Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

Overview

General Information

Sample URL:	https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d
Analysis ID:	1665353
Infos:

Detection

HTMLPhisher

Score:	64
Range:	0 - 100
Confidence:	100%

Signatures

AI detected phishing page

Antivirus / Scanner detection for submitted sample

Yara detected HtmlPhish10

HTML body contains low number of good links

HTML body contains password input but no form action

HTML page contains hidden javascript code

HTML title does not match URL

Classification

×

Process Tree

System is w10x64

chrome.exe (PID: 3128 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank" MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 1632 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,15109344670275667693,15615881072301562710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3 MD5: E81F54E6C1129887AEA47E7D092680BF)

chrome.exe (PID: 6928 cmdline: "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d" MD5: E81F54E6C1129887AEA47E7D092680BF)

cleanup

Malware Configuration

⊘No configs have been found

Yara Signatures

Dropped Files

Source	Rule	Description	Author	Strings
dropped/chromecache_61	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

HTML

Source	Rule	Description	Author	Strings
0.0.pages.csv	JoeSecurity_HtmlPhish_10	Yara detected HtmlPhish_10	Joe Security

Sigma Signatures

⊘No Sigma rule has matched

Suricata Signatures

⊘No Suricata rule has matched

Joe Sandbox Signatures

Click to jump to signature section

Show All Signature Results

AV Detection

Antivirus / Scanner detection for submitted sample

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

Avira URL Cloud: detection malicious, Label: phishing

Phishing

AI detected phishing page

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

Joe Sandbox AI: Score: 7 Reasons: The brand 'Microsoft' is well-known and has a strong online presence., The URL 'files.stample.com' does not match the legitimate domain 'microsoft.com'., The domain 'stample.com' is not associated with Microsoft, which raises suspicion., The presence of input fields for 'Email' and 'Password' on a non-Microsoft domain is a common phishing tactic., The use of a subdomain 'files' could be an attempt to mimic legitimate file-sharing services, increasing the risk of phishing. DOM: 0.0.pages.csv

Yara detected HtmlPhish10

Source: Yara match	File source: 0.0.pages.csv, type: HTML
Source: Yara match	File source: dropped/chromecache_61, type: DROPPED

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: Number of links: 0

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: <input type="password" .../> found but no <form action="...

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: Base64 decoded: ...

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: Title: SARS NOTIFICATION does not match URL

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: <input type="password" .../> found

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: No favicon

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: No <meta name="author".. found

Source: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

HTTP Parser: No <meta name="copyright".. found

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	HTTPS traffic detected: 173.194.219.105:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.98:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.98:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.83:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.106.49.23:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 204.79.197.203
Source: unknown	TCP traffic detected without corresponding DNS query: 20.42.65.91
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 172.217.215.94
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	TCP traffic detected without corresponding DNS query: 2.23.227.215
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1
Source: unknown	UDP traffic detected without corresponding DNS query: 1.1.1.1

Source: global traffic	HTTP traffic detected: GET /browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d HTTP/1.1Host: files.stample.comConnection: keep-alivesec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /npm/@emailjs/browser@3/dist/email.min.js HTTP/1.1Host: cdn.jsdelivr.netConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: /Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: scriptSec-Fetch-Storage-Access: activeReferer: https://files.stample.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /browserUpload/images/index_Form1_bkgrnd.png HTTP/1.1Host: files.stample.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89dAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: files.stample.comConnection: keep-alivesec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"sec-ch-ua-mobile: ?0Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89dAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /favicon.ico HTTP/1.1Host: files.stample.comConnection: keep-aliveUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36Accept: /Sec-Fetch-Site: noneSec-Fetch-Mode: corsSec-Fetch-Dest: emptySec-Fetch-Storage-Access: activeAccept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9
Source: global traffic	HTTP traffic detected: GET /r/r4.crl HTTP/1.1Cache-Control: max-age = 3000Connection: Keep-AliveAccept: /If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMTUser-Agent: Microsoft-CryptoAPI/10.0Host: c.pki.goog

Source: global traffic	DNS traffic detected: DNS query: www.google.com
Source: global traffic	DNS traffic detected: DNS query: files.stample.com
Source: global traffic	DNS traffic detected: DNS query: cdn.jsdelivr.net
Source: global traffic	DNS traffic detected: DNS query: sheqinho.com

Source: unknown

HTTP traffic detected: POST /dante.php HTTP/1.1Host: sheqinho.comConnection: keep-aliveContent-Length: 257sec-ch-ua-platform: "Windows"User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134"Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryyRtSFdaUvBb6XJgQsec-ch-ua-mobile: ?0Accept: */*Origin: https://files.stample.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://files.stample.com/Accept-Encoding: gzip, deflate, br, zstdAccept-Language: en-US,en;q=0.9

Source: global traffic

HTTP traffic detected: HTTP/1.1 403 ForbiddenContent-Type: application/xmlTransfer-Encoding: chunkedConnection: closeServer: AmazonS3Date: Tue, 15 Apr 2025 11:57:26 GMTX-Cache: Error from cloudfrontVia: 1.1 6c7ab75e35abaff5e641bcd368abeaf4.cloudfront.net (CloudFront)X-Amz-Cf-Pop: ATL58-P9X-Amz-Cf-Id: mAdtEEELz1vwqlKQj-fODGJ5teqNumWgblxJNpLz8JcdXJwGf2FNUQ==

Source: chromecache_61.3.dr	String found in binary or memory: http://www.wysiwygwebbuilder.com
Source: chromecache_60.3.dr	String found in binary or memory: https://api.emailjs.com
Source: chromecache_61.3.dr	String found in binary or memory: https://cdn.jsdelivr.net/npm/
Source: chromecache_60.3.dr	String found in binary or memory: https://dashboard.emailjs.com/admin
Source: chromecache_60.3.dr	String found in binary or memory: https://dashboard.emailjs.com/admin/account
Source: chromecache_60.3.dr	String found in binary or memory: https://dashboard.emailjs.com/admin/templates
Source: chromecache_61.3.dr	String found in binary or memory: https://sheqinho.com/dante.php

Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49700
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49711
Source: unknown	Network traffic detected: HTTP traffic on port 49699 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49699
Source: unknown	Network traffic detected: HTTP traffic on port 49672 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49695 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49705 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49695
Source: unknown	Network traffic detected: HTTP traffic on port 49711 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49678 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49681
Source: unknown	Network traffic detected: HTTP traffic on port 49702 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49704 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49700 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 49716 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49705
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49716
Source: unknown	Network traffic detected: HTTP traffic on port 49681 -> 443
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49704
Source: unknown	Network traffic detected: HTTP traffic on port 443 -> 49702

Source: unknown	HTTPS traffic detected: 173.194.219.105:443 -> 192.168.2.6:49695 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.98:443 -> 192.168.2.6:49699 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.98:443 -> 192.168.2.6:49700 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 151.101.193.229:443 -> 192.168.2.6:49702 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 3.163.115.83:443 -> 192.168.2.6:49705 version: TLS 1.2
Source: unknown	HTTPS traffic detected: 23.106.49.23:443 -> 192.168.2.6:49711 version: TLS 1.2

Source: classification engine

Classification label: mal64.phis.win@23/11@10/7

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

File created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,15109344670275667693,15615881072301562710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
Source: unknown	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d"
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: C:\Program Files\Google\Chrome\Application\chrome.exe "C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,15109344670275667693,15615881072301562710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior
Source: C:\Program Files\Google\Chrome\Application\chrome.exe	Process created: unknown unknown			Jump to behavior

Source: Window Recorder

Window detected: More than 3 window changes detected

Source: C:\Program Files\Google\Chrome\Application\chrome.exe

Directory created: C:\Program Files\Google\Chrome\Application\Dictionaries

Jump to behavior

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	Windows Management Instrumentation	Path Interception	1 Process Injection	2 Masquerading	OS Credential Dumping	System Service Discovery	Remote Services	Data from Local System	1 Encrypted Channel	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	Scheduled Task/Job	Boot or Logon Initialization Scripts	Boot or Logon Initialization Scripts	1 Process Injection	LSASS Memory	Application Window Discovery	Remote Desktop Protocol	Data from Removable Media	4 Non-Application Layer Protocol	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	Obfuscated Files or Information	Security Account Manager	Query Registry	SMB/Windows Admin Shares	Data from Network Shared Drive	5 Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	Binary Padding	NTDS	System Network Configuration Discovery	Distributed Component Object Model	Input Capture	3 Ingress Tool Transfer	Traffic Duplication	Data Destruction

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Screenshots

Thumbnails

This section contains all screenshots as thumbnails, including those not shown in the slideshow.

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Source	Detection	Scanner	Label	Link
https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d	100%	Avira URL Cloud	phishing

Dropped Files

⊘No Antivirus matches

Unpacked PE Files

⊘No Antivirus matches

Domains

⊘No Antivirus matches

URLs

Source	Detection	Scanner	Label	Link
https://dashboard.emailjs.com/admin/templates	0%	Avira URL Cloud	safe
http://www.wysiwygwebbuilder.com	0%	Avira URL Cloud	safe
https://files.stample.com/favicon.ico	0%	Avira URL Cloud	safe
https://dashboard.emailjs.com/admin	0%	Avira URL Cloud	safe
https://dashboard.emailjs.com/admin/account	0%	Avira URL Cloud	safe
https://sheqinho.com/dante.php	0%	Avira URL Cloud	safe
https://api.emailjs.com	0%	Avira URL Cloud	safe
https://files.stample.com/browserUpload/images/index_Form1_bkgrnd.png	0%	Avira URL Cloud	safe

Domains and IPs

Contacted Domains

Name	IP	Active	Malicious	Antivirus Detection	Reputation
jsdelivr.map.fastly.net	151.101.193.229	true	false		high
sheqinho.com	23.106.49.23	true	false		high
www.google.com	173.194.219.105	true	false		high
d2m8nvz7rknvwm.cloudfront.net	3.163.115.98	true	false		unknown
files.stample.com	unknown	unknown	false		high
cdn.jsdelivr.net	unknown	unknown	false		high

Contacted URLs

Name	Malicious	Antivirus Detection	Reputation
http://c.pki.goog/r/r4.crl	false		high
https://cdn.jsdelivr.net/npm/@emailjs/browser@3/dist/email.min.js	false		high
https://files.stample.com/favicon.ico	false	Avira URL Cloud: safe	unknown
https://sheqinho.com/dante.php	false	Avira URL Cloud: safe	unknown
https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d	true		unknown
https://files.stample.com/browserUpload/images/index_Form1_bkgrnd.png	false	Avira URL Cloud: safe	unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://cdn.jsdelivr.net/npm/	chromecache_61.3.dr	false		high
https://dashboard.emailjs.com/admin/account	chromecache_60.3.dr	false	Avira URL Cloud: safe	unknown
https://api.emailjs.com	chromecache_60.3.dr	false	Avira URL Cloud: safe	unknown
https://dashboard.emailjs.com/admin/templates	chromecache_60.3.dr	false	Avira URL Cloud: safe	unknown
http://www.wysiwygwebbuilder.com	chromecache_61.3.dr	false	Avira URL Cloud: safe	unknown
https://dashboard.emailjs.com/admin	chromecache_60.3.dr	false	Avira URL Cloud: safe	unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
151.101.193.229	jsdelivr.map.fastly.net	United States		54113	FASTLYUS	false
173.194.219.105	www.google.com	United States		15169	GOOGLEUS	false
23.106.49.23	sheqinho.com	United States		7203	LEASEWEB-USA-SFO-12US	false
3.163.115.98	d2m8nvz7rknvwm.cloudfront.net	United States		16509	AMAZON-02US	false
3.163.115.83	unknown	United States		16509	AMAZON-02US	false

Private

IP
192.168.2.7
192.168.2.6

General Information

Joe Sandbox version:	42.0.0 Malachite
Analysis ID:	1665353
Start date and time:	2025-04-15 13:56:19 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 3m 13s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	browseurl.jbs
Sample URL:	https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	16
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Detection:	MAL
Classification:	mal64.phis.win@23/11@10/7

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, SgrmBroker.exe, conhost.exe, svchost.exe, TextInputHost.exe
Excluded IPs from analysis (whitelisted): 74.125.138.139, 74.125.138.113, 74.125.138.102, 74.125.138.100, 74.125.138.101, 74.125.138.138, 172.253.124.84, 142.250.9.101, 142.250.9.102, 142.250.9.113, 142.250.9.100, 142.250.9.138, 142.250.9.139, 74.125.138.94, 142.250.9.95, 74.125.138.95, 74.125.21.95, 64.233.177.95, 108.177.122.95, 64.233.185.95, 74.125.136.95, 172.217.215.95, 173.194.219.95, 142.251.15.95, 172.253.124.95, 142.250.105.95, 199.232.214.172, 108.177.122.100, 108.177.122.139, 108.177.122.102, 108.177.122.138, 108.177.122.113, 108.177.122.101, 172.253.124.101, 172.253.124.138, 172.253.124.139, 172.253.124.100, 172.253.124.113, 172.253.124.102, 74.125.21.139, 74.125.21.100, 74.125.21.101, 74.125.21.113, 74.125.21.102, 74.125.21.138, 74.125.136.102, 74.125.136.138, 74.125.136.101, 74.125.136.113, 74.125.136.100, 74.125.136.139, 173.194.219.94, 142.251.15.94, 23.79.17.61, 20.12.23.50
Excluded domains from analysis (whitelisted): fs.microsoft.com, accounts.google.com, content-autofill.googleapis.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, clientservices.googleapis.com, fe3cr.delivery.mp.microsoft.com, clients2.google.com, edgedl.me.gvt1.com, redirector.gvt1.com, update.googleapis.com, clients.l.google.com, c.pki.goog
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtOpenFile calls found.
Some HTTPS proxied raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d

Simulations

Behavior and APIs

⊘No simulations

Joe Sandbox View / Context

IPs

⊘No context

Domains

⊘No context

ASNs

⊘No context

JA3 Fingerprints

⊘No context

Dropped Files

⊘No context

Created / dropped Files

Chrome Cache Entry: 58

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	dropped
Size (bytes):	5481
Entropy (8bit):	7.961636985594995
Encrypted:	false
SSDEEP:	96:axYv61FUGt8tnAEWnhWFwn3dQpLZezU535I743eh41sf53+Ip4JYR8cy1:uLRt8tnADnhWFtpVezg5S4u61sh3yYu7
MD5:	E1F9F24C2C1F23E1074E14226471A91A
SHA1:	17BE2F573678C11B3DAE7CA227B15D9C60E50EB0
SHA-256:	CCC701C23FB9644E9EDDF998FEDAC3201AFBA25581D59F0BE07DFC45BB8BD4FE
SHA-512:	E4D3EFAFCFE1DF35E1F913C16B5A85EF9B8DD78959366BCACCF0D362D07022FFAE79C2AC2212F43ED24AC3F003E0F6F979B859203838325DBE3FB97D48AAFA94
Malicious:	false
Reputation:	low
Preview:	.PNG........IHDR...0...0.....W......0IDATh..wx\......].jV.,K..d....6.4.cJ.B...b .\|.B.......$7pCLbj....p,ll..&..6.2#iF.g..@.6vn..?..>.~.g.....^k..?.q.M.....5..c..........c..V...#[.cw<..h.............../".M.I....m...%{.......S.u..9I.....W... ....}..Jg............WU....<./.h.....E.m.......cw.F..\{..<..?a.....{...(.rN..\2....R...J._...[...m#......(.../....9.F0. .......?.VU.!..d......,. ...0......O^.....9...[...+...8R.1..$$TUE.$$I.........@v......z...U\|....`=.'..e.8...y..._..P,.....h...G.......9...0z.>......:j...J........n..........T...$..hPU.UQ....5.....j....(....E........p$:UQ....0...=kF.5}.r.....ra....4.......{=...M..../+..F.A..CI.%...;...Uu...]>.o},.....q.C..d.k,.o...!5!..BQ.......H..?.Z>4.t...J(._..r1.M2.-......y./U............d..[...-.W.@...>..._!..H{...s.....i......w....9jII.d0.><..:oD%...?^...fQ..g-`Rf....o....3.}.'.{.j.....Yo.J{..R.]y...Mz..&.n7J..%.*p5...R.V% ~.0+.~._..I..6.w..%.......d..p......cKM"+.AB8..\|...M..VE

Chrome Cache Entry: 59

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	PNG image data, 48 x 48, 8-bit/color RGBA, non-interlaced
Category:	downloaded
Size (bytes):	5481
Entropy (8bit):	7.961636985594995
Encrypted:	false
SSDEEP:	96:axYv61FUGt8tnAEWnhWFwn3dQpLZezU535I743eh41sf53+Ip4JYR8cy1:uLRt8tnADnhWFtpVezg5S4u61sh3yYu7
MD5:	E1F9F24C2C1F23E1074E14226471A91A
SHA1:	17BE2F573678C11B3DAE7CA227B15D9C60E50EB0
SHA-256:	CCC701C23FB9644E9EDDF998FEDAC3201AFBA25581D59F0BE07DFC45BB8BD4FE
SHA-512:	E4D3EFAFCFE1DF35E1F913C16B5A85EF9B8DD78959366BCACCF0D362D07022FFAE79C2AC2212F43ED24AC3F003E0F6F979B859203838325DBE3FB97D48AAFA94
Malicious:	false
Reputation:	low
URL:	https://files.stample.com/favicon.ico
Preview:	.PNG........IHDR...0...0.....W......0IDATh..wx\......].jV.,K..d....6.4.cJ.B...b .\|.B.......$7pCLbj....p,ll..&..6.2#iF.g..@.6vn..?..>.~.g.....^k..?.q.M.....5..c..........c..V...#[.cw<..h.............../".M.I....m...%{.......S.u..9I.....W... ....}..Jg............WU....<./.h.....E.m.......cw.F..\{..<..?a.....{...(.rN..\2....R...J._...[...m#......(.../....9.F0. .......?.VU.!..d......,. ...0......O^.....9...[...+...8R.1..$$TUE.$$I.........@v......z...U\|....`=.'..e.8...y..._..P,.....h...G.......9...0z.>......:j...J........n..........T...$..hPU.UQ....5.....j....(....E........p$:UQ....0...=kF.5}.r.....ra....4.......{=...M..../+..F.A..CI.%...;...Uu...]>.o},.....q.C..d.k,.o...!5!..BQ.......H..?.Z>4.t...J(._..r1.M2.-......y./U............d..[...-.W.@...>..._!..H{...s.....i......w....9jII.d0.><..:oD%...?^...fQ..g-`Rf....o....3.}.'.{.j.....Yo.J{..R.]y...Mz..&.n7J..%.*p5...R.V% ~.0+.~._..I..6.w..%.......d..p......cKM"+.AB8..\|...M..VE

Chrome Cache Entry: 60

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with very long lines (2058), with no line terminators
Category:	downloaded
Size (bytes):	2058
Entropy (8bit):	5.2275519102374925
Encrypted:	false
SSDEEP:	48:I54twbMVLUwxlRiCXloJpA+D+F0N+4+DSnm7DGl46YXkgs2:I5nb+YaHP1oJC+iF0J+enm7I43X42
MD5:	AAF4B4C066039688024B3EB28B99260D
SHA1:	3D7499D713898A2798F449D8B3528D4094475208
SHA-256:	249F5139F01396E20B067FBE6DB17315981FB1C36C64D64DF224BCF0F8750EAB
SHA-512:	9BF344AC90C909CB03955757565B9E442BDC411BDF90303C894FB571005F9C1ED211852BCA4503BE8B59C1F2980B2D94B6E511690DB475A51AD7672FB05E22DC
Malicious:	false
Reputation:	low
URL:	https://cdn.jsdelivr.net/npm/@emailjs/browser@3/dist/email.min.js
Preview:	(()=>{"use strict";var e={d:(t,r)=>{for(var i in r)e.o(r,i)&&!e.o(t,i)&&Object.defineProperty(t,i,{enumerable:!0,get:r[i]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,Symbol.toStringTag,{value:"Module"}),Object.defineProperty(e,"__esModule",{value:!0})}},t={};e.r(t),e.d(t,{default:()=>l,init:()=>i,send:()=>a,sendForm:()=>d});const r={_origin:"https://api.emailjs.com"},i=function(e){let t=arguments.length>1&&void 0!==arguments[1]?arguments[1]:"https://api.emailjs.com";r._userID=e,r._origin=t},s=(e,t,r)=>{if(!e)throw"The public key is required. Visit https://dashboard.emailjs.com/admin/account";if(!t)throw"The service ID is required. Visit https://dashboard.emailjs.com/admin";if(!r)throw"The template ID is required. Visit https://dashboard.emailjs.com/admin/templates";return!0};class o{constructor(e){this.status=e?e.status:0,this.text=e?e.responseText:"Network Error"}}const n=function(e,t){let i=argume

Chrome Cache Entry: 61

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	HTML document, ASCII text, with very long lines (60473)
Category:	downloaded
Size (bytes):	237775
Entropy (8bit):	6.068621253032165
Encrypted:	false
SSDEEP:	3072:o2LfxxmhoyDZSZ+pC+KfIOeOhOeOhOeOhOeOlVbbbmM/Xp1WWunqoNnvve1VhNU7:o2fmxSkpXqxM/Xp6dn3efhNj9s7l
MD5:	AF94226ECF1578EE49B31CD6D795AC8A
SHA1:	1631995EE3151A06FCFC1DB45CB3DDD19027BE8A
SHA-256:	A48819B55BCCD441E8BAE48DE1B69C0C3DE45FFBAC55ECA523A021B31A59E3AF
SHA-512:	BB2A769DD1533F834639B2E147E0C645A91692A441EF1CC863EACE2ADD0EB1F42BB6523F13831437C4B4A0DF2634A06748EF15060FA95F7A76E34476341C2605
Malicious:	false
Reputation:	low
URL:	https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d
Preview:	<html>.<head>. <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SARS NOTIFICATION</title><meta name="generator" content="WYSIWYG Web Builder 10 - http://www.wysiwygwebbuilder.com"><style>. body a {. color: #00F;. text-decoration: underline. }.. a:visited {. color: #800080. }.. a:active {. color: #F00. }.. a:hover {. color: #00F;. text-decoration: underline. }.. h1 {. font-family: Arial;. font-size: 32px;. font-weight: bold;. font-style: normal;. text-decoration: none;. color: #000;. background-color: transparent;. margin: 0px 0px 0px 0px;. padding: 0px 0px 0px 0px;. display: inline. }.. h2 {. font-family: Arial;. font-size: 27px;. font-weight: bold;. font-style: normal;. text-decoration: none;. color: #000;. background-color: transparent;. margin: 0px 0px 0px 0px;. padding: 0px 0px 0px 0px;. display:

Chrome Cache Entry: 62

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	ASCII text, with no line terminators
Category:	downloaded
Size (bytes):	44
Entropy (8bit):	4.641249800455478
Encrypted:	false
SSDEEP:	3:OGkuSFKthAfNk1:vkuSYaf21
MD5:	8F43AD36FA08EB69AB5980F1B1277E72
SHA1:	EDE9474AA589120ED22CAA86D43E0392A12D05A1
SHA-256:	D5DA7BF1A58703E7ED4C6DEAC4513D1E66D55D38C43330272229F3C3849672FD
SHA-512:	55AFDFEFD997AC634DD658068FD791BCF18843BA331041E284ACA89D21958D876752B8863978585F48E93475A0F92A325EC40DDFA64A9EBF45E7BB9BFEA3CC01
Malicious:	false
Reputation:	low
URL:	https://content-autofill.googleapis.com/v1/pages/ChRDaHJvbWUvMTM0LjAuNjk5OC4zNhIgCeBVpuKD-QEDEgUNSkncbBIFDW5uh60hrw43yPjXdLsSGQnZVLsUYigYXhIFDe-qmm0hDinb3LUr7Es=?alt=proto
Preview:	ChIKBw1KSdxsGgAKBw1uboetGgAKCQoHDe+qmm0aAA==

Chrome Cache Entry: 63

Process:	C:\Program Files\Google\Chrome\Application\chrome.exe
File Type:	XML 1.0 document, ASCII text
Category:	downloaded
Size (bytes):	255
Entropy (8bit):	5.650256567820571
Encrypted:	false
SSDEEP:	6:TMVBd/ZbZjZvKtWRVzjqgjjnWcXY+MxB5nVzspPoan:TMHd9BZKtWR0gPnbI+MXpVzXa
MD5:	75D9EB1AABD441A5EBB9060246AB8757
SHA1:	A3E6CC71E89F9EFE8D3F133C8FAF1814ACFD6E5E
SHA-256:	D809348DF9238DBC4BB9DC177CD10D990EFABCBB7E7B4EF58BA58FAC29A1A0FC
SHA-512:	A661C45967F2D687CFED64D06935FDD6D5E75716FE35084BB548A20DD8E175EF35B85A87C2B7431DC39CC6BCA8601C02AA6CF4BBF511E1E770F4BBB3C8AAF438
Malicious:	false
Reputation:	low
URL:	https://files.stample.com/browserUpload/images/index_Form1_bkgrnd.png
Preview:	<?xml version="1.0" encoding="UTF-8"?>.<Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F32DBJCNXPP59A20</RequestId><HostId>YrRFO9rGVhV681T/MirZlsR7tKFDfP4S8Baw4KglTnyv8gmKVz6zQ2S0TxfFev0PX0pg+ps2lSK6Fux98FcbVg==</HostId></Error>

Static File Info

⊘No static file info

Network Behavior

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 13:57:13.027988911 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:13.340184927 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:13.949495077 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:15.152615070 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:17.558862925 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:21.607831001 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:21.918715000 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:22.371845007 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:22.528119087 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:23.509382963 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:23.509495020 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:23.509639978 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:23.509835005 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:23.509860039 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:23.726197958 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:23.726280928 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:23.727876902 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:23.727897882 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:23.728337049 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:23.731616020 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:23.778490067 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:25.041872025 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.041912079 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.042022943 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.042471886 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.042479992 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.042646885 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.042659044 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.042678118 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.042911053 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.042923927 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.257884979 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.257961988 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.258132935 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.258199930 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.259335041 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.259341002 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.259577990 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.260459900 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.262798071 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.262803078 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.263089895 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.304320097 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.313607931 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.471235991 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.486028910 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.486059904 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.486099958 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.486115932 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.486166000 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.486197948 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.503072023 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.503134012 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.503171921 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.503187895 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.503223896 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.503237963 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.577084064 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.577140093 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.577163935 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.577173948 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.577219963 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.594074965 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.594099998 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.594178915 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.594185114 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.594222069 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.596955061 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.597011089 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.605457067 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.605576038 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.605590105 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.605683088 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.623995066 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.624032974 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.624078989 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.624093056 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.624131918 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.624150038 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.680192947 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.680211067 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.680301905 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.680321932 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.680922985 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.692476988 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.692500114 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.692549944 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.692557096 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.692589045 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.692604065 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.707088947 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.707127094 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.707170963 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.707180023 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.707211018 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.707223892 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.720529079 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.720582008 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.720609903 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.720616102 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.720664024 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.734625101 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.734674931 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.734720945 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.734729052 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.734769106 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.734776020 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.746366024 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.746383905 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.746423006 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.746429920 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.746454954 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.746469975 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.757316113 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.757371902 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.757399082 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.757405996 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.757451057 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.778513908 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.778542042 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.778595924 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.778611898 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.778634071 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.778650045 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.788811922 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.788837910 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.788887978 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.788886070 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.788922071 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.788940907 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.789012909 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.789253950 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.789494991 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.789515018 CEST	443	49700	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:25.789524078 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.789587975 CEST	49700	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:25.906224966 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:25.906282902 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:25.906414986 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:25.906629086 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:25.906655073 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.120332003 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.120409012 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.121797085 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.121803045 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.122095108 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.122477055 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.138516903 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:26.168272972 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.318269968 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.318438053 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.318563938 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.318605900 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.318669081 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.319591999 CEST	49702	443	192.168.2.6	151.101.193.229
Apr 15, 2025 13:57:26.319632053 CEST	443	49702	151.101.193.229	192.168.2.6
Apr 15, 2025 13:57:26.335184097 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.376269102 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:26.751754999 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:26.751993895 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:26.752080917 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.957914114 CEST	49699	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.957943916 CEST	443	49699	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:26.975652933 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.975749969 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:26.976006985 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.977148056 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:26.977190971 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.186311007 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.187064886 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:27.187086105 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.187350035 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:27.187355995 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.391175985 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.391197920 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.391280890 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:27.391304016 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.391593933 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.391644955 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:27.394257069 CEST	49704	443	192.168.2.6	3.163.115.98
Apr 15, 2025 13:57:27.394268990 CEST	443	49704	3.163.115.98	192.168.2.6
Apr 15, 2025 13:57:27.596991062 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.597028017 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:27.597287893 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.597603083 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.597614050 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:27.808228016 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:27.808377028 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.808881044 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.808891058 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:27.809122086 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:27.809504986 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:27.852269888 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:28.010972023 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:28.013572931 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:28.013664007 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:28.013674021 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:28.013750076 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:28.013830900 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:28.013972044 CEST	49705	443	192.168.2.6	3.163.115.83
Apr 15, 2025 13:57:28.013997078 CEST	443	49705	3.163.115.83	192.168.2.6
Apr 15, 2025 13:57:30.950309992 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:31.303580046 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:57:31.405718088 CEST	80	49708	172.217.215.94	192.168.2.6
Apr 15, 2025 13:57:31.405844927 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:57:31.406157970 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:57:31.508349895 CEST	80	49708	172.217.215.94	192.168.2.6
Apr 15, 2025 13:57:31.509454012 CEST	80	49708	172.217.215.94	192.168.2.6
Apr 15, 2025 13:57:31.559246063 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:57:31.981632948 CEST	49672	443	192.168.2.6	204.79.197.203
Apr 15, 2025 13:57:33.759960890 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:33.760024071 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:33.760076046 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:33.843657017 CEST	49695	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:57:33.843702078 CEST	443	49695	173.194.219.105	192.168.2.6
Apr 15, 2025 13:57:40.559935093 CEST	49678	443	192.168.2.6	20.42.65.91
Apr 15, 2025 13:57:42.176913023 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.176964998 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:42.177057028 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.177231073 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.177246094 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:42.813019037 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:42.813189983 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.814682961 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.814693928 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:42.815015078 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:42.815392971 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:42.856307983 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:43.671339989 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:43.671518087 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:43.671597004 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:43.673504114 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:43.673527956 CEST	443	49711	23.106.49.23	192.168.2.6
Apr 15, 2025 13:57:43.673542023 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:57:43.673605919 CEST	49711	443	192.168.2.6	23.106.49.23
Apr 15, 2025 13:58:23.468266964 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:23.468300104 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:23.468483925 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:23.468684912 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:23.468697071 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:23.677360058 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:23.677727938 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:23.677742958 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:31.733508110 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:58:31.835707903 CEST	80	49708	172.217.215.94	192.168.2.6
Apr 15, 2025 13:58:31.835755110 CEST	49708	80	192.168.2.6	172.217.215.94
Apr 15, 2025 13:58:32.696877003 CEST	443	49681	2.23.227.215	192.168.2.6
Apr 15, 2025 13:58:32.696903944 CEST	443	49681	2.23.227.215	192.168.2.6
Apr 15, 2025 13:58:32.697014093 CEST	49681	443	192.168.2.6	2.23.227.215
Apr 15, 2025 13:58:32.697098017 CEST	49681	443	192.168.2.6	2.23.227.215
Apr 15, 2025 13:58:33.675951004 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:33.676026106 CEST	443	49716	173.194.219.105	192.168.2.6
Apr 15, 2025 13:58:33.676147938 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:33.828285933 CEST	49716	443	192.168.2.6	173.194.219.105
Apr 15, 2025 13:58:33.828325987 CEST	443	49716	173.194.219.105	192.168.2.6

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Apr 15, 2025 13:57:19.037105083 CEST	53	49851	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:19.038752079 CEST	53	49849	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:19.967248917 CEST	53	63602	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:20.093703985 CEST	53	51512	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:23.404781103 CEST	54234	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:23.404926062 CEST	51404	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:23.507183075 CEST	53	54234	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:23.507329941 CEST	53	51404	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:24.840214968 CEST	63857	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:24.840889931 CEST	56446	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:25.016279936 CEST	53	56446	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:25.041069031 CEST	53	63857	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:25.800960064 CEST	49676	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:25.801115036 CEST	54981	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:25.904546022 CEST	53	49676	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:25.904844999 CEST	53	54981	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:26.516989946 CEST	53	56527	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:27.404786110 CEST	55038	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:27.405077934 CEST	64402	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:27.586591005 CEST	53	64402	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:27.595998049 CEST	53	55038	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:37.039402008 CEST	53	56364	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:38.114825964 CEST	53	64383	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:41.624272108 CEST	49978	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:41.624718904 CEST	57518	53	192.168.2.6	1.1.1.1
Apr 15, 2025 13:57:42.172034979 CEST	53	57518	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:42.176204920 CEST	53	49978	1.1.1.1	192.168.2.6
Apr 15, 2025 13:57:56.071697950 CEST	53	62562	1.1.1.1	192.168.2.6
Apr 15, 2025 13:58:18.872550964 CEST	53	57755	1.1.1.1	192.168.2.6
Apr 15, 2025 13:58:19.071897030 CEST	53	59230	1.1.1.1	192.168.2.6
Apr 15, 2025 13:58:19.692548037 CEST	138	138	192.168.2.6	192.168.2.255
Apr 15, 2025 13:58:21.774107933 CEST	53	63244	1.1.1.1	192.168.2.6

DNS Queries

Timestamp	Source IP	Dest IP	Trans ID	OP Code	Name	Type	Class	DNS over HTTPS
Apr 15, 2025 13:57:23.404781103 CEST	192.168.2.6	1.1.1.1	0x24aa	Standard query (0)	www.google.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.404926062 CEST	192.168.2.6	1.1.1.1	0x3494	Standard query (0)	www.google.com	65	IN (0x0001)	false
Apr 15, 2025 13:57:24.840214968 CEST	192.168.2.6	1.1.1.1	0x1f0c	Standard query (0)	files.stample.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:24.840889931 CEST	192.168.2.6	1.1.1.1	0x2515	Standard query (0)	files.stample.com	65	IN (0x0001)	false
Apr 15, 2025 13:57:25.800960064 CEST	192.168.2.6	1.1.1.1	0xa075	Standard query (0)	cdn.jsdelivr.net	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.801115036 CEST	192.168.2.6	1.1.1.1	0x6b56	Standard query (0)	cdn.jsdelivr.net	65	IN (0x0001)	false
Apr 15, 2025 13:57:27.404786110 CEST	192.168.2.6	1.1.1.1	0x932c	Standard query (0)	files.stample.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:27.405077934 CEST	192.168.2.6	1.1.1.1	0x230b	Standard query (0)	files.stample.com	65	IN (0x0001)	false
Apr 15, 2025 13:57:41.624272108 CEST	192.168.2.6	1.1.1.1	0xf968	Standard query (0)	sheqinho.com	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:41.624718904 CEST	192.168.2.6	1.1.1.1	0x62e3	Standard query (0)	sheqinho.com	65	IN (0x0001)	false

DNS Answers

Timestamp	Source IP	Dest IP	Trans ID	Reply Code	Name	CName	Address	Type	Class	DNS over HTTPS
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.105	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.147	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.104	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.103	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.99	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507183075 CEST	1.1.1.1	192.168.2.6	0x24aa	No error (0)	www.google.com		173.194.219.106	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:23.507329941 CEST	1.1.1.1	192.168.2.6	0x3494	No error (0)	www.google.com			65	IN (0x0001)	false
Apr 15, 2025 13:57:25.016279936 CEST	1.1.1.1	192.168.2.6	0x2515	No error (0)	files.stample.com	d2m8nvz7rknvwm.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:25.041069031 CEST	1.1.1.1	192.168.2.6	0x1f0c	No error (0)	files.stample.com	d2m8nvz7rknvwm.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:25.041069031 CEST	1.1.1.1	192.168.2.6	0x1f0c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.98	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.041069031 CEST	1.1.1.1	192.168.2.6	0x1f0c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.83	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.041069031 CEST	1.1.1.1	192.168.2.6	0x1f0c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.86	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.041069031 CEST	1.1.1.1	192.168.2.6	0x1f0c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.46	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904546022 CEST	1.1.1.1	192.168.2.6	0xa075	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904546022 CEST	1.1.1.1	192.168.2.6	0xa075	No error (0)	jsdelivr.map.fastly.net		151.101.193.229	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904546022 CEST	1.1.1.1	192.168.2.6	0xa075	No error (0)	jsdelivr.map.fastly.net		151.101.65.229	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904546022 CEST	1.1.1.1	192.168.2.6	0xa075	No error (0)	jsdelivr.map.fastly.net		151.101.129.229	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904546022 CEST	1.1.1.1	192.168.2.6	0xa075	No error (0)	jsdelivr.map.fastly.net		151.101.1.229	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:25.904844999 CEST	1.1.1.1	192.168.2.6	0x6b56	No error (0)	cdn.jsdelivr.net	jsdelivr.map.fastly.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:27.586591005 CEST	1.1.1.1	192.168.2.6	0x230b	No error (0)	files.stample.com	d2m8nvz7rknvwm.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:27.595998049 CEST	1.1.1.1	192.168.2.6	0x932c	No error (0)	files.stample.com	d2m8nvz7rknvwm.cloudfront.net		CNAME (Canonical name)	IN (0x0001)	false
Apr 15, 2025 13:57:27.595998049 CEST	1.1.1.1	192.168.2.6	0x932c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.83	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:27.595998049 CEST	1.1.1.1	192.168.2.6	0x932c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.46	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:27.595998049 CEST	1.1.1.1	192.168.2.6	0x932c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.98	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:27.595998049 CEST	1.1.1.1	192.168.2.6	0x932c	No error (0)	d2m8nvz7rknvwm.cloudfront.net		3.163.115.86	A (IP address)	IN (0x0001)	false
Apr 15, 2025 13:57:42.176204920 CEST	1.1.1.1	192.168.2.6	0xf968	No error (0)	sheqinho.com		23.106.49.23	A (IP address)	IN (0x0001)	false

HTTP Request Dependency Graph

files.stample.com

cdn.jsdelivr.net

sheqinho.com

c.pki.goog

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port
0	192.168.2.6	49708	172.217.215.94	80

Timestamp	Bytes transferred	Direction	Data
Apr 15, 2025 13:57:31.406157970 CEST	200	OUT	GET /r/r4.crl HTTP/1.1 Cache-Control: max-age = 3000 Connection: Keep-Alive Accept: / If-Modified-Since: Thu, 25 Jul 2024 14:48:00 GMT User-Agent: Microsoft-CryptoAPI/10.0 Host: c.pki.goog
Apr 15, 2025 13:57:31.509454012 CEST	1243	IN	HTTP/1.1 200 OK Accept-Ranges: bytes Content-Security-Policy-Report-Only: require-trusted-types-for 'script'; report-uri https://csp.withgoogle.com/csp/cacerts Cross-Origin-Resource-Policy: cross-origin Cross-Origin-Opener-Policy: same-origin; report-to="cacerts" Report-To: {"group":"cacerts","max_age":2592000,"endpoints":[{"url":"https://csp.withgoogle.com/csp/report-to/cacerts"}]} Content-Length: 530 X-Content-Type-Options: nosniff Server: sffe X-XSS-Protection: 0 Date: Tue, 15 Apr 2025 11:11:53 GMT Expires: Tue, 15 Apr 2025 12:01:53 GMT Cache-Control: public, max-age=3000 Age: 2738 Last-Modified: Thu, 03 Apr 2025 14:18:00 GMT Content-Type: application/pkix-crl Vary: Accept-Encoding Data Raw: 30 82 02 0e 30 82 01 93 02 01 01 30 0a 06 08 2a 86 48 ce 3d 04 03 03 30 47 31 0b 30 09 06 03 55 04 06 13 02 55 53 31 22 30 20 06 03 55 04 0a 13 19 47 6f 6f 67 6c 65 20 54 72 75 73 74 20 53 65 72 76 69 63 65 73 20 4c 4c 43 31 14 30 12 06 03 55 04 03 13 0b 47 54 53 20 52 6f 6f 74 20 52 34 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 17 0d 32 36 30 32 32 38 30 37 35 39 35 39 5a 30 81 e9 30 2f 02 10 6e 47 a9 ce 4f 46 c2 3d e2 49 ea cc 38 94 53 73 17 0d 31 39 30 39 33 30 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 f0 9c 5b 70 05 a6 dc 86 e2 f9 9e f3 17 0d 32 30 30 31 33 31 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 01 fe a5 81 44 7e 3b fd 3b b8 1c 24 98 17 0d 32 33 30 36 31 33 30 30 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 16 68 25 e1 70 04 40 61 24 91 f5 40 17 0d 32 35 30 34 30 33 30 38 30 30 30 30 5a 30 0c 30 0a 06 03 55 1d 15 04 03 0a 01 05 30 2c 02 0d 02 00 8e b2 58 e7 b5 94 0c 1f f9 00 44 17 0d 32 35 30 [TRUNCATED] Data Ascii: 000H=0G10UUS1"0 UGoogle Trust Services LLC10UGTS Root R4250403080000Z260228075959Z00/nGOF=I8Ss190930000000Z00U0,[p200131000000Z00U0,D~;;$230613000000Z00U0,h%p@a$@250403080000Z00U0,XD250403080000Z00U/0-0U0U#0LtI6>j0H=i0f1>2en:IN@g=;bQZ~`NX1?^4y[$\4{;$zDeU6O

HTTPS Proxied Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.6	49700	3.163.115.98	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:25 UTC	717	OUT	GET /browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d HTTP/1.1 Host: files.stample.com Connection: keep-alive sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 sec-ch-ua-platform: "Windows" Upgrade-Insecure-Requests: 1 User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,/;q=0.8,application/signed-exchange;v=b3;q=0.7 Sec-Fetch-Site: none Sec-Fetch-Mode: navigate Sec-Fetch-User: ?1 Sec-Fetch-Dest: document Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:25 UTC	606	IN	HTTP/1.1 200 OK Content-Type: text/html Content-Length: 237775 Connection: close Date: Tue, 15 Apr 2025 09:35:53 GMT Last-Modified: Tue, 15 Apr 2025 09:12:49 GMT ETag: "dd36c4a1b456b601c073283ca3809495-1" x-amz-server-side-encryption: AES256 Cache-Control: max-age=365000000, immutable Content-Disposition: inline; filename="LetterOfSummons.html" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 03c76f41c7551fa29cffd38a109c9dc2.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: ifXk9MpkRCHIlp2_LJ7GAUf5N7jK9zdP4-Fk9uYXz0dt_u13-S8c-Q== Age: 8493
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 3c 68 74 6d 6c 3e 0a 3c 68 65 61 64 3e 0a 20 20 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 43 6f 6e 74 65 6e 74 2d 54 79 70 65 22 20 63 6f 6e 74 65 6e 74 3d 22 74 65 78 74 2f 68 74 6d 6c 3b 20 63 68 61 72 73 65 74 3d 55 54 46 2d 38 22 3e 3c 74 69 74 6c 65 3e 53 41 52 53 20 4e 4f 54 49 46 49 43 41 54 49 4f 4e 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 65 6e 65 72 61 74 6f 72 22 20 63 6f 6e 74 65 6e 74 3d 22 57 59 53 49 57 59 47 20 57 65 62 20 42 75 69 6c 64 65 72 20 31 30 20 2d 20 68 74 74 70 3a 2f 2f 77 77 77 2e 77 79 73 69 77 79 67 77 65 62 62 75 69 6c 64 65 72 2e 63 6f 6d 22 3e 3c 73 74 79 6c 65 3e 0a 20 20 20 20 62 6f 64 79 20 61 20 7b 0a 20 20 20 20 20 20 63 6f 6c 6f 72 3a 20 23 30 30 46 3b 0a 20 20 20 20 20 20 74 65 78 Data Ascii: <html><head> <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"><title>SARS NOTIFICATION</title><meta name="generator" content="WYSIWYG Web Builder 10 - http://www.wysiwygwebbuilder.com"><style> body a { color: #00F; tex
2025-04-15 11:57:25 UTC	1514	IN	Data Raw: 46 75 78 6b 68 6c 47 79 44 41 68 74 63 52 63 42 78 30 55 46 51 38 68 35 69 54 6a 61 54 59 4c 67 4b 33 56 61 62 31 6e 4e 6d 57 66 4f 53 30 4d 44 52 65 41 4c 72 67 74 58 74 43 76 42 75 6f 7a 7a 2b 62 61 37 4f 6f 78 72 54 2f 6e 4a 4e 56 70 5a 52 77 6f 73 45 74 4c 67 61 74 49 76 70 63 74 63 4d 76 6e 51 70 31 6b 65 67 44 69 52 68 58 48 48 39 31 6d 6b 79 79 64 30 61 41 50 72 54 45 31 4b 78 47 64 73 6d 61 6d 79 51 35 6a 6e 42 78 76 57 4a 5a 34 56 47 42 56 32 6f 6c 6d 58 6d 4c 69 58 46 50 5a 71 68 71 4e 62 47 54 6a 34 38 34 58 4d 68 6d 39 2b 4e 46 4e 75 61 76 4a 6d 5a 68 54 55 41 6c 6a 67 4e 49 63 57 4b 6b 6d 7a 38 33 62 35 71 4d 31 7a 6f 47 6c 55 38 6e 42 62 48 5a 41 35 74 68 4c 50 67 75 4d 41 43 68 42 72 6f 37 46 73 4c 2f 61 2b 48 52 62 7a 52 6d 31 2b 7a 74 6a Data Ascii: FuxkhlGyDAhtcRcBx0UFQ8h5iTjaTYLgK3Vab1nNmWfOS0MDReALrgtXtCvBuozz+ba7OoxrT/nJNVpZRwosEtLgatIvpctcMvnQp1kegDiRhXHH91mkyyd0aAPrTE1KxGdsmamyQ5jnBxvWJZ4VGBV2olmXmLiXFPZqhqNbGTj484XMhm9+NFNuavJmZhTUAljgNIcWKkmz83b5qM1zoGlU8nBbHZA5thLPguMAChBro7FsL/a+HRbzRm1+ztj
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 2b 74 48 7a 6b 58 72 4c 4b 65 39 66 50 38 41 6d 48 64 58 34 4a 33 72 35 2f 7a 44 75 72 38 45 47 4c 64 33 31 6f 2b 63 69 39 5a 4f 37 36 30 66 4f 52 65 73 73 70 37 31 38 2f 35 68 33 56 2b 43 64 36 2b 66 38 77 37 71 2f 42 42 69 33 64 39 61 50 6e 49 76 57 54 75 2b 74 48 7a 6b 58 72 4c 4b 65 39 66 50 2b 59 64 31 66 67 6e 65 76 6e 2f 4d 4f 36 76 77 51 59 74 33 66 57 6a 35 79 4c 31 6b 37 76 72 52 38 35 46 36 79 79 6e 76 58 7a 2f 6d 48 64 58 34 4a 33 72 35 2f 77 41 77 37 71 2f 42 42 69 33 64 39 61 50 6e 49 76 57 54 75 2b 74 48 7a 6b 58 72 4c 4b 65 39 66 50 38 41 6d 48 64 58 34 4a 33 72 35 2f 7a 44 75 72 38 45 47 4c 64 33 31 6f 2b 63 69 39 5a 4f 37 36 30 66 4f 52 65 73 73 70 37 31 38 2f 35 68 33 56 2b 43 64 36 2b 66 38 77 37 71 2f 42 42 69 33 64 39 61 50 6e 49 76 Data Ascii: +tHzkXrLKe9fP8AmHdX4J3r5/zDur8EGLd31o+ci9ZO760fORessp718/5h3V+Cd6+f8w7q/BBi3d9aPnIvWTu+tHzkXrLKe9fP+Yd1fgnevn/MO6vwQYt3fWj5yL1k7vrR85F6yynvXz/mHdX4J3r5/wAw7q/BBi3d9aPnIvWTu+tHzkXrLKe9fP8AmHdX4J3r5/zDur8EGLd31o+ci9ZO760fORessp718/5h3V+Cd6+f8w7q/BBi3d9aPnIv
2025-04-15 11:57:25 UTC	10774	IN	Data Raw: 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 75 45 52 75 6b 30 68 63 31 38 4f 42 39 53 43 4d 63 72 72 4f 62 4d 51 49 6c 77 4e 57 6b 45 62 56 6f 70 6e 53 79 58 68 54 41 6d 61 77 77 62 6a 66 6f 34 4c 30 4b 74 39 6f 64 43 65 43 41 61 67 69 39 61 6a 35 78 70 5a 70 5a 48 4e 42 53 2f 32 4c 4e 74 72 7a 45 74 35 7a 70 6c 67 58 4e 6c 68 33 45 5a 56 77 38 72 73 74 73 69 70 64 30 65 4d 64 55 32 74 54 39 57 39 51 6a 50 5a 47 53 34 65 2b 6b 46 6d 4e 35 41 78 57 36 2b 57 6b 6f 7a 57 78 43 42 53 70 4e 50 30 55 4b 54 63 67 78 30 52 33 42 71 53 36 36 6f 57 36 77 39 34 37 72 44 69 4b 59 71 2b 54 52 34 6d 37 4e 70 58 56 6e 4e 4c 58 35 2b 52 63 45 2f 32 57 37 4d 41 61 39 69 71 5a 50 49 57 42 45 65 41 59 4c 62 2b 4b 67 6f 70 31 68 32 4d 48 6a 79 4b 65 77 4b 38 53 46 68 41 Data Ascii: iICIiAiIgIiICIiAuERuk0hc18OB9SCMcrrObMQIlwNWkEbVopnSyXhTAmawwbjfo4L0Kt9odCeCAagi9aj5xpZpZHNBS/2LNtrzEt5zplgXNlh3EZVw8rstsipd0eMdU2tT9W9QjPZGS4e+kFmN5AxW6+WkozWxCBSpNP0UKTcgx0R3BqS66oW6w947rDiKYq+TR4m7NpXVnNLX5+RcE/2W7MAa9iqZPIWBEeAYLb+Kgop1h2MHjyKewK8SFhA
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 6e 61 70 36 75 61 4c 68 72 47 63 6f 4a 72 47 63 6f 4a 6c 4a 32 71 65 72 6d 69 34 61 78 6e 4b 43 61 78 6e 4b 43 5a 53 64 71 6e 71 35 6f 75 47 73 5a 79 67 6d 73 5a 79 67 6d 55 6e 61 70 36 75 61 4c 68 72 47 63 6f 4a 72 47 63 6f 4a 6c 4a 32 71 65 72 6d 69 34 61 78 6e 4b 43 61 78 6e 4b 43 5a 53 64 71 6e 71 35 6f 75 47 73 5a 79 67 6d 73 5a 79 67 6d 55 6e 61 70 36 75 61 4c 68 72 47 63 6f 4a 72 47 63 6f 4a 6c 4a 32 71 65 72 6d 69 34 61 78 6e 4b 43 61 78 6e 4b 43 5a 53 64 71 6e 71 35 6f 75 47 73 5a 79 67 6d 73 5a 79 67 6d 55 6e 61 70 36 75 61 4c 68 72 47 63 6f 4a 72 47 63 6f 4a 6c 4a 32 71 65 72 6d 69 34 61 78 6e 4b 43 61 78 6e 4b 43 5a 53 64 71 6e 71 35 6f 75 47 73 5a 79 67 6d 73 5a 79 67 6d 55 6e 61 70 36 75 61 4c 68 72 47 63 6f 4a 72 47 63 6f 4a 6c 4a 32 71 65 Data Ascii: nap6uaLhrGcoJrGcoJlJ2qermi4axnKCaxnKCZSdqnq5ouGsZygmsZygmUnap6uaLhrGcoJrGcoJlJ2qermi4axnKCaxnKCZSdqnq5ouGsZygmsZygmUnap6uaLhrGcoJrGcoJlJ2qermi4axnKCaxnKCZSdqnq5ouGsZygmsZygmUnap6uaLhrGcoJrGcoJlJ2qermi4axnKCaxnKCZSdqnq5ouGsZygmsZygmUnap6uaLhrGcoJrGcoJlJ2qe
2025-04-15 11:57:25 UTC	3115	IN	Data Raw: 5a 2b 67 33 74 57 49 32 70 61 67 67 4e 64 56 31 4b 56 34 30 47 55 6d 62 68 67 30 4c 6d 67 68 66 57 7a 63 4d 2f 57 48 72 72 51 4b 45 4c 51 79 7a 68 53 37 33 41 78 51 4b 48 6a 4e 4b 4b 30 74 7a 68 77 51 36 6d 75 62 53 74 50 4b 6f 67 32 4b 45 5a 68 46 61 39 71 2b 36 31 6d 33 74 43 67 6d 44 6e 43 6c 69 4c 34 7a 54 58 37 34 56 79 68 35 64 79 38 51 41 43 49 44 64 64 77 71 6f 4a 67 64 4d 73 62 78 6a 47 6d 4b 36 54 50 51 78 67 51 56 45 6b 54 4c 43 45 34 45 69 4c 78 62 63 46 61 5a 6a 4c 52 6a 4c 39 61 42 54 37 31 45 45 35 74 6e 49 62 71 58 67 48 59 75 38 52 6d 45 56 72 32 72 58 2b 46 6c 33 43 44 71 47 4b 4c 74 72 76 61 72 78 41 79 37 6c 79 4b 36 30 59 58 58 34 59 49 4a 71 31 6a 4f 55 46 38 31 72 4e 76 61 46 44 34 79 35 67 45 45 36 30 58 66 65 58 77 35 64 79 34 78 Data Ascii: Z+g3tWI2paggNdV1KV40GUmbhg0LmghfWzcM/WHrrQKELQyzhS73AxQKHjNKK0tzhwQ6mubStPKog2KEZhFa9q+61m3tCgmDnCliL4zTX74Vyh5dy8QACIDddwqoJgdMsbxjGmK6TPQxgQVEkTLCE4EiLxbcFaZjLRjL9aBT71EE5tnIbqXgHYu8RmEVr2rX+Fl3CDqGKLtrvarxAy7lyK60YXX4YIJq1jOUF81rNvaFD4y5gEE60XfeXw5dy4x
2025-04-15 11:57:25 UTC	8192	IN	Data Raw: 6d 67 2b 4f 64 67 66 72 45 4b 33 78 63 75 35 38 2f 33 58 59 33 63 4a 42 36 55 73 7a 74 77 54 57 73 77 7a 31 36 53 37 2b 2b 37 41 46 50 48 73 39 35 56 65 59 78 79 38 6e 6d 31 4f 75 65 43 42 79 79 56 62 5a 6e 4f 50 4f 77 36 67 52 6e 39 5a 42 36 6f 4d 7a 75 77 44 54 35 7a 44 39 52 66 67 71 74 6d 64 61 41 36 76 7a 68 6e 73 65 46 35 51 77 4d 35 6b 36 34 74 47 75 64 68 54 79 69 73 70 6b 73 34 55 37 45 61 4b 52 34 6c 2f 77 42 34 33 49 50 53 6d 62 7a 74 51 59 59 4e 5a 68 67 75 35 53 78 71 50 6e 6e 67 51 33 58 7a 54 42 78 58 76 76 4b 38 39 37 52 79 35 6e 67 77 75 31 7a 7a 64 74 55 58 57 76 6e 44 74 47 47 34 30 69 78 42 51 38 62 69 67 39 5a 5a 48 50 52 41 65 52 38 36 62 54 44 47 71 79 79 56 7a 72 51 49 72 52 34 39 68 75 78 44 36 4c 78 6e 73 7a 4f 58 61 57 74 59 4e Data Ascii: mg+OdgfrEK3xcu58/3XY3cJB6UsztwTWswz16S7++7AFPHs95VeYxy8nm1OueCByyVbZnOPOw6gRn9ZB6oMzuwDT5zD9RfgqtmdaA6vzhnseF5QwM5k64tGudhTyispks4U7EaKR4l/wB43IPSmbztQYYNZhgu5SxqPnngQ3XzTBxXvvK897Ry5ngwu1zzdtUXWvnDtGG40ixBQ8big9ZZHPRAeR86bTDGqyyVzrQIrR49huxD6LxnszOXaWtYN
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 4a 4e 61 67 59 34 68 61 66 5a 44 32 58 4d 51 6a 41 44 67 37 45 56 75 57 32 6d 54 4d 75 39 6b 4b 44 70 43 2f 69 75 6f 67 6b 32 43 61 74 72 37 65 64 64 71 70 34 41 49 61 4b 34 55 56 51 67 49 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 69 49 67 49 69 49 43 49 69 41 69 49 67 2b 45 56 42 47 31 57 71 63 6b 78 46 42 48 48 30 71 37 4c 34 51 44 69 50 62 78 6f 49 7a 74 50 4a 74 6b 78 70 56 59 44 55 63 6e 2b 62 56 48 64 70 35 42 51 59 78 63 52 43 46 54 73 62 74 57 78 62 6f 4c 48 59 67 65 30 4b 6e 66 49 77 58 31 71 31 74 2f 47 67 31 51 6a 5a 74 6d 46 35 4f 6f 61 66 39 41 6a 4d 33 4c 47 6a 36 42 76 71 4c 46 74 53 62 4b 67 45 31 30 51 75 4a 73 71 42 78 4e 48 51 43 67 31 56 6a Data Ascii: JNagY4hafZD2XMQjADg7EVuW2mTMu9kKDpC/iuogk2Catr7eddqp4AIaK4UVQgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIgIiICIiAiIg+EVBG1WqckxFBHH0q7L4QDiPbxoIztPJtkxpVYDUcn+bVHdp5BQYxcRCFTsbtWxboLHYge0KnfIwX1q1t/Gg1QjZtmF5Ooaf9AjM3LGj6BvqLFtSbKgE10QuJsqBxNHQCg1Vj
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 6e 48 33 66 77 54 77 51 7a 39 6e 48 33 66 77 58 36 51 4f 38 4c 49 65 69 51 75 71 50 32 54 76 43 79 48 6f 6b 4c 71 6a 39 6b 34 2b 75 64 55 2b 70 79 38 74 4e 45 50 7a 66 38 41 67 68 6e 37 4f 50 75 2f 67 6e 67 68 6e 37 4f 50 75 2f 67 76 30 67 64 34 57 51 39 45 68 64 55 66 73 6e 65 46 6b 50 52 49 58 56 48 37 4a 78 39 63 36 70 39 54 6c 35 61 61 49 66 6d 2f 38 45 4d 2f 5a 78 39 33 38 45 38 45 4d 2f 5a 78 39 33 38 46 2b 6b 44 76 43 79 48 6f 6b 4c 71 6a 39 6b 37 77 73 68 36 4a 43 36 6f 2f 5a 4f 50 72 6e 56 50 71 63 76 4c 54 52 44 38 33 2f 67 68 6e 37 4f 50 75 2f 67 6e 67 68 6e 37 4f 50 75 2f 67 76 30 67 64 34 57 51 39 45 68 64 55 66 73 6e 65 46 6b 50 52 49 58 56 48 37 4a 78 39 63 36 70 39 54 6c 35 61 61 49 66 6d 2f 77 44 42 44 50 32 63 66 64 2f 42 50 42 44 50 32 Data Ascii: nH3fwTwQz9nH3fwX6QO8LIeiQuqP2TvCyHokLqj9k4+udU+py8tNEPzf8Aghn7OPu/gnghn7OPu/gv0gd4WQ9EhdUfsneFkPRIXVH7Jx9c6p9Tl5aaIfm/8EM/Zx938E8EM/Zx938F+kDvCyHokLqj9k7wsh6JC6o/ZOPrnVPqcvLTRD83/ghn7OPu/gnghn7OPu/gv0gd4WQ9EhdUfsneFkPRIXVH7Jx9c6p9Tl5aaIfm/wDBDP2cfd/BPBDP2
2025-04-15 11:57:25 UTC	16384	IN	Data Raw: 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 51 74 6e 61 6d 39 45 4c 5a 32 6f 49 65 33 6f 69 38 6b 39 55 4a 76 52 46 35 4a 36 6f 55 77 37 30 Data Ascii: tnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70Qtnam9ELZ2oIe3oi8k9UJvRF5J6oUw70

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
1	192.168.2.6	49702	151.101.193.229	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:26 UTC	598	OUT	GET /npm/@emailjs/browser@3/dist/email.min.js HTTP/1.1 Host: cdn.jsdelivr.net Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: / Sec-Fetch-Site: cross-site Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: script Sec-Fetch-Storage-Access: active Referer: https://files.stample.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:26 UTC	756	IN	HTTP/1.1 200 OK Connection: close Content-Length: 2058 Access-Control-Allow-Origin: * Access-Control-Expose-Headers: * Timing-Allow-Origin: * Cache-Control: public, max-age=604800, s-maxage=43200 Cross-Origin-Resource-Policy: cross-origin X-Content-Type-Options: nosniff Strict-Transport-Security: max-age=31536000; includeSubDomains; preload Content-Type: application/javascript; charset=utf-8 X-JSD-Version: 3.12.1 X-JSD-Version-Type: version ETag: W/"80a-PXSZ1xOJiieY9EnYs1KNQJRHUgg" Accept-Ranges: bytes Age: 27503 Date: Tue, 15 Apr 2025 11:57:26 GMT X-Served-By: cache-fra-etou8220134-FRA, cache-pdk-kfty8610096-PDK X-Cache: HIT, HIT Vary: Accept-Encoding alt-svc: h3=":443";ma=86400,h3-29=":443";ma=86400,h3-27=":443";ma=86400
2025-04-15 11:57:26 UTC	1378	IN	Data Raw: 28 28 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 76 61 72 20 65 3d 7b 64 3a 28 74 2c 72 29 3d 3e 7b 66 6f 72 28 76 61 72 20 69 20 69 6e 20 72 29 65 2e 6f 28 72 2c 69 29 26 26 21 65 2e 6f 28 74 2c 69 29 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 74 2c 69 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 72 5b 69 5d 7d 29 7d 2c 6f 3a 28 65 2c 74 29 3d 3e 4f 62 6a 65 63 74 2e 70 72 6f 74 6f 74 79 70 65 2e 68 61 73 4f 77 6e 50 72 6f 70 65 72 74 79 2e 63 61 6c 6c 28 65 2c 74 29 2c 72 3a 65 3d 3e 7b 22 75 6e 64 65 66 69 6e 65 64 22 21 3d 74 79 70 65 6f 66 20 53 79 6d 62 6f 6c 26 26 53 79 6d 62 6f 6c 2e 74 6f 53 74 72 69 6e 67 54 61 67 26 26 4f 62 6a 65 63 74 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 65 2c 53 Data Ascii: (()=>{"use strict";var e={d:(t,r)=>{for(var i in r)e.o(r,i)&&!e.o(t,i)&&Object.defineProperty(t,i,{enumerable:!0,get:r[i]})},o:(e,t)=>Object.prototype.hasOwnProperty.call(e,t),r:e=>{"undefined"!=typeof Symbol&&Symbol.toStringTag&&Object.defineProperty(e,S
2025-04-15 11:57:26 UTC	680	IN	Data Raw: 2c 61 3d 28 65 2c 74 2c 69 2c 6f 29 3d 3e 7b 63 6f 6e 73 74 20 61 3d 6f 7c 7c 72 2e 5f 75 73 65 72 49 44 3b 73 28 61 2c 65 2c 74 29 3b 63 6f 6e 73 74 20 64 3d 7b 6c 69 62 5f 76 65 72 73 69 6f 6e 3a 22 33 2e 31 32 2e 31 22 2c 75 73 65 72 5f 69 64 3a 61 2c 73 65 72 76 69 63 65 5f 69 64 3a 65 2c 74 65 6d 70 6c 61 74 65 5f 69 64 3a 74 2c 74 65 6d 70 6c 61 74 65 5f 70 61 72 61 6d 73 3a 69 7d 3b 72 65 74 75 72 6e 20 6e 28 22 2f 61 70 69 2f 76 31 2e 30 2f 65 6d 61 69 6c 2f 73 65 6e 64 22 2c 4a 53 4f 4e 2e 73 74 72 69 6e 67 69 66 79 28 64 29 2c 7b 22 43 6f 6e 74 65 6e 74 2d 74 79 70 65 22 3a 22 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 22 7d 29 7d 2c 64 3d 28 65 2c 74 2c 69 2c 6f 29 3d 3e 7b 63 6f 6e 73 74 20 61 3d 6f 7c 7c 72 2e 5f 75 73 65 72 49 44 2c 64 Data Ascii: ,a=(e,t,i,o)=>{const a=o\|\|r._userID;s(a,e,t);const d={lib_version:"3.12.1",user_id:a,service_id:e,template_id:t,template_params:i};return n("/api/v1.0/email/send",JSON.stringify(d),{"Content-type":"application/json"})},d=(e,t,i,o)=>{const a=o\|\|r._userID,d

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
2	192.168.2.6	49699	3.163.115.98	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:26 UTC	679	OUT	GET /browserUpload/images/index_Form1_bkgrnd.png HTTP/1.1 Host: files.stample.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:26 UTC	357	IN	HTTP/1.1 403 Forbidden Content-Type: application/xml Transfer-Encoding: chunked Connection: close Server: AmazonS3 Date: Tue, 15 Apr 2025 11:57:26 GMT X-Cache: Error from cloudfront Via: 1.1 6c7ab75e35abaff5e641bcd368abeaf4.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: mAdtEEELz1vwqlKQj-fODGJ5teqNumWgblxJNpLz8JcdXJwGf2FNUQ==
2025-04-15 11:57:26 UTC	261	IN	Data Raw: 66 66 0d 0a 3c 3f 78 6d 6c 20 76 65 72 73 69 6f 6e 3d 22 31 2e 30 22 20 65 6e 63 6f 64 69 6e 67 3d 22 55 54 46 2d 38 22 3f 3e 0a 3c 45 72 72 6f 72 3e 3c 43 6f 64 65 3e 41 63 63 65 73 73 44 65 6e 69 65 64 3c 2f 43 6f 64 65 3e 3c 4d 65 73 73 61 67 65 3e 41 63 63 65 73 73 20 44 65 6e 69 65 64 3c 2f 4d 65 73 73 61 67 65 3e 3c 52 65 71 75 65 73 74 49 64 3e 46 33 32 44 42 4a 43 4e 58 50 50 35 39 41 32 30 3c 2f 52 65 71 75 65 73 74 49 64 3e 3c 48 6f 73 74 49 64 3e 59 72 52 46 4f 39 72 47 56 68 56 36 38 31 54 2f 4d 69 72 5a 6c 73 52 37 74 4b 46 44 66 50 34 53 38 42 61 77 34 4b 67 6c 54 6e 79 76 38 67 6d 4b 56 7a 36 7a 51 32 53 30 54 78 66 46 65 76 30 50 58 30 70 67 2b 70 73 32 6c 53 4b 36 46 75 78 39 38 46 63 62 56 67 3d 3d 3c 2f 48 6f 73 74 49 64 3e 3c 2f 45 72 Data Ascii: ff<?xml version="1.0" encoding="UTF-8"?><Error><Code>AccessDenied</Code><Message>Access Denied</Message><RequestId>F32DBJCNXPP59A20</RequestId><HostId>YrRFO9rGVhV681T/MirZlsR7tKFDfP4S8Baw4KglTnyv8gmKVz6zQ2S0TxfFev0PX0pg+ps2lSK6Fux98FcbVg==</HostId></Er
2025-04-15 11:57:26 UTC	5	IN	Data Raw: 30 0d 0a 0d 0a Data Ascii: 0

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
3	192.168.2.6	49704	3.163.115.98	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:27 UTC	647	OUT	GET /favicon.ico HTTP/1.1 Host: files.stample.com Connection: keep-alive sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" sec-ch-ua-mobile: ?0 Accept: image/avif,image/webp,image/apng,image/svg+xml,image/,/*;q=0.8 Sec-Fetch-Site: same-origin Sec-Fetch-Mode: no-cors Sec-Fetch-Dest: image Referer: https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:27 UTC	461	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 5481 Connection: close Date: Mon, 14 Apr 2025 08:11:31 GMT Last-Modified: Tue, 13 Dec 2016 13:57:42 GMT ETag: "e1f9f24c2c1f23e1074e14226471a91a" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 4b14054a85dbd772fa74b3629899476c.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: TiTotFlDF-_V-iOBJWibqdfrOTC4RekobB_mEGD53L5fw6yfPcj2CA== Age: 99957
2025-04-15 11:57:27 UTC	5481	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 15 30 49 44 41 54 68 81 dd 9a 77 78 5c d5 b5 f6 7f fb 9c e9 5d d5 6a 56 b1 2c 4b 96 dc 64 b9 ca b2 8c 0b 36 c5 34 83 63 4a 12 42 08 e4 d2 62 20 98 7c e4 42 0a 90 90 f0 dd dc e4 86 84 24 37 70 43 4c 62 6a b0 0d 18 dc 70 2c 6c 6c cb 92 e5 26 ab f7 36 a3 32 23 69 46 d3 67 ce b9 7f 40 c0 36 76 6e 2e ce 3f df f7 3e cf 7e e6 9c 67 ce 9e b5 de bd d7 bb cf 5e 6b 0f fc 3f 0e 71 f6 4d c5 8a 1b 2e f9 07 35 1a 0d 63 e3 de c5 fe b1 f1 c7 13 13 ec a5 63 e3 de 56 93 c5 f2 23 5b 82 63 77 3c 16 bb 68 bf e8 e8 18 d6 19 d3 99 fa 9d 87 19 ab ae a5 eb b7 2f 22 9b 4d 08 49 fa dc b3 07 f7 6d fd cc de 25 7b 0c c8 12 84 a3 e0 1e 53 f3 75 da 89 95 39 49 96 df cd fb fa 57 d0 15 Data Ascii: PNGIHDR00W0IDAThwx\]jV,Kd64cJBb \|B$7pCLbjp,ll&62#iFg@6vn.?>~g^k?qM.5ccV#[cw<h/"MIm%{Su9IW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
4	192.168.2.6	49705	3.163.115.83	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:27 UTC	392	OUT	GET /favicon.ico HTTP/1.1 Host: files.stample.com Connection: keep-alive User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 Accept: / Sec-Fetch-Site: none Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Sec-Fetch-Storage-Access: active Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:28 UTC	461	IN	HTTP/1.1 200 OK Content-Type: image/x-icon Content-Length: 5481 Connection: close Date: Mon, 14 Apr 2025 08:11:31 GMT Last-Modified: Tue, 13 Dec 2016 13:57:42 GMT ETag: "e1f9f24c2c1f23e1074e14226471a91a" Accept-Ranges: bytes Server: AmazonS3 X-Cache: Hit from cloudfront Via: 1.1 f3a4d9c3b453207682bf976baa10199e.cloudfront.net (CloudFront) X-Amz-Cf-Pop: ATL58-P9 X-Amz-Cf-Id: 9_tYbMrEeWffaUG-oxHvMChOq831V7qRsTAtmpc2wjTRjv_KaYsW7A== Age: 99957
2025-04-15 11:57:28 UTC	5481	IN	Data Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 00 30 00 00 00 30 08 06 00 00 00 57 02 f9 87 00 00 15 30 49 44 41 54 68 81 dd 9a 77 78 5c d5 b5 f6 7f fb 9c e9 5d d5 6a 56 b1 2c 4b 96 dc 64 b9 ca b2 8c 0b 36 c5 34 83 63 4a 12 42 08 e4 d2 62 20 98 7c e4 42 0a 90 90 f0 dd dc e4 86 84 24 37 70 43 4c 62 6a b0 0d 18 dc 70 2c 6c 6c cb 92 e5 26 ab f7 36 a3 32 23 69 46 d3 67 ce b9 7f 40 c0 36 76 6e 2e ce 3f df f7 3e cf 7e e6 9c 67 ce 9e b5 de bd d7 bb cf 5e 6b 0f fc 3f 0e 71 f6 4d c5 8a 1b 2e f9 07 35 1a 0d 63 e3 de c5 fe b1 f1 c7 13 13 ec a5 63 e3 de 56 93 c5 f2 23 5b 82 63 77 3c 16 bb 68 bf e8 e8 18 d6 19 d3 99 fa 9d 87 19 ab ae a5 eb b7 2f 22 9b 4d 08 49 fa dc b3 07 f7 6d fd cc de 25 7b 0c c8 12 84 a3 e0 1e 53 f3 75 da 89 95 39 49 96 df cd fb fa 57 d0 15 Data Ascii: PNGIHDR00W0IDAThwx\]jV,Kd64cJBb \|B$7pCLbjp,ll&62#iFg@6vn.?>~g^k?qM.5ccV#[cw<h/"MIm%{Su9IW

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
5	192.168.2.6	49711	23.106.49.23	443	1632	C:\Program Files\Google\Chrome\Application\chrome.exe

Timestamp	Bytes transferred	Direction	Data
2025-04-15 11:57:42 UTC	666	OUT	POST /dante.php HTTP/1.1 Host: sheqinho.com Connection: keep-alive Content-Length: 257 sec-ch-ua-platform: "Windows" User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/134.0.0.0 Safari/537.36 sec-ch-ua: "Chromium";v="134", "Not:A-Brand";v="24", "Google Chrome";v="134" Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryyRtSFdaUvBb6XJgQ sec-ch-ua-mobile: ?0 Accept: / Origin: https://files.stample.com Sec-Fetch-Site: cross-site Sec-Fetch-Mode: cors Sec-Fetch-Dest: empty Referer: https://files.stample.com/ Accept-Encoding: gzip, deflate, br, zstd Accept-Language: en-US,en;q=0.9
2025-04-15 11:57:42 UTC	257	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 79 52 74 53 46 64 61 55 76 42 62 36 58 4a 67 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 65 65 65 65 22 0d 0a 0d 0a 74 65 79 33 6a 33 40 6f 6c 63 77 72 2e 6e 65 74 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 79 52 74 53 46 64 61 55 76 42 62 36 58 4a 67 51 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 70 70 70 70 22 0d 0a 0d 0a 51 6a 3c 28 73 3e 5d 6a 2b 62 52 70 62 39 53 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 79 52 74 53 46 64 61 55 76 42 62 36 58 4a 67 51 2d 2d Data Ascii: ------WebKitFormBoundaryyRtSFdaUvBb6XJgQContent-Disposition: form-data; name="eeee"tey3j3@olcwr.net------WebKitFormBoundaryyRtSFdaUvBb6XJgQContent-Disposition: form-data; name="pppp"Qj<(s>]j+bRpb9S------WebKitFormBoundaryyRtSFdaUvBb6XJgQ--
2025-04-15 11:57:43 UTC	306	IN	HTTP/1.1 302 Found Date: Tue, 15 Apr 2025 11:57:43 GMT Server: Apache Strict-Transport-Security: max-age=31536000 Upgrade: h2,h2c Connection: Upgrade, close Location: https://actualdedicatedworkspace.com/doctor.htm Vary: Accept-Encoding Content-Length: 0 Content-Type: text/html; charset=UTF-8

Statistics

CPU Usage

Click to jump to process

Memory Usage

Click to jump to process

Behavior

Click to jump to process

System Behavior

Analysis Process: chrome.exePID: 3128, Parent PID: 2668

General

Target ID:	1
Start time:	07:57:13
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --start-maximized "about:blank"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 1632, Parent PID: 3128

General

Target ID:	3
Start time:	07:57:17
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-US --service-sandbox-type=none --no-pre-read-main-dll --field-trial-handle=2024,i,15109344670275667693,15615881072301562710,262144 --disable-features=OptimizationGuideModelDownloading,OptimizationHints,OptimizationHintsFetching,OptimizationTargetPrediction --variations-seed-version --mojo-platform-channel-handle=2044 /prefetch:3
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	false

Show Windows behavior

Chronological Activities

Analysis Process: chrome.exePID: 6928, Parent PID: 2668

General

Target ID:	11
Start time:	07:57:23
Start date:	15/04/2025
Path:	C:\Program Files\Google\Chrome\Application\chrome.exe
Wow64 process (32bit):	false
Commandline:	"C:\Program Files\Google\Chrome\Application\chrome.exe" "https://files.stample.com/browserUpload/59722db0-d3c0-43c0-b975-c51a1290a89d"
Imagebase:	0x7ff63b000000
File size:	3'388'000 bytes
MD5 hash:	E81F54E6C1129887AEA47E7D092680BF
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Reputation:	low
Has exited:	true

Show Windows behavior

Chronological Activities

Disassembly

⊘No disassembly