Edit tour

Windows Analysis Report
https://tjjrotk.bishirian.my/

Overview

General Information

Sample URL:	https://tjjrotk.bishirian.my/
Analysis ID:	1633987
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Yara detected HtmlPhish44

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

Classification

Process Tree

System is w10x64

chrome.exe (PID: 6016 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 2556 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,1061283963690314002,1478015749108811942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tjjrotk.bishirian.my/" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.0.i.script.csv	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security
1.0.pages.csv	JoeSecurity_HtmlPhish_44	Yara detected HtmlPhish_44	Joe Security

HTTP traffic detected: POST /report/v4?s=zJCMrSaHOBXFN6REDRt0x%2BGaKhF8en%2F3kloa5WCtX18luaeCo%2BRDRrV4%2F2Ek2tRt0k3IMheeADw5YVuFHRkWk8ogONkHmnHyd12fw1Z5P7qGWNbUIwHMl8PqWPgD%2BMPaUSwBrz0OGA%3D%3D HTTP/1.1Host: a.nel.cloudflare.comConnection: keep-aliveContent-Length: 424Content-Type: application/reports+jsonOrigin: https://tjjrotk.bishirian.myUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: unknown	Network traffic detected: HTTP traffic on port 49674 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49706 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49697 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49701 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49698 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49675 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49698
Source: unknown	Network traffic detected: HTTP traffic on port 49707 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49697
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49694 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49694
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49672
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 58258
Source: unknown	Network traffic detected: HTTP traffic on port 58258 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49707
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49706
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49701

Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.9:49696 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 104.21.112.1:443 -> 192.168.2.9:49697 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir6016_1694777716

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir6016_1694777716

Jump to behavior

Source: classification engine

Classification label: mal64.phis.win@22/4@21/8

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,1061283963690314002,1478015749108811942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tjjrotk.bishirian.my/"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,1061283963690314002,1478015749108811942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	3 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	4 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://tjjrotk.bishirian.my/	100%	Avira URL Cloud	malware

Source	Detection	Scanner	Label	Link
http://privatelink.cc/favicon.ico	100%	Avira URL Cloud	malware

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
a.nel.cloudflare.com	35.190.80.1	true	false	high
privatelink.cc	45.11.92.141	true	false	high
tjjrotk.bishirian.my	104.21.112.1	true	false	unknown
beacons-handoff.gcp.gvt2.com	142.251.143.67	true	false	high
duckduckgo.com	40.114.177.156	true	false	high
www.google.com	216.58.206.36	true	false	high
beacons.gcp.gvt2.com	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/	false		high
https://a.nel.cloudflare.com/report/v4?s=zJCMrSaHOBXFN6REDRt0x%2BGaKhF8en%2F3kloa5WCtX18luaeCo%2BRDRrV4%2F2Ek2tRt0k3IMheeADw5YVuFHRkWk8ogONkHmnHyd12fw1Z5P7qGWNbUIwHMl8PqWPgD%2BMPaUSwBrz0OGA%3D%3D	false		high
http://privatelink.cc/favicon.ico	false	Avira URL Cloud: malware	unknown
http://privatelink.cc/news-feeed	false		unknown
https://tjjrotk.bishirian.my/	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
40.114.177.156	duckduckgo.com	United States	8075	MICROSOFT-CORP-MSN-AS-BLOCKUS	false
216.58.206.36	www.google.com	United States	15169	GOOGLEUS	false
104.21.112.1	tjjrotk.bishirian.my	United States	13335	CLOUDFLARENETUS	false
45.11.92.141	privatelink.cc	Russian Federation	40676	AS40676US	false
35.190.80.1	a.nel.cloudflare.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.17
192.168.2.9
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1633987
Start date and time:	2025-03-10 17:33:38 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 12s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://tjjrotk.bishirian.my/
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	15
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@22/4@21/8
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, sppsvc.exe, SIHClient.exe, SgrmBroker.exe, TextInputHost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.142, 142.250.185.163, 172.217.16.206, 108.177.15.84, 216.58.206.46, 172.217.18.14, 142.250.186.142, 142.250.185.110, 199.232.210.172, 142.250.185.206, 142.250.184.206, 142.250.184.238, 216.58.206.78, 142.250.185.131, 142.250.186.174, 142.250.186.67, 52.149.20.212, 23.60.203.209
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, 4.8.2.0.0.0.0.0.0.0.0.0.0.0.0.0.2.0.0.0.2.0.c.0.0.3.0.1.3.0.6.2.ip6.arpa, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
VT rate limit hit for: https://tjjrotk.bishirian.my/

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	4263
Entropy (8bit):	7.943518453152119
Encrypted:	false
SSDEEP:	96:hoXlpyqRaIKkjVi+JYH4hnPZCFzD+FPOxXr71a1nTsWj5KfO4Q8p/Q:hopTTi+Jo4hPZsDT7y4Wmrp/Q
MD5:	78AC653BD0B89FADBACAC51719ED2B87
SHA1:	D408BE724564F87F342ADE25D4EA1EF88FEE24AA
SHA-256:	19B1F1CB2AF48D473D8C25B98BE5FDF62B9DA2A157F7EFF25FD1D94DD93AA56B
SHA-512:	3EF787C9B6D412603DFE91317214193F15FDE1D7C64031D4AE46E95C3FCBFCEF70B73C969DEA065CEC2F29B038705DB2C7573F850BBA896780197028A02EE50F
Malicious:	false
Reputation:	low
URL:	https://tjjrotk.bishirian.my/
Preview:	(./..X.... N........).;;..v.`.'....,....O.p.v>".k.~F0xn.c....DI.._R>a@TK.?..V..^.S...}.i......l6....v.F..C.b..F(0.U..d.@....2.M.Ab.\|tlHLll.><...f#U...BL...g.".Mjcc.a.H....1q..hc.H[..;.\|h.+q.6n.6.V..H........D...\D. .`H,........HBF..%.....G..T..........q.......".f......f....x<.D..Q..h..},.................h.....\|\<....#.!d3....Ed...a.7....N#.d...h..q..3...i..:..M.h.&"...d.i..F...i...p....`p...P0...@......0....x@...H.P..x.....T". ..FD..(......0....<:.M.F$TJ.4-d.yx.Ft...c..>&...E.c.gpH.N!4.......q"...3q.@......>&.......y...+....D)...:..FN...C.:P..u.9qh.FN...q.S..F>...n...@..>.RI.}@.:..FO.p....q..x%..Ku...?H%O...<m.b.C....8.t.mLF%.p.....q%M.......G.F....N..i28..'b.&.....$....V.].zv....~...Y.U._..Y.B....5...Ei.....>.SI.R...MF!M........B.........*..I.....d....c...g.]S.....{...3=..>...eS.].U4.8g...5=...y.j.H..y{..._..]....e.?..>lV..w..E&v.....a...}.?.[l>.U......<...=...........(.^..8..^.._..9..O4..)../_..Ds..D...{.\|...z.......l...`

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	158
Entropy (8bit):	6.803657013945127
Encrypted:	false
SSDEEP:	3:Wh6ln7Ft8XONNkC0gGz8M4v3IL3DhFSYLWEk/JGr97ppXFQ7GYbuEWt6oy:3nB7DkkGzzEIL3fSYiEuyppXq7DLWte
MD5:	3DF54693687A4B39F77FAD6708840014
SHA1:	48FF8E28814B05FB4E3A4471D95A8519C4604CB5
SHA-256:	8C19555565FCDB8190085D9B545E4B542AA4CBDA713CD647FD114C11FFD117FE
SHA-512:	81B31BE0C6CDDA99C64DE791940BE56F6CC2B452635E9EEA2AAE1EC9FBA31F1DD4662B725D26E2501C3105EA3E36D1229D7579B990300F0962BB7CF4AE1B7CC6
Malicious:	false
Reputation:	low
URL:	https://tjjrotk.bishirian.my/favicon.ico
Preview:	(./..X...........HY..k(..#...$.x../.~}.)!'kAow......d...p..A.a@v.b.b?&......P.y.....,.R..3X..?N.A.l#y.J...M.....C.}..].. u.....d...=V.W...T....U!3.b.0.Mn._

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 10, 2025 17:34:28.872524977 CET	49676	80	192.168.2.9	2.23.73.143
Mar 10, 2025 17:34:28.872545958 CET	49677	443	192.168.2.9	2.19.104.63
Mar 10, 2025 17:34:30.997466087 CET	49675	443	192.168.2.9	2.23.227.208
Mar 10, 2025 17:34:31.013096094 CET	49674	443	192.168.2.9	2.23.227.208
Mar 10, 2025 17:34:31.013487101 CET	49673	443	192.168.2.9	2.23.227.215
Mar 10, 2025 17:34:38.346631050 CET	49694	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:38.346693993 CET	443	49694	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:38.346760035 CET	49694	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:38.347228050 CET	49694	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:38.347240925 CET	443	49694	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:38.428397894 CET	49694	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:38.472357035 CET	443	49694	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:38.486443996 CET	49676	80	192.168.2.9	2.23.73.143
Mar 10, 2025 17:34:38.486460924 CET	49677	443	192.168.2.9	2.19.104.63
Mar 10, 2025 17:34:39.608326912 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.608333111 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.608380079 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:39.608385086 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:39.608453989 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.608634949 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.609272003 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.609288931 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:39.609847069 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:39.609875917 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:40.349478006 CET	443	49694	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:40.349647045 CET	49694	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:40.604387999 CET	49675	443	192.168.2.9	2.23.227.208
Mar 10, 2025 17:34:40.620646000 CET	49674	443	192.168.2.9	2.23.227.208
Mar 10, 2025 17:34:40.620661020 CET	49673	443	192.168.2.9	2.23.227.215
Mar 10, 2025 17:34:41.709016085 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:41.709074020 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:41.709147930 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:41.709778070 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:41.709789038 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.224562883 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.224766970 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.227858067 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.227873087 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.228105068 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.228111029 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.228373051 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.228378057 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.292006969 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.301021099 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.303348064 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.303385019 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.305027008 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.305058956 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.622880936 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.623367071 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.623405933 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.660545111 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.720298052 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.726988077 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:43.735388041 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.735703945 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:43.735726118 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.736895084 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.736982107 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:43.737884998 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:43.737963915 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.776472092 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:43.790487051 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:43.790518045 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:43.837711096 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:45.012398005 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.024343967 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.024420977 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:45.024451017 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.028327942 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.028402090 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:45.028412104 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.076627970 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:45.249730110 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:45.249763966 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:45.385117054 CET	49701	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.385169983 CET	443	49701	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:45.385308027 CET	49701	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.385658979 CET	49701	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.385678053 CET	443	49701	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:45.740331888 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.740520954 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.745580912 CET	80	49702	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:45.745603085 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:45.745758057 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:45.745762110 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:46.809629917 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:34:46.819108009 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:46.819161892 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:46.819226980 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:46.819703102 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:46.819717884 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:46.853549004 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:34:48.231524944 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:48.236697912 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:48.881616116 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:48.888353109 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:48.904279947 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:48.904316902 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:48.905559063 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:48.905627966 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:48.924278021 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:48.931488037 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:48.931677103 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:48.931842089 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:48.931870937 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:48.962790012 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:48.967941999 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:48.976416111 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.420383930 CET	443	49701	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:49.420844078 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:49.420917988 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:49.421014071 CET	49701	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.421293974 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.421293974 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.422281027 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.422324896 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:49.422405005 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.422442913 CET	49701	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.422477007 CET	443	49701	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:49.422785044 CET	49707	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.422823906 CET	443	49707	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:49.423177958 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.423191071 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:49.423197031 CET	49707	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.423511982 CET	49707	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.423533916 CET	443	49707	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:49.452960968 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:49.469640017 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:49.469710112 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:49.469794989 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:49.470215082 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:49.470232964 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:49.504643917 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:49.726234913 CET	49705	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:49.726289034 CET	443	49705	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.392863989 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.395937920 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:51.395951986 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.396544933 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.397190094 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:51.397311926 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.397650003 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:51.444323063 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.638674021 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:51.639072895 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:51.639101982 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:51.640798092 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:51.640878916 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:51.641936064 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:51.642018080 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:51.642147064 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:51.642155886 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:51.680423021 CET	49672	443	192.168.2.9	2.23.227.208
Mar 10, 2025 17:34:51.680465937 CET	443	49672	2.23.227.208	192.168.2.9
Mar 10, 2025 17:34:51.689436913 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:51.879735947 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.880356073 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:51.880410910 CET	443	49706	35.190.80.1	192.168.2.9
Mar 10, 2025 17:34:51.880470991 CET	49706	443	192.168.2.9	35.190.80.1
Mar 10, 2025 17:34:52.387442112 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.387475014 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.387495041 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.387506962 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.387603998 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:52.387639046 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.387686968 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:52.387711048 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:52.388843060 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:52.388892889 CET	443	49708	40.114.177.156	192.168.2.9
Mar 10, 2025 17:34:52.388961077 CET	49708	443	192.168.2.9	40.114.177.156
Mar 10, 2025 17:34:52.842525005 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:34:52.847712994 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:34:52.847922087 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:34:52.848078966 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:34:52.853183031 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:34:53.321480036 CET	443	49707	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:53.321541071 CET	49707	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:53.321722031 CET	49707	443	192.168.2.9	45.11.92.141
Mar 10, 2025 17:34:53.321742058 CET	443	49707	45.11.92.141	192.168.2.9
Mar 10, 2025 17:34:53.370249987 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:53.370316982 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:34:53.370379925 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:53.490823030 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:34:53.497829914 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:34:53.502897024 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:34:53.683007956 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:34:53.726713896 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:34:54.698127031 CET	49698	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:34:54.698158026 CET	443	49698	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:05.338545084 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:05.648469925 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:06.256190062 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:07.461018085 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:09.868194103 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:13.883634090 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:14.195539951 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:14.592416048 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:14.680494070 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:14.805339098 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:14.899092913 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:15.508339882 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:16.008332968 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:16.254144907 CET	80	49702	45.11.92.141	192.168.2.9
Mar 10, 2025 17:35:16.254371881 CET	80	49702	45.11.92.141	192.168.2.9
Mar 10, 2025 17:35:16.254415035 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:16.711539030 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:18.196182966 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:18.414412022 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:18.509663105 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:19.115278006 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:19.117671013 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:19.345558882 CET	58253	53	192.168.2.9	162.159.36.2
Mar 10, 2025 17:35:19.350625038 CET	53	58253	162.159.36.2	192.168.2.9
Mar 10, 2025 17:35:19.350707054 CET	58253	53	192.168.2.9	162.159.36.2
Mar 10, 2025 17:35:19.355907917 CET	53	58253	162.159.36.2	192.168.2.9
Mar 10, 2025 17:35:19.454797029 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:35:19.454910040 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:19.850353003 CET	58253	53	192.168.2.9	162.159.36.2
Mar 10, 2025 17:35:19.855834961 CET	53	58253	162.159.36.2	192.168.2.9
Mar 10, 2025 17:35:19.855905056 CET	58253	53	192.168.2.9	162.159.36.2
Mar 10, 2025 17:35:20.320861101 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:20.698079109 CET	49703	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:20.703290939 CET	80	49703	45.11.92.141	192.168.2.9
Mar 10, 2025 17:35:22.727242947 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:23.229070902 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:23.914896965 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:24.290456057 CET	49671	443	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:27.540129900 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:28.665281057 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:35:28.665299892 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:35:31.822896004 CET	49696	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:35:31.822913885 CET	443	49696	104.21.112.1	192.168.2.9
Mar 10, 2025 17:35:32.841624975 CET	49678	443	192.168.2.9	52.182.141.63
Mar 10, 2025 17:35:33.540064096 CET	49679	80	192.168.2.9	2.17.190.73
Mar 10, 2025 17:35:37.150800943 CET	49681	80	192.168.2.9	204.79.197.203
Mar 10, 2025 17:35:38.403081894 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:38.403130054 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:38.403213978 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:38.403575897 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:38.403589964 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:40.510679960 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:40.511121988 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:40.511142969 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:40.511507034 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:40.511883020 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:40.511945009 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:40.555468082 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:44.698292971 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:35:44.698443890 CET	443	49697	104.21.112.1	192.168.2.9
Mar 10, 2025 17:35:44.698512077 CET	49697	443	192.168.2.9	104.21.112.1
Mar 10, 2025 17:35:46.700103998 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:46.701080084 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:46.705097914 CET	80	49702	45.11.92.141	192.168.2.9
Mar 10, 2025 17:35:46.705183029 CET	49702	80	192.168.2.9	45.11.92.141
Mar 10, 2025 17:35:50.139419079 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:50.139753103 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:50.139846087 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:50.700742960 CET	58258	443	192.168.2.9	216.58.206.36
Mar 10, 2025 17:35:50.700778961 CET	443	58258	216.58.206.36	192.168.2.9
Mar 10, 2025 17:35:54.274698973 CET	49711	80	192.168.2.9	142.250.185.99
Mar 10, 2025 17:35:54.279942989 CET	80	49711	142.250.185.99	192.168.2.9
Mar 10, 2025 17:35:54.280009031 CET	49711	80	192.168.2.9	142.250.185.99

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 10, 2025 17:34:33.989567995 CET	53	60666	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:34.624262094 CET	53	50096	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:38.138206005 CET	53	65303	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:38.337671995 CET	56006	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:38.338058949 CET	62188	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:38.344727039 CET	53	56006	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:38.345068932 CET	53	62188	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:38.436475039 CET	53	62540	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:39.592488050 CET	55285	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:39.592488050 CET	53841	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:39.606628895 CET	53	53841	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:39.607049942 CET	53	55285	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:45.220932007 CET	56898	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:45.221137047 CET	62937	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:45.249093056 CET	54715	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:45.249325991 CET	58863	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:45.343333006 CET	53	54715	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:45.504437923 CET	53	58863	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:45.686137915 CET	53	56898	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:45.956902981 CET	53	62937	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:46.811269999 CET	54603	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:46.811737061 CET	63930	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:46.818298101 CET	53	54603	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:46.818604946 CET	53	63930	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:49.457820892 CET	49628	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:49.458076000 CET	64473	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:34:49.468854904 CET	53	64473	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:49.468905926 CET	53	49628	1.1.1.1	192.168.2.9
Mar 10, 2025 17:34:55.550384045 CET	53	58555	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:14.628623009 CET	53	51900	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:19.344779968 CET	53	65324	162.159.36.2	192.168.2.9
Mar 10, 2025 17:35:19.860089064 CET	53	62968	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:33.555115938 CET	53	63932	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:37.582217932 CET	53	51494	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:38.817105055 CET	53	51359	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:44.701423883 CET	56383	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:44.701594114 CET	52346	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:44.708802938 CET	53	52346	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:44.708837032 CET	53	56383	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:45.712753057 CET	56336	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:45.712953091 CET	62596	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:45.719772100 CET	53	56336	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:45.720686913 CET	53	62596	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:47.744117975 CET	64616	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:47.752522945 CET	53	64616	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:48.743453979 CET	64616	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:48.750406027 CET	53	64616	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:49.743626118 CET	64616	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:49.752018929 CET	53	64616	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:51.743674994 CET	64616	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:51.750840902 CET	53	64616	1.1.1.1	192.168.2.9
Mar 10, 2025 17:35:55.758869886 CET	64616	53	192.168.2.9	1.1.1.1
Mar 10, 2025 17:35:55.766282082 CET	53	64616	1.1.1.1	192.168.2.9

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 10, 2025 17:34:45.504610062 CET	192.168.2.9	1.1.1.1	c225	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 10, 2025 17:34:38.337671995 CET	192.168.2.9	1.1.1.1	0xa605	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:38.338058949 CET	192.168.2.9	1.1.1.1	0x2b0	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 10, 2025 17:34:39.592488050 CET	192.168.2.9	1.1.1.1	0x86b9	Standard query (0)	tjjrotk.bishirian.my	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.592488050 CET	192.168.2.9	1.1.1.1	0x1f31	Standard query (0)	tjjrotk.bishirian.my	65	IN (0x0001)	false
Mar 10, 2025 17:34:45.220932007 CET	192.168.2.9	1.1.1.1	0xf419	Standard query (0)	privatelink.cc	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:45.221137047 CET	192.168.2.9	1.1.1.1	0x4f0c	Standard query (0)	privatelink.cc	65	IN (0x0001)	false
Mar 10, 2025 17:34:45.249093056 CET	192.168.2.9	1.1.1.1	0xddc5	Standard query (0)	privatelink.cc	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:45.249325991 CET	192.168.2.9	1.1.1.1	0xf6c6	Standard query (0)	privatelink.cc	65	IN (0x0001)	false
Mar 10, 2025 17:34:46.811269999 CET	192.168.2.9	1.1.1.1	0xa63b	Standard query (0)	a.nel.cloudflare.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:46.811737061 CET	192.168.2.9	1.1.1.1	0xab7e	Standard query (0)	a.nel.cloudflare.com	65	IN (0x0001)	false
Mar 10, 2025 17:34:49.457820892 CET	192.168.2.9	1.1.1.1	0xb7cb	Standard query (0)	duckduckgo.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:49.458076000 CET	192.168.2.9	1.1.1.1	0x11d2	Standard query (0)	duckduckgo.com	65	IN (0x0001)	false
Mar 10, 2025 17:35:44.701423883 CET	192.168.2.9	1.1.1.1	0xae33	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:44.701594114 CET	192.168.2.9	1.1.1.1	0xcb64	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 10, 2025 17:35:45.712753057 CET	192.168.2.9	1.1.1.1	0xe83c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:45.712953091 CET	192.168.2.9	1.1.1.1	0x73ff	Standard query (0)	beacons.gcp.gvt2.com	65	IN (0x0001)	false
Mar 10, 2025 17:35:47.744117975 CET	192.168.2.9	1.1.1.1	0x477c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:48.743453979 CET	192.168.2.9	1.1.1.1	0x477c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:49.743626118 CET	192.168.2.9	1.1.1.1	0x477c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:51.743674994 CET	192.168.2.9	1.1.1.1	0x477c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:55.758869886 CET	192.168.2.9	1.1.1.1	0x477c	Standard query (0)	beacons.gcp.gvt2.com	A (IP address)	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 10, 2025 17:34:38.344727039 CET	1.1.1.1	192.168.2.9	0xa605	No error (0)	www.google.com		216.58.206.36	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:38.345068932 CET	1.1.1.1	192.168.2.9	0x2b0	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 10, 2025 17:34:39.606628895 CET	1.1.1.1	192.168.2.9	0x1f31	No error (0)	tjjrotk.bishirian.my			65	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.112.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.16.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.96.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.64.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.32.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.80.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:39.607049942 CET	1.1.1.1	192.168.2.9	0x86b9	No error (0)	tjjrotk.bishirian.my		104.21.48.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:45.343333006 CET	1.1.1.1	192.168.2.9	0xddc5	No error (0)	privatelink.cc		45.11.92.141	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:45.686137915 CET	1.1.1.1	192.168.2.9	0xf419	No error (0)	privatelink.cc		45.11.92.141	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:46.818298101 CET	1.1.1.1	192.168.2.9	0xa63b	No error (0)	a.nel.cloudflare.com		35.190.80.1	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:34:49.468905926 CET	1.1.1.1	192.168.2.9	0xb7cb	No error (0)	duckduckgo.com		40.114.177.156	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:44.708802938 CET	1.1.1.1	192.168.2.9	0xcb64	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:44.708837032 CET	1.1.1.1	192.168.2.9	0xae33	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:44.708837032 CET	1.1.1.1	192.168.2.9	0xae33	No error (0)	beacons-handoff.gcp.gvt2.com		142.251.143.67	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:45.719772100 CET	1.1.1.1	192.168.2.9	0xe83c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:45.719772100 CET	1.1.1.1	192.168.2.9	0xe83c	No error (0)	beacons-handoff.gcp.gvt2.com		216.58.206.35	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:45.720686913 CET	1.1.1.1	192.168.2.9	0x73ff	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:47.752522945 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:47.752522945 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:48.750406027 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:48.750406027 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:49.752018929 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:49.752018929 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:51.750840902 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:51.750840902 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false
Mar 10, 2025 17:35:55.766282082 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons.gcp.gvt2.com	beacons-handoff.gcp.gvt2.com		CNAME (Canonical name)	IN (0x0001)	false
Mar 10, 2025 17:35:55.766282082 CET	1.1.1.1	192.168.2.9	0x477c	No error (0)	beacons-handoff.gcp.gvt2.com		142.250.185.227	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

a.nel.cloudflare.com

privatelink.cc

duckduckgo.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49703	45.11.92.141	80	2556	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 10, 2025 17:34:48.231524944 CET	439	OUT	GET /news-feeed HTTP/1.1 Host: privatelink.cc Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9
Mar 10, 2025 17:34:48.881616116 CET	274	IN	HTTP/1.1 200 OK date: Mon, 10 Mar 2025 16:34:48 GMT server: Apache/2.4.62 (Debian) access-control-allow-origin: * set-cookie: zcknrt_news-feeed=0; expires=Tue, 11-Mar-2025 16:34:48 GMT; Max-Age=86400; path=/ content-length: 0 content-type: text/html; charset=UTF-8
Mar 10, 2025 17:34:48.962790012 CET	411	OUT	GET /favicon.ico HTTP/1.1 Host: privatelink.cc Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Referer: http://privatelink.cc/news-feeed Accept-Encoding: gzip, deflate Accept-Language: en-US,en;q=0.9 Cookie: zcknrt_news-feeed=0
Mar 10, 2025 17:34:49.452960968 CET	217	IN	HTTP/1.1 302 Found date: Mon, 10 Mar 2025 16:34:49 GMT server: Apache/2.4.62 (Debian) access-control-allow-origin: * location: https://duckduckgo.com/ content-length: 0 content-type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port
1	192.168.2.9	49711	142.250.185.99	80

Timestamp	Bytes transferred	Direction	Data
Mar 10, 2025 17:34:52.848078966 CET	202	OUT	GET /r/gsr1.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 10, 2025 17:34:53.490823030 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 10 Mar 2025 15:51:55 GMT Expires: Mon, 10 Mar 2025 16:41:55 GMT Age: 2578 Last-Modified: Tue, 07 Jan 2025 07:28:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding
Mar 10, 2025 17:34:53.497829914 CET	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Mar 10, 2025 17:34:53.683007956 CET	223	IN	HTTP/1.1 304 Not Modified Date: Mon, 10 Mar 2025 15:51:57 GMT Expires: Mon, 10 Mar 2025 16:41:57 GMT Age: 2576 Last-Modified: Thu, 25 Jul 2024 14:48:00 GMT Cache-Control: public, max-age=3000 Vary: Accept-Encoding

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49702	45.11.92.141	80	2556	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
Mar 10, 2025 17:35:16.254144907 CET	233	IN	HTTP/1.1 408 Request Time-out content-length: 110 cache-control: no-cache content-type: text/html connection: close Data Raw: 3c 68 74 6d 6c 3e 3c 62 6f 64 79 3e 3c 68 31 3e 34 30 38 20 52 65 71 75 65 73 74 20 54 69 6d 65 2d 6f 75 74 3c 2f 68 31 3e 0a 59 6f 75 72 20 62 72 6f 77 73 65 72 20 64 69 64 6e 27 74 20 73 65 6e 64 20 61 20 63 6f 6d 70 6c 65 74 65 20 72 65 71 75 65 73 74 20 69 6e 20 74 69 6d 65 2e 0a 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e 0a Data Ascii: <html><body><h1>408 Request Time-out</h1>Your browser didn't send a complete request in time.</body></html>

HTTPS Connections

Timestamp	Source IP	Source Port	Dest IP	Dest Port	Subject	Issuer	Not Before	Not After	JA3 SSL Client Fingerprint	JA3 SSL Client Digest
Mar 10, 2025 17:34:43.224562883 CET	104.21.112.1	443	192.168.2.9	49696	CN=bishirian.my CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Sat Feb 15 16:05:41 CET 2025 Wed Dec 13 10:00:00 CET 2023 Wed Nov 15 04:43:21 CET 2023	Fri May 16 17:52:06 CEST 2025 Tue Feb 20 15:00:00 CET 2029 Fri Jan 28 01:00:42 CET 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,10-23-5-65281-65037-17613-11-13-43-0-45-16-27-35-18-51,4588-29-23-24,0	fa4558de72b0e71dfb4b8aa97b4993f9
					CN=WE1, O=Google Trust Services, C=US	CN=GTS Root R4, O=Google Trust Services LLC, C=US	Wed Dec 13 10:00:00 CET 2023	Tue Feb 20 15:00:00 CET 2029
					CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Nov 15 04:43:21 CET 2023	Fri Jan 28 01:00:42 CET 2028
Mar 10, 2025 17:34:43.301021099 CET	104.21.112.1	443	192.168.2.9	49697	CN=bishirian.my CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=WE1, O=Google Trust Services, C=US CN=GTS Root R4, O=Google Trust Services LLC, C=US CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Sat Feb 15 16:05:41 CET 2025 Wed Dec 13 10:00:00 CET 2023 Wed Nov 15 04:43:21 CET 2023	Fri May 16 17:52:06 CEST 2025 Tue Feb 20 15:00:00 CET 2029 Fri Jan 28 01:00:42 CET 2028	771,4865-4866-4867-49195-49199-49196-49200-52393-52392-49171-49172-156-157-47-53,51-0-65281-17613-27-5-35-11-65037-10-18-43-23-13-16-45,4588-29-23-24,0	cd2dbf2388aac0f0a896465872c2a927
					CN=WE1, O=Google Trust Services, C=US	CN=GTS Root R4, O=Google Trust Services LLC, C=US	Wed Dec 13 10:00:00 CET 2023	Tue Feb 20 15:00:00 CET 2029
					CN=GTS Root R4, O=Google Trust Services LLC, C=US	CN=GlobalSign Root CA, OU=Root CA, O=GlobalSign nv-sa, C=BE	Wed Nov 15 04:43:21 CET 2023	Fri Jan 28 01:00:42 CET 2028

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.9	49705	35.190.80.1	443	2556	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 16:34:48 UTC	561	OUT	OPTIONS /report/v4?s=zJCMrSaHOBXFN6REDRt0x%2BGaKhF8en%2F3kloa5WCtX18luaeCo%2BRDRrV4%2F2Ek2tRt0k3IMheeADw5YVuFHRkWk8ogONkHmnHyd12fw1Z5P7qGWNbUIwHMl8PqWPgD%2BMPaUSwBrz0OGA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Origin: https://tjjrotk.bishirian.my Access-Control-Request-Method: POST Access-Control-Request-Headers: content-type User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 16:34:49 UTC	336	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-max-age: 86400 access-control-allow-methods: POST, OPTIONS access-control-allow-origin: * access-control-allow-headers: content-type, content-length date: Mon, 10 Mar 2025 16:34:49 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.9	49706	35.190.80.1	443	2556	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 16:34:51 UTC	536	OUT	POST /report/v4?s=zJCMrSaHOBXFN6REDRt0x%2BGaKhF8en%2F3kloa5WCtX18luaeCo%2BRDRrV4%2F2Ek2tRt0k3IMheeADw5YVuFHRkWk8ogONkHmnHyd12fw1Z5P7qGWNbUIwHMl8PqWPgD%2BMPaUSwBrz0OGA%3D%3D HTTP/1.1 Host: a.nel.cloudflare.com Connection: keep-alive Content-Length: 424 Content-Type: application/reports+json Origin: https://tjjrotk.bishirian.my User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 16:34:51 UTC	424	OUT	Data Raw: 5b 7b 22 61 67 65 22 3a 30 2c 22 62 6f 64 79 22 3a 7b 22 65 6c 61 70 73 65 64 5f 74 69 6d 65 22 3a 31 35 36 30 2c 22 6d 65 74 68 6f 64 22 3a 22 47 45 54 22 2c 22 70 68 61 73 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 68 32 22 2c 22 72 65 66 65 72 72 65 72 22 3a 22 68 74 74 70 73 3a 2f 2f 74 6a 6a 72 6f 74 6b 2e 62 69 73 68 69 72 69 61 6e 2e 6d 79 2f 22 2c 22 73 61 6d 70 6c 69 6e 67 5f 66 72 61 63 74 69 6f 6e 22 3a 31 2e 30 2c 22 73 65 72 76 65 72 5f 69 70 22 3a 22 31 30 34 2e 32 31 2e 31 31 32 2e 31 22 2c 22 73 74 61 74 75 73 5f 63 6f 64 65 22 3a 34 30 34 2c 22 74 79 70 65 22 3a 22 68 74 74 70 2e 65 72 72 6f 72 22 7d 2c 22 74 79 70 65 22 3a 22 6e 65 74 77 6f 72 6b 2d 65 72 72 6f 72 22 2c 22 75 72 6c 22 3a 22 68 Data Ascii: [{"age":0,"body":{"elapsed_time":1560,"method":"GET","phase":"application","protocol":"h2","referrer":"https://tjjrotk.bishirian.my/","sampling_fraction":1.0,"server_ip":"104.21.112.1","status_code":404,"type":"http.error"},"type":"network-error","url":"h
2025-03-10 16:34:51 UTC	214	IN	HTTP/1.1 200 OK Content-Length: 0 access-control-allow-origin: * vary: Origin date: Mon, 10 Mar 2025 16:34:51 GMT Via: 1.1 google Alt-Svc: h3=":443"; ma=2592000,h3-29=":443"; ma=2592000 Connection: close

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.9	49708	40.114.177.156	443	2556	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-10 16:34:51 UTC	481	OUT	GET / HTTP/1.1 Host: duckduckgo.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Sec-Fetch-Storage-Access: active Referer: http://privatelink.cc/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-10 16:34:52 UTC	2365	IN	HTTP/1.1 200 OK Server: nginx Date: Mon, 10 Mar 2025 16:34:51 GMT Content-Type: text/html; charset=UTF-8 Content-Length: 43714 Connection: close Vary: Accept-Encoding ETag: "67ceb10f-aac2" Strict-Transport-Security: max-age=31536000 Permissions-Policy: interest-cohort=() Content-Security-Policy: default-src 'none' ; connect-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; manifest-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; media-src https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; script-src blob: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com 'unsafe-inline' 'unsafe-eval' ; font-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ https://spreadprivacy.com ; img-src data: https://duckduckgo.com https://.duckduckgo.com https://duckduckgogg42xjoc72x3sjasowoarfbgcmvfimaftt6twagswzczad.onion/ h [TRUNCATED] X-Frame-Options: SAMEORIGIN X-XSS-Protection: 1;mode=block X-Content-Type-Options: nosniff Referrer-Policy: origin Expect-CT: max-age=0 Expires: Mon, 10 Mar 2025 16:34:50 GMT Cache-Control: no-cache Accept-Ranges: bytes
2025-03-10 16:34:52 UTC	14019	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 2d 55 53 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 53 65 74 3d 22 75 74 66 2d 38 22 20 64 61 74 61 2d 6e 65 78 74 2d 68 65 61 64 3d 22 22 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2c 20 75 73 65 72 2d 73 63 61 6c 61 62 6c 65 3d 31 20 2c 20 76 69 65 77 70 6f 72 74 2d 66 69 74 3d 61 75 74 6f 22 20 64 61 74 61 2d 6e 65 78 74 2d 68 65 61 64 3d 22 22 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 70 72 65 6c 6f 61 64 22 20 68 72 65 66 3d 22 2f 73 74 61 74 69 63 2d 61 73 73 65 74 73 2f 66 6f 6e 74 2f 50 72 6f 78 Data Ascii: <!DOCTYPE html><html lang="en-US"><head><meta charSet="utf-8" data-next-head=""/><meta name="viewport" content="width=device-width, initial-scale=1, user-scalable=1 , viewport-fit=auto" data-next-head=""/><link rel="preload" href="/static-assets/font/Prox

Target ID:	0
Start time:	12:34:31
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff64c9d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	1
Start time:	12:34:32
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1928,i,1061283963690314002,1478015749108811942,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2044 /prefetch:3
Imagebase:	0x7ff64c9d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	5
Start time:	12:34:38
Start date:	10/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://tjjrotk.bishirian.my/"
Imagebase:	0x7ff64c9d0000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: Yara match	File source: 0.0.i.script.csv, type: HTML
Source: Yara match	File source: 1.0.pages.csv, type: HTML

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: duckduckgo.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageSec-Fetch-Storage-Access: activeReferer: http://privatelink.cc/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /news-feeed HTTP/1.1Host: privatelink.ccConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Accept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: privatelink.ccConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Referer: http://privatelink.cc/news-feeedAccept-Encoding: gzip, deflateAccept-Language: en-US,en;q=0.9Cookie: zcknrt_news-feeed=0
Source: global traffic	HTTP traffic detected: GET /r/gsr1.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Tue, 07 Jan 2025 07:28:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: tjjrotk.bishirian.my
Source: global traffic	DNS traffic detected: DNS query: privatelink.cc
Source: global traffic	DNS traffic detected: DNS query: a.nel.cloudflare.com
Source: global traffic	DNS traffic detected: DNS query: duckduckgo.com
Source: global traffic	DNS traffic detected: DNS query: beacons.gcp.gvt2.com

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.73.143
Source: unknown	TCP traffic detected without corresponding DNS query: 2.19.104.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.208
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 162.159.36.2
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 52.182.141.63
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.185.99

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://tjjrotk.bishirian.my/

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Phishing

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Static File Info

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTP Packets

HTTPS Connections

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 6016, Parent PID: 5568

General

Chronological Activities

Analysis Process: chrome.exePID: 2556, Parent PID: 6016

General

Chronological Activities

Analysis Process: chrome.exePID: 6332, Parent PID: 5568

General

Chronological Activities

Windows Analysis Report
https://tjjrotk.bishirian.my/