 6e 63 65 49 6e 44 6f 77 6e 7b 30 25 2c 36 30 25 2c 37 35 25 2c 39 30 25 2c 74 6f 7b 2d 77 65 62 6b 69 74 2d 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 63 75 62 69 63 2d 62 65 7a 69 65 72 28 2e 32 31 35 2c 2e 36 31 2c 2e 33 35 35 2c 31 29 7d 30 25 7b 6f 70 61 63 69 74 79 3a 30 3b 2d 77 65 62 6b 69 74 2d 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 33 64 28 30 2c 2d 33 30 30 30 70 78 2c 30 29 3b 74 72 61 6e 73 66 Data Ascii: nimation-name:bounceIn}@-webkit-keyframes bounceInDown{0%,60%,75%,90%,to{-webkit-animation-timing-function:cubic-bezier(.215,.61,.355,1);animation-timing-function:cubic-bezier(.215,.61,.355,1)}0%{opacity:0;-webkit-transform:translate3d(0,-3000px,0);transf

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49740	208.80.154.240	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	643	OUT	GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1 Host: upload.wikimedia.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:25 UTC	1073	IN	HTTP/1.1 200 OK date: Tue, 16 Apr 2024 01:29:07 GMT etag: d8367010cbd3f35dff2fb26c5b043f4a server: ATS/9.1.4 content-type: image/png content-disposition: inline;filename=UTF-8''Microsoft_logo_%282012%29.svg.png last-modified: Sun, 27 Aug 2023 19:39:08 GMT content-length: 17985 age: 37757 x-cache: cp1105 hit, cp1105 hit/20 x-cache-status: hit-front server-timing: cache;desc="hit-front", host;desc="cp1105" strict-transport-security: max-age=106384710; includeSubDomains; preload report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0} x-client-ip: 81.181.57.52 x-content-type-options: nosniff access-control-allow-origin: access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache timing-allow-origin: * accept-ranges: bytes connection: close
2024-04-16 11:58:25 UTC	13824	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e8 00 00 00 d5 08 06 00 00 00 c4 af da 0a 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 45 58 49 44 41 54 78 da ed dd 79 7c 5c 55 f9 3f f0 cf 73 67 92 74 c9 a4 94 5d 96 b6 6c 82 20 8a ec 20 82 ec 2e 54 40 89 80 80 08 48 91 fa 8d 64 e6 4e d2 16 15 2f 6e d0 e4 de 99 40 b4 48 05 44 04 14 8a 2c fe 64 11 05 64 13 64 13 05 05 44 96 b6 2c ca de 4c 9a 36 99 b9 e7 f9 fd 91 a9 af aa d0 26 e9 3d 33 73 27 9f f7 eb d5 57 2d 26 e7 de fb 9c 73 cf 3d cf 5d ce 91 c2 51 5b 9f a9 c0 02 50 0d d1 07 5a 6e 7c 61 df 91 fc e4 b7 6e Data Ascii: PNGIHDRgAMAa cHRMz&u0`:pQ<bKGDEXIDATxy\|\U?sgt]l .T@HdN/n@HD,dddD,L6&=3s'W-&s=]Q[PZn\|an
2024-04-16 11:58:25 UTC	4161	IN	Data Raw: aa 76 d9 cc ad 44 e4 b6 5c 2e 77 07 7b c3 d1 29 bf 81 b8 d8 e2 26 3e 9f c9 64 0e 64 82 4e 44 54 41 be ef 2f 07 70 65 95 6e 0e 70 72 b8 3a 13 04 c1 a3 aa 5a c9 25 f3 04 c0 57 1d c7 f9 7b 36 9b fd 5a 3a 9d 9e 68 7b 83 ae eb ee 90 cd 66 17 84 61 f8 9c 88 7c 0d 40 13 6b 7e dd f4 f6 f6 0e 02 f8 7a 05 db 4c ba 50 28 3c 99 cd 66 67 56 a0 bd 6c e8 ba ee e5 00 6e 01 b0 81 e5 cd fd ac 3c 1f 84 2d fb a9 ea af 5d d7 7d dc 75 dd 59 73 e6 cc 99 52 89 0a eb ec ec dc cc 71 9c ab 2c dd 18 30 00 7e b7 0e d7 d0 3f 02 58 54 a1 6b e6 34 55 bd dd 75 dd cb 3b 3b 3b 37 ab 40 db 3d 7c e2 c4 89 4f 88 c8 69 96 37 65 ca 4f cf 69 0c 54 d5 e6 39 0f c7 71 ae e9 e8 e8 d8 65 5d cb c9 64 32 1f 99 33 67 ce 94 24 ab 8c 88 68 44 17 fd 8b 55 75 76 85 37 fb cf be be be 5f 33 fa f5 27 0c c3 af Data Ascii: vD\.w{)&>ddNDTA/penpr:Z%W{6Z:h{fa\|@k~zLP(<fgVln<-]}uYsRq,0~?XTk4Uu;;;7@=\|Oi7eOiT9qe]d23g$hDUuv7_3'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49742	208.80.154.240	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	443	OUT	GET /wikipedia/commons/thumb/9/96/Microsoft_logo_%282012%29.svg/1000px-Microsoft_logo_%282012%29.svg.png HTTP/1.1 Host: upload.wikimedia.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:26 UTC	1073	IN	HTTP/1.1 200 OK date: Tue, 16 Apr 2024 01:29:07 GMT etag: d8367010cbd3f35dff2fb26c5b043f4a server: ATS/9.1.4 content-type: image/png content-disposition: inline;filename=UTF-8''Microsoft_logo_%282012%29.svg.png last-modified: Sun, 27 Aug 2023 19:39:08 GMT content-length: 17985 age: 37758 x-cache: cp1105 hit, cp1105 hit/21 x-cache-status: hit-front server-timing: cache;desc="hit-front", host;desc="cp1105" strict-transport-security: max-age=106384710; includeSubDomains; preload report-to: { "group": "wm_nel", "max_age": 604800, "endpoints": [{ "url": "https://intake-logging.wikimedia.org/v1/events?stream=w3c.reportingapi.network_error&schema_uri=/w3c/reportingapi/network_error/1.0.0" }] } nel: { "report_to": "wm_nel", "max_age": 604800, "failure_fraction": 0.05, "success_fraction": 0.0} x-client-ip: 81.181.57.52 x-content-type-options: nosniff access-control-allow-origin: access-control-expose-headers: Age, Date, Content-Length, Content-Range, X-Content-Duration, X-Cache timing-allow-origin: * accept-ranges: bytes connection: close
2024-04-16 11:58:26 UTC	13824	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 03 e8 00 00 00 d5 08 06 00 00 00 c4 af da 0a 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 20 63 48 52 4d 00 00 7a 26 00 00 80 84 00 00 fa 00 00 00 80 e8 00 00 75 30 00 00 ea 60 00 00 3a 98 00 00 17 70 9c ba 51 3c 00 00 00 06 62 4b 47 44 00 ff 00 ff 00 ff a0 bd a7 93 00 00 45 58 49 44 41 54 78 da ed dd 79 7c 5c 55 f9 3f f0 cf 73 67 92 74 c9 a4 94 5d 96 b6 6c 82 20 8a ec 20 82 ec 2e 54 40 89 80 80 08 48 91 fa 8d 64 e6 4e d2 16 15 2f 6e d0 e4 de 99 40 b4 48 05 44 04 14 8a 2c fe 64 11 05 64 13 64 13 05 05 44 96 b6 2c ca de 4c 9a 36 99 b9 e7 f9 fd 91 a9 af aa d0 26 e9 3d 33 73 27 9f f7 eb d5 57 2d 26 e7 de fb 9c 73 cf 3d cf 5d ce 91 c2 51 5b 9f a9 c0 02 50 0d d1 07 5a 6e 7c 61 df 91 fc e4 b7 6e Data Ascii: PNGIHDRgAMAa cHRMz&u0`:pQ<bKGDEXIDATxy\|\U?sgt]l .T@HdN/n@HD,dddD,L6&=3s'W-&s=]Q[PZn\|an
2024-04-16 11:58:26 UTC	4161	IN	Data Raw: aa 76 d9 cc ad 44 e4 b6 5c 2e 77 07 7b c3 d1 29 bf 81 b8 d8 e2 26 3e 9f c9 64 0e 64 82 4e 44 54 41 be ef 2f 07 70 65 95 6e 0e 70 72 b8 3a 13 04 c1 a3 aa 5a c9 25 f3 04 c0 57 1d c7 f9 7b 36 9b fd 5a 3a 9d 9e 68 7b 83 ae eb ee 90 cd 66 17 84 61 f8 9c 88 7c 0d 40 13 6b 7e dd f4 f6 f6 0e 02 f8 7a 05 db 4c ba 50 28 3c 99 cd 66 67 56 a0 bd 6c e8 ba ee e5 00 6e 01 b0 81 e5 cd fd ac 3c 1f 84 2d fb a9 ea af 5d d7 7d dc 75 dd 59 73 e6 cc 99 52 89 0a eb ec ec dc cc 71 9c ab 2c dd 18 30 00 7e b7 0e d7 d0 3f 02 58 54 a1 6b e6 34 55 bd dd 75 dd cb 3b 3b 3b 37 ab 40 db 3d 7c e2 c4 89 4f 88 c8 69 96 37 65 ca 4f cf 69 0c 54 d5 e6 39 0f c7 71 ae e9 e8 e8 d8 65 5d cb c9 64 32 1f 99 33 67 ce 94 24 ab 8c 88 68 44 17 fd 8b 55 75 76 85 37 fb cf be be be 5f 33 fa f5 27 0c c3 af Data Ascii: vD\.w{)&>ddNDTA/penpr:Z%W{6Z:h{fa\|@k~zLP(<fgVln<-]}uYsRq,0~?XTk4Uu;;;7@=\|Oi7eOiT9qe]d23g$hDUuv7_3'

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	13.107.213.40	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	577	OUT	GET /16.000.30091.10/images/favicon.ico HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:26 UTC	746	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:26 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 26 Jan 2024 01:34:16 GMT ETag: 0x8DC1E0EE8F30E67 x-ms-request-id: c55e2f27-001e-0066-57f5-8f5db0000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T115826Z-r1f585c6b65g5kktm5q86x7n3s000000052g0000000039ng x-fd-int-roxy-purgeid: 67912908 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-16 11:58:26 UTC	15638	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-16 11:58:26 UTC	1536	IN	Data Raw: 00 00 01 80 00 00 00 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""333333

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49743	13.107.213.40	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:25 UTC	585	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:26 UTC	799	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:26 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 49c20442-e01e-002c-232e-8f80b4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T115826Z-18655757dbcl8gnrhesxy3zwhw00000003qg0000000025be x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 11:58:26 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49746	13.107.213.41	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:26 UTC	385	OUT	GET /shared/5/images/2_bc3d32a696895f78c19d.svg HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:26 UTC	799	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:26 GMT Content-Type: image/svg+xml Content-Length: 673 Connection: close Cache-Control: public, max-age=31536000 Content-Encoding: gzip Last-Modified: Tue, 27 Jun 2023 15:44:22 GMT ETag: 0x8DB7725611C3E0C x-ms-request-id: 49c20442-e01e-002c-232e-8f80b4000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Content-Encoding,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T115826Z-18655757dbc4drptmmrr5wasz800000003qg0000000080aw x-fd-int-roxy-purgeid: 0 X-Cache-Info: L1_T2 X-Cache: TCP_HIT Accept-Ranges: bytes
2024-04-16 11:58:26 UTC	673	IN	Data Raw: 1f 8b 08 00 00 00 00 00 04 00 b5 55 db 6e db 30 0c fd 15 c1 7d 69 1e ac 50 b2 ae 43 1c a0 37 6c 2f c3 0a 64 fd 80 d4 b1 13 03 ae 1d d8 6e d3 f6 eb 47 ca f6 96 0c 79 6c 10 20 e6 91 45 f2 f0 98 94 16 dd db 96 bd bf 54 75 97 46 bb be df 7f 9b cf 0f 87 03 3f 24 bc 69 b7 73 09 00 73 dc 11 b1 43 b9 e9 77 69 24 bc 84 88 ed f2 72 bb eb 11 81 43 54 94 55 95 46 75 53 e7 d1 72 b1 65 cd 7e 9d 95 fd 47 1a 71 19 b1 ac 2a f7 f1 7e 4d ae af 6d 75 7d f5 30 c3 3d 84 d9 26 8d 7e 0a 65 0c 57 4c 58 af b9 cc bc 06 9e 58 06 88 25 70 17 1b 69 b9 96 13 12 0a 04 37 2b a9 84 e1 d6 c6 02 c0 b1 c1 3f d8 b1 d4 0a cd c4 01 57 4e 0e 88 25 3e e1 a6 b3 16 d7 24 ed a6 08 63 bc 11 7d 4e f4 03 bb 9b 59 34 3f a2 97 78 c5 31 bf 13 9a 9b cc 2a c3 b5 23 76 89 16 c8 47 61 6c 39 01 21 02 39 81 41 Data Ascii: Un0}iPC7l/dnGyl ETuF?$issCwi$rCTUFuSre~Gq~Mmu}0=&~eWLXX%pi7+?WN%>$c}NY4?x1#vGal9!9A

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49747	13.107.213.41	443	1780	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:26 UTC	377	OUT	GET /16.000.30091.10/images/favicon.ico HTTP/1.1 Host: logincdn.msauth.net Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2024-04-16 11:58:27 UTC	739	IN	HTTP/1.1 200 OK Date: Tue, 16 Apr 2024 11:58:27 GMT Content-Type: image/x-icon Content-Length: 17174 Connection: close Cache-Control: public, max-age=31536000 Last-Modified: Fri, 26 Jan 2024 01:34:16 GMT ETag: 0x8DC1E0EE8F30E67 x-ms-request-id: 20e6865f-201e-0048-70f5-8f6e9e000000 x-ms-version: 2009-09-19 x-ms-lease-status: unlocked x-ms-blob-type: BlockBlob Access-Control-Expose-Headers: x-ms-request-id,Server,x-ms-version,Content-Type,Cache-Control,Last-Modified,ETag,x-ms-lease-status,x-ms-blob-type,Content-Length,Date,Transfer-Encoding Access-Control-Allow-Origin: * x-azure-ref: 20240416T115827Z-18655757dbcxww27g9hwr42h5800000003kg000000008nyh x-fd-int-roxy-purgeid: 0 X-Cache: TCP_MISS Accept-Ranges: bytes
2024-04-16 11:58:27 UTC	15645	IN	Data Raw: 00 00 01 00 06 00 80 80 10 00 00 00 00 00 68 28 00 00 66 00 00 00 48 48 10 00 00 00 00 00 e8 0d 00 00 ce 28 00 00 30 30 10 00 00 00 00 00 68 06 00 00 b6 36 00 00 20 20 10 00 00 00 00 00 e8 02 00 00 1e 3d 00 00 18 18 10 00 00 00 00 00 e8 01 00 00 06 40 00 00 10 10 10 00 00 00 00 00 28 01 00 00 ee 41 00 00 28 00 00 00 80 00 00 00 00 01 00 00 01 00 04 00 00 00 00 00 00 28 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 ba 7f 00 22 50 f2 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 22 20 00 00 03 33 33 33 33 33 33 33 33 33 33 33 33 33 33 33 Data Ascii: h(fHH(00h6 =@(A(("P"""""""""""""""""""""""""""""" 333333333333333
2024-04-16 11:58:27 UTC	1529	IN	Data Raw: 00 28 00 00 00 20 00 00 00 40 00 00 00 01 00 04 00 00 00 00 00 80 02 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 ff ff ff 00 ef a4 00 00 00 b9 ff 00 00 bc 7b 00 1f 4c f9 00 22 50 f2 00 f7 a6 00 00 00 ba 7f 00 f3 a6 00 00 1e 4e f6 00 23 4e f4 00 f3 a4 00 00 00 bc 7d 00 00 ba 7d 00 00 00 00 00 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 22 c0 03 33 33 33 33 33 33 33 22 22 22 22 22 22 Data Ascii: ( @{L"PN#N}}"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333"""""""3333333""""""

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49750	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:29 UTC	161	OUT	HEAD /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 11:58:29 UTC	468	IN	HTTP/1.1 200 OK Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json Content-Type: application/octet-stream ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" Last-Modified: Tue, 16 May 2017 22:58:00 GMT Server: ECAcc (chd/079C) X-CID: 11 X-Ms-ApiVersion: Distribute 1.2 X-Ms-Region: prod-eus2-z1 Cache-Control: public, max-age=155109 Date: Tue, 16 Apr 2024 11:58:29 GMT Connection: close X-CID: 2

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49751	23.63.206.91	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:30 UTC	239	OUT	GET /fs/windows/config.json HTTP/1.1 Connection: Keep-Alive Accept: / Accept-Encoding: identity If-Unmodified-Since: Tue, 16 May 2017 22:58:00 GMT Range: bytes=0-2147483646 User-Agent: Microsoft BITS/7.8 Host: fs.microsoft.com
2024-04-16 11:58:30 UTC	531	IN	HTTP/1.1 200 OK Content-Type: application/octet-stream Last-Modified: Tue, 16 May 2017 22:58:00 GMT ETag: "0x64667F707FF07D62B733DBCB79EFE3855E6886C9975B0C0B467D46231B3FA5E7" ApiVersion: Distribute 1.1 Content-Disposition: attachment; filename=config.json; filename*=UTF-8''config.json X-Azure-Ref: 0rcGnYgAAAAANOnx9vccHTr21ROgX9ESTU0pDRURHRTAzMDkAY2VmYzI1ODMtYTliMi00NGE3LTk3NTUtYjc2ZDE3ZTA1Zjdm Cache-Control: public, max-age=155118 Date: Tue, 16 Apr 2024 11:58:30 GMT Content-Length: 55 Connection: close X-CID: 2
2024-04-16 11:58:30 UTC	55	IN	Data Raw: 7b 22 66 6f 6e 74 53 65 74 55 72 69 22 3a 22 66 6f 6e 74 73 65 74 2d 32 30 31 37 2d 30 34 2e 6a 73 6f 6e 22 2c 22 62 61 73 65 55 72 69 22 3a 22 66 6f 6e 74 73 22 7d Data Ascii: {"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49757	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:58:41 UTC	306	OUT	GET /SLS/%7B522D76A4-93E1-47F8-B8CE-07C937AD1A1E%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N7pwGaePGr+dBmb&MD=EEpTz+5v HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 11:58:41 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "XAopazV00XDWnJCwkmEWRv6JkbjRA9QSSZ2+e/3MzEk=_2880" MS-CorrelationId: 91676e21-0daf-4263-b9f8-dbeffb99340b MS-RequestId: 0d77d9df-d4cf-4041-9909-3cbd3eb1a101 MS-CV: +oeaVxE8e0u5JI9q.0 X-Microsoft-SLSClientCache: 2880 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 11:58:40 GMT Connection: close Content-Length: 24490
2024-04-16 11:58:41 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 92 1e 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 23 d0 00 00 14 00 00 00 00 00 10 00 92 1e 00 00 18 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 e6 42 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 78 cf 8d 5c 26 1e e6 42 43 4b ed 5c 07 54 13 db d6 4e a3 f7 2e d5 d0 3b 4c 42 af 4a 57 10 e9 20 bd 77 21 94 80 88 08 24 2a 02 02 d2 55 10 a4 a8 88 97 22 8a 0a d2 11 04 95 ae d2 8b 20 28 0a 88 20 45 05 f4 9f 80 05 bd ed dd f7 ff 77 dd f7 bf 65 d6 4a 66 ce 99 33 67 4e d9 7b 7f fb db 7b 56 f4 4d 34 b4 21 e0 a7 03 0a d9 fc 68 6e 1d 20 70 28 14 02 85 20 20 ad 61 10 08 e3 66 0d ed 66 9b 1d 6a 90 af 1f 17 f0 4b 68 35 01 83 6c fb 44 42 5c 7d 83 3d 03 30 be 3e ae be 58 Data Ascii: MSCFD#AdBenvironment.cabx\&BCK\TN.;LBJW w!$*U" ( EweJf3gN{{VM4!hn p( affjKh5lDB\}=0>X
2024-04-16 11:58:41 UTC	8666	IN	Data Raw: 04 01 31 2f 30 2d 30 0a 02 05 00 e1 2b 8a 50 02 01 00 30 0a 02 01 00 02 02 12 fe 02 01 ff 30 07 02 01 00 02 02 11 e6 30 0a 02 05 00 e1 2c db d0 02 01 00 30 36 06 0a 2b 06 01 04 01 84 59 0a 04 02 31 28 30 26 30 0c 06 0a 2b 06 01 04 01 84 59 0a 03 02 a0 0a 30 08 02 01 00 02 03 07 a1 20 a1 0a 30 08 02 01 00 02 03 01 86 a0 30 0d 06 09 2a 86 48 86 f7 0d 01 01 05 05 00 03 81 81 00 0c d9 08 df 48 94 57 65 3e ad e7 f2 17 9c 1f ca 3d 4d 6c cd 51 e1 ed 9c 17 a5 52 35 0f fd de 4b bd 22 92 c5 69 e5 d7 9f 29 23 72 40 7a ca 55 9d 8d 11 ad d5 54 00 bb 53 b4 87 7b 72 84 da 2d f6 e3 2c 4f 7e ba 1a 58 88 6e d6 b9 6d 16 ae 85 5b b5 c2 81 a8 e0 ee 0a 9c 60 51 3a 7b e4 61 f8 c3 e4 38 bd 7d 28 17 d6 79 f0 c8 58 c6 ef 1f f7 88 65 b1 ea 0a c0 df f7 ee 5c 23 c2 27 fd 98 63 08 31 Data Ascii: 1/0-0+P000,06+Y1(0&0+Y0 00*HHWe>=MlQR5K"i)#r@zUTS{r-,O~Xnm[`Q:{a8}(yXe\#'c1

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	49764	20.114.59.183	443

Timestamp	Bytes transferred	Direction	Data
2024-04-16 11:59:19 UTC	306	OUT	GET /SLS/%7BE7A50285-D08D-499D-9FF8-180FDC2332BC%7D/x64/10.0.19045.2006/0?CH=700&L=en-GB&P=&PT=0x30&WUA=10.0.19041.1949&MK=N7pwGaePGr+dBmb&MD=EEpTz+5v HTTP/1.1 Connection: Keep-Alive Accept: / User-Agent: Windows-Update-Agent/10.0.10011.16384 Client-Protocol/2.33 Host: slscr.update.microsoft.com
2024-04-16 11:59:20 UTC	560	IN	HTTP/1.1 200 OK Cache-Control: no-cache Pragma: no-cache Content-Type: application/octet-stream Expires: -1 Last-Modified: Mon, 01 Jan 0001 00:00:00 GMT ETag: "Mx1RoJH/qEwpWfKllx7sbsl28AuERz5IYdcsvtTJcgM=_2160" MS-CorrelationId: 8d6cb07a-4d86-4d88-a272-f5db08486e6d MS-RequestId: 7ea00ed7-7232-4c80-ba2d-bee048f43f92 MS-CV: cMfEH6Nfg0mUA7Jb.0 X-Microsoft-SLSClientCache: 2160 Content-Disposition: attachment; filename=environment.cab X-Content-Type-Options: nosniff Date: Tue, 16 Apr 2024 11:59:19 GMT Connection: close Content-Length: 25457
2024-04-16 11:59:20 UTC	15824	IN	Data Raw: 4d 53 43 46 00 00 00 00 51 22 00 00 00 00 00 00 44 00 00 00 00 00 00 00 03 01 01 00 01 00 04 00 db 8e 00 00 14 00 00 00 00 00 10 00 51 22 00 00 20 41 00 00 00 00 00 00 00 00 00 00 64 00 00 00 01 00 01 00 f3 43 00 00 00 00 00 00 00 00 00 00 00 00 80 00 65 6e 76 69 72 6f 6e 6d 65 6e 74 2e 63 61 62 00 0d 92 6f db e5 21 f3 43 43 4b ed 5a 09 38 55 5b df 3f 93 99 90 29 99 e7 29 ec 73 cc 4a 66 32 cf 84 32 64 c8 31 c7 11 52 38 87 90 42 66 09 99 87 32 0f 19 0a 09 51 a6 a8 08 29 53 86 4a 52 84 50 df 46 83 ba dd 7b df fb 7e ef 7d ee 7d bf ef 9e e7 d9 67 ef 35 ee b5 fe eb 3f ff b6 96 81 a2 0a 04 fc 31 40 21 5b 3f a5 ed 1b 04 0e 85 42 a0 10 04 64 12 6c a5 de aa a1 d8 ea f3 58 01 f2 f5 67 0b 5e 9b bd e8 a0 90 1d bf 40 88 9d eb 49 b4 87 9b ab 8b 9d 2b 46 c8 c7 c5 19 92 Data Ascii: MSCFQ"DQ" AdCenvironment.cabo!CCKZ8U[?))sJf22d1R8Bf2Q)SJRPF{~}}g5?1@![?BdlXg^@I+F
2024-04-16 11:59:20 UTC	9633	IN	Data Raw: 21 6f b3 eb a6 cc f5 31 be cf 05 e2 a9 fe fa 57 6d 19 30 b3 c2 c5 66 c9 6a df f5 e7 f0 78 bd c7 a8 9e 25 e3 f9 bc ed 6b 54 57 08 2b 51 82 44 12 fb b9 53 8c cc f4 60 12 8a 76 cc 40 40 41 9b dc 5c 17 ff 5c f9 5e 17 35 98 24 56 4b 74 ef 42 10 c8 af bf 7f c6 7f f2 37 7d 5a 3f 1c f2 99 79 4a 91 52 00 af 38 0f 17 f5 2f 79 81 65 d9 a9 b5 6b e4 c7 ce f6 ca 7a 00 6f 4b 30 44 24 22 3c cf ed 03 a5 96 8f 59 29 bc b6 fd 04 e1 70 9f 32 4a 27 fd 55 af 2f fe b6 e5 8e 33 bb 62 5f 9a db 57 40 e9 f1 ce 99 66 90 8c ff 6a 62 7f dd c5 4a 0b 91 26 e2 39 ec 19 4a 71 63 9d 7b 21 6d c3 9c a3 a2 3c fa 7f 7d 96 6a 90 78 a6 6d d2 e1 9c f9 1d fc 38 d8 94 f4 c6 a5 0a 96 86 a4 bd 9e 1a ae 04 42 83 b8 b5 80 9b 22 38 20 b5 25 e5 64 ec f7 f4 bf 7e 63 59 25 0f 7a 2e 39 57 76 a2 71 aa 06 8a Data Ascii: !o1Wm0fjx%kTW+QDS`v@@A\\^5$VKtB7}Z?yJR8/yekzoK0D$"<Y)p2J'U/3b_W@fjbJ&9Jqc{!m<}jxm8B"8 %d~cY%z.9Wvq

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 6020, Parent PID: 4432

General

Target ID:	0
Start time:	13:58:20
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\mal attachment.html"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1780, Parent PID: 6020

General

Target ID:	2
Start time:	13:58:22
Start date:	16/04/2024
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2104 --field-trial-handle=2024,i,13121037808665432724,12509091682103536564,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report mal attachment.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Initial Sample

HTML

Sigma Signatures

Snort Signatures

Joe Sandbox Signatures

Phishing

Compliance

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 67

Chrome Cache Entry: 68

Chrome Cache Entry: 69

Chrome Cache Entry: 70

Chrome Cache Entry: 71

Chrome Cache Entry: 72

Chrome Cache Entry: 73

Chrome Cache Entry: 74

Static File Info

General

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6020, Parent PID: 4432

General

Chronological Activities

Windows Analysis Report
mal attachment.html