Edit tour

Windows Analysis Report
https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp

Overview

General Information

Sample URL:	https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp
Analysis ID:	1637193
Tags:	tweetfeed
Infos:

Detection

Score:	56
Range:	0 - 100
Confidence:	100%

Signatures

Antivirus detection for URL or domain

Suricata IDS alerts for network traffic

Creates files inside the system directory

Deletes files inside the Windows folder

Detected suspicious crossdomain redirect

Suricata IDS alerts with low severity for network traffic

Classification

Process Tree

System is w10x64

chrome.exe (PID: 5260 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 5476 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2448,i,1409519252564547307,15454318122318066631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2476 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6768 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Suricata Signatures

ETPRO PHISHING CoGUI Phish Landing Page 2024-12-31

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-13T11:56:21.709463+0100	2859484	1	Successful Credential Theft Detected	192.168.2.4	49742	119.28.239.90	443	TCP

ETPRO PHISHING CoGUI Phish Landing Page M1 2025-01-02

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2025-03-13T11:56:18.570759+0100	2859492	2	Possible Social Engineering Attempted	119.28.239.90	443	192.168.2.4	49739	TCP

HTTP traffic detected: POST /open/visitors/info/createOrGetUserInfo HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveContent-Length: 384sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: application/json, text/plain, */*sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: application/jsonsec-ch-ua-mobile: ?0Origin: https://poisauifgaama.comSec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://poisauifgaama.com/amazon/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 404 Not FoundServer: nginx/1.26.2Date: Thu, 13 Mar 2025 10:56:21 GMTContent-Type: text/plain; charset=utf-8Content-Length: 9Connection: closeVary: OriginAccess-Control-Allow-Origin: https://poisauifgaama.comset-cookie: locale=en-us; path=/; max-age=31557600; expires=Fri, 13 Mar 2026 16:56:21 GMT

Source: chromecache_54.2.dr	String found in binary or memory: http://ricostacruz.com/nprogress
Source: chromecache_54.2.dr	String found in binary or memory: https://www.amazon.co.jp/
Source: chromecache_54.2.dr	String found in binary or memory: https://www.google.com/

Source: unknown	Network traffic detected: HTTP traffic on port 49733 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49708 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49722
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49744
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49742
Source: unknown	Network traffic detected: HTTP traffic on port 49731 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49741
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49740
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49725 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49741 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49729 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49748 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49722 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49739
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49738
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49735
Source: unknown	Network traffic detected: HTTP traffic on port 49738 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49733
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49731
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49730
Source: unknown	Network traffic detected: HTTP traffic on port 49730 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49726 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49740 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49671 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49742 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49744 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49708
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49729
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49726
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49748
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49725
Source: unknown	Network traffic detected: HTTP traffic on port 49735 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49739 -> 443

Source: unknown

HTTPS traffic detected: 131.253.33.254:443 -> 192.168.2.4:49733 version: TLS 1.2

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Windows\SystemTemp\scoped_dir5260_994281326

Jump to behavior

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File deleted: C:\Windows\SystemTemp\scoped_dir5260_994281326

Jump to behavior

Source: classification engine

Classification label: mal56.win@23/14@12/7

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2448,i,1409519252564547307,15454318122318066631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2476 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2448,i,1409519252564547307,15454318122318066631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2476 /prefetch:3	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown	Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	1 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	1 File Deletion	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp	0%	Avira URL Cloud	safe

Source	Detection	Scanner	Label
https://poisauifgaama.com/open/visitors/info/createOrGetUserInfo	0%	Avira URL Cloud	safe
https://poisauifgaama.com/amazon	100%	Avira URL Cloud	phishing
https://poisauifgaama.com/amazon/assets/index-DviQLoC8.css	100%	Avira URL Cloud	phishing
https://qmihasfa.com/	0%	Avira URL Cloud	safe
https://poisauifgaama.com/amazon/faviconV2.png	100%	Avira URL Cloud	phishing
https://poisauifgaama.com/amazon/assets/index-C-6Nz0L-.js	100%	Avira URL Cloud	phishing

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Reputation
www.google.com	172.217.16.132	true	false	high
dqfaadcgq.insfuafasf.net	172.67.212.242	true	false	unknown
qmihasfa.com	43.163.202.195	true	false	unknown
poisauifgaama.com	119.28.239.90	true	true	unknown

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
https://qmihasfa.com/	false	Avira URL Cloud: safe	unknown
https://poisauifgaama.com/amazon	true	Avira URL Cloud: phishing	unknown
https://poisauifgaama.com/amazon/assets/index-DviQLoC8.css	true	Avira URL Cloud: phishing	unknown
https://poisauifgaama.com/open/visitors/info/createOrGetUserInfo	true	Avira URL Cloud: safe	unknown
https://poisauifgaama.com/amazon/faviconV2.png	true	Avira URL Cloud: phishing	unknown
https://poisauifgaama.com/amazon/	false		unknown
https://poisauifgaama.com/amazon/assets/index-C-6Nz0L-.js	true	Avira URL Cloud: phishing	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Reputation
https://www.amazon.co.jp/	chromecache_54.2.dr	false	high
http://ricostacruz.com/nprogress	chromecache_54.2.dr	false	high
https://www.google.com/	chromecache_54.2.dr	false	high

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	ASN	ASN Name	Malicious
43.163.202.195	qmihasfa.com	Japan	4249	LILLY-ASUS	false
119.28.239.90	poisauifgaama.com	China	132203	TENCENT-NET-AP-CNTencentBuildingKejizhongyiAvenueCN	true
104.21.35.37	unknown	United States	13335	CLOUDFLARENETUS	false
172.67.212.242	dqfaadcgq.insfuafasf.net	United States	13335	CLOUDFLARENETUS	false
172.217.16.132	www.google.com	United States	15169	GOOGLEUS	false

Private

IP
192.168.2.4
192.168.2.5

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1637193
Start date and time:	2025-03-13 11:54:56 +01:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 9s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	20
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal56.win@23/14@12/7
EGA Information:	Failed
HCA Information:	Successful, ratio: 100% Number of executed functions: 0 Number of non-executed functions: 0

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, audiodg.exe, RuntimeBroker.exe, ShellExperienceHost.exe, SIHClient.exe, SgrmBroker.exe, backgroundTaskHost.exe, conhost.exe, svchost.exe
Excluded IPs from analysis (whitelisted): 142.250.185.195, 142.250.186.110, 172.217.18.110, 64.233.184.84, 142.250.185.142, 142.250.185.78, 142.250.186.46, 217.20.57.36, 172.217.18.14, 216.58.206.46, 142.250.185.174, 172.217.23.99, 216.58.206.67, 23.60.203.209, 52.149.20.212
Excluded domains from analysis (whitelisted): a-ring-fallback.msedge.net, fs.microsoft.com, accounts.google.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (22349)
Category:	downloaded
Size (bytes):	22350
Entropy (8bit):	5.156595840639587
Encrypted:	false
SSDEEP:	192:00VfwxwOW9JyW9Jy45VDsf45Qw8fENgEncALKGEXf1/XxZN6dnILb3IaYosPa:DVfiwbaECacFtZNlfV
MD5:	1C799BFB28AB996067E16A620C0FC9B4
SHA1:	4CF7AB70FB48688C27F9BD03F00920BA616BD1B9
SHA-256:	A73994907448F2A1C639B109148ECA7DE0B60C79781005D50DEC1A40BC289F54
SHA-512:	F8E3872DAE896E177DC537104A3B8D52BE48F4DCF97A54E1B71EA7C30C96D2B2090E5CA51152F67FFA3C739CFDE4F5E798BA2DAAF5FA830EE54C3C702A7CF3C4
Malicious:	false
Reputation:	low
URL:	https://poisauifgaama.com/amazon/assets/index-DviQLoC8.css
Preview:	:root{--vt-c-white: #ffffff;--vt-c-black: #181818}:root{--color-background: var(--vt-c-white)}@media (prefers-color-scheme: dark){:root{--color-background: var(--vt-c-black)}},:before,:after{box-sizing:border-box;margin:0;font-weight:400}body{min-height:100vh;color:#333;background:#fff;transition:color .5s,background-color .5s;line-height:1.6;font-family:Hiragino Sans GB,Microsoft Yahei,Arial,sans-serif;font-size:15px;text-rendering:optimizeLegibility;-webkit-font-smoothing:antialiased;-moz-osx-font-smoothing:grayscale}.s-inner{box-shadow:inset 0 0 .25rem #cbcbcb}.t-shadow{text-shadow:0 0 0 #333},:before,:after{box-sizing:border-box;border-width:0;border-style:solid;border-color:#e5e7eb}:before,:after{--tw-content: ""}html,:host{line-height:1.5;-webkit-text-size-adjust:100%;-moz-tab-size:4;-o-tab-size:4;tab-size:4;font-family:ui-sans-serif,system-ui,sans-serif,"Apple Color Emoji","Segoe UI Emoji",Segoe UI Symbol,"Noto Color Emoji";font-feature-settings:normal;font-variation-setting

Chrome Cache Entry: 53

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	dropped
Size (bytes):	165
Entropy (8bit):	6.841902062651989
Encrypted:	false
SSDEEP:	3:Whi6gXEC5Dn5GgvW19xhU/2uArha+0I/VZS+6w2UI4dF22Btjles0Tk5lbMVAI:N757AqgVmrOhaLcZDAywVAI
MD5:	FC25E673C9136F4065A92D6280F4E1F3
SHA1:	5DB67096756AD10E800F470422FF42AFA00A2FAC
SHA-256:	02ABD6D521489DAE8562CBAECFAA8A8B976159B82AC2F0EF89711B43957B9727
SHA-512:	8ADDDC592CC827A4952CEEF4BFD4968E7CB350B664044A8319B56B338574BF8D8A739ED0F4CF183F68D90C5E954D0726456A22AD1180184A048557A80E4461CF
Malicious:	false
Reputation:	low
Preview:	(./..X....I!.`E...4.k2..........F..(.f...O.w.3......T.......Z..;OR...._.N.....h...i.k...F...dk@..c.w...m.UU.1...-#A.`........{W..@I.........f..@j...0..&Gmm

Chrome Cache Entry: 54

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (35690)
Category:	downloaded
Size (bytes):	286827
Entropy (8bit):	5.7945139438680595
Encrypted:	false
SSDEEP:	3072:EqOvcqHdB04nhKheoE2hgr7QwvHYZ/7xUCV/rd:GvXHdB7sE2ozstbR
MD5:	2C7F4F67832C7255225B224BD7B52A56
SHA1:	1854D5BF01CF7EF10710DFE4796F79CD4AD836BE
SHA-256:	BD43DA3049906ED5DA3083740DC10E5BB3F9364061BD0A8C0C6C8F6EC08B8EC7
SHA-512:	6A04D14BC85A3070D701CFF0D51212971F6516CFB627496C937AEC16CFD6262B5E04E504671C78F94A37947C3F25562A142E03BFA8B538F60D7A29E2F3A4477B
Malicious:	false
Reputation:	low
URL:	https://poisauifgaama.com/amazon/assets/index-C-6Nz0L-.js
Preview:	var Bl=Object.defineProperty;var jl=(e,t,n)=>t in e?Bl(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var Gn=(e,t,n)=>jl(e,typeof t!="symbol"?t+"":t,n);(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.supports("modulepreload"))return;for(const o of document.querySelectorAll('link[rel="modulepreload"]'))s(o);new MutationObserver(o=>{for(const i of o)if(i.type==="childList")for(const r of i.addedNodes)r.tagName==="LINK"&&r.rel==="modulepreload"&&s(r)}).observe(document,{childList:!0,subtree:!0});function n(o){const i={};return o.integrity&&(i.integrity=o.integrity),o.referrerPolicy&&(i.referrerPolicy=o.referrerPolicy),o.crossOrigin==="use-credentials"?i.credentials="include":o.crossOrigin==="anonymous"?i.credentials="omit":i.credentials="same-origin",i}function s(o){if(o.ep)return;o.ep=!0;const i=n(o);fetch(o.href,i)}})();/*. @vue/shared v3.4.38.* (c) 2018-present Yuxi (Evan) You and Vue contributors.* @license MIT.*//! #__NO_SIDE_EFFECT

Chrome Cache Entry: 55

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text
Category:	downloaded
Size (bytes):	497
Entropy (8bit):	4.930947660541318
Encrypted:	false
SSDEEP:	12:hY4MoXwKy7f1cmOqsKyDVWtzqAEd0BmQL:hYHQbCfsJVW7EM
MD5:	D06B013AC8D552F6AF8B1E2B927DEF31
SHA1:	A9BBF41ACF7D7CE17AE390E9A8D86BE3B90B549F
SHA-256:	1A3E2FB9C1821E54B32131B4C29D94DB96A7E30FC6DD6B278B507C4B829E67A8
SHA-512:	21CF687DE21E21AC900549CC12062A8D810BDF12E516E226B8846D58AF459614D2A0605C109EF7265ECADD5B89B316429AA5032BB1AA18E6F188D4BA861B5F8F
Malicious:	false
Reputation:	low
URL:	https://poisauifgaama.com/amazon/
Preview:	<!DOCTYPE html>.<html lang="jp">. <head>. <meta charset="UTF-8">. <link rel="icon" type="image/png" href="./faviconV2.png">. <meta name="viewport" content="width=device-width, initial-scale=1.0">. <meta name="robots" content="noindex, nofollow">. <title></title>. <script type="module" crossorigin src="./assets/index-C-6Nz0L-.js"></script>. <link rel="stylesheet" crossorigin href="./assets/index-DviQLoC8.css">. </head>. <body>. <div id="app"></div>. </body>.</html>.

Chrome Cache Entry: 56

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	516
Entropy (8bit):	7.431753204569005
Encrypted:	false
SSDEEP:	12:6v/7ZqV9DtjtSjFa1NGBaDO/Sr/+aWZCWRcwR6pLLEc:cCltZSjFa1NcaaaWZVcwQpLYc
MD5:	11B2E63F0AD7440683DA67FC5AEA1AE8
SHA1:	4CA8F900A09775C36405106FF12C3D31CBDF908A
SHA-256:	78D23AF2CD79BCE1640DD74FD18A8741574A770B74242F024A555FB584DBC33C
SHA-512:	E194427F40190EC9FC444FAB68BD74C88CA2C6E2211010F96E61278F2E2F4B7B95D61E8E0127FB72EB516692AC6D65EA2DA744B89993F33039162B0B159706CF
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR................a....IDAT8...?hSQ...Os3U.pi...D.L..:5o..........n"X\..-.Cpi......).&..B..5..O;4.qxi......p..w.s..IiI.$....3.I[........6.F....eqsi.j.J.V..LS{....(.[.Z-II...t...R..8.t:..y.N".X...... ..}..p..0..l.j......-.g.t.]....)c.....T.2F.bQ....$8..t(.\...fi...0.gs.+.....%.9.H.uO...T<.S..2F9.V.uU.T..8.....y)}X..$....\_....r...0w.......j...k.....)..2..kW.I?:...;..w..I.....9..,...`o...G.....phI......\|\|..6.F...s....r%...0g.Z.....y.t...F.!s.r.I......B....g.?.I..q[/...J....IEND.B`.

Chrome Cache Entry: 57

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 16 x 16, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	516
Entropy (8bit):	7.431753204569005
Encrypted:	false
SSDEEP:	12:6v/7ZqV9DtjtSjFa1NGBaDO/Sr/+aWZCWRcwR6pLLEc:cCltZSjFa1NcaaaWZVcwQpLYc
MD5:	11B2E63F0AD7440683DA67FC5AEA1AE8
SHA1:	4CA8F900A09775C36405106FF12C3D31CBDF908A
SHA-256:	78D23AF2CD79BCE1640DD74FD18A8741574A770B74242F024A555FB584DBC33C
SHA-512:	E194427F40190EC9FC444FAB68BD74C88CA2C6E2211010F96E61278F2E2F4B7B95D61E8E0127FB72EB516692AC6D65EA2DA744B89993F33039162B0B159706CF
Malicious:	false
Reputation:	low
URL:	https://poisauifgaama.com/amazon/faviconV2.png
Preview:	.PNG........IHDR................a....IDAT8...?hSQ...Os3U.pi...D.L..:5o..........n"X\..-.Cpi......).&..B..5..O;4.qxi......p..w.s..IiI.$....3.I[........6.F....eqsi.j.J.V..LS{....(.[.Z-II...t...R..8.t:..y.N".X...... ..}..p..0..l.j......-.g.t.]....)c.....T.2F.bQ....$8..t(.\...fi...0.gs.+.....%.9.H.uO...T<.S..2F9.V.uU.T..8.....y)}X..$....\_....r...0w.......j...k.....)..2..kW.I?:...;..w..I.....9..,...`o...G.....phI......\|\|..6.F...s....r%...0g.Z.....y.t...F.!s.r.I......B....g.?.I..q[/...J....IEND.B`.

Chrome Cache Entry: 58

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	165
Entropy (8bit):	6.841902062651989
Encrypted:	false
SSDEEP:	3:Whi6gXEC5Dn5GgvW19xhU/2uArha+0I/VZS+6w2UI4dF22Btjles0Tk5lbMVAI:N757AqgVmrOhaLcZDAywVAI
MD5:	FC25E673C9136F4065A92D6280F4E1F3
SHA1:	5DB67096756AD10E800F470422FF42AFA00A2FAC
SHA-256:	02ABD6D521489DAE8562CBAECFAA8A8B976159B82AC2F0EF89711B43957B9727
SHA-512:	8ADDDC592CC827A4952CEEF4BFD4968E7CB350B664044A8319B56B338574BF8D8A739ED0F4CF183F68D90C5E954D0726456A22AD1180184A048557A80E4461CF
Malicious:	false
Reputation:	low
URL:	https://dqfaadcgq.insfuafasf.net/favicon.ico
Preview:	(./..X....I!.`E...4.k2..........F..(.f...O.w.3......T.......Z..;OR...._.N.....h...i.k...F...dk@..c.w...m.UU.1...-#A.`........{W..@I.........f..@j...0..&Gmm

Chrome Cache Entry: 59

Download File

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	Zstandard compressed data (v0.8+), Dictionary ID: None
Category:	downloaded
Size (bytes):	165
Entropy (8bit):	6.841902062651989
Encrypted:	false
SSDEEP:	3:Whi6gXEC5Dn5GgvW19xhU/2uArha+0I/VZS+6w2UI4dF22Btjles0Tk5lbMVAI:N757AqgVmrOhaLcZDAywVAI
MD5:	FC25E673C9136F4065A92D6280F4E1F3
SHA1:	5DB67096756AD10E800F470422FF42AFA00A2FAC
SHA-256:	02ABD6D521489DAE8562CBAECFAA8A8B976159B82AC2F0EF89711B43957B9727
SHA-512:	8ADDDC592CC827A4952CEEF4BFD4968E7CB350B664044A8319B56B338574BF8D8A739ED0F4CF183F68D90C5E954D0726456A22AD1180184A048557A80E4461CF
Malicious:	false
Reputation:	low
URL:	https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp
Preview:	(./..X....I!.`E...4.k2..........F..(.f...O.w.3......T.......Z..;OR...._.N.....h...i.k...F...dk@..c.w...m.UU.1...-#A.`........{W..@I.........f..@j...0..&Gmm

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2025-03-13T11:56:18.570759+0100	2859492	ETPRO PHISHING CoGUI Phish Landing Page M1 2025-01-02	2	119.28.239.90	443	192.168.2.4	49739	TCP
2025-03-13T11:56:21.709463+0100	2859484	ETPRO PHISHING CoGUI Phish Landing Page 2024-12-31	1	192.168.2.4	49742	119.28.239.90	443	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:55:54.513631105 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:55:54.871682882 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:55:55.557360888 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:55:56.853331089 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:55:59.019037008 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:55:59.019085884 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:55:59.019165039 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:55:59.019490957 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:55:59.019504070 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:55:59.259886980 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:56:00.779058933 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.779114962 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:00.779268980 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.779581070 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.779614925 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:00.779771090 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.780013084 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.780029058 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:00.780505896 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:00.780522108 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:01.253310919 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:01.253598928 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:01.253629923 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:01.254652023 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:01.254709005 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:01.256273031 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:01.256357908 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:01.309007883 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:01.309041023 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:01.355248928 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:02.997745991 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:03.309587955 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:03.918307066 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:04.060221910 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:56:04.369066954 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.369091988 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.369165897 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.369194031 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.392877102 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.392946005 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.392976046 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.398920059 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.398938894 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.399275064 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.399291039 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.399616957 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.399621964 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.415324926 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.455734968 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.456377029 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.456422091 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.711937904 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.712287903 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.712327957 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.766654968 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.807358980 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:04.807864904 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:04.853904963 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:05.118556976 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:05.306468964 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:05.354275942 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:05.413472891 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:05.413505077 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:05.995620966 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.995686054 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:05.995764971 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.996321917 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.996346951 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:05.996917963 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.996989965 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:05.997953892 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.998358011 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:05.998372078 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:06.200520039 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:06.245361090 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:06.638716936 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:06.638762951 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:06.638818026 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:06.639292955 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:06.639307976 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:07.526824951 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:07.592942953 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.595218897 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.596467018 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.598330021 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.600174904 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.601432085 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.688173056 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.688250065 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.689089060 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.694658041 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.781569958 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.781625986 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.785284042 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.790020943 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.881326914 CET	443	49708	52.113.196.254	192.168.2.4
Mar 13, 2025 11:56:07.881413937 CET	49708	443	192.168.2.4	52.113.196.254
Mar 13, 2025 11:56:07.895387888 CET	49733	443	192.168.2.4	131.253.33.254
Mar 13, 2025 11:56:07.895443916 CET	443	49733	131.253.33.254	192.168.2.4
Mar 13, 2025 11:56:07.895510912 CET	49733	443	192.168.2.4	131.253.33.254
Mar 13, 2025 11:56:07.895855904 CET	49733	443	192.168.2.4	131.253.33.254
Mar 13, 2025 11:56:07.895872116 CET	443	49733	131.253.33.254	192.168.2.4
Mar 13, 2025 11:56:08.117770910 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.118071079 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.118113995 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.119607925 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.119682074 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.121587992 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.121716976 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.121764898 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.167378902 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.167424917 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.213639021 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.538894892 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.539271116 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.539298058 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.540366888 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.540513992 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.542475939 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.542571068 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.588150978 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.588185072 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.636579990 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.780683994 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.780828953 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:08.780888081 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.781199932 CET	49730	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:08.781228065 CET	443	49730	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:09.261933088 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:09.261981010 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:09.262037992 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:09.262468100 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:09.262478113 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:09.937890053 CET	443	49733	131.253.33.254	192.168.2.4
Mar 13, 2025 11:56:09.937963963 CET	49733	443	192.168.2.4	131.253.33.254
Mar 13, 2025 11:56:10.133172989 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.133250952 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.219927073 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.220412970 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.220438004 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.220649958 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.220654964 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.220808029 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.220813036 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.530215979 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.530558109 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.530586958 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.627589941 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:10.669625998 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:10.941518068 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:10.941623926 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:10.941828012 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:11.108736992 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:11.151323080 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:11.195708990 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:11.199326992 CET	49722	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:11.199359894 CET	443	49722	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:11.237348080 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:11.470164061 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:11.470527887 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:11.470551968 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:11.471498013 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:11.471621037 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:11.472901106 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:11.472902060 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:11.472991943 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:11.527980089 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:11.528008938 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:11.577285051 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.164299965 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:12.164427042 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:12.164479017 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.164940119 CET	49735	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.164952040 CET	443	49735	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:12.167850018 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.167890072 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:12.168040991 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.168494940 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:12.168507099 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:12.338876963 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:13.666260004 CET	49671	443	192.168.2.4	204.79.197.203
Mar 13, 2025 11:56:14.336443901 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:14.336817026 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:14.336843967 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:14.337205887 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:14.337662935 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:14.337749004 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:14.337985992 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:14.384325027 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.044006109 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.044096947 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.044148922 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.045130014 CET	49738	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.045149088 CET	443	49738	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.102365971 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.102430105 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.102569103 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.105019093 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.105077028 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.105144978 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.106029987 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.106044054 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:15.106729984 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:15.106764078 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.221448898 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.222801924 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.222835064 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.223155975 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.223639011 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.223701000 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.224325895 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.240951061 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.241878033 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.241918087 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.242654085 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.247355938 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.247483969 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.248115063 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:17.268336058 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.288332939 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:17.298626900 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.138655901 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.138684034 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.138737917 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.143126011 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.143160105 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.148340940 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.148818970 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.148905039 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155013084 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155036926 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155045033 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155076981 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155097961 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.155107021 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.158320904 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.158516884 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.169698000 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.169744968 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.170625925 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.179223061 CET	49740	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.179270983 CET	443	49740	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.185338974 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.185352087 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.185396910 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.189758062 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.189788103 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.190763950 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.354475021 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.354499102 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.356069088 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.356093884 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.360047102 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.382587910 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.382606983 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.382816076 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.382829905 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.383635044 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.413263083 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.413280010 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.418627977 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.418658972 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.421030045 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.438988924 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.439006090 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.439213037 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.439228058 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.439275026 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.561153889 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.561180115 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.561806917 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.561826944 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.562103033 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.570811033 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.570827961 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.571096897 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.571113110 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.571446896 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.579912901 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.579930067 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.580075026 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.580094099 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.580341101 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.590533972 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.590554953 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.590717077 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.590734959 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.590982914 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.601311922 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.601330042 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.601433039 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.601450920 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.601629972 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.610304117 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.610326052 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.610373020 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.610388041 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.610677958 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.653549910 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.653569937 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.653968096 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.653995037 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.654218912 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.662559032 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.662580013 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.662700891 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.662719011 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.662837029 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.762850046 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.762871027 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.762999058 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.763036013 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.763206959 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.767795086 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.767817974 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.767878056 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.767895937 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.768033028 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.773451090 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.773471117 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.773576021 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.773602962 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.773741007 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.776005030 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.776101112 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.776154995 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.777045965 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.777245045 CET	49739	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.777266979 CET	443	49739	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.809267044 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.809329033 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.809552908 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.811095953 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.811110973 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.828538895 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.828574896 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:18.828670025 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.829133987 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:18.829149961 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:20.996968031 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:20.997281075 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:20.997303009 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:20.998467922 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:20.998872042 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:20.999052048 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:20.999057055 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.044346094 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.053586960 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.057754993 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.058041096 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.058063030 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.058356047 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.058691978 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.058736086 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.058841944 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.100321054 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.103615999 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.709465981 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.717983007 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.718045950 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.718205929 CET	49742	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.718226910 CET	443	49742	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.758008957 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.758095980 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.758452892 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.759071112 CET	49741	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:21.759095907 CET	443	49741	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:21.954157114 CET	49678	443	192.168.2.4	20.189.173.27
Mar 13, 2025 11:56:22.029613018 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:22.029666901 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:22.029740095 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:22.030102968 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:22.030121088 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.088653088 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.106630087 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.106657982 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.107702017 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.111488104 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.112580061 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.112684011 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.112735033 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.160341024 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.165046930 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.165064096 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.225548983 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.788678885 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.788760900 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:24.788813114 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.789704084 CET	49744	443	192.168.2.4	119.28.239.90
Mar 13, 2025 11:56:24.789725065 CET	443	49744	119.28.239.90	192.168.2.4
Mar 13, 2025 11:56:29.046389103 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:29.046489000 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:29.046601057 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:29.501427889 CET	49729	443	192.168.2.4	43.163.202.195
Mar 13, 2025 11:56:29.501458883 CET	443	49729	43.163.202.195	192.168.2.4
Mar 13, 2025 11:56:49.776045084 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:49.776076078 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:51.211801052 CET	49726	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:56:51.211836100 CET	443	49726	172.67.212.242	192.168.2.4
Mar 13, 2025 11:56:56.197534084 CET	49731	443	192.168.2.4	104.21.35.37
Mar 13, 2025 11:56:56.197554111 CET	443	49731	104.21.35.37	192.168.2.4
Mar 13, 2025 11:56:59.074506044 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:59.074558973 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:56:59.074706078 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:59.075016022 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:56:59.075033903 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:01.003810883 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:01.004132032 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:57:01.004160881 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:01.004534960 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:01.005060911 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:57:01.005131006 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:01.057272911 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:57:05.501971006 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:57:05.502204895 CET	443	49725	172.67.212.242	192.168.2.4
Mar 13, 2025 11:57:05.502262115 CET	49725	443	192.168.2.4	172.67.212.242
Mar 13, 2025 11:57:10.706547976 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:10.706614017 CET	443	49748	172.217.16.132	192.168.2.4
Mar 13, 2025 11:57:10.706789017 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:57:11.497240067 CET	49748	443	192.168.2.4	172.217.16.132
Mar 13, 2025 11:57:11.497273922 CET	443	49748	172.217.16.132	192.168.2.4

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Mar 13, 2025 11:55:55.592792034 CET	53	56877	1.1.1.1	192.168.2.4
Mar 13, 2025 11:55:55.609216928 CET	53	50556	1.1.1.1	192.168.2.4
Mar 13, 2025 11:55:58.644571066 CET	53	56009	1.1.1.1	192.168.2.4
Mar 13, 2025 11:55:58.961721897 CET	53	54917	1.1.1.1	192.168.2.4
Mar 13, 2025 11:55:59.010848999 CET	58341	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:55:59.011070013 CET	56239	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:55:59.017632961 CET	53	58341	1.1.1.1	192.168.2.4
Mar 13, 2025 11:55:59.017688036 CET	53	56239	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:00.746072054 CET	59751	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:00.746252060 CET	54731	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:00.762270927 CET	53	54731	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:00.778491020 CET	53	59751	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:05.394717932 CET	63336	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:05.394860029 CET	51492	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:05.947814941 CET	53	63336	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:05.993246078 CET	53	51492	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:06.624666929 CET	49848	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:06.625005960 CET	58741	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:06.631742001 CET	53	58741	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:06.638228893 CET	53	49848	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:08.786879063 CET	52076	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:08.787195921 CET	60667	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:09.205049038 CET	53	52076	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:09.320349932 CET	53	60667	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:15.910036087 CET	53	54964	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:21.761935949 CET	65012	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:21.762094975 CET	59646	53	192.168.2.4	1.1.1.1
Mar 13, 2025 11:56:21.977274895 CET	53	65012	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:22.029119968 CET	53	59646	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:34.971534014 CET	53	65201	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:54.959280014 CET	53	54000	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:57.893677950 CET	53	60076	1.1.1.1	192.168.2.4
Mar 13, 2025 11:56:59.284599066 CET	53	56422	1.1.1.1	192.168.2.4
Mar 13, 2025 11:57:02.671542883 CET	138	138	192.168.2.4	192.168.2.255

ICMP Packets

Timestamp	Source IP	Dest IP	Checksum	Code	Type
Mar 13, 2025 11:56:09.320439100 CET	192.168.2.4	1.1.1.1	c220	(Port unreachable)	Destination Unreachable

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Mar 13, 2025 11:55:59.010848999 CET	192.168.2.4	1.1.1.1	0x8dda	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:55:59.011070013 CET	192.168.2.4	1.1.1.1	0x2e84	Standard query (0)	www.google.com	65	IN (0x0001)	false
Mar 13, 2025 11:56:00.746072054 CET	192.168.2.4	1.1.1.1	0xf564	Standard query (0)	dqfaadcgq.insfuafasf.net	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:00.746252060 CET	192.168.2.4	1.1.1.1	0xd4c0	Standard query (0)	dqfaadcgq.insfuafasf.net	65	IN (0x0001)	false
Mar 13, 2025 11:56:05.394717932 CET	192.168.2.4	1.1.1.1	0x392f	Standard query (0)	qmihasfa.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:05.394860029 CET	192.168.2.4	1.1.1.1	0xfdfe	Standard query (0)	qmihasfa.com	65	IN (0x0001)	false
Mar 13, 2025 11:56:06.624666929 CET	192.168.2.4	1.1.1.1	0xdb9b	Standard query (0)	dqfaadcgq.insfuafasf.net	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:06.625005960 CET	192.168.2.4	1.1.1.1	0x199f	Standard query (0)	dqfaadcgq.insfuafasf.net	65	IN (0x0001)	false
Mar 13, 2025 11:56:08.786879063 CET	192.168.2.4	1.1.1.1	0x4d64	Standard query (0)	poisauifgaama.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:08.787195921 CET	192.168.2.4	1.1.1.1	0x6eef	Standard query (0)	poisauifgaama.com	65	IN (0x0001)	false
Mar 13, 2025 11:56:21.761935949 CET	192.168.2.4	1.1.1.1	0x9b79	Standard query (0)	poisauifgaama.com	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:21.762094975 CET	192.168.2.4	1.1.1.1	0x771	Standard query (0)	poisauifgaama.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	Address	Type	Class	DNS over HTTPS
Mar 13, 2025 11:55:59.017632961 CET	1.1.1.1	192.168.2.4	0x8dda	No error (0)	www.google.com	172.217.16.132	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:55:59.017688036 CET	1.1.1.1	192.168.2.4	0x2e84	No error (0)	www.google.com		65	IN (0x0001)	false
Mar 13, 2025 11:56:00.762270927 CET	1.1.1.1	192.168.2.4	0xd4c0	No error (0)	dqfaadcgq.insfuafasf.net		65	IN (0x0001)	false
Mar 13, 2025 11:56:00.778491020 CET	1.1.1.1	192.168.2.4	0xf564	No error (0)	dqfaadcgq.insfuafasf.net	172.67.212.242	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:00.778491020 CET	1.1.1.1	192.168.2.4	0xf564	No error (0)	dqfaadcgq.insfuafasf.net	104.21.35.37	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:05.947814941 CET	1.1.1.1	192.168.2.4	0x392f	No error (0)	qmihasfa.com	43.163.202.195	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:06.631742001 CET	1.1.1.1	192.168.2.4	0x199f	No error (0)	dqfaadcgq.insfuafasf.net		65	IN (0x0001)	false
Mar 13, 2025 11:56:06.638228893 CET	1.1.1.1	192.168.2.4	0xdb9b	No error (0)	dqfaadcgq.insfuafasf.net	104.21.35.37	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:06.638228893 CET	1.1.1.1	192.168.2.4	0xdb9b	No error (0)	dqfaadcgq.insfuafasf.net	172.67.212.242	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:09.205049038 CET	1.1.1.1	192.168.2.4	0x4d64	No error (0)	poisauifgaama.com	119.28.239.90	A (IP address)	IN (0x0001)	false
Mar 13, 2025 11:56:21.977274895 CET	1.1.1.1	192.168.2.4	0x9b79	No error (0)	poisauifgaama.com	119.28.239.90	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

dqfaadcgq.insfuafasf.net

qmihasfa.com

poisauifgaama.com

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	43.163.202.195	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:08 UTC	692	OUT	GET / HTTP/1.1 Host: qmihasfa.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document Referer: https://dqfaadcgq.insfuafasf.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:08 UTC	219	IN	HTTP/1.1 302 Found Date: Thu, 13 Mar 2025 10:56:08 GMT Server: Apache Upgrade: h2 Connection: Upgrade, close location: https://poisauifgaama.com/amazon Content-Length: 0 Content-Type: text/html; charset=UTF-8

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.4	49735	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:11 UTC	703	OUT	GET /amazon HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://dqfaadcgq.insfuafasf.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:12 UTC	203	IN	HTTP/1.1 301 Moved Permanently Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:11 GMT Content-Type: text/html Content-Length: 169 Location: https://poisauifgaama.com/amazon/ Connection: close
2025-03-13 10:56:12 UTC	169	IN	Data Raw: 3c 68 74 6d 6c 3e 0d 0a 3c 68 65 61 64 3e 3c 74 69 74 6c 65 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 74 69 74 6c 65 3e 3c 2f 68 65 61 64 3e 0d 0a 3c 62 6f 64 79 3e 0d 0a 3c 63 65 6e 74 65 72 3e 3c 68 31 3e 33 30 31 20 4d 6f 76 65 64 20 50 65 72 6d 61 6e 65 6e 74 6c 79 3c 2f 68 31 3e 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 68 72 3e 3c 63 65 6e 74 65 72 3e 6e 67 69 6e 78 2f 31 2e 32 36 2e 32 3c 2f 63 65 6e 74 65 72 3e 0d 0a 3c 2f 62 6f 64 79 3e 0d 0a 3c 2f 68 74 6d 6c 3e 0d 0a Data Ascii: <html><head><title>301 Moved Permanently</title></head><body><center><h1>301 Moved Permanently</h1></center><hr><center>nginx/1.26.2</center></body></html>

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.4	49738	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:14 UTC	704	OUT	GET /amazon/ HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: cross-site Sec-Fetch-Mode: navigate Sec-Fetch-Dest: document sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Referer: https://dqfaadcgq.insfuafasf.net/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:15 UTC	256	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:14 GMT Content-Type: text/html Content-Length: 497 Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT Connection: close Vary: Accept-Encoding ETag: "67c321ae-1f1" Accept-Ranges: bytes
2025-03-13 10:56:15 UTC	497	IN	Data Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 6a 70 22 3e 0a 20 20 3c 68 65 61 64 3e 0a 20 20 20 20 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 55 54 46 2d 38 22 3e 0a 20 20 20 20 3c 6c 69 6e 6b 20 72 65 6c 3d 22 69 63 6f 6e 22 20 74 79 70 65 3d 22 69 6d 61 67 65 2f 70 6e 67 22 20 68 72 65 66 3d 22 2e 2f 66 61 76 69 63 6f 6e 56 32 2e 70 6e 67 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 2c 20 69 6e 69 74 69 61 6c 2d 73 63 61 6c 65 3d 31 2e 30 22 3e 0a 20 20 20 20 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 6f 62 6f 74 73 22 20 63 6f 6e 74 65 6e 74 3d 22 6e 6f 69 6e 64 65 78 2c 20 6e 6f 66 6f 6c 6c 6f Data Ascii: <!DOCTYPE html><html lang="jp"> <head> <meta charset="UTF-8"> <link rel="icon" type="image/png" href="./faviconV2.png"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="robots" content="noindex, nofollo

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.4	49740	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:17 UTC	611	OUT	GET /amazon/assets/index-DviQLoC8.css HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive Origin: https://poisauifgaama.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: text/css,/;q=0.1 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: style Referer: https://poisauifgaama.com/amazon/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:18 UTC	370	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:17 GMT Content-Type: text/css Content-Length: 22350 Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT Connection: close Vary: Accept-Encoding ETag: "67c321ae-574e" Expires: Sat, 12 Apr 2025 10:56:17 GMT Cache-Control: max-age=2592000 Cache-Control: public, max-age=2592000 Accept-Ranges: bytes
2025-03-13 10:56:18 UTC	16014	IN	Data Raw: 3a 72 6f 6f 74 7b 2d 2d 76 74 2d 63 2d 77 68 69 74 65 3a 20 23 66 66 66 66 66 66 3b 2d 2d 76 74 2d 63 2d 62 6c 61 63 6b 3a 20 23 31 38 31 38 31 38 7d 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 76 74 2d 63 2d 77 68 69 74 65 29 7d 40 6d 65 64 69 61 20 28 70 72 65 66 65 72 73 2d 63 6f 6c 6f 72 2d 73 63 68 65 6d 65 3a 20 64 61 72 6b 29 7b 3a 72 6f 6f 74 7b 2d 2d 63 6f 6c 6f 72 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 20 76 61 72 28 2d 2d 76 74 2d 63 2d 62 6c 61 63 6b 29 7d 7d 2a 2c 2a 3a 62 65 66 6f 72 65 2c 2a 3a 61 66 74 65 72 7b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 6d 61 72 67 69 6e 3a 30 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 34 30 30 7d 62 6f 64 79 7b 6d 69 6e 2d 68 65 69 67 68 Data Ascii: :root{--vt-c-white: #ffffff;--vt-c-black: #181818}:root{--color-background: var(--vt-c-white)}@media (prefers-color-scheme: dark){:root{--color-background: var(--vt-c-black)}},:before,*:after{box-sizing:border-box;margin:0;font-weight:400}body{min-heigh
2025-03-13 10:56:18 UTC	6336	IN	Data Raw: 79 29 29 7d 2e 75 6e 64 65 72 6c 69 6e 65 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 6c 69 6e 65 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 75 6e 64 65 72 6c 69 6e 65 2d 6f 66 66 73 65 74 2d 34 7b 74 65 78 74 2d 75 6e 64 65 72 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 34 70 78 7d 2e 6f 75 74 6c 69 6e 65 2d 6e 6f 6e 65 7b 6f 75 74 6c 69 6e 65 3a 32 70 78 20 73 6f 6c 69 64 20 74 72 61 6e 73 70 61 72 65 6e 74 3b 6f 75 74 6c 69 6e 65 2d 6f 66 66 73 65 74 3a 32 70 78 7d 2e 74 72 61 6e 73 69 74 69 6f 6e 7b 74 72 61 6e 73 69 74 69 6f 6e 2d 70 72 6f 70 65 72 74 79 3a 63 6f 6c 6f 72 2c 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 2c 62 6f 72 64 65 72 2d 63 6f 6c 6f 72 2c 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 2d 63 6f 6c 6f 72 2c 66 69 6c 6c 2c 73 74 72 6f 6b Data Ascii: y))}.underline{text-decoration-line:underline}.underline-offset-4{text-underline-offset:4px}.outline-none{outline:2px solid transparent;outline-offset:2px}.transition{transition-property:color,background-color,border-color,text-decoration-color,fill,strok

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.4	49739	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:17 UTC	596	OUT	GET /amazon/assets/index-C-6Nz0L-.js HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive Origin: https://poisauifgaama.com sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: script Referer: https://poisauifgaama.com/amazon/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:18 UTC	386	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:17 GMT Content-Type: application/javascript Content-Length: 286827 Last-Modified: Sat, 01 Mar 2025 15:03:10 GMT Connection: close Vary: Accept-Encoding ETag: "67c321ae-4606b" Expires: Sat, 12 Apr 2025 10:56:17 GMT Cache-Control: max-age=2592000 Cache-Control: public, max-age=2592000 Accept-Ranges: bytes
2025-03-13 10:56:18 UTC	15998	IN	Data Raw: 76 61 72 20 42 6c 3d 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 3b 76 61 72 20 6a 6c 3d 28 65 2c 74 2c 6e 29 3d 3e 74 20 69 6e 20 65 3f 42 6c 28 65 2c 74 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 63 6f 6e 66 69 67 75 72 61 62 6c 65 3a 21 30 2c 77 72 69 74 61 62 6c 65 3a 21 30 2c 76 61 6c 75 65 3a 6e 7d 29 3a 65 5b 74 5d 3d 6e 3b 76 61 72 20 47 6e 3d 28 65 2c 74 2c 6e 29 3d 3e 6a 6c 28 65 2c 74 79 70 65 6f 66 20 74 21 3d 22 73 79 6d 62 6f 6c 22 3f 74 2b 22 22 3a 74 2c 6e 29 3b 28 66 75 6e 63 74 69 6f 6e 28 29 7b 63 6f 6e 73 74 20 74 3d 64 6f 63 75 6d 65 6e 74 2e 63 72 65 61 74 65 45 6c 65 6d 65 6e 74 28 22 6c 69 6e 6b 22 29 2e 72 65 6c 4c 69 73 74 3b 69 66 28 74 26 26 74 2e 73 75 70 70 6f 72 74 73 26 26 74 2e 73 75 70 70 6f 72 74 Data Ascii: var Bl=Object.defineProperty;var jl=(e,t,n)=>t in e?Bl(e,t,{enumerable:!0,configurable:!0,writable:!0,value:n}):e[t]=n;var Gn=(e,t,n)=>jl(e,typeof t!="symbol"?t+"":t,n);(function(){const t=document.createElement("link").relList;if(t&&t.supports&&t.support
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 6e 20 62 61 28 29 7b 21 52 6e 26 26 21 45 6f 26 26 28 45 6f 3d 21 30 2c 72 69 3d 67 61 2e 74 68 65 6e 28 5f 61 29 29 7d 66 75 6e 63 74 69 6f 6e 20 52 63 28 65 29 7b 63 6f 6e 73 74 20 74 3d 62 65 2e 69 6e 64 65 78 4f 66 28 65 29 3b 74 3e 51 65 26 26 62 65 2e 73 70 6c 69 63 65 28 74 2c 31 29 7d 66 75 6e 63 74 69 6f 6e 20 24 63 28 65 29 7b 55 28 65 29 3f 51 74 2e 70 75 73 68 28 2e 2e 2e 65 29 3a 28 21 66 74 7c 7c 21 66 74 2e 69 6e 63 6c 75 64 65 73 28 65 2c 65 2e 61 6c 6c 6f 77 52 65 63 75 72 73 65 3f 4d 74 2b 31 3a 4d 74 29 29 26 26 51 74 2e 70 75 73 68 28 65 29 2c 62 61 28 29 7d 66 75 6e 63 74 69 6f 6e 20 71 69 28 65 2c 74 2c 6e 3d 52 6e 3f 51 65 2b 31 3a 30 29 7b 66 6f 72 28 3b 6e 3c 62 65 2e 6c 65 6e 67 74 68 3b 6e 2b 2b 29 7b 63 6f 6e 73 74 20 73 3d 62 Data Ascii: n ba(){!Rn&&!Eo&&(Eo=!0,ri=ga.then(_a))}function Rc(e){const t=be.indexOf(e);t>Qe&&be.splice(t,1)}function $c(e){U(e)?Qt.push(...e):(!ft\|\|!ft.includes(e,e.allowRecurse?Mt+1:Mt))&&Qt.push(e),ba()}function qi(e,t,n=Rn?Qe+1:0){for(;n<be.length;n++){const s=b
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 70 2c 6d 2c 78 2c 41 2c 43 2c 6b 2c 50 29 3d 3e 7b 66 6f 72 28 6c 65 74 20 24 3d 30 3b 24 3c 6d 2e 6c 65 6e 67 74 68 3b 24 2b 2b 29 7b 63 6f 6e 73 74 20 49 3d 70 5b 24 5d 2c 54 3d 6d 5b 24 5d 2c 4d 3d 49 2e 65 6c 26 26 28 49 2e 74 79 70 65 3d 3d 3d 68 65 7c 7c 21 6d 6e 28 49 2c 54 29 7c 7c 49 2e 73 68 61 70 65 46 6c 61 67 26 37 30 29 3f 66 28 49 2e 65 6c 29 3a 78 3b 76 28 49 2c 54 2c 4d 2c 6e 75 6c 6c 2c 41 2c 43 2c 6b 2c 50 2c 21 30 29 7d 7d 2c 64 6e 3d 28 70 2c 6d 2c 78 2c 41 2c 43 29 3d 3e 7b 69 66 28 6d 21 3d 3d 78 29 7b 69 66 28 6d 21 3d 3d 61 65 29 66 6f 72 28 63 6f 6e 73 74 20 6b 20 69 6e 20 6d 29 21 43 6e 28 6b 29 26 26 21 28 6b 20 69 6e 20 78 29 26 26 69 28 70 2c 6b 2c 6d 5b 6b 5d 2c 6e 75 6c 6c 2c 43 2c 41 29 3b 66 6f 72 28 63 6f 6e 73 74 20 6b Data Ascii: p,m,x,A,C,k,P)=>{for(let $=0;$<m.length;$++){const I=p[$],T=m[$],M=I.el&&(I.type===he\|\|!mn(I,T)\|\|I.shapeFlag&70)?f(I.el):x;v(I,T,M,null,A,C,k,P,!0)}},dn=(p,m,x,A,C)=>{if(m!==x){if(m!==ae)for(const k in m)!Cn(k)&&!(k in x)&&i(p,k,m[k],null,C,A);for(const k
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 75 6c 6c 2c 64 61 3a 6e 75 6c 6c 2c 61 3a 6e 75 6c 6c 2c 72 74 67 3a 6e 75 6c 6c 2c 72 74 63 3a 6e 75 6c 6c 2c 65 63 3a 6e 75 6c 6c 2c 73 70 3a 6e 75 6c 6c 7d 3b 72 65 74 75 72 6e 20 69 2e 63 74 78 3d 7b 5f 3a 69 7d 2c 69 2e 72 6f 6f 74 3d 74 3f 74 2e 72 6f 6f 74 3a 69 2c 69 2e 65 6d 69 74 3d 67 31 2e 62 69 6e 64 28 6e 75 6c 6c 2c 69 29 2c 65 2e 63 65 26 26 65 2e 63 65 28 69 29 2c 69 7d 6c 65 74 20 53 65 3d 6e 75 6c 6c 2c 6b 73 2c 24 6f 3b 7b 63 6f 6e 73 74 20 65 3d 59 72 28 29 2c 74 3d 28 6e 2c 73 29 3d 3e 7b 6c 65 74 20 6f 3b 72 65 74 75 72 6e 28 6f 3d 65 5b 6e 5d 29 7c 7c 28 6f 3d 65 5b 6e 5d 3d 5b 5d 29 2c 6f 2e 70 75 73 68 28 73 29 2c 69 3d 3e 7b 6f 2e 6c 65 6e 67 74 68 3e 31 3f 6f 2e 66 6f 72 45 61 63 68 28 72 3d 3e 72 28 69 29 29 3a 6f 5b 30 5d 28 Data Ascii: ull,da:null,a:null,rtg:null,rtc:null,ec:null,sp:null};return i.ctx={_:i},i.root=t?t.root:i,i.emit=g1.bind(null,i),e.ce&&e.ce(i),i}let Se=null,ks,$o;{const e=Yr(),t=(n,s)=>{let o;return(o=e[n])\|\|(o=e[n]=[]),o.push(s),i=>{o.length>1?o.forEach(r=>r(i)):o[0](
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 74 79 70 65 6f 66 20 70 72 6f 63 65 73 73 3c 22 75 22 26 26 70 72 6f 63 65 73 73 2e 6e 65 78 74 54 69 63 6b 7c 7c 65 6c 2c 79 3d 7b 69 73 41 72 72 61 79 3a 61 6e 2c 69 73 41 72 72 61 79 42 75 66 66 65 72 3a 4a 61 2c 69 73 42 75 66 66 65 72 3a 67 75 2c 69 73 46 6f 72 6d 44 61 74 61 3a 54 75 2c 69 73 41 72 72 61 79 42 75 66 66 65 72 56 69 65 77 3a 62 75 2c 69 73 53 74 72 69 6e 67 3a 79 75 2c 69 73 4e 75 6d 62 65 72 3a 59 61 2c 69 73 42 6f 6f 6c 65 61 6e 3a 5f 75 2c 69 73 4f 62 6a 65 63 74 3a 71 73 2c 69 73 50 6c 61 69 6e 4f 62 6a 65 63 74 3a 79 73 2c 69 73 52 65 61 64 61 62 6c 65 53 74 72 65 61 6d 3a 6b 75 2c 69 73 52 65 71 75 65 73 74 3a 4f 75 2c 69 73 52 65 73 70 6f 6e 73 65 3a 52 75 2c 69 73 48 65 61 64 65 72 73 3a 24 75 2c 69 73 55 6e 64 65 66 69 6e 65 Data Ascii: typeof process<"u"&&process.nextTick\|\|el,y={isArray:an,isArrayBuffer:Ja,isBuffer:gu,isFormData:Tu,isArrayBufferView:bu,isString:yu,isNumber:Ya,isBoolean:_u,isObject:qs,isPlainObject:ys,isReadableStream:ku,isRequest:Ou,isResponse:Ru,isHeaders:$u,isUndefine
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 63 61 70 65 28 65 6e 63 6f 64 65 55 52 49 43 6f 6d 70 6f 6e 65 6e 74 28 61 2e 70 61 73 73 77 6f 72 64 29 29 3a 22 22 29 29 29 3b 6c 65 74 20 6c 3b 69 66 28 79 2e 69 73 46 6f 72 6d 44 61 74 61 28 6e 29 29 7b 69 66 28 71 65 2e 68 61 73 53 74 61 6e 64 61 72 64 42 72 6f 77 73 65 72 45 6e 76 7c 7c 71 65 2e 68 61 73 53 74 61 6e 64 61 72 64 42 72 6f 77 73 65 72 57 65 62 57 6f 72 6b 65 72 45 6e 76 29 72 2e 73 65 74 43 6f 6e 74 65 6e 74 54 79 70 65 28 76 6f 69 64 20 30 29 3b 65 6c 73 65 20 69 66 28 28 6c 3d 72 2e 67 65 74 43 6f 6e 74 65 6e 74 54 79 70 65 28 29 29 21 3d 3d 21 31 29 7b 63 6f 6e 73 74 5b 75 2c 2e 2e 2e 64 5d 3d 6c 3f 6c 2e 73 70 6c 69 74 28 22 3b 22 29 2e 6d 61 70 28 66 3d 3e 66 2e 74 72 69 6d 28 29 29 2e 66 69 6c 74 65 72 28 42 6f 6f 6c 65 61 6e 29 Data Ascii: cape(encodeURIComponent(a.password)):"")));let l;if(y.isFormData(n)){if(qe.hasStandardBrowserEnv\|\|qe.hasStandardBrowserWebWorkerEnv)r.setContentType(void 0);else if((l=r.getContentType())!==!1){const[u,...d]=l?l.split(";").map(f=>f.trim()).filter(Boolean)
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 62 6b 69 74 22 3a 22 4d 6f 7a 54 72 61 6e 73 66 6f 72 6d 22 69 6e 20 68 3f 22 4d 6f 7a 22 3a 22 6d 73 54 72 61 6e 73 66 6f 72 6d 22 69 6e 20 68 3f 22 6d 73 22 3a 22 4f 54 72 61 6e 73 66 6f 72 6d 22 69 6e 20 68 3f 22 4f 22 3a 22 22 3b 72 65 74 75 72 6e 20 76 2b 22 50 65 72 73 70 65 63 74 69 76 65 22 69 6e 20 68 3f 22 74 72 61 6e 73 6c 61 74 65 33 64 22 3a 76 2b 22 54 72 61 6e 73 66 6f 72 6d 22 69 6e 20 68 3f 22 74 72 61 6e 73 6c 61 74 65 22 3a 22 6d 61 72 67 69 6e 22 7d 3b 66 75 6e 63 74 69 6f 6e 20 6f 28 68 2c 76 2c 77 29 7b 72 65 74 75 72 6e 20 68 3c 76 3f 76 3a 68 3e 77 3f 77 3a 68 7d 66 75 6e 63 74 69 6f 6e 20 69 28 68 29 7b 72 65 74 75 72 6e 28 2d 31 2b 68 29 2a 31 30 30 7d 66 75 6e 63 74 69 6f 6e 20 72 28 68 2c 76 2c 77 29 7b 76 61 72 20 4f 3b 72 65 Data Ascii: bkit":"MozTransform"in h?"Moz":"msTransform"in h?"ms":"OTransform"in h?"O":"";return v+"Perspective"in h?"translate3d":v+"Transform"in h?"translate":"margin"};function o(h,v,w){return h<v?v:h>w?w:h}function i(h){return(-1+h)*100}function r(h,v,w){var O;re
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 31 39 35 35 35 36 20 33 33 30 2e 39 38 39 38 39 39 2d 33 33 30 2e 39 38 39 38 39 39 2d 31 34 38 2e 31 39 35 35 35 36 2d 33 33 30 2e 39 38 39 38 39 39 2d 33 33 30 2e 39 38 39 38 39 39 2d 33 33 30 2e 39 38 39 38 39 39 7a 20 6d 34 33 31 2e 33 32 31 32 31 32 20 37 39 33 2e 33 34 31 34 31 35 61 33 30 2e 38 34 39 32 39 33 20 33 30 2e 38 34 39 32 39 33 20 30 20 30 20 31 2d 32 31 2e 39 34 31 30 31 2d 39 2e 31 30 32 32 32 33 6c 2d 31 35 37 2e 32 32 30 32 30 32 2d 31 35 37 2e 32 32 30 32 30 32 63 2d 31 31 2e 37 35 32 37 32 37 2d 31 32 2e 31 37 39 33 39 34 2d 31 31 2e 35 38 34 36 34 36 2d 33 31 2e 35 33 34 35 34 35 20 30 2e 33 37 34 39 35 2d 34 33 2e 35 30 37 30 37 20 31 31 2e 39 37 32 35 32 35 2d 31 31 2e 39 37 32 35 32 35 20 33 31 2e 33 32 37 36 37 37 2d 31 32 2e Data Ascii: 195556 330.989899-330.989899-148.195556-330.989899-330.989899-330.989899z m431.321212 793.341415a30.849293 30.849293 0 0 1-21.94101-9.102223l-157.220202-157.220202c-11.752727-12.179394-11.584646-31.534545 0.37495-43.50707 11.972525-11.972525 31.327677-12.
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 37 36 37 36 37 36 5d 20 61 62 73 6f 6c 75 74 65 20 74 6f 70 2d 5b 2d 38 70 78 5d 20 70 6c 2d 32 20 70 72 2d 31 22 20 64 61 74 61 2d 76 2d 36 62 33 39 31 31 33 33 3e e5 88 9d e3 82 81 e3 81 a6 41 6d 61 7a 6f 6e e3 82 92 e3 81 94 e5 88 a9 e7 94 a8 e3 81 a7 e3 81 99 e3 81 8b ef bc 9f 3c 2f 70 3e 3c 2f 64 69 76 3e 3c 2f 64 69 76 3e 3c 62 75 74 74 6f 6e 20 74 79 70 65 3d 22 62 75 74 74 6f 6e 22 20 63 6c 61 73 73 3d 22 77 2d 66 75 6c 6c 20 68 2d 38 20 72 6f 75 6e 64 65 64 2d 5b 38 70 78 5d 20 74 65 78 74 2d 5b 31 33 70 78 5d 20 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 62 67 2d 5b 23 66 66 66 5d 20 74 65 78 74 2d 5b 23 30 46 31 31 31 31 5d 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 5b 23 44 35 44 39 44 Data Ascii: 767676] absolute top-[-8px] pl-2 pr-1" data-v-6b391133>Amazon</p></div></div><button type="button" class="w-full h-8 rounded-[8px] text-[13px] flex items-center justify-center bg-[#fff] text-[#0F1111] border border-[#D5D9D
2025-03-13 10:56:18 UTC	16384	IN	Data Raw: 2d 73 75 62 6d 69 74 22 2c 63 6c 61 73 73 3a 22 77 2d 66 75 6c 6c 20 68 2d 38 20 72 6f 75 6e 64 65 64 2d 5b 38 70 78 5d 20 74 65 78 74 2d 5b 31 33 70 78 5d 20 66 6c 65 78 20 69 74 65 6d 73 2d 63 65 6e 74 65 72 20 6a 75 73 74 69 66 79 2d 63 65 6e 74 65 72 20 62 67 2d 5b 23 46 46 44 38 31 34 5d 20 74 65 78 74 2d 5b 23 30 46 31 31 31 31 5d 20 62 6f 72 64 65 72 20 62 6f 72 64 65 72 2d 5b 23 46 43 44 32 30 30 5d 20 68 6f 76 65 72 3a 62 67 2d 5b 23 46 37 43 41 30 30 5d 20 6d 74 2d 34 22 2c 73 74 79 6c 65 3a 7b 22 62 6f 78 2d 73 68 61 64 6f 77 22 3a 22 30 20 32 70 78 20 35 70 78 20 30 20 72 67 62 61 28 32 31 33 2c 32 31 37 2c 32 31 37 2c 2e 35 29 22 7d 7d 2c 74 66 3d 70 65 28 27 3c 64 69 76 20 63 6c 61 73 73 3d 22 72 65 6c 61 74 69 76 65 20 6d 74 2d 34 22 20 64 Data Ascii: -submit",class:"w-full h-8 rounded-[8px] text-[13px] flex items-center justify-center bg-[#FFD814] text-[#0F1111] border border-[#FCD200] hover:bg-[#F7CA00] mt-4",style:{"box-shadow":"0 2px 5px 0 rgba(213,217,217,.5)"}},tf=pe('<div class="relative mt-4" d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.4	49742	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:20 UTC	686	OUT	POST /open/visitors/info/createOrGetUserInfo HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive Content-Length: 384 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: application/json, text/plain, / sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: application/json sec-ch-ua-mobile: ?0 Origin: https://poisauifgaama.com Sec-Fetch-Site: same-origin Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://poisauifgaama.com/amazon/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:20 UTC	384	OUT	Data Raw: 7b 22 63 75 72 72 65 6e 74 53 74 61 74 65 22 3a 32 2c 22 62 72 6f 77 73 65 72 49 6e 66 6f 22 3a 7b 22 68 65 69 67 68 74 22 3a 38 39 37 2c 22 77 69 64 74 68 22 3a 31 32 38 30 2c 22 76 65 72 73 69 6f 6e 22 3a 22 35 33 37 2e 33 36 22 2c 22 74 79 70 65 22 3a 22 63 68 72 6f 6d 65 22 2c 22 70 6c 61 74 22 3a 22 77 69 6e 33 32 22 2c 22 74 61 67 22 3a 22 70 63 22 2c 22 70 72 65 66 69 78 22 3a 22 77 65 62 6b 69 74 22 2c 22 69 73 4d 6f 62 69 6c 65 22 3a 66 61 6c 73 65 2c 22 69 73 49 4f 53 22 3a 66 61 6c 73 65 2c 22 69 73 50 43 22 3a 74 72 75 65 2c 22 69 73 4d 69 6e 69 22 3a 66 61 6c 73 65 2c 22 73 63 72 65 65 6e 22 3a 22 78 6c 22 2c 22 69 73 41 6e 64 72 6f 69 64 22 3a 66 61 6c 73 65 7d 2c 22 64 6f 6d 61 69 6e 22 3a 22 70 6f 69 73 61 75 69 66 67 61 61 6d 61 2e 63 6f Data Ascii: {"currentState":2,"browserInfo":{"height":897,"width":1280,"version":"537.36","type":"chrome","plat":"win32","tag":"pc","prefix":"webkit","isMobile":false,"isIOS":false,"isPC":true,"isMini":false,"screen":"xl","isAndroid":false},"domain":"poisauifgaama.co
2025-03-13 10:56:21 UTC	325	IN	HTTP/1.1 404 Not Found Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:21 GMT Content-Type: text/plain; charset=utf-8 Content-Length: 9 Connection: close Vary: Origin Access-Control-Allow-Origin: https://poisauifgaama.com set-cookie: locale=en-us; path=/; max-age=31557600; expires=Fri, 13 Mar 2026 16:56:21 GMT
2025-03-13 10:56:21 UTC	9	IN	Data Raw: 4e 6f 74 20 46 6f 75 6e 64 Data Ascii: Not Found

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
6	192.168.2.4	49741	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:21 UTC	613	OUT	GET /amazon/faviconV2.png HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://poisauifgaama.com/amazon/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-03-13 10:56:21 UTC	345	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:21 GMT Content-Type: image/png Content-Length: 516 Last-Modified: Sat, 26 Oct 2024 04:13:00 GMT Connection: close ETag: "671c6c4c-204" Expires: Sat, 12 Apr 2025 10:56:21 GMT Cache-Control: max-age=2592000 Cache-Control: public, max-age=2592000 Accept-Ranges: bytes
2025-03-13 10:56:21 UTC	516	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 01 cb 49 44 41 54 38 8d 8d 93 3f 68 53 51 18 c5 7f 4f 73 33 55 1b 70 69 88 0f dc 44 14 4c b2 09 3a 35 6f ab 8b c6 e0 92 d5 ee 05 83 8b 6e 22 58 5c cc c3 2d 8b 43 70 69 d3 a1 a3 d0 cd 7f bc 29 08 26 1d 0c 42 fb 9e 35 a0 89 4f 3b 34 e0 71 78 69 9a be bc 8a 07 ee 70 bf cb 77 be 73 ee b9 17 49 69 49 cf 24 ed e8 ff b1 33 ee 49 5b 92 9e 00 0f 98 c2 f6 f6 36 8d 46 83 cf bd 1e 96 65 71 73 69 89 6a b5 4a 02 56 91 14 4c 53 7b 9e a7 d3 c6 28 15 5b b5 5a 2d 49 49 80 a4 c1 74 e5 de f2 b2 52 c6 a8 e4 38 ea 74 3a 93 fd 79 db 4e 22 18 58 92 06 c0 fc a1 a6 20 08 f0 7d 9f e1 70 c8 cf 30 a4 d9 6c d2 6a b5 00 18 1d 1c c4 2d 0c 67 14 74 bb 5d e5 8b c5 19 0b 29 63 12 15 cc Data Ascii: PNGIHDRaIDAT8?hSQOs3UpiDL:5on"X\-Cpi)&B5O;4qxipwsIiI$3I[6FeqsijJVLS{([Z-IItR8t:yN"X }p0lj-gt])c

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
7	192.168.2.4	49744	119.28.239.90	443	5476	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-03-13 10:56:24 UTC	423	OUT	GET /amazon/faviconV2.png HTTP/1.1 Host: poisauifgaama.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9 Cookie: locale=en-us
2025-03-13 10:56:24 UTC	345	IN	HTTP/1.1 200 OK Server: nginx/1.26.2 Date: Thu, 13 Mar 2025 10:56:24 GMT Content-Type: image/png Content-Length: 516 Last-Modified: Sat, 26 Oct 2024 04:13:00 GMT Connection: close ETag: "671c6c4c-204" Expires: Sat, 12 Apr 2025 10:56:24 GMT Cache-Control: max-age=2592000 Cache-Control: public, max-age=2592000 Accept-Ranges: bytes
2025-03-13 10:56:24 UTC	516	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 10 00 00 00 10 08 06 00 00 00 1f f3 ff 61 00 00 01 cb 49 44 41 54 38 8d 8d 93 3f 68 53 51 18 c5 7f 4f 73 33 55 1b 70 69 88 0f dc 44 14 4c b2 09 3a 35 6f ab 8b c6 e0 92 d5 ee 05 83 8b 6e 22 58 5c cc c3 2d 8b 43 70 69 d3 a1 a3 d0 cd 7f bc 29 08 26 1d 0c 42 fb 9e 35 a0 89 4f 3b 34 e0 71 78 69 9a be bc 8a 07 ee 70 bf cb 77 be 73 ee b9 17 49 69 49 cf 24 ed e8 ff b1 33 ee 49 5b 92 9e 00 0f 98 c2 f6 f6 36 8d 46 83 cf bd 1e 96 65 71 73 69 89 6a b5 4a 02 56 91 14 4c 53 7b 9e a7 d3 c6 28 15 5b b5 5a 2d 49 49 80 a4 c1 74 e5 de f2 b2 52 c6 a8 e4 38 ea 74 3a 93 fd 79 db 4e 22 18 58 92 06 c0 fc a1 a6 20 08 f0 7d 9f e1 70 c8 cf 30 a4 d9 6c d2 6a b5 00 18 1d 1c c4 2d 0c 67 14 74 bb 5d e5 8b c5 19 0b 29 63 12 15 cc Data Ascii: PNGIHDRaIDAT8?hSQOs3UpiDL:5on"X\-Cpi)&B5O;4qxipwsIiI$3I[6FeqsijJVLS{([Z-IItR8t:yN"X }p0lj-gt])c

Target ID:	1
Start time:	06:55:50
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	2
Start time:	06:55:53
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2448,i,1409519252564547307,15454318122318066631,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version=20250306-183004.429000 --mojo-platform-channel-handle=2476 /prefetch:3
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Target ID:	4
Start time:	06:55:59
Start date:	13/03/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp"
Imagebase:	0x7ff786830000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly

Source: https://poisauifgaama.com/amazon	Avira URL Cloud: Label: phishing
Source: https://poisauifgaama.com/amazon/assets/index-DviQLoC8.css	Avira URL Cloud: Label: phishing
Source: https://poisauifgaama.com/amazon/faviconV2.png	Avira URL Cloud: Label: phishing
Source: https://poisauifgaama.com/amazon/assets/index-C-6Nz0L-.js	Avira URL Cloud: Label: phishing

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may delete files left behind by the actions of their intrusion activity. Malware, tools, or other non-native files dropped or created on a system by an adversary (ex: Ingress Tool Transfer ) may leave traces to indicate to what was done within a network and how. Removal of these files can occur during an intrusion, or as part of a post-intrusion process to minimize the adversary's footprint.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Deletion
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 52.113.196.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 131.253.33.254
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.189.173.27
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: qmihasfa.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentReferer: https://dqfaadcgq.insfuafasf.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://dqfaadcgq.insfuafasf.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon/ HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveUpgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: cross-siteSec-Fetch-Mode: navigateSec-Fetch-Dest: documentsec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Referer: https://dqfaadcgq.insfuafasf.net/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon/assets/index-DviQLoC8.css HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveOrigin: https://poisauifgaama.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: text/css,/;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: styleReferer: https://poisauifgaama.com/amazon/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon/assets/index-C-6Nz0L-.js HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveOrigin: https://poisauifgaama.comsec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: same-originSec-Fetch-Mode: corsSec-Fetch-Dest: scriptReferer: https://poisauifgaama.com/amazon/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon/faviconV2.png HTTP/1.1Host: poisauifgaama.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://poisauifgaama.com/amazon/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /amazon/faviconV2.png HTTP/1.1Host: poisauifgaama.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9Cookie: locale=en-us

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: dqfaadcgq.insfuafasf.net
Source: global traffic	DNS traffic detected: DNS query: qmihasfa.com
Source: global traffic	DNS traffic detected: DNS query: poisauifgaama.com

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Configuration

Yara Signatures

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Compliance

Networking

System Summary

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

Private

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

Chrome Cache Entry: 52

Chrome Cache Entry: 53

Chrome Cache Entry: 54

Chrome Cache Entry: 55

Chrome Cache Entry: 56

Chrome Cache Entry: 57

Chrome Cache Entry: 58

Chrome Cache Entry: 59

Static File Info

Network Behavior

Suricata IDS Alerts

Network Port Distribution

TCP Packets

UDP Packets

ICMP Packets

DNS Queries

DNS Answers

HTTP Request Dependency Graph

HTTPS Proxied Packets

Statistics

CPU Usage

Memory Usage

Behavior

System Behavior

Analysis Process: chrome.exePID: 5260, Parent PID: 5768

General

Chronological Activities

Analysis Process: chrome.exePID: 5476, Parent PID: 5260

General

Windows Analysis Report
https://dqfaadcgq.insfuafasf.net/?mce.amazon.co.jp=hxxps//account.amazon.co.jp